com.theorem.radserver3
Class RADIUSServer

Object
  RADIUSServer

public final class RADIUSServer

extends Object

RADIUS Server API for dial up and other applications.

Provides accounting and authentication from a Network Access Server (NAS) or software RADIUS client. Provides authentication and accounting services and can proxy the same. In addition it offers the ability to alter proxy destinations on the fly based on attribute values.

Access control, logging, proxy alterations, and packet snooping are separate API.'s (see links below).

Compliant with RFC's 2138 and 2139.

Since:

JDK1.4

Author:

AXL Software & Michael Lecuyer

Field Summary

static int	ACCT_PORT Port number (1813) for RADIUS Accounting
static int	ALT_ACCT_PORT Original RADIUS Accounting port number (1646) still in use on non-standard servers.
static int	ALT_AUTH_PORT Original RADIUS Authentication port number (1645) still in use on non-standard servers.
static int	AUTH_PORT Port number (1812) for RADIUS Authentication
static int	DEFAULT_MAX_PACKETS Default maximum number of concurrent packets that will be permitted - set to 50.
static int	DMCOA_PORT The Disconnect-Request & Change-of-Authorization UDP port 3799.
static int	DUPLICATE_DETECTION_AUTHENTICATOR Duplicate detection method used by setDuplicateDetectionMethod().
static int	DUPLICATE_DETECTION_NASPORTID Duplicate detection method used by setDuplicateDetectionMethod().
static int	SL_BOTH Server Logging Choice.
static int	SL_FAILURE Server Logging Choice.
static int	SL_NONE Server Logging Choice.
static int	SL_SUCCESS Server Logging Choice.
static String	Version Server software version "3.44".

Constructor Summary

RADIUSServer()
Creates the RADIUS Server Object.

