Examples with SessionVerificationMode - password.pwm.config.option.SessionVerificationMode

Example 1 with SessionVerificationMode

use of password.pwm.config.option.SessionVerificationMode in project pwm by pwm-project.

the class SessionFilter method handleStandardRequestOperations.

private ProcessStatus handleStandardRequestOperations(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmRequest.getConfig();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final PwmResponse resp = pwmRequest.getPwmResponse();
    // debug the http session headers
    if (!pwmSession.getSessionStateBean().isDebugInitialized()) {
        LOGGER.trace(pwmSession, pwmRequest.debugHttpHeaders());
        pwmSession.getSessionStateBean().setDebugInitialized(true);
    }
    try {
        pwmApplication.getSessionStateService().readLoginSessionState(pwmRequest);
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn(pwmRequest, "error while reading login session state: " + e.getMessage());
    }
    // mark last url
    if (!new PwmURL(pwmRequest.getHttpServletRequest()).isCommandServletURL()) {
        ssBean.setLastRequestURL(pwmRequest.getHttpServletRequest().getRequestURI());
    }
    // mark last request time.
    ssBean.setSessionLastAccessedTime(Instant.now());
    // check the page leave notice
    if (checkPageLeaveNotice(pwmSession, config)) {
        LOGGER.warn("invalidating session due to dirty page leave time greater then configured timeout");
        pwmRequest.invalidateSession();
        resp.sendRedirect(pwmRequest.getHttpServletRequest().getRequestURI());
        return ProcessStatus.Halt;
    }
    // override session locale due to parameter
    handleLocaleParam(pwmRequest);
    // set the session's theme
    handleThemeParam(pwmRequest);
    // check the sso override flag
    handleSsoOverrideParam(pwmRequest);
    // check for session verification failure
    if (!ssBean.isSessionVerified()) {
        // ignore resource requests
        final SessionVerificationMode mode = config.readSettingAsEnum(PwmSetting.ENABLE_SESSION_VERIFICATION, SessionVerificationMode.class);
        if (mode == SessionVerificationMode.OFF) {
            ssBean.setSessionVerified(true);
        } else {
            if (verifySession(pwmRequest, mode) == ProcessStatus.Halt) {
                return ProcessStatus.Halt;
            }
        }
    }
    {
        final String forwardURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_FORWARD_URL);
        final String forwardURL = pwmRequest.readParameterAsString(forwardURLParamName);
        if (forwardURL != null && forwardURL.length() > 0) {
            try {
                checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), forwardURL);
            } catch (PwmOperationalException e) {
                LOGGER.error(pwmRequest, e.getErrorInformation());
                pwmRequest.respondWithError(e.getErrorInformation());
                return ProcessStatus.Halt;
            }
            ssBean.setForwardURL(forwardURL);
            LOGGER.debug(pwmRequest, "forwardURL parameter detected in request, setting session forward url to " + forwardURL);
        }
    }
    {
        final String logoutURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_LOGOUT_URL);
        final String logoutURL = pwmRequest.readParameterAsString(logoutURLParamName);
        if (logoutURL != null && logoutURL.length() > 0) {
            try {
                checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), logoutURL);
            } catch (PwmOperationalException e) {
                LOGGER.error(pwmRequest, e.getErrorInformation());
                pwmRequest.respondWithError(e.getErrorInformation());
                return ProcessStatus.Halt;
            }
            ssBean.setLogoutURL(logoutURL);
            LOGGER.debug(pwmRequest, "logoutURL parameter detected in request, setting session logout url to " + logoutURL);
        }
    }
    {
        final String expireParamName = pwmRequest.getConfig().readAppProperty(AppProperty.HTTP_PARAM_NAME_PASSWORD_EXPIRED);
        if ("true".equalsIgnoreCase(pwmRequest.readParameterAsString(expireParamName))) {
            LOGGER.debug(pwmSession, "detected param '" + expireParamName + "'=true in request, will force pw change");
            pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
        }
    }
    // update last request time.
    ssBean.setSessionLastAccessedTime(Instant.now());
    if (pwmApplication.getStatisticsManager() != null) {
        pwmApplication.getStatisticsManager().incrementValue(Statistic.HTTP_REQUESTS);
    }
    return ProcessStatus.Continue;
}

Also used : PwmApplication(password.pwm.PwmApplication) Configuration(password.pwm.config.Configuration) SessionVerificationMode(password.pwm.config.option.SessionVerificationMode) PwmResponse(password.pwm.http.PwmResponse) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmURL(password.pwm.http.PwmURL) PwmSession(password.pwm.http.PwmSession) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

PwmApplication (password.pwm.PwmApplication)1 LocalSessionStateBean (password.pwm.bean.LocalSessionStateBean)1 Configuration (password.pwm.config.Configuration)1 SessionVerificationMode (password.pwm.config.option.SessionVerificationMode)1 PwmOperationalException (password.pwm.error.PwmOperationalException)1 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)1 PwmResponse (password.pwm.http.PwmResponse)1 PwmSession (password.pwm.http.PwmSession)1 PwmURL (password.pwm.http.PwmURL)1