Search in sources :

Example 11 with UserPermission

use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.

the class LdapPermissionTester method discoverMatchingUsers.

public static Map<UserIdentity, Map<String, String>> discoverMatchingUsers(final PwmApplication pwmApplication, final int maxResultSize, final List<UserPermission> userPermissions, final SessionLabel sessionLabel) throws Exception {
    final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
    final Map<UserIdentity, Map<String, String>> results = new TreeMap<>();
    for (final UserPermission userPermission : userPermissions) {
        if ((maxResultSize) - results.size() > 0) {
            final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
            switch(userPermission.getType()) {
                case ldapQuery:
                    {
                        builder.filter(userPermission.getLdapQuery());
                        if (userPermission.getLdapBase() != null && !userPermission.getLdapBase().isEmpty()) {
                            builder.enableContextValidation(false);
                            builder.contexts(Collections.singletonList(userPermission.getLdapBase()));
                        }
                    }
                    break;
                case ldapGroup:
                    {
                        builder.groupDN(userPermission.getLdapBase());
                    }
                    break;
                default:
                    throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "unknown permission type: " + userPermission.getType()));
            }
            if (userPermission.getLdapProfileID() != null && !userPermission.getLdapProfileID().isEmpty() && !userPermission.getLdapProfileID().equals(PwmConstants.PROFILE_ID_ALL)) {
                builder.ldapProfile(userPermission.getLdapProfileID());
            }
            final SearchConfiguration searchConfiguration = builder.build();
            try {
                results.putAll(userSearchEngine.performMultiUserSearch(searchConfiguration, (maxResultSize) - results.size(), Collections.emptyList(), sessionLabel));
            } catch (PwmUnrecoverableException e) {
                LOGGER.error("error reading matching users: " + e.getMessage());
                throw new PwmOperationalException(e.getErrorInformation());
            }
        }
    }
    return results;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) UserIdentity(password.pwm.bean.UserIdentity) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) TreeMap(java.util.TreeMap) TreeMap(java.util.TreeMap) Map(java.util.Map) UserPermission(password.pwm.config.value.data.UserPermission) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 12 with UserPermission

use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.

the class RestAuthenticationProcessor method readRestAuthentication.

public RestAuthentication readRestAuthentication() throws PwmUnrecoverableException {
    {
        // named secret auth
        final String namedSecretName = readNamedSecretName();
        if (namedSecretName != null) {
            LOGGER.trace(sessionLabel, "authenticating with named secret '" + namedSecretName + "'");
            final Set<WebServiceUsage> usages = new HashSet<>(JavaHelper.readEnumListFromStringCollection(WebServiceUsage.class, pwmApplication.getConfig().readSettingAsNamedPasswords(PwmSetting.WEBSERVICES_EXTERNAL_SECRET).get(namedSecretName).getUsage()));
            return new RestAuthentication(RestAuthenticationType.NAMED_SECRET, namedSecretName, null, Collections.unmodifiableSet(usages), true, null);
        }
    }
    {
        // ldap auth
        final UserIdentity userIdentity = readLdapUserIdentity();
        if (userIdentity != null) {
            {
                final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.WEBSERVICES_QUERY_MATCH);
                final boolean result = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
                if (!result) {
                    final String errorMsg = "user does not have webservice permission due to setting " + PwmSetting.WEBSERVICES_QUERY_MATCH.toMenuLocationDebug(null, httpServletRequest.getLocale());
                    throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg));
                }
            }
            final boolean thirdParty;
            {
                final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.WEBSERVICES_THIRDPARTY_QUERY_MATCH);
                thirdParty = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
            }
            final ChaiProvider chaiProvider = authenticateUser(userIdentity);
            verifyAuthUserIsNotSystemUser(userIdentity);
            return new RestAuthentication(RestAuthenticationType.LDAP, null, userIdentity, Collections.unmodifiableSet(new HashSet<>(Arrays.asList(WebServiceUsage.values()))), thirdParty, chaiProvider);
        }
    }
    final Set<WebServiceUsage> publicUsages;
    if (pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES)) {
        final WebServiceUsage[] usages = { WebServiceUsage.Health, WebServiceUsage.Statistics };
        publicUsages = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(usages)));
    } else {
        publicUsages = Collections.emptySet();
    }
    return new RestAuthentication(RestAuthenticationType.PUBLIC, null, null, publicUsages, false, null);
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) UserIdentity(password.pwm.bean.UserIdentity) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) WebServiceUsage(password.pwm.config.option.WebServiceUsage) ErrorInformation(password.pwm.error.ErrorInformation) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) UserPermission(password.pwm.config.value.data.UserPermission) HashSet(java.util.HashSet)

Example 13 with UserPermission

use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.

the class UserPermissionValue method toXmlValues.

public List<Element> toXmlValues(final String valueElementName, final PwmSecurityKey pwmSecurityKey) {
    final List<Element> returnList = new ArrayList<>();
    for (final UserPermission value : values) {
        final Element valueElement = new Element(valueElementName);
        valueElement.addContent(JsonUtil.serialize(value));
        returnList.add(valueElement);
    }
    return returnList;
}
Also used : Element(org.jdom2.Element) ArrayList(java.util.ArrayList) UserPermission(password.pwm.config.value.data.UserPermission)

Example 14 with UserPermission

use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.

the class UserPermissionValue method factory.