Method Summary

void	addAcctPacketType(int packetType, int direction) Add a packet type to the accounting server.
void	addAcctPacketType(int packetType, int direction, int proxyAttribute) Add a packet type to the accounting server.
void	addAuthPacketType(int packetType, int direction) Add a packet type to the authentication server.
void	addDebugFilter(InetAddress filterIP) Debug Log Filtering The filter will limit debug logging for the specified addresses.
void	addDictionary(RADIUSDictionary dict) Add a dictionary to the RADIUS server's knowledge of vendor Id's and attribute names / types.
boolean	addNAS(NAS nas) Add a NAS entry.
void	addProxyTarget(ProxyTarget pt) Add a proxy target to the target tables.
void	allowEmptyAttributes(boolean enable) Allow empty attributes.
void	clearDebugFilter() Debug Log Filtering Clear all debug log filters.
void	clearNAS() Remove all NAS entries.
void	clearProxyTarget() Clear the proxy target table.
void	clearStats() Clear server statistics.
void	closeLogFiles() Close all open log files.
void	debugLog(String msg) Log a debug message.
void	disableAcctDuplicateChecking() Disable duplicate packet checking for the accounting server.
void	disableAuthDuplicateChecking() Disable duplicate packet checking for the authentication server.
void	divertExtendedPacket(int packetType) Divert an extended packet type to either the authentication or accounting method instead of the extended packet handler.
NAS	getClientNAS(InetAddress nasIP) Get tht NAS entry for a particular client by it's IP address.
int	getCurrentPacketCount() Get the approximate count of current packets being processed.
int	getMaximumPackets() Get the maximum number of concurrent packets the server will handle.
int	getMaxPacketSize() Get the maximum packet size of a RADIUS packet.
Object	getModuleInstance(String moduleName, Object obj) Instantiate a server support module.
ProxyTarget[]	getProxyTargetList() Get the list of ProxyTargets.
int	getServerLogLevel() Get the current server log level.
SNMPStats	getSNMPStats() Get server statistics.
RADIUSStats	getStats() Get server statistics.
void	log(String msg) Log a server message.
void	log(String msg, int logLevel) Log a server message.
void	removeAcctPacketType(int packetType) Remove a packet type from the accounting server.
void	removeAuthPacketType(int packetType) Remove a packet type from the authentication server.
void	removeDebugFilter(InetAddress filterIP) Debug Log Filtering Remove a debug log filter.
void	removeNAS(NAS nas) Remove a NAS entry from the tables.
void	removeProxyTarget(String targetName) Remove a proxy target form the target tables This may be called at any time, before or after starting the server.
boolean	replaceNASList(NAS[] nasList) Replace the current list of NAS's.
void	sendSNMPTrap(String msg) Send a V2 SNMP trap.
void	setAccessImplFactory(AccessImplFactory fac) Set up the Access system.
void	setAccountingImplFactory(AccountingImplFactory fac) Set up the Accounting system.
void	setAcctDuplicateTTL(int seconds) Set the TTL for duplicate packets for the accounting server.
void	setAuthDuplicateTTL(int seconds) Set the TTL for duplicate packets for the authentication server.
void	setDebugLogImplFactory(LogImplFactory fac) Set up the Debug logging system.
void	setDuplicateDetectionMethod(int detectionMethod) Use an alternate form of duplicate detection.
void	setEncryptImplFactory(EncryptImplFactory fac) Set up the Proxy packet encryption system.
void	setExtendedPacketImplFactory(ExtendedPacketImplFactory fac) Set up the Extended Packet receiver system.
void	setMaximumPackets(int maxPackets) Set the maximum number of concurrent packets the server will handle - must be configured after one of the server receivers is started (authentication or accounting); Setting this to zero will effectively stop the server.
void	setMaxPacketSize(int packetSize) Change the maximum packet size of a RADIUS packet.
void	setMinimumPackets(int minPackets) Set the minimum number of concurrent packets the server will provide initially.
void	setMultihome(boolean allInterfaces) Specify how the receiver interface is bound.
void	setNASCallBackFactory(NASCallBackFactory fac) Set up an unknown NASCallBack.
void	setPrefixCharacter(char prefixChar) Set the User-Name prefix character.
void	setProxyCharacter(char proxyChar) Set the proxy character.
void	setProxyImplFactory(ProxyImplFactory fac) Set up the Proxy alteration system.
void	setProxyStateTTL(int seconds) Set the time the objects associated with a ProxyState attribute object will persist.
void	setServerInfo(InetAddress ipServer, String realm, int authPort, int acctPort) Set up the server's basic information.
void	setServerInfo(ProxyTarget pt) Set up the server's basic information.
void	setServerLogAll() Set logging level for server authentication messages.
void	setServerLogFailure() Set logging level for server authentication messages.
void	setServerLogImplFactory(LogImplFactory fac) Set up the Server logging system.
void	setServerLogLevel(int loglevel) Set logging level for server messages.
void	setServerLogNone() Set logging level for server authentication messages.
void	setServerLogSuccess() Set logging level for server authentication messages.
void	setSingleStatePool() Set a single pool of State object instead of several.
void	setSNMPManagers(InetAddress[] managerList) Set a list of managers for SNMP.
void	setSNMPParameters(String sysContact, String sysName, String sysLocation) Set some common SNMP parameters.
void	setSnoopImplFactory(SnoopImplFactory fac) Set up Snooping.
void	setStateTTL(int seconds) Set the time the objects associated with a State attribute will persist.
String	showNASList() Get a string representation of the list of NAS's the server's currently using.
void	startAccountingServer() Starts the RADIUS Accounting Server.
void	startAccountingServer(boolean singleThread) Starts the RADIUS Accounting Server.
void	startAuthenticationServer() Starts the RADIUS Authentication Server.
void	startAuthenticationServer(boolean singleThread) Starts the RADIUS Authentication Server.
void	startDebug() Start logging debugging information.
void	startDMCOAServer(int port) Starts the RADIUS DM / COA packet server.
void	startSNMP() Start the SNMP statistics without exposing an SNMP agent.
void	startSNMP(String readCommunity, String writeCommunity, String trapCommunity, int cmdPort, InetAddress trapManager, int trapPort) Start SNMP.
void	stopAccountingServer() Stop the accounting server.
void	stopAuthenticationServer() Stop the authentication server.
void	stopDebug() Stop logging debugging information.
void	stopDMCOAServer() Stop the DM / COA server.
void	stopServer() Stop all active servers.
void	stopSNMP() Stop SNMP.
String	toString() Return a string representation of the RADIUS Server.
String	toVerboseString() Return a long representation of the RADIUS Server.
void	translateProxyId(boolean on) Translate NAS-Identifier and/or NAS-IP-Address in a proxy request.

Methods inherited from class Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

ACCT_PORT

public static final int ACCT_PORT

Port number (1813) for RADIUS Accounting

See Also:

ProxyTarget, Constant Field Values

ALT_ACCT_PORT

public static final int ALT_ACCT_PORT

Original RADIUS Accounting port number (1646) still in use on non-standard servers.

See Also:

ProxyTarget, Constant Field Values

ALT_AUTH_PORT

public static final int ALT_AUTH_PORT

Original RADIUS Authentication port number (1645) still in use on non-standard servers.

See Also:

ProxyTarget, Constant Field Values

AUTH_PORT

public static final int AUTH_PORT

Port number (1812) for RADIUS Authentication

See Also:

ProxyTarget, Constant Field Values

DEFAULT_MAX_PACKETS

public static final int DEFAULT_MAX_PACKETS

Default maximum number of concurrent packets that will be permitted - set to 50.

See Also:

Constant Field Values

DMCOA_PORT

public static final int DMCOA_PORT

The Disconnect-Request & Change-of-Authorization UDP port 3799.

