Overview  Package   Class  Use  Tree  Deprecated  Index 
AXL Software™
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.theorem.tacacs
Class TACACSClient

Object
  extended byTACACSClient
public class TACACSClient
extends Object

TACACS+ Client for applications. This provides a platform independent way to authenticate and perform accounting for an entity. The TACACS+ client is in compliance with tac-rfc.1.78.txt (draft-grant-tacacs-02.txt), the only known standard.

Field Summary
static int DEFAULT_PORT
          Port number (49) for TACACS+ server - 49.
static int SOCKET_TIMEOUT
          Default TACACS+ timeout, value = 10000 ms.
static String Version
          Client software version number ("1.15")
 
Constructor Summary
TACACSClient(InetAddress tHost, int port, String secret)
          Class constructor creates the TACACS+ Client.
TACACSClient(InetAddress tHost, int port, String secret, int timeout)
          Class constructor creates the TACACS+ Client.
 
Method Summary
 Packet accounting(int acctType, TACACSSession session)
          Send Accounting information.
 Packet authentication(int authenType, TACACSSession session, byte[] data)
          Send Authentication information.
 Packet authenticationContinue(int authenType, TACACSSession session, int flag, byte[] userMessage, byte[] data)
          Send Authentication CONTINUE information.
 Packet authorization(int action, TACACSSession session)
          Send Authorization information.
 void close()
          End the client.
 TACACSSession createSession(TACACSCallback callback)
          Create a session.
 void enableEncryption(boolean encrypt)
          Enable or disable packet encryption on a global scale.
 void enableMultipleSessions(boolean enable)
          Enable or disable multiple sessions by this client.
 byte[] getSecret()
          Get the NAS secret.
 void logToDebug(String msg)
          Log a message to the debug file or stdout if debugging hasn't been set up.
 void removeSession(TACACSSession session)
          Remove a TACACSSession from the client.
 void reset()
          Reset the connection between transactions.
 boolean setDebug(boolean debug)
          Set debugging on or off.
 void setDebug(boolean debug, String fileName)
          Set debugging on or off.
 String toString()
          Return representation of the TACACS+ connection.
 
Methods inherited from class Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

Version

public static final String Version
Client software version number ("1.15")

See Also:
Constant Field Values

DEFAULT_PORT

public static final int DEFAULT_PORT
Port number (49) for TACACS+ server - 49.

See Also:
Constant Field Values

SOCKET_TIMEOUT

public static final int SOCKET_TIMEOUT
Default TACACS+ timeout, value = 10000 ms.

See Also:
Constant Field Values
Constructor Detail

TACACSClient

public TACACSClient(InetAddress tHost,
                    int port,
                    String secret)
             throws SocketException,
                    IOException
Class constructor creates the TACACS+ Client. Attempts to make a connection to the given TACACS+ client. Each new authentication request requires a new constructor.

Parameters:
tHost - The TACACS+ host address.
port - Port number for the TACACS+ host.
secret - The shared secret between this client and the TACACS+ server.
Throws:
SocketException - Socket creation problems.
IOException

TACACSClient

public TACACSClient(InetAddress tHost,
                    int port,
                    String secret,
                    int timeout)
             throws SocketException,
                    UnknownHostException,
                    IOException
Class constructor creates the TACACS+ Client. Attempts to make a connection to the given TACACS+ client.

Parameters:
tHost - The TACACS+ host name or address.
port - Port number for the TACACS+ host.
secret - The shared secret between this client and the TACACS+ server.
timeout - Socket timeout in milliseconds.
Throws:
SocketException - Socket creation problems.
IOException - Socket creation problems.
UnknownHostException - Unknown remote host.
Method Detail

reset

public void reset()
           throws SocketException,
                  IOException
Reset the connection between transactions.

Throws:
SocketException - if there's a problem creating the socket.
SocketException - if there's a problem creating the streams..
IOException

setDebug

public void setDebug(boolean debug,
                     String fileName)
              throws IOException
Set debugging on or off. Debugging information is written to a file or the standard output. The information includes the packet contents.

Parameters:
debug - Use true to enable debugging, false to disable debugging.
fileName - Debugging information will be written to this file. If the file name is null the standard output is used.
Throws:
IOException - if there's a problem opening the debugging output.
See Also:
logToDebug()

setDebug

public boolean setDebug(boolean debug)
Set debugging on or off. Debugging information is written to the standard output. The information includes the packet's contents. If the output is sent to a file the file is overwritten each time the class is instantiated.

Parameters:
debug - Use true to enable debugging, false to disable debugging. The standard output is used.
Returns:
False if the standard output can't be opened.

logToDebug

public void logToDebug(String msg)
Log a message to the debug file or stdout if debugging hasn't been set up. This is used to log message to the same place the TACACSClient logs.

