Example 66 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project pwm by pwm-project.
the class ConfigManagerServlet method downloadPermissionReportCsv.
private void downloadPermissionReportCsv(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ChaiUnavailableException, ServletException {
pwmRequest.getPwmResponse().markAsDownload(HttpContentType.csv, pwmRequest.getConfig().readAppProperty(AppProperty.DOWNLOAD_FILENAME_LDAP_PERMISSION_CSV));
final CSVPrinter csvPrinter = JavaHelper.makeCsvPrinter(pwmRequest.getPwmResponse().getOutputStream());
try {
final StoredConfigurationImpl storedConfiguration = readCurrentConfiguration(pwmRequest);
final LDAPPermissionCalculator ldapPermissionCalculator = new LDAPPermissionCalculator(storedConfiguration);
for (final LDAPPermissionCalculator.PermissionRecord permissionRecord : ldapPermissionCalculator.getPermissionRecords()) {
final String settingTxt = permissionRecord.getPwmSetting() == null ? LocaleHelper.getLocalizedMessage(Display.Value_NotApplicable, pwmRequest) : permissionRecord.getPwmSetting().toMenuLocationDebug(permissionRecord.getProfile(), pwmRequest.getLocale());
csvPrinter.printRecord(permissionRecord.getActor().getLabel(pwmRequest.getLocale(), pwmRequest.getConfig()), permissionRecord.getAttribute(), permissionRecord.getAccess().toString(), settingTxt);
}
} catch (Exception e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, e.getMessage());
LOGGER.error(pwmRequest, errorInformation);
pwmRequest.respondWithError(errorInformation);
} finally {
IOUtils.closeQuietly(csvPrinter);
}
}
Also used :
CSVPrinter(org.apache.commons.csv.CSVPrinter)
ErrorInformation(password.pwm.error.ErrorInformation)
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
LDAPPermissionCalculator(password.pwm.util.LDAPPermissionCalculator)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
Example 67 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project pwm by pwm-project.
the class ForgottenPasswordUtil method initForgottenPasswordBean.
static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Locale locale = pwmRequest.getLocale();
final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
forgottenPasswordBean.setUserIdentity(userIdentity);
final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
final ChallengeSet challengeSet;
if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
final ResponseSet responseSet;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
} catch (ChaiValidationException e) {
final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
} else {
challengeSet = null;
}
if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
try {
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
if (chaiUser.isPasswordLocked()) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
}
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
LOGGER.error(sessionLabel, errorInformation);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
}
final List<FormConfiguration> attributeForm;
try {
attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
forgottenPasswordBean.setUserLocale(locale);
forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
forgottenPasswordBean.setAttributeForm(attributeForm);
forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
}
}
Also used :
Locale(java.util.Locale)
ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile)
IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod)
PwmApplication(password.pwm.PwmApplication)
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
UserInfo(password.pwm.ldap.UserInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
SessionLabel(password.pwm.bean.SessionLabel)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
ChaiUser(com.novell.ldapchai.ChaiUser)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Example 68 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project pwm by pwm-project.
the class UserDebugDataReader method readUserDebugData.