See Also:

Constant Field Values

DUPLICATE_DETECTION_AUTHENTICATOR

public static final int DUPLICATE_DETECTION_AUTHENTICATOR

Duplicate detection method used by setDuplicateDetectionMethod(). This constant is the default and uses the authenticator as the duplicate detection method. Because the authenticator has two solid requirements in the RADIUS RFC it is the preferred method of detecting duplicates.

See Also:

Constant Field Values

DUPLICATE_DETECTION_NASPORTID

public static final int DUPLICATE_DETECTION_NASPORTID

Duplicate detection method used by setDuplicateDetectionMethod(). This constant is the default and uses the RFC's vaguely suggested method of using the NAS address / port / packet identifier as the duplicate detection method. This is inherently slower than the DUPLICATE_DETECTION_AUTHENTICATOR method and should only be used with non-complient clients.

See Also:

Constant Field Values

SL_BOTH

public static final int SL_BOTH

Server Logging Choice. Log Successful and Failed Authentications.

See Also:

LogImpl, Constant Field Values

SL_FAILURE

public static final int SL_FAILURE

Server Logging Choice. Log Failed Authentications.

See Also:

LogImpl, Constant Field Values

SL_NONE

public static final int SL_NONE

Server Logging Choice. Don't log any Authentications.

See Also:

LogImpl, Constant Field Values

SL_SUCCESS

public static final int SL_SUCCESS

Server Logging Choice. Log Successful Authentications.

See Also:

LogImpl, Constant Field Values

Version

public static final String Version

Server software version "3.44".

See Also:

Constant Field Values

Constructor Detail

RADIUSServer

public RADIUSServer()
             throws RADIUSServerException

Creates the RADIUS Server Object.

Loads the DefaultDictionary, sets the default packet types, sets the server up for multi-home, and sets up duplication detection as DUPLICATE_DETECTION_AUTHENTICATOR.

Throws:

RADIUSServerException - if there's a problem.

Method Detail

addAcctPacketType

public void addAcctPacketType(int packetType,
                              int direction)

Add a packet type to the accounting server. The packet type is also known as the RADIUS Code or Message Type.

Normally packet types are restricted to Accounting-Request and Accounting-Response but more types can be added. One example might be 'Accounting Status' with a value of 6.

Packet types added to the list will be checked in the order they were created. Some small optimization can be had by placing more common packet types at the start of the list.

Parameters:

packetType - RADIUS packet type to accept.

direction - PacketType.Request if this type of packet is a request packet, PacketType.Response if it's a response. The default proxy attribute is User-Name.

See Also:

removeAuthPacketType(int), addAuthPacketType(int, int), removeAcctPacketType(int), divertExtendedPacket()

addAcctPacketType

public void addAcctPacketType(int packetType,
                              int direction,
                              int proxyAttribute)

Add a packet type to the accounting server. The packet type is also known as the RADIUS Code or Message Type.

Normally packet types are restricted to Accounting-Request and Accounting-Response but more types can be added. One example might be 'Accounting Status' with a value of 6.

Packet types added to the list will be checked in the order they were created. Some small optimization can be had by placing more common packet types at the start of the list.

Parameters:

packetType - RADIUS packet type to accept.

direction - PacketType.Request if this type of packet is a request packet, PacketType.Response if it's a response.

proxyAttribute - Set the attribute used to determine the proxy realm to this attribute. This is usually User-Name or Called-Station-Id.

See Also:

removeAuthPacketType(int), addAuthPacketType(int, int), removeAcctPacketType(int), divertExtendedPacket()

addAuthPacketType

public void addAuthPacketType(int packetType,
                              int direction)

Add a packet type to the authentication server. The packet type is also known as the RADIUS Code or Message Type.

Normally packet types are restricted to Access-Request, Access-Accept, Access-Reject, and Access-Challenge but more types can be added. One example might be 'Password Request' with a value of 7.

The default proxy attribute is User-Name.

Parameters:

packetType - RADIUS packet type to accept.

direction - PacketType.Request if this type of packet is a request packet, PacketType.Response if it's a response.

See Also:

removeAuthPacketType(int), addAcctPacketType(int, int), removeAcctPacketType(int)

addDebugFilter

public void addDebugFilter(InetAddress filterIP)

Debug Log Filtering The filter will limit debug logging for the specified addresses. This may be called at any time.

Parameters:

filterIP - IP address to watch.

addDictionary

public void addDictionary(RADIUSDictionary dict)

Add a dictionary to the RADIUS server's knowledge of vendor Id's and attribute names / types. The server is aware of standard RADIUS attributes.

The dictionary aids the server in displaying attribute names and values.

Parameters:

dict - RADIUSDictionary.

addNAS

public boolean addNAS(NAS nas)
               throws RADIUSServerException

Add a NAS entry. Each client needs a NAS entry. This may be called at any time, before or after starting the server.

Parameters:

nas - NAS class with information for this NAS

Throws:

RADIUSServerException - if there's a problem creating the NAS.

