JRadius is a project I started to not only address the need for a Java RADIUS client capable of EAP-based authentication, but for a Java framework for processing RADIUS authentication and accounting through a server front end like FreeRADIUS. Why? Well, for several reasons. First, I primarily had Java programmers. But, also because Java offers a lot in terms of portability and integration with other Java components and systems. This article will help point you in the right direction to get up and running with JRadius in both the client and server context - there will be more articles and wiki documentation to come.

Using JRadius with FreeRADIUS

The first thing you need is a FreeRADIUS server with the JRadius module. Instructions on how to do this are here, in the wiki. The JRadius module, rlm_jradius, is what links the FreeRADIUS server to the JRadius server. Using pooled connections, requests are taken out of FreeRADIUS and passed on to JRadius for processing. The basic structure of a JRadius handler looks like:

public class MyHandler extends PacketHandlerBase {
public boolean handle(JRadiusRequest request) {
AttributeList ci = request.getConfigItems(); RadiusPacket req = request.getRequestPacket(); RadiusPacket rep = request.getReplyPacket();
String u = (String)req.getAttributeValue(Attr_UserName.TYPE);
...
}
}

From within the JRadius Java server, you are able to do just about everything any other FreeRADIUS module can do. This includes adding, removing, or altering attributes in the request, the reply, or the internal FreeRADIUS “config items” attribute list. The latter is used within FreeRADIUS - often using FreeRADIUS internal only attributes - to control the state and behavior of the request.

AttributeList ci = request.getConfigItems();
ci.add(new Attr_UserPassword("password"));

For instance, to give FreeRADIUS the plain text password of a user (to be used by FreeRADIUS during actual authentication), you might have the above in your authorize JRadius handler.

Running JRadius Server

To get your handlers up and running, you need a JRadius server. Instructions on how to build and get an example server running is found in the wiki. You can easily build from the JRadius SVN using Maven and Ant. Doing mvn install will setup the dependencies and create jar files in the typical target directory for core (core JRadius client and server), dictionary (attribute dictionary), extended (JRadius classes that require the dictionary), and example (a couple examples). Using Ant by doing ant dist will create just 2 jars in the dist directory - jradius.jar and jradius-dictionary.jar, where the former contains everything minus the dictionary. To summarize the steps in getting the JRadius example server running:

svn co http://dev.coova.org/svn/cjradius/
cd cjradius
ant dist
ant run-example

You can find the example source code in the java/example directory which can be extended to suite your specific needs.

Using JRadius Client

The Client API is simple and able to do a variety of authentication protocols - including PAP, MSCHAPv2, EAP-MD5, and EAP-TTLS/PAP. JRadius can be integrated into any Java authentication scheme. For instance, it has been used with Jive Wildfire and Shibboleth.

Development and Support

For questions, suggestions, bug reports, patches, and the like; I have created a JRadius Forum.