public static UserDebugDataBean readUserDebugData(final PwmApplication pwmApplication, final Locale locale, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException {
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, sessionLabel, userIdentity, locale);
final Map<Permission, String> permissions = UserDebugDataReader.permissionMap(pwmApplication, sessionLabel, userIdentity);
final Map<ProfileType, String> profiles = UserDebugDataReader.profileMap(pwmApplication, sessionLabel, userIdentity);
final PwmPasswordPolicy ldapPasswordPolicy = PasswordUtility.readLdapPasswordPolicy(pwmApplication, pwmApplication.getProxiedChaiUser(userIdentity));
final PwmPasswordPolicy configPasswordPolicy = PasswordUtility.determineConfiguredPolicyProfileForUser(pwmApplication, sessionLabel, userIdentity, locale);
boolean readablePassword = false;
try {
readablePassword = null != LdapOperationsHelper.readLdapPassword(pwmApplication, sessionLabel, userIdentity);
} catch (ChaiUnavailableException e) {
/* disregard */
}
final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, locale, sessionLabel, userIdentity);
final UserDebugDataBean userDebugData = UserDebugDataBean.builder().userInfo(userInfo).publicUserInfoBean(PublicUserInfoBean.fromUserInfoBean(userInfo, pwmApplication.getConfig(), locale, macroMachine)).permissions(permissions).profiles(profiles).ldapPasswordPolicy(ldapPasswordPolicy).configuredPasswordPolicy(configPasswordPolicy).passwordReadable(readablePassword).passwordWithinMinimumLifetime(userInfo.isWithinPasswordMinimumLifetime()).build();
return userDebugData;
}
Also used :
ProfileType(password.pwm.config.profile.ProfileType)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
Permission(password.pwm.Permission)
UserPermission(password.pwm.config.value.data.UserPermission)
MacroMachine(password.pwm.util.macro.MacroMachine)
UserInfo(password.pwm.ldap.UserInfo)
Example 69 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project pwm by pwm-project.
the class ActivateUserUtils method activateUser.
@SuppressFBWarnings("SE_BAD_FIELD")
static void activateUser(final PwmRequest pwmRequest, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final Configuration config = pwmApplication.getConfig();
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
if (config.readSettingAsBoolean(PwmSetting.ACTIVATE_USER_UNLOCK)) {
try {
theUser.unlockPassword();
} catch (ChaiOperationException e) {
final String errorMsg = "error unlocking user " + userIdentity + ": " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_ACTIVATION_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
try {
{
// execute configured actions
LOGGER.debug(pwmSession.getLabel(), "executing configured pre-actions to user " + theUser.getEntryDN());
final List<ActionConfiguration> configValues = config.readSettingAsAction(PwmSetting.ACTIVATE_USER_PRE_WRITE_ATTRIBUTES);
if (configValues != null && !configValues.isEmpty()) {
final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest, userIdentity);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(macroMachine).createActionExecutor();
actionExecutor.executeActions(configValues, pwmRequest.getSessionLabel());
}
}
// authenticate the pwm session
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.USER_ACTIVATION);
sessionAuthenticator.authUserWithUnknownPassword(userIdentity, AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
// ensure a change password is triggered
pwmSession.getLoginInfoBean().setType(AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
pwmSession.getLoginInfoBean().getAuthFlags().add(AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
// mark the event log
pwmApplication.getAuditManager().submit(AuditEvent.ACTIVATE_USER, pwmSession.getUserInfo(), pwmSession);
// update the stats bean
pwmApplication.getStatisticsManager().incrementValue(Statistic.ACTIVATED_USERS);
// send email or sms
sendPostActivationNotice(pwmRequest);
// setup post-change attributes
final PostChangePasswordAction postAction = new PostChangePasswordAction() {
public String getLabel() {
return "ActivateUser write attributes";
}
public boolean doAction(final PwmSession pwmSession, final String newPassword) throws PwmUnrecoverableException {
try {
{
// execute configured actions
LOGGER.debug(pwmSession.getLabel(), "executing post-activate configured actions to user " + userIdentity.toDisplayString());
final MacroMachine macroMachine = pwmSession.getSessionManager().getMacroMachine(pwmApplication);
final List<ActionConfiguration> configValues = pwmApplication.getConfig().readSettingAsAction(PwmSetting.ACTIVATE_USER_POST_WRITE_ATTRIBUTES);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(macroMachine).createActionExecutor();