See Also:

NAS

addProxyTarget

public void addProxyTarget(ProxyTarget pt)
                    throws RADIUSServerException

Add a proxy target to the target tables. Used to provide proxy service to other RADIUS servers. This may be called at any time, before or after starting the server. A NAS entry is automatically built for each proxy target.

Parameters:

pt - proxy target information.

Throws:

RADIUSServerException - if the proxy target name or address is missing.

See Also:

ProxyTarget

allowEmptyAttributes

public void allowEmptyAttributes(boolean enable)

Allow empty attributes. Permitting empty goes against the standards in the RADIUS RFC and may disguise real errors from the server. However there are enough non-standard servers that this must be overridden at times.

Parameters:

enable - True allows empty attributes, false disallows them. The default is to disallow empty attributes and drop the packet if they appear.

clearDebugFilter

public void clearDebugFilter()

Debug Log Filtering Clear all debug log filters. Enables debugging on all IP addresses until another filter is added.

See Also:

addDebugFilter(java.net.InetAddress)

clearNAS

public void clearNAS()
              throws RADIUSServerException

Remove all NAS entries. This may be called at any time, before or after starting the server.

Throws:

RADIUSServerException - if there's a problem.

clearProxyTarget

public void clearProxyTarget()
                      throws RADIUSServerException

Clear the proxy target table. This may be called at any time, before or after starting the server.

Throws:

RADIUSServerException - if there's a problem.

clearStats

public void clearStats()

Clear server statistics.

Returns:

stats

See Also:

RADIUSStats

closeLogFiles

public void closeLogFiles()

Close all open log files.

debugLog

public void debugLog(String msg)

Log a debug message.

Parameters:

msg - Message to place in the server debug log. The message will only be delivered to the log if debugging has been started.

See Also:

startDebug()

disableAcctDuplicateChecking

public void disableAcctDuplicateChecking()
                                  throws RADIUSServerException

Disable duplicate packet checking for the accounting server. Once disabled it can only be revived by restarting the accounting server.

Throws:

RADIUSServerException - if the accounting server has not been started.

disableAuthDuplicateChecking

public void disableAuthDuplicateChecking()
                                  throws RADIUSServerException

Disable duplicate packet checking for the authentication server. Once disabled it can only be revived by restarting the authentication server.

Throws:

RADIUSServerException - if the authentication server has not been started.

divertExtendedPacket

public void divertExtendedPacket(int packetType)

Divert an extended packet type to either the authentication or accounting method instead of the extended packet handler. This is called after the packet type has been added to the server's knowledge of packet types.

This allows packets like Accounting-Status to be sent to the AccountingImpl class instead of the ExtendedPacketImpl class.

Parameters:

packetType - RADIUS packet type divert to the default port handler

See Also:

addAuthPacketType(), removeAuthPacketType(), addAuthPacketType(), removeAcctPacketType()

getClientNAS

public NAS getClientNAS(InetAddress nasIP)

Get tht NAS entry for a particular client by it's IP address.

Parameters:

nasIP - NAS ip address (client address).

Returns:

The NAS entry.

getCurrentPacketCount

public int getCurrentPacketCount()

Get the approximate count of current packets being processed.

Returns:

current number of packets being processed

getMaximumPackets

public int getMaximumPackets()

Get the maximum number of concurrent packets the server will handle. Not useful for a single thread server.

Returns:

Maximum permitted packet count level.

getMaxPacketSize

public int getMaxPacketSize()

Get the maximum packet size of a RADIUS packet. By default and by the relevant RFC's the RADIUS packet size is set to 4K (4096 bytes).

Returns:

packetSize Packet size in bytes.

Since:

3.31

getModuleInstance

public Object getModuleInstance(String moduleName,
                                Object obj)
                                   throws RADIUSServerException

Instantiate a server support module. For example "EAPTLS" adds the EAP-TLS module.

Parameters:

moduleName - Name of module to instantiate. The module name may either be relative to the module package or a fully qualified class path. In some cases the class loader doesn't provide the necessary package information so even where the class is relative to the module packate it will be necessary to use a full path to the class.

obj - Object to pass to the module's constructor. If null the default contructor will be used.

Returns:

true if the module can be found otherwise false.

Throws:

RADIUSServerException - if there's a problem registering the module.

Since:

3.21

getProxyTargetList

public ProxyTarget[] getProxyTargetList()

Get the list of ProxyTargets.

Returns:

Array of ProxyTargets.

Since:

3.27

getServerLogLevel

public int getServerLogLevel()

Get the current server log level.

Returns:

Current server log level.

Since:

3.27

See Also:

setServerLogLevel(int loglevel)

getSNMPStats

public SNMPStats getSNMPStats()
                       throws RADIUSServerException

Get server statistics.

Returns:

stats

Throws:

RADIUSServerException - if there's a problem.

See Also:

RADIUSStats

getStats

public RADIUSStats getStats()

Get server statistics.

