TinyRadius-Netty is a fork of the TinyRadius Radius library, rebuilt with Java 8 and Netty patterns/features.
- Sends/receives Radius packets
- Signs and verifies Request Authenticator for Access and Accounting requests/responses
- Supports verifying and encoding for PAP, CHAP, and EAP (Message-Authenticator)
- Attach arbitrary attributes to packets
- Loads dictionaries recursively from file system or classpath (Radiator format)
- Netty for async IO, timeouts, thread management
- Handlers follow Netty's interceptor filter pattern, blocking calls use promises
- log4j2 instead of commons-logging
- Java 6-8 features (generics, NIO, lambdas, streams)
- Packets and Attributes are fully immutable
- 80%+ test coverage
- Proxy no longer a separate implementation, but a promise-based adapter between the client and server classes
See the example implementations on usage as Client/Server/Proxy.
DefaultDictionary
uses a very limited subset that's included in the classpath.- Singleton is available at
DefaultDictionary.INSTANCE
- Singleton is available at
DictionaryParser
parses custom resources and takes aResourceResolver
parameter.- Factory methods
newFileParser()
andnewClasspathParser()
resolves resources on file system and classpath respectively. Dictionaries can include other files to parse, and paths are resolved differently in each case.
- Factory methods
- Results of dictionary parses are stored as
AttributeType
.
RadiusAttribute
is used for octets attributes and attributes without a dictionary entry or specific subtype.- Attribute subtypes such as
IntegerAttribute
store the same data, but have convenience methods for maniupulation and stricter data validation.
- Attribute subtypes such as
AttributeType
contains the attribute type, name, data type, and enumeration of valid values if appropriate.- A
create()
method is used to create attributes directly for that type. - If only the attribute type ID is known, rather than the AttributeType object, use
Attributes.create()
which will create a basicRadiusAttribute
. This is safer as it will always successfully create an attribute even if there's no dictionary entry for the type ID.
- A
VendorSpecificAttribute
stores lists of vendor-specific attributes instead of attribute data itself, and serializes its data by concatenating byte array representations of sub-attributes with its type/vendorId/length header.
RadiusPacket
represents packet and associated data, withRadiusRequest
andRadiusResponse
as the two variants.encodeRequest()
andencodeResponse()
return a new copy of the current RadiusPacket with the AuthenticatorAccessRequest
andAccessResponse
has a different way of encoding/verifying the packet authenticator compared to other Radius request/response types and encodes the appropriate password/Message-Authenticator attributes.
RadiusRequest
andRadiusResponse
has static methods for creating packets and using a more specific subclass where possible, and for generating a valid packet identifier.- If no specicfic subclass is appropriate, defaults to
GenericRadiusRequest
andGenericRadiusReponse
respectively
- If no specicfic subclass is appropriate, defaults to
PacketType
contains list of constants of packet types. It's intentionally not an enum to allow for types that aren't included in the list / added in the future.PacketEncoder
contains methods for converting to/from netty Datagram and ByteBufs.
RadiusClient
manages setting up sockets and netty, and the plumbing for thecommunicate()
method to return aFuture<RadiusPacket>
TimeoutHandler
contains a method which is called after every request is sent, with a Runnable to retry. The retry runnable is then scheduled or timeout triggered depending on the implementation.PromiseAdapter
is a ChannelHandler that requires a promise to be passed in with the outbound request in aPendingRequestCtx
wrapper.- The Promise passed into the handler is incomplete. The Promise is completed and removed from memory when a valid response is received or timeouts.
- Appends a
Proxy-State
attribute to the packet and uses that to match request/responses.
RadiusServer
sets up netty listeners and sockets.- Packets should go through
ServerPacketCodec
first to verify shared secrets and convert between Datagram andRequestCtx
(a wrapper aroundRadiusPacket
), andResponseCtx
for responses.BasicCachingHandler
should be used before the actual handler if required. It provides hooks to override for hit/miss events.RequestHandler
handlesRequestCtx
, but only accepts specific subtypes ofRadiusRequest
.ProxyHandler
handles incoming requests and proxies the request using an instance of RadiusClient.
Copyright Matthias Wuttke and contributors:
- http://tinyradius.sourceforge.net/
- https://github.com/ctran/TinyRadius
- https://github.com/globalreachtech/tinyradius-netty
Licensed under LGPL 2.1