[cas-dev] RADIUS authentication handler

[Velpi]

Hi,

I'm trying to authenticate CAS to a RADIUS server with username/password (PAP). 
The latest thing I read about that was this old email:
http://tp.its.yale.edu/pipermail/cas/2004-October/000853.html

So I pulled up my sleeves and tried to build and authentication handler for CAS3 
that uses the JRadius library (http://jradius.sourceforge.net/).
I based myself on the CAS3 LdapAdaptor (from CVS) to build a 
BasicRadiusAuthenticationHandler. I'm afraid I will need some instructions to 
get it to work because of some CAS3 internals. If it works I would be more than 
happy to donate the code to the CAS3 project.

I'm now at the point where I need to decide about yes/no authenticated 
(authenticateUsernamePasswordInternal). Do I just return true/false or should I 
throw an exception (BadUsernameOrPasswordAuthenticationException) in stead of false?
(after that I can start configuring and testing)

We're now using the genericHandler from ESUP with the legacy adaptor. That 
doesn't seem to return any message to the user when the auth method return 
false. I haven't figured out why but I think it is about the same problem. 
(might be the error code too though, I'll check now that I understand a little 
more of it)



here's a short description of what I did (comment welcome):
* AbstractRadiusUsernamePasswordAuthenticationHandler extends 
AbstractUsernamePasswordAuthenticationHandler: default settings and 
initialisation of the radiusClient (from library).
* BasicRadiusAuthenticationHandler extends... and holds the actual authN code: 
packet preparing, sending and checking response
* RadiusUtils contains some static final converting methods

Curently I included some code for CHAP (challenge response) authentication that 
I learned from an example, but I don't think that is possible using the current 
webflow so I made it throw an UnsupportedCredentialsException when a CHAP 
response is detected.


--Velpi