Returns:

stats

See Also:

RADIUSStats

log

public void log(String msg)

Log a server message.

Parameters:

msg - Message to place in the server log.

log

public void log(String msg,
                int logLevel)

Log a server message.

Parameters:

msg - Message to place in the server log.

logLevel - The log level for this message.

Since:

3.27

removeAcctPacketType

public void removeAcctPacketType(int packetType)

Remove a packet type from the accounting server. The packet type is also known as the RADIUS Code or Message Type.

Parameters:

packetType - RADIUS packet type to accept.

See Also:

addAuthPacketType(), removeAuthPacketType(), removeAcctPacketType(), divertExtendedPacket()

removeAuthPacketType

public void removeAuthPacketType(int packetType)

Remove a packet type from the authentication server. The packet type is also known as the RADIUS Code or Message Type.

Parameters:

packetType - RADIUS packet type to accept.

See Also:

addAuthPacketType(int, int), addAcctPacketType(int, int), removeAcctPacketType(int), divertExtendedPacket()

removeDebugFilter

public void removeDebugFilter(InetAddress filterIP)

Debug Log Filtering Remove a debug log filter.

Parameters:

filterIP - IP address (machine or network number)

See Also:

addDebugFilter(java.net.InetAddress)

removeNAS

public void removeNAS(NAS nas)
               throws RADIUSServerException

Remove a NAS entry from the tables. This may be called at any time, before or after starting the server.

Parameters:

nas - The NAS to remove.

Throws:

RADIUSServerException - if there's a problem.

See Also:

NAS

removeProxyTarget

public void removeProxyTarget(String targetName)

Remove a proxy target form the target tables This may be called at any time, before or after starting the server. This also removes the NAS entry for this target.

Parameters:

targetName - name of the target to remove.

replaceNASList

public boolean replaceNASList(NAS[] nasList)
                       throws RADIUSServerException

Replace the current list of NAS's. This clears the list and adds the list of NAS's. This is an atomic operation that precludes other NAS operations while it runs.

Parameters:

nasList - Array of replacement NAS's

Throws:

RADIUSServerException - if a NAS in the list is incomplete.

sendSNMPTrap

public void sendSNMPTrap(String msg)

Send a V2 SNMP trap.

Parameters:

msg - Message.

setAccessImplFactory

public void setAccessImplFactory(AccessImplFactory fac)

Set up the Access system. The access methods are used to authenticate, provide attributes, and, perform chap-challenge. This must be set up before starting the server.

Parameters:

fac - Factory to create the access class.

See Also:

AccessImplFactory, AccessImpl

setAccountingImplFactory

public void setAccountingImplFactory(AccountingImplFactory fac)

Set up the Accounting system.

Parameters:

fac - Factory for creating a new accounting class.

See Also:

LogImplFactory, LogImpl

setAcctDuplicateTTL

public void setAcctDuplicateTTL(int seconds)

Set the TTL for duplicate packets for the accounting server.

The default is 15 seconds. If your system always has faster response times this value can be lowered. This should be set to a little more than the longest expected response time. The granularity of the system is such that the average time for a packet will be 1/2 second less than the given value.

This method destroys the existing cache of packet information.

Parameters:

seconds - Number of seconds to remember duplicate packets

setAuthDuplicateTTL

public void setAuthDuplicateTTL(int seconds)

Set the TTL for duplicate packets for the authentication server.

The default is 15 seconds. If your system always has faster response times this value can be lowered. This should be set to a little more than the longest expected response time. The granularity of the system is such that the average time for a packet will be 1/2 second less than the given value.

This method destroys the existing cache of packet information.

setDebugLogImplFactory

public void setDebugLogImplFactory(LogImplFactory fac)
                            throws IOException

Set up the Debug logging system. This must be set up before starting the server.

Parameters:

fac - Factory for creating a new logging class.

Throws:

IOException

See Also:

LogImplFactory, LogImpl

setDuplicateDetectionMethod

public void setDuplicateDetectionMethod(int detectionMethod)
                                 throws RADIUSServerException

Use an alternate form of duplicate detection.

The server normally uses the packet authenticator to determine if a packet is a duplicate. The RADIUS RFC points out a MUST and a SHOULD indicating that the authenticator MUST be unique if attributes change, and MUST remain the same if a retry is attempted. Further the Request Authenticator field SHOULD exhibit global and temporal uniqueness over the life of the secret.

This method should be used to change the method the server uses to detect duplicate packets. It must be used prior to starting the servers or changing any other aspect of duplicate detection, such as disableAcctDuplicateChecking(), disableAuthDuplicateChecking(), setAcctDuplicateTTL(int seconds), and setAuthDuplicateTTL(int seconds).

By default the authenticator method is satisfactory in almost all cases and is much faster than the NAS address / port / packet identifier uniqueness test.

Parameters:

detectionMethod - One of DUPLICATE_DETECTION_AUTHENTICATOR or DUPLICATE_DETECTION_NASPORTID.