public static StoredValueFactory factory() {
    return new StoredValueFactory() {

        public UserPermissionValue fromJson(final String input) {
            if (input == null) {
                return new UserPermissionValue(Collections.<UserPermission>emptyList());
            } else {
                List<UserPermission> srcList = JsonUtil.deserialize(input, new TypeToken<List<UserPermission>>() {
                });
                srcList = srcList == null ? Collections.<UserPermission>emptyList() : srcList;
                while (srcList.contains(null)) {
                    srcList.remove(null);
                }
                return new UserPermissionValue(Collections.unmodifiableList(srcList));
            }
        }

        public UserPermissionValue fromXmlElement(final Element settingElement, final PwmSecurityKey key) throws PwmOperationalException {
            final boolean newType = "2".equals(settingElement.getAttributeValue(StoredConfigurationImpl.XML_ATTRIBUTE_SYNTAX_VERSION));
            final List valueElements = settingElement.getChildren("value");
            final List<UserPermission> values = new ArrayList<>();
            for (final Object loopValue : valueElements) {
                final Element loopValueElement = (Element) loopValue;
                final String value = loopValueElement.getText();
                if (value != null && !value.isEmpty()) {
                    if (newType) {
                        final UserPermission userPermission = JsonUtil.deserialize(value, UserPermission.class);
                        values.add(userPermission);
                    } else {
                        values.add(new UserPermission(UserPermission.Type.ldapQuery, null, value, null));
                    }
                }
            }
            final UserPermissionValue userPermissionValue = new UserPermissionValue(values);
            userPermissionValue.needsXmlUpdate = !newType;
            return userPermissionValue;
        }
    };
}
Also used : PwmSecurityKey(password.pwm.util.secure.PwmSecurityKey) Element(org.jdom2.Element) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) UserPermission(password.pwm.config.value.data.UserPermission)

Example 15 with UserPermission

use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.

the class Configuration method initPasswordPolicy.

protected PwmPasswordPolicy initPasswordPolicy(final String profile, final Locale locale) {
    final Map<String, String> passwordPolicySettings = new LinkedHashMap<>();
    for (final PwmPasswordRule rule : PwmPasswordRule.values()) {
        if (rule.getPwmSetting() != null || rule.getAppProperty() != null) {
            final String value;
            final PwmSetting pwmSetting = rule.getPwmSetting();
            switch(rule) {
                case DisallowedAttributes:
                case DisallowedValues:
                case CharGroupsValues:
                    value = StringHelper.stringCollectionToString(JavaTypeConverter.valueToStringArray(storedConfiguration.readSetting(pwmSetting, profile)), "\n");
                    break;
                case RegExMatch:
                case RegExNoMatch:
                    value = StringHelper.stringCollectionToString(JavaTypeConverter.valueToStringArray(storedConfiguration.readSetting(pwmSetting, profile)), ";;;");
                    break;
                case ChangeMessage:
                    value = JavaTypeConverter.valueToLocalizedString(storedConfiguration.readSetting(pwmSetting, profile), locale);
                    break;
                case ADComplexityLevel:
                    value = JavaTypeConverter.valueToEnum(pwmSetting, storedConfiguration.readSetting(pwmSetting, profile), ADPolicyComplexity.class).toString();
                    break;
                case AllowMacroInRegExSetting:
                    value = readAppProperty(AppProperty.ALLOW_MACRO_IN_REGEX_SETTING);
                    break;
                default:
                    value = String.valueOf(storedConfiguration.readSetting(pwmSetting, profile).toNativeObject());
            }
            passwordPolicySettings.put(rule.getKey(), value);
        }
    }
    // set case sensitivity
    final String caseSensitivitySetting = JavaTypeConverter.valueToString(storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY));
    if (!"read".equals(caseSensitivitySetting)) {
        passwordPolicySettings.put(PwmPasswordRule.CaseSensitive.getKey(), caseSensitivitySetting);
    }
    // set pwm-specific values
    final PwmPasswordPolicy passwordPolicy = PwmPasswordPolicy.createPwmPasswordPolicy(passwordPolicySettings);
    passwordPolicy.setProfileID(profile);
    {
        final List<UserPermission> queryMatch = (List<UserPermission>) storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_QUERY_MATCH, profile).toNativeObject();
        passwordPolicy.setUserPermissions(queryMatch);
    }
    passwordPolicy.setRuleText(JavaTypeConverter.valueToLocalizedString(storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_RULE_TEXT, profile), locale));
    return passwordPolicy;
}
Also used : PwmPasswordRule(password.pwm.config.profile.PwmPasswordRule) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) List(java.util.List) ArrayList(java.util.ArrayList) LinkedHashMap(java.util.LinkedHashMap) UserPermission(password.pwm.config.value.data.UserPermission)

Aggregations

UserPermission (password.pwm.config.value.data.UserPermission)17 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)7 ArrayList (java.util.ArrayList)6 List (java.util.List)6 ErrorInformation (password.pwm.error.ErrorInformation)6 UserIdentity (password.pwm.bean.UserIdentity)3 Configuration (password.pwm.config.Configuration)3 PwmSetting (password.pwm.config.PwmSetting)3 PwmOperationalException (password.pwm.error.PwmOperationalException)3 TreeMap (java.util.TreeMap)2 Element (org.jdom2.Element)2 Permission (password.pwm.Permission)2 PwmApplication (password.pwm.PwmApplication)2 PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)2 FormConfiguration (password.pwm.config.value.data.FormConfiguration)2 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)2 UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)2 ChaiChallengeSet (com.novell.ldapchai.cr.ChaiChallengeSet)1 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)1 ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)1