fix auth reject missing bug

talkincode · Sep 28, 2020 · 8768ff7 · 8768ff7
1 parent 0a47877
commit 8768ff7
Showing 1 changed file with 31 additions and 18 deletions.
diff --git a/src/main/java/org/toughradius/handler/RadiusAuthHandler.java b/src/main/java/org/toughradius/handler/RadiusAuthHandler.java
@@ -1,5 +1,6 @@
 package org.toughradius.handler;
 
+import org.tinyradius.util.RadiusException;
 import org.toughradius.common.ValidateCache;
 import org.toughradius.component.ConfigService;
 import org.toughradius.component.Memarylogger;
@@ -10,6 +11,7 @@
 import org.apache.mina.core.session.IoSession;
 import org.springframework.stereotype.Component;
 
+import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.util.HashMap;
 import java.util.Map;
@@ -20,15 +22,15 @@
 public class RadiusAuthHandler extends RadiusBasicHandler {
 
 
-
     /**
      * 异常处理
+     *
      * @param session
      * @param cause
      * @throws Exception
      */
     @Override
-    public void exceptionCaught(IoSession session, Throwable cause)throws Exception {
+    public void exceptionCaught(IoSession session, Throwable cause) throws Exception {
         cause.printStackTrace();
         session.closeNow();
     }
@@ -45,7 +47,7 @@ public void messageReceived(IoSession session, Object message)
         final InetSocketAddress localAddress = (InetSocketAddress) session.getLocalAddress();
 
         RadiusPacket preRequest = makeRadiusPacket(data, "1234567890", RadiusPacket.RESERVED);
-        if(preRequest.getPacketType()!=RadiusPacket.ACCESS_REQUEST){
+        if (preRequest.getPacketType() != RadiusPacket.ACCESS_REQUEST) {
             radiusStat.incrAuthDrop();
             radiusAuthStat.update(RadiusAuthStat.DROP);
             logger.error("错误的 RADIUS 认证消息类型 " + preRequest.getPacketType() + "  <" + remoteAddress + " -> " + localAddress + ">", Memarylogger.RADIUSD);
@@ -63,48 +65,59 @@ public void messageReceived(IoSession session, Object message)
         }
 
         // parse packet
-        AccessRequest request = (AccessRequest)makeRadiusPacket(data, nas.getSecret(), RadiusPacket.ACCESS_REQUEST);
+        AccessRequest request = null;
+        try {
+            request = (AccessRequest) makeRadiusPacket(data, nas.getSecret(), RadiusPacket.ACCESS_REQUEST);
+        }catch(RadiusException ex){
+            logger.error( "RADIUS 请求解析失败",ex, Memarylogger.RADIUSD);
+            return;
+        }
         request.setRemoteAddr(remoteAddress);
 
-        request = (AccessRequest)parseFilter.doFilter(request,nas);
+        request = (AccessRequest) parseFilter.doFilter(request, nas);
+
+        logger.info(request.getUsername(), "接收到RADIUS 认证请求 <" + remoteAddress + " -> " + localAddress + "> : " + request.toSimpleString(), Memarylogger.RADIUSD);
+        if (radiusConfig.isTraceEnabled())
+            logger.print(request.toString());
 
         ValidateCache vc = getAuthBrasValidate(nas);
         String vckey = nas.getId().toString();
         vc.incr(vckey);
-        if(vc.isOver(vckey)){
+        if (vc.isOver(vckey)) {
             radiusStat.incrAuthDrop();
             radiusAuthStat.update(RadiusAuthStat.BRAS_LIMIT_ERR);
             logger.error(request.getUsername(), "接入设备认证并发限制超过" + nas.getAuthLimit() + " <" + remoteAddress + " -> " + localAddress + ">", Memarylogger.RADIUSD);
+            sendResponse(session, remoteAddress, nas, request, getAccessReject(request, "接入设备认证并发限制超过"));
+            return;
         }
 
-
-        logger.info(request.getUsername(), "接收到RADIUS 认证请求 <" + remoteAddress + " -> " + localAddress + "> : " + request.toSimpleString(), Memarylogger.RADIUSD);
-        if (radiusConfig.isTraceEnabled())
-            logger.print(request.toString());
-
         // handle packet
         RadiusPacket response = null;
-        try{
+        try {
             response = accessRequestReceived(request, nas);
             radiusStat.incrAuthAccept();
             radiusAuthStat.update(RadiusAuthStat.ACCEPT);
-        } catch(Exception e){
+        } catch (Exception e) {
             radiusStat.incrAuthReject();
             logger.error(request.getUserName(), "认证处理失败 " + e.getMessage(), Memarylogger.RADIUSD);
             response = getAccessReject(request, "认证处理失败");
         }
 
+        sendResponse(session, remoteAddress, nas, request, response);
+        int cast = (int) (System.currentTimeMillis() - start);
+        radiusCastStat.updateAuth(cast);
+
+
+    }
+
+    private void sendResponse(IoSession session, InetSocketAddress remoteAddress, Bras nas, AccessRequest request, RadiusPacket response) throws IOException {
         // send response
         if (response != null) {
             logger.info(request.getUsername(), "发送认证响应至 " + remoteAddress + "， " + response.toLineString(), Memarylogger.RADIUSD);
             if (radiusConfig.isTraceEnabled())
                 logger.print(response.toString());
-            sendResponse(session,remoteAddress,nas.getSecret(),request,response);
+            sendResponse(session, remoteAddress, nas.getSecret(), request, response);
         }
-        int cast = (int) (System.currentTimeMillis()-start);
-        radiusCastStat.updateAuth(cast);
-
-
     }
 
 }