Throws:

RADIUSServerException - if there the detection method is unknown.

setEncryptImplFactory

public void setEncryptImplFactory(EncryptImplFactory fac)

Set up the Proxy packet encryption system. This allows proxies to more securely send packets over the open net. This is not required for operation.

Parameters:

fac - Factory to create the EncryptImpl class.

See Also:

EncryptImplFactory, EncryptImpl

setExtendedPacketImplFactory

public void setExtendedPacketImplFactory(ExtendedPacketImplFactory fac)

Set up the Extended Packet receiver system.

Parameters:

fac - Factory for creating a new extended packet receiver class.

See Also:

LogImplFactory, LogImpl

setMaximumPackets

public void setMaximumPackets(int maxPackets)

Set the maximum number of concurrent packets the server will handle - must be configured after one of the server receivers is started (authentication or accounting); Setting this to zero will effectively stop the server. The Server log will be informed of an excess of packets. Not effective in a single thread server.

Parameters:

maxPackets - Highest packet count permitted.

setMaxPacketSize

public void setMaxPacketSize(int packetSize)

Change the maximum packet size of a RADIUS packet. By default and by the relevant RFC's the RADIUS packet size is set to 4K (4096 bytes).

Parameters:

packetSize - Packet size in bytes.

setMinimumPackets

public void setMinimumPackets(int minPackets)

Set the minimum number of concurrent packets the server will provide initially. Not effective once a server has started or for a single thread server.

Parameters:

minPackets - Lowest number of packets to allocate.

setMultihome

public void setMultihome(boolean allInterfaces)

Specify how the receiver interface is bound. There are two ways to bind the receiver ports on a multihomed system. The ports may be bound to one interface or all interfaces.

The default is to be multihomed.

The advantage of binding to a single interface is that you can run multiple servers one the same machine with identical port numbers. The advantage to listening on multiple interfaces is that your machine will catch all requests regardless of what interface the request arrives on.

Parameters:

allInterfaces - Set to true if you want the server to listen on all interfaces. Set to false if the interface specified in the server information is the only interface that will response to requests for this server.

setNASCallBackFactory

public void setNASCallBackFactory(NASCallBackFactory fac)

Set up an unknown NASCallBack. Perform some action when a packet arrives with an unknown NAS.

Parameters:

fac - Factory to create the NASCallBack class.

See Also:

NASCallBackFactory, NASCallBack

setPrefixCharacter

public void setPrefixCharacter(char prefixChar)

Set the User-Name prefix character. The default character is '/'.

Parameters:

prefixChar - Proxy indication character.

setProxyCharacter

public void setProxyCharacter(char proxyChar)

Set the proxy character. By default this is the '@' character, but it can be altered here.

Parameters:

proxyChar - Proxy indication character.

setProxyImplFactory

public void setProxyImplFactory(ProxyImplFactory fac)

Set up the Proxy alteration system. This allows proxying to be changed based on any attribute values. It also allows attributes to be altered. This is not required for operation.

Parameters:

fac - Factory to create the ProxyImpl class.

See Also:

ProxyImplFactory, ProxyImpl

setProxyStateTTL

public void setProxyStateTTL(int seconds)

Set the time the objects associated with a ProxyState attribute object will persist.

The ProxyState object attributes is associated with persistent objects so that information required to forward and return packets is maintained. Programmer defined information associated with the ProxyState attribute is also controlled by this timer. This sets the number of seconds an object will persist if not explicitly removed.

The default is 30 seconds.

Parameters:

seconds - Number of seconds to remember ProxyState objects.

Since:

3.42

setServerInfo

public void setServerInfo(InetAddress ipServer,
                          String realm,
                          int authPort,
                          int acctPort)
                   throws RADIUSServerException

Set up the server's basic information. This must be done before starting either the authentication or accounting server. The server is described as a proxy target and a default NAS entry is created from the proxy target information. If port numbers are 0 they'll default to the normal port numbers.

Parameters:

ipServer - The server's IP address.

realm - The Server's realm name if it's a proxy server.

authPort - Authentication port number. If 0 RADIUSServer.AUTH_PORT is assumed.

acctPort - Accounting port number. If 0 RADIUSServer.ACCT_PORT is assumed.

Throws:

RADIUServerException - if there's a problem.

RADIUSServerException

setServerInfo

public void setServerInfo(ProxyTarget pt)
                   throws RADIUSServerException

Set up the server's basic information. This must be done before starting either the authentication or accounting server. The server is described as a proxy target and a default NAS entry is created from the proxy target information.

If port numbers are 0 they'll default to the normal port numbers.

A secret must not be set in the ProxyTarget server object.r - it derives it's secret from other proxy servers and client's.

Parameters:

pt - ProxyTarget object. This configures the basic server information.

Throws:

RADIUServerException - if there's a problem.

