Examples with PwmApplication password.pwm.PwmApplication used on opensource projects

Example 86 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class AuthorizationFilter method processFilter.

public void processFilter(final PwmApplicationMode mode, final PwmRequest pwmRequest, final PwmFilterChain chain) throws IOException, ServletException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    // if the user is not authenticated as a PWM Admin, redirect to error page.
    boolean hasPermission = false;
    try {
        hasPermission = pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.PWMADMIN);
    } catch (Exception e) {
        LOGGER.warn(pwmRequest, "error during authorization check: " + e.getMessage());
    }
    try {
        if (hasPermission) {
            chain.doFilter();
            return;
        }
    } catch (Exception e) {
        LOGGER.warn(pwmRequest, "unexpected error executing filter chain: " + e.getMessage());
        return;
    }
    pwmRequest.respondWithError(PwmError.ERROR_UNAUTHORIZED.toInfo());
}

Example 87 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class GZIPFilter method init.

public void init(final FilterConfig filterConfig) throws ServletException {
    final PwmApplication pwmApplication;
    try {
        pwmApplication = ContextManager.getPwmApplication(filterConfig.getServletContext());
        enabled = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.HTTP_ENABLE_GZIP));
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn("unable to load application configuration, defaulting to disabled");
    }
    compressingFilter.init(filterConfig);
}

Example 88 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class RequestInitializationFilter method doFilter.

public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
    final HttpServletRequest req = (HttpServletRequest) servletRequest;
    final HttpServletResponse resp = (HttpServletResponse) servletResponse;
    final PwmApplicationMode mode = PwmApplicationMode.determineMode(req);
    final PwmURL pwmURL = new PwmURL(req);
    PwmApplication testPwmApplicationLoad = null;
    try {
        testPwmApplicationLoad = ContextManager.getPwmApplication(req);
    } catch (PwmException e) {
    }
    if (testPwmApplicationLoad != null && mode == PwmApplicationMode.RUNNING) {
        if (testPwmApplicationLoad.getStatisticsManager() != null) {
            testPwmApplicationLoad.getStatisticsManager().updateEps(EpsStatistic.REQUESTS, 1);
        }
    }
    if (testPwmApplicationLoad == null && pwmURL.isResourceURL()) {
        filterChain.doFilter(req, resp);
    } else if (pwmURL.isRestService()) {
        filterChain.doFilter(req, resp);
    } else {
        if (mode == PwmApplicationMode.ERROR) {
            try {
                final ContextManager contextManager = ContextManager.getContextManager(req.getServletContext());
                if (contextManager != null) {
                    final ErrorInformation startupError = contextManager.getStartupErrorInformation();
                    servletRequest.setAttribute(PwmRequestAttribute.PwmErrorInfo.toString(), startupError);
                }
            } catch (Exception e) {
                if (pwmURL.isResourceURL()) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
                LOGGER.error("error while trying to detect application status: " + e.getMessage());
            }
            LOGGER.error("unable to satisfy incoming request, application is not available");
            resp.setStatus(500);
            final String url = JspUrl.APP_UNAVAILABLE.getPath();
            servletRequest.getServletContext().getRequestDispatcher(url).forward(servletRequest, servletResponse);
        } else {
            initializeServletRequest(req, resp, filterChain);
        }
    }
}

Example 89 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class RequestInitializationFilter method addPwmResponseHeaders.

public static void addPwmResponseHeaders(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
    if (pwmRequest == null) {
        return;
    }
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final Configuration config = pwmApplication.getConfig();
    final PwmResponse resp = pwmRequest.getPwmResponse();
    if (resp.isCommitted()) {
        return;
    }
    final boolean includeXSessionID = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_XSESSIONID));
    if (includeXSessionID && pwmSession != null) {
        resp.setHeader(HttpHeader.XSessionID, pwmSession.getSessionStateBean().getSessionID());
    }
    final boolean includeContentLanguage = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_CONTENT_LANGUAGE));
    if (includeContentLanguage) {
        resp.setHeader(HttpHeader.Content_Language, pwmRequest.getLocale().toLanguageTag());
    }
    addStaticResponseHeaders(pwmApplication, resp.getHttpServletResponse());
    if (pwmSession != null) {
        final String contentPolicy;
        if (pwmRequest.getURL().isConfigGuideURL() || pwmRequest.getURL().isConfigManagerURL()) {
            contentPolicy = config.readAppProperty(AppProperty.SECURITY_HTTP_CONFIG_CSP_HEADER);
        } else {
            contentPolicy = config.readSettingAsString(PwmSetting.SECURITY_CSP_HEADER);
        }
        if (contentPolicy != null && !contentPolicy.isEmpty()) {
            final String nonce = pwmRequest.getCspNonce();
            final String expandedPolicy = contentPolicy.replace("%NONCE%", nonce);
            resp.setHeader(HttpHeader.ContentSecurityPolicy, expandedPolicy);
        }
    }
}

Example 90 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class PwmResponse method forwardToSuccessPage.

public void forwardToSuccessPage(final String message, final Flag... flags) throws ServletException, PwmUnrecoverableException, IOException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    this.pwmRequest.setAttribute(PwmRequestAttribute.SuccessMessage, message);
    final boolean showMessage = !pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.DISPLAY_SUCCESS_PAGES) && !Arrays.asList(flags).contains(Flag.AlwaysShowMessage);
    if (showMessage) {
        LOGGER.trace(pwmSession, "skipping success page due to configuration setting.");
        final String redirectUrl = pwmRequest.getContextPath() + PwmServletDefinition.PublicCommand.servletUrl() + "?processAction=next";
        sendRedirect(redirectUrl);
        return;
    }
    try {
        forwardToJsp(JspUrl.SUCCESS);
    } catch (PwmUnrecoverableException e) {
        LOGGER.error("unexpected error sending user to success page: " + e.toString());
    }
}