use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class LdapPermissionTester method discoverMatchingUsers.
public static Map<UserIdentity, Map<String, String>> discoverMatchingUsers(final PwmApplication pwmApplication, final int maxResultSize, final List<UserPermission> userPermissions, final SessionLabel sessionLabel) throws Exception {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final Map<UserIdentity, Map<String, String>> results = new TreeMap<>();
for (final UserPermission userPermission : userPermissions) {
if ((maxResultSize) - results.size() > 0) {
final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
switch(userPermission.getType()) {
case ldapQuery:
{
builder.filter(userPermission.getLdapQuery());
if (userPermission.getLdapBase() != null && !userPermission.getLdapBase().isEmpty()) {
builder.enableContextValidation(false);
builder.contexts(Collections.singletonList(userPermission.getLdapBase()));
}
}
break;
case ldapGroup:
{
builder.groupDN(userPermission.getLdapBase());
}
break;
default:
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "unknown permission type: " + userPermission.getType()));
}
if (userPermission.getLdapProfileID() != null && !userPermission.getLdapProfileID().isEmpty() && !userPermission.getLdapProfileID().equals(PwmConstants.PROFILE_ID_ALL)) {
builder.ldapProfile(userPermission.getLdapProfileID());
}
final SearchConfiguration searchConfiguration = builder.build();
try {
results.putAll(userSearchEngine.performMultiUserSearch(searchConfiguration, (maxResultSize) - results.size(), Collections.emptyList(), sessionLabel));
} catch (PwmUnrecoverableException e) {
LOGGER.error("error reading matching users: " + e.getMessage());
throw new PwmOperationalException(e.getErrorInformation());
}
}
}
return results;
}
use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class RestAuthenticationProcessor method readRestAuthentication.
public RestAuthentication readRestAuthentication() throws PwmUnrecoverableException {
{
// named secret auth
final String namedSecretName = readNamedSecretName();
if (namedSecretName != null) {
LOGGER.trace(sessionLabel, "authenticating with named secret '" + namedSecretName + "'");
final Set<WebServiceUsage> usages = new HashSet<>(JavaHelper.readEnumListFromStringCollection(WebServiceUsage.class, pwmApplication.getConfig().readSettingAsNamedPasswords(PwmSetting.WEBSERVICES_EXTERNAL_SECRET).get(namedSecretName).getUsage()));
return new RestAuthentication(RestAuthenticationType.NAMED_SECRET, namedSecretName, null, Collections.unmodifiableSet(usages), true, null);
}
}
{
// ldap auth
final UserIdentity userIdentity = readLdapUserIdentity();
if (userIdentity != null) {
{
final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.WEBSERVICES_QUERY_MATCH);
final boolean result = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
if (!result) {
final String errorMsg = "user does not have webservice permission due to setting " + PwmSetting.WEBSERVICES_QUERY_MATCH.toMenuLocationDebug(null, httpServletRequest.getLocale());
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg));
}
}
final boolean thirdParty;
{
final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.WEBSERVICES_THIRDPARTY_QUERY_MATCH);
thirdParty = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
}
final ChaiProvider chaiProvider = authenticateUser(userIdentity);
verifyAuthUserIsNotSystemUser(userIdentity);
return new RestAuthentication(RestAuthenticationType.LDAP, null, userIdentity, Collections.unmodifiableSet(new HashSet<>(Arrays.asList(WebServiceUsage.values()))), thirdParty, chaiProvider);
}
}
final Set<WebServiceUsage> publicUsages;
if (pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES)) {
final WebServiceUsage[] usages = { WebServiceUsage.Health, WebServiceUsage.Statistics };
publicUsages = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(usages)));
} else {
publicUsages = Collections.emptySet();
}
return new RestAuthentication(RestAuthenticationType.PUBLIC, null, null, publicUsages, false, null);
}
use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class UserPermissionValue method toXmlValues.
public List<Element> toXmlValues(final String valueElementName, final PwmSecurityKey pwmSecurityKey) {
final List<Element> returnList = new ArrayList<>();
for (final UserPermission value : values) {
final Element valueElement = new Element(valueElementName);
valueElement.addContent(JsonUtil.serialize(value));
returnList.add(valueElement);
}
return returnList;
}
use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class UserPermissionValue method factory.