RADIUSServerException

setServerLogAll

public void setServerLogAll()

Set logging level for server authentication messages. Logs all authentications whether they succeed or fail.

See Also:

LogImpl, setServerLogLevel(int), SL_SUCCESS, SL_FAILURE, SL_BOTH, SL_NONE

setServerLogFailure

public void setServerLogFailure()

Set logging level for server authentication messages. Logs only authentications that fail. Used to filter noise level.

See Also:

LogImpl, setServerLogLevel(int), SL_SUCCESS, SL_FAILURE, SL_BOTH, SL_NONE

setServerLogImplFactory

public void setServerLogImplFactory(LogImplFactory fac)
                             throws IOException

Set up the Server logging system. This must be set up before starting the server. Default action is to log both authentication successes and failures.

Parameters:

fac - Factory for creating a new logging class.

Throws:

IOException

See Also:

setServerLogLevel(int), LogImplFactory, LogImpl

setServerLogLevel

public void setServerLogLevel(int loglevel)

Set logging level for server messages. Can be set to display RADIUS success, failure, both, or neither messages.

Parameters:

loglevel - Logging level

See Also:

setServerLogAll(), setServerLogFailure(), setServerLogSuccess(), setServerLogNone(), LogImpl, SL_SUCCESS, SL_FAILURE, SL_BOTH, SL_NONE

setServerLogNone

public void setServerLogNone()

Set logging level for server authentication messages. Turns off logging for both failed and successful authentications.

See Also:

LogImpl, setServerLogLevel(int), SL_SUCCESS, SL_FAILURE, SL_BOTH, SL_NONE

setServerLogSuccess

public void setServerLogSuccess()

Set logging level for server authentication messages. Logs only authentications that are successful.

See Also:

LogImpl, setServerLogLevel(int), SL_SUCCESS, SL_FAILURE, SL_BOTH, SL_NONE

setSingleStatePool

public void setSingleStatePool()

Set a single pool of State object instead of several.

This is an abnormal setting for the server and suits certain installations. It allows any client to submit a request that may contain a State value that maps to a state object another client has set. In other words any client may send another client's State information.

setSNMPManagers

public void setSNMPManagers(InetAddress[] managerList)

Set a list of managers for SNMP. If no manager list is applied requests from any source will be accepted. If the list is in place only requests from these systems will be permitted.

Parameters:

managerList - List of managers that may send requests.

setSNMPParameters

public void setSNMPParameters(String sysContact,
                              String sysName,
                              String sysLocation)
                       throws RADIUSServerException

Set some common SNMP parameters. These may be set using this method or by the SNMP management system. Initially they are all empty. If any parameter is null that parameter will not be changed.

Parameters:

sysContact - "The textual identification of the contact person for this managed node, together with information on how to contact this person."

sysName - "An administratively-assigned name for this managed node. By convention, this is the node's fully-qualified domain name."

sysLocation - ""The physical location of this node (e.g., `telephone closet, 3rd floor')."

Throws:

RADIUSServerException - if SNMP isn't already started.

setSnoopImplFactory

public void setSnoopImplFactory(SnoopImplFactory fac)

Set up Snooping. Lets someone snoop on all incoming packets.

Parameters:

fac - Factory to create the SnoopImpl class.

See Also:

SnoopImplFactory, SnoopImpl

setStateTTL

public void setStateTTL(int seconds)

Set the time the objects associated with a State attribute will persist.

State attributes may be associated with persistent objects so that information required to be passed from one Access-Challenge to another can be preserved. This sets the number of seconds an object will persist if not explicitly removed.

The default is 30 seconds.

Parameters:

seconds - Number of seconds to remember State objects.

showNASList

public String showNASList()

Get a string representation of the list of NAS's the server's currently using.

Returns:

multiline string display the NAS's.

startAccountingServer

public void startAccountingServer()
                           throws RADIUSServerException

Starts the RADIUS Accounting Server. Starts a threaded server.

Throws:

RADIUSServerException - if there's a problem starting the accounting server.

startAccountingServer

public void startAccountingServer(boolean singleThread)
                           throws RADIUSServerException

Starts the RADIUS Accounting Server. One port receiver is created for listening - accounting.

Some initialization is required before starting the server including starting SNMP either exposed or unexposed. The logs, related authentication and / or accounting implementations, and server setup.

If singleThread is true the server thread will not spawn additional threads to accommodate requests. Each request must wait for the previous to finish. This is useful in an environment where threading greatly increased the complexity of the accounting or authentication code.

If singleThread is false a thread will be spawned for each request. This choice offers maximum parallelism if the various implementations are prepared for this.

Parameters:

singleThread - True if a blocking server is to run, False if a threaded server should run.

Throws:

RADIUSServerException - if there's a problem.

startAuthenticationServer

public void startAuthenticationServer()
                               throws RADIUSServerException

Starts the RADIUS Authentication Server. Starts a threaded server.