Parameters:
msg - Message to write.
See Also:
setDebug()

enableEncryption

public void enableEncryption(boolean encrypt)
Enable or disable packet encryption on a global scale. This can be overridden on a per-session basis using TACACSSession.enableEncryption(). Note that the server will continue to encrypt packets if it is configured to do so. The default is send packets encrypted but for debugging purposes encryption can be disabled.

Parameters:
encrypt - Encrypt the packet if true, disable encryption if false.

enableMultipleSessions

public void enableMultipleSessions(boolean enable)
Enable or disable multiple sessions by this client.

Parameters:
enable - True to enable multiple sessions, false to disable them. The default is enable multiple sessions.

createSession

public TACACSSession createSession(TACACSCallback callback)
Create a session. Creates a session to be used by the authentication, authorization and accounting methods. The session is used to set TACACS+ parameters.

"The concept of a session is used throughout this document. A TACACS+ session is a single authentication sequence, a single authorization exchange, or a single accounting exchange. It is used by both ends to distinguish between packets belonging to multiple sessions"

Parameters:
callback - The object that implements TACACSCallback which will be called when a reply is returned. If the callback value is null no callback will be made and the reply packet is made available by the accounting(), authorization(), authentication(), and authenticationContinue() methods.

removeSession

public void removeSession(TACACSSession session)
Remove a TACACSSession from the client. If multiple sessions are being used it's important to remove unused sessions. A session may be used for all aspects of authentication, authorization, and accounting. It is not necessary to retain the same session over the entire set of transactions unless multiple sessions have been disabled by enableMultipleSessions().

Parameters:
session - TACACSSession.

accounting

public Packet accounting(int acctType,
                         TACACSSession session)
                  throws ClientSendException,
                         ClientReceiveException,
                         TACACSException
Send Accounting information. If the callback has been enabled in createSession the TACACSCallback interface will be used. Otherwise the reply packet can be obtained directly from this method.

Parameters:
acctType - Accounting type.
session - TACACSSession to send.
Returns:
The response packet.
Throws:
ClientSendException - If a problem occurs sending a packet.
ClientReceiveException - If a problem occurs receiving a packet.
TACACSException - if something else goes wrong.

authorization

public Packet authorization(int action,
                            TACACSSession session)
                     throws ClientSendException,
                            ClientReceiveException,
                            TACACSException
Send Authorization information. If the callback has been enabled in createSession the TACACSCallback interface will be used. Otherwise the reply packet can be obtained directly from this method.

Parameters:
action - Action, e.g. TAC_PLUS_AUTHEN_LOGIN.
session - TACACSSession to send.
Returns:
The response packet.
Throws:
ClientSendException - If a problem occurs sending a packet.
ClientReceiveException - If a problem occurs receiving a packet.
TACACSException - if something else goes wrong.

authentication

public Packet authentication(int authenType,
                             TACACSSession session,
                             byte[] data)
                      throws ClientSendException,
                             ClientReceiveException,
                             TACACSException
Send Authentication information. If the callback has been enabled in createSession the TACACSCallback interface will be used. Otherwise the reply packet can be obtained directly from this method.

Parameters:
authenType - Authentication type.
session - TACACSSession to send.
data - Data to send for the particular type of authentication.
Returns:
The response packet.
Throws:
ClientSendException - If a problem occurs sending a packet.
ClientReceiveException - If a problem occurs receiving a packet.
TACACSException - if something else goes wrong.

authenticationContinue

public Packet authenticationContinue(int authenType,
                                     TACACSSession session,
                                     int flag,
                                     byte[] userMessage,
                                     byte[] data)
                              throws ClientSendException,
                                     ClientReceiveException,
                                     TACACSException
Send Authentication CONTINUE information. If the callback has been enabled in createSession Otherwise the reply packet can be obtained directly from this method. the TACACSCallback interface will be used.

Parameters:
authenType - Authentication type.
session - TACACSSession to send.
flag - A flag value of either TAC.TAC_PLUS_CONTINUE_FLAG_ABORT or TAC.TAC_PLUS_CONTINUE_FLAG_OK.
userMessage - The name, password, or other data requested (may be set to null).
data - Data Other data related to the authentication (may be set to null).
Returns:
The response packet.
Throws:
ClientSendException - If a problem occurs sending a packet.
ClientReceiveException - If a problem occurs receiving a packet.
TACACSException - if something else goes wrong.

close

public void close()
End the client.

toString

public String toString()
Return representation of the TACACS+ connection.

Returns:
representation of the TACACS+ connection.

getSecret

public byte[] getSecret()
Get the NAS secret.

Returns:
secret.
Overview  Package   Class  Use  Tree  Deprecated  Index 
AXL Software™
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Submit a bug report or feature request

Copyright 1998-2002 AXL Software™ PO Box 97, Viola, Delaware 19979, U.S.A. All Rights Reserved.