actionExecutor.executeActions(configValues, pwmRequest.getSessionLabel());
}
} catch (PwmOperationalException e) {
final ErrorInformation info = new ErrorInformation(PwmError.ERROR_ACTIVATION_FAILURE, e.getErrorInformation().getDetailedErrorMsg(), e.getErrorInformation().getFieldValues());
final PwmUnrecoverableException newException = new PwmUnrecoverableException(info);
newException.initCause(e);
throw newException;
} catch (ChaiUnavailableException e) {
final String errorMsg = "unable to reach ldap server while writing post-activate attributes: " + e.getMessage();
final ErrorInformation info = new ErrorInformation(PwmError.ERROR_ACTIVATION_FAILURE, errorMsg);
final PwmUnrecoverableException newException = new PwmUnrecoverableException(info);
newException.initCause(e);
throw newException;
}
return true;
}
};
pwmSession.getUserSessionDataCacheBean().addPostChangePasswordActions("activateUserWriteAttributes", postAction);
} catch (ImpossiblePasswordPolicyException e) {
final ErrorInformation info = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected ImpossiblePasswordPolicyException error while activating user");
LOGGER.warn(pwmSession, info, e);
throw new PwmOperationalException(info);
}
}
Also used :
ActionExecutor(password.pwm.util.operations.ActionExecutor)
PwmApplication(password.pwm.PwmApplication)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Configuration(password.pwm.config.Configuration)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ActionConfiguration(password.pwm.config.value.data.ActionConfiguration)
SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PostChangePasswordAction(password.pwm.util.PostChangePasswordAction)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
MacroMachine(password.pwm.util.macro.MacroMachine)
List(java.util.List)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
PwmSession(password.pwm.http.PwmSession)
ImpossiblePasswordPolicyException(com.novell.ldapchai.exception.ImpossiblePasswordPolicyException)
SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings)
Example 70 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project ldapchai by ldapchai.
the class FailOverWrapper method failOverInvoke.
private Object failOverInvoke(final Method m, final Object[] args) throws ChaiException {
int attempts = 0;
final int maxAttempts = settings.getMaxRetries();
while (attempts < maxAttempts) {
// Check to make sure we haven't been closed while looping.
if (closed || rotationMachine == null) {
LOGGER.debug("close detected while inside retry loop, throwing ChaiUnavailableException");
throw new ChaiUnavailableException("FailOverWrapper closed while retrying connection", ChaiError.COMMUNICATION);
}
// fetch the current active provider from the machine. If unable to reach
// any ldap servers, this will throw ChaiUnavailable right here.
final ChaiProvider currentProvider;
try {
currentProvider = rotationMachine.getCurrentProvider();
} catch (NullPointerException e) {
LOGGER.debug("RotationMachine unavailable");
throw new ChaiUnavailableException("RotationMachine unavailable while retrying connection", ChaiError.COMMUNICATION);
}
try {
return AbstractWrapper.invoker(currentProvider, m, args);
} catch (Exception e) {
if (settings.errorIsRetryable(e) && !closed) {
rotationMachine.reportBrokenProvider(currentProvider, e);
} else {
throw AbstractProvider.convertInvocationExceptionToChaiException(e);
}
}
attempts++;
}
throw new ChaiUnavailableException("unable to reach any configured server, maximum retries exceeded", ChaiError.COMMUNICATION);
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ChaiException(com.novell.ldapchai.exception.ChaiException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Aggregations
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)76
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)51
ErrorInformation (password.pwm.error.ErrorInformation)37
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)32
PwmOperationalException (password.pwm.error.PwmOperationalException)25
IOException (java.io.IOException)22
ChaiUser (com.novell.ldapchai.ChaiUser)20
PwmException (password.pwm.error.PwmException)16
UserIdentity (password.pwm.bean.UserIdentity)15
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)13
PwmApplication (password.pwm.PwmApplication)12
LinkedHashMap (java.util.LinkedHashMap)11
ServletException (javax.servlet.ServletException)10
Configuration (password.pwm.config.Configuration)10
Instant (java.time.Instant)9
HashMap (java.util.HashMap)8
ArrayList (java.util.ArrayList)7
List (java.util.List)7
FormConfiguration (password.pwm.config.value.data.FormConfiguration)7
ChaiException (com.novell.ldapchai.exception.ChaiException)6