Throws:

RADIUSServerException - if SNMP isn't already started.

startAuthenticationServer

public void startAuthenticationServer(boolean singleThread)
                               throws RADIUSServerException

Starts the RADIUS Authentication Server. One port receiver is created for listening - authentication

Some initialization is required before starting the server including starting SNMP either exposed or unexposed. The logs, related authentication and / or accounting implementations, and server setup.

If singleThread is true the server thread will not spawn additional threads to accommodate requests. Each request must wait for the previous to finish. This is useful in an environment where threading greatly increased the complexity of the accounting or authentication code.

If singleThread is false a thread will be spawned for each request. This choice offers maximum parallelism if the various implementations are prepared for this.
Each of AccessImpl, SnoopImpl, ProxyImpl are told about the log files.

Parameters:

singleThread - True if a one thread server is to run, False if a fully threaded server should run.

Throws:

RADIUSServerException - if the server failed to start. The reason is given in the exception's message.

startDebug

public void startDebug()

Start logging debugging information.

See Also:

LogImpl

startDMCOAServer

public void startDMCOAServer(int port)
                      throws RADIUSServerException

Starts the RADIUS DM / COA packet server.

The DM / COA server handles packets providing Disconnect-Requests and CoA-Requests. This server differs from the authentication and accounting servers in that it sends packets in the reverse direction, from the server to the client.

Parameters:

port - DM / COA port. If 0 the default port value of DMCOA_PORT is used. server to determine the next destination, either a server or client, for the request packet.

Throws:

RADIUSServerException - if the server failed to start. The reason is given in the exception's message.

startSNMP

public void startSNMP()

Start the SNMP statistics without exposing an SNMP agent. The RADIUS server will not run the SNMP agent although it will continue to gather statistics on server use.

startSNMP

public void startSNMP(String readCommunity,
                      String writeCommunity,
                      String trapCommunity,
                      int cmdPort,
                      InetAddress trapManager,
                      int trapPort)
               throws RADIUSServerException

Start SNMP. This should be done after setting up the logs and must be done before any other server configuration methods are attempted. If the logs are not set up error messages go to stdout.

If you don't want to start an SNMP session (preventing SNMP requests from being received) see startSNMP() .

Typically SNMP provides information about a device or piece of software, such as this server. The RADIUS-AUTH-SERVER-MIB and the RADIUS-ACC-SERVER-MIB are described in RFC's 2619 and 2621 respectively.

If your operating system or other application is already running SNMP you will have to change the port number to an unused port. Traps are sent to the address described as the machine at the trap Manager at the trap port. Normally the only traps sent are thread exceptions although other classes may send trap messages as well.

Community names should be created as any good passwords are chosen to prevent unauthorized restarting of the server among other pranks. These names permit the reading and writing of server SNMP values.

Parameters:

readCommunity - SNMP community for reading (if null it defaults to public).

writeCommunity - SNMP community for writing (if null it defaults to private).

trapCommunity - SNMP trap community (if null it disables traps).

cmdPort - SNMP command port (if 0 the default value of 161 is used).

trapManager - Address of manager for catching traps.

trapPort - Address manager port (if 0 the default value of 162 is used).

Throws:

RADIUSServerException - if there's a problem.

See Also:

sendSNMPTrap(), setDebugLogImplFactory(), setServerLogImplFactory()

stopAccountingServer

public void stopAccountingServer()
                          throws RADIUSServerException

Stop the accounting server. Stops the accounting packet receiver.

Throws:

RADIUSServerException - if there's a problem.

stopAuthenticationServer

public void stopAuthenticationServer()
                              throws RADIUSServerException

Stop the authentication server. Stops the authentication packet receiver.

Throws:

RADIUSServerException - if there's a problem.

stopDebug

public void stopDebug()

Stop logging debugging information.

See Also:

LogImpl

stopDMCOAServer

public void stopDMCOAServer()
                     throws RADIUSServerException

Stop the DM / COA server. Stops the DM / COA packet receiver.

Throws:

RADIUSServerException - if there's a problem.

stopServer

public void stopServer()
                throws RADIUSServerException

Stop all active servers. Stops the packet receivers.

Throws:

RADIUSServerException - if there's a problem.

stopSNMP

public void stopSNMP()

Stop SNMP.

toString

public String toString()

Return a string representation of the RADIUS Server.

Returns:

RADIUS Server information.

toVerboseString

public String toVerboseString()

Return a long representation of the RADIUS Server.

Returns:

RADIUS Server information.

translateProxyId

public void translateProxyId(boolean on)

Translate NAS-Identifier and/or NAS-IP-Address in a proxy request. If enabled a proxy request/response will have it's NAS-Identifier and/or NAS-IP-Address translated to look like the proxy server is the actual client. The default is false for normal operation. If enabled proxy requests look as if the server is the client instead of a proxy server.

Parameters:

on - True for proxy identifier translation on, false for no identifier translation.