public static StoredValueFactory factory() {
return new StoredValueFactory() {
public UserPermissionValue fromJson(final String input) {
if (input == null) {
return new UserPermissionValue(Collections.<UserPermission>emptyList());
} else {
List<UserPermission> srcList = JsonUtil.deserialize(input, new TypeToken<List<UserPermission>>() {
});
srcList = srcList == null ? Collections.<UserPermission>emptyList() : srcList;
while (srcList.contains(null)) {
srcList.remove(null);
}
return new UserPermissionValue(Collections.unmodifiableList(srcList));
}
}
public UserPermissionValue fromXmlElement(final Element settingElement, final PwmSecurityKey key) throws PwmOperationalException {
final boolean newType = "2".equals(settingElement.getAttributeValue(StoredConfigurationImpl.XML_ATTRIBUTE_SYNTAX_VERSION));
final List valueElements = settingElement.getChildren("value");
final List<UserPermission> values = new ArrayList<>();
for (final Object loopValue : valueElements) {
final Element loopValueElement = (Element) loopValue;
final String value = loopValueElement.getText();
if (value != null && !value.isEmpty()) {
if (newType) {
final UserPermission userPermission = JsonUtil.deserialize(value, UserPermission.class);
values.add(userPermission);
} else {
values.add(new UserPermission(UserPermission.Type.ldapQuery, null, value, null));
}
}
}
final UserPermissionValue userPermissionValue = new UserPermissionValue(values);
userPermissionValue.needsXmlUpdate = !newType;
return userPermissionValue;
}
};
}
use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class Configuration method initPasswordPolicy.
protected PwmPasswordPolicy initPasswordPolicy(final String profile, final Locale locale) {
final Map<String, String> passwordPolicySettings = new LinkedHashMap<>();
for (final PwmPasswordRule rule : PwmPasswordRule.values()) {
if (rule.getPwmSetting() != null || rule.getAppProperty() != null) {
final String value;
final PwmSetting pwmSetting = rule.getPwmSetting();
switch(rule) {
case DisallowedAttributes:
case DisallowedValues:
case CharGroupsValues:
value = StringHelper.stringCollectionToString(JavaTypeConverter.valueToStringArray(storedConfiguration.readSetting(pwmSetting, profile)), "\n");
break;
case RegExMatch:
case RegExNoMatch:
value = StringHelper.stringCollectionToString(JavaTypeConverter.valueToStringArray(storedConfiguration.readSetting(pwmSetting, profile)), ";;;");
break;
case ChangeMessage:
value = JavaTypeConverter.valueToLocalizedString(storedConfiguration.readSetting(pwmSetting, profile), locale);
break;
case ADComplexityLevel:
value = JavaTypeConverter.valueToEnum(pwmSetting, storedConfiguration.readSetting(pwmSetting, profile), ADPolicyComplexity.class).toString();
break;
case AllowMacroInRegExSetting:
value = readAppProperty(AppProperty.ALLOW_MACRO_IN_REGEX_SETTING);
break;
default:
value = String.valueOf(storedConfiguration.readSetting(pwmSetting, profile).toNativeObject());
}
passwordPolicySettings.put(rule.getKey(), value);
}
}
// set case sensitivity
final String caseSensitivitySetting = JavaTypeConverter.valueToString(storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY));
if (!"read".equals(caseSensitivitySetting)) {
passwordPolicySettings.put(PwmPasswordRule.CaseSensitive.getKey(), caseSensitivitySetting);
}
// set pwm-specific values
final PwmPasswordPolicy passwordPolicy = PwmPasswordPolicy.createPwmPasswordPolicy(passwordPolicySettings);
passwordPolicy.setProfileID(profile);
{
final List<UserPermission> queryMatch = (List<UserPermission>) storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_QUERY_MATCH, profile).toNativeObject();
passwordPolicy.setUserPermissions(queryMatch);
}
passwordPolicy.setRuleText(JavaTypeConverter.valueToLocalizedString(storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_RULE_TEXT, profile), locale));
return passwordPolicy;
}
Aggregations