Example 11 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class ControlledPwmServlet method dispatchMethod.
private ProcessStatus dispatchMethod(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
final ProcessAction action = readProcessAction(pwmRequest);
if (action == null) {
return ProcessStatus.Continue;
}
try {
final Method interestedMethod = discoverMethodForAction(this.getClass(), action);
if (interestedMethod != null) {
interestedMethod.setAccessible(true);
return (ProcessStatus) interestedMethod.invoke(this, pwmRequest);
}
} catch (InvocationTargetException e) {
final Throwable cause = e.getCause();
if (cause != null) {
if (cause instanceof PwmUnrecoverableException) {
throw (PwmUnrecoverableException) cause;
}
final String msg = "unexpected error during action handler for '" + this.getClass().getName() + ":" + action + "', error: " + cause.getMessage();
LOGGER.error(pwmRequest, msg, e.getCause());
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, msg));
}
LOGGER.error("uncased invocation error: " + e.getMessage(), e);
} catch (Throwable e) {
final String msg = "unexpected error invoking action handler for '" + action + "', error: " + e.getMessage();
LOGGER.error(msg, e);
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, msg));
}
final String msg = "missing action handler for '" + action + "'";
LOGGER.error(msg);
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, msg));
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ProcessStatus(password.pwm.http.ProcessStatus)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Method(java.lang.reflect.Method)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Example 12 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class ConfigurationChecker method doHealthCheck.
public List<HealthRecord> doHealthCheck(final PwmApplication pwmApplication) {
if (pwmApplication.getConfig() == null) {
return Collections.emptyList();
}
final Configuration config = pwmApplication.getConfig();
final List<HealthRecord> records = new ArrayList<>();
if (pwmApplication.getApplicationMode() == PwmApplicationMode.CONFIGURATION) {
records.add(HealthRecord.forMessage(HealthMessage.Config_ConfigMode));
}
if (config.readSettingAsBoolean(PwmSetting.NEWUSER_ENABLE)) {
for (final NewUserProfile newUserProfile : config.getNewUserProfiles().values()) {
try {
newUserProfile.getNewUserPasswordPolicy(pwmApplication, PwmConstants.DEFAULT_LOCALE);
} catch (PwmUnrecoverableException e) {
records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.Configuration, e.getMessage()));
}
}
}
records.addAll(doHealthCheck(config, PwmConstants.DEFAULT_LOCALE));
return records;
}
Also used :
Configuration(password.pwm.config.Configuration)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ArrayList(java.util.ArrayList)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
Example 13 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class AuthenticationFilter method processFilter.
public void processFilter(final PwmApplicationMode mode, final PwmRequest pwmRequest, final PwmFilterChain chain) throws IOException, ServletException {
final PwmURL pwmURL = pwmRequest.getURL();
if (pwmURL.isPublicUrl() && !pwmURL.isLoginServlet()) {
chain.doFilter();
return;
}
try {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
if (pwmApplication.getApplicationMode() == PwmApplicationMode.NEW) {
if (pwmRequest.getURL().isConfigGuideURL()) {
chain.doFilter();
return;
}
}
if (pwmApplication.getApplicationMode() == PwmApplicationMode.CONFIGURATION) {
if (pwmRequest.getURL().isConfigManagerURL()) {
chain.doFilter();
return;
}
}
// user is already authenticated
if (pwmSession.isAuthenticated()) {
this.processAuthenticatedSession(pwmRequest, chain);
} else {
this.processUnAuthenticatedSession(pwmRequest, chain);
}
} catch (PwmUnrecoverableException e) {
LOGGER.error(e.getErrorInformation());
pwmRequest.respondWithError(e.getErrorInformation(), true);
}
}
Also used :
PwmApplication(password.pwm.PwmApplication)
PwmURL(password.pwm.http.PwmURL)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmSession(password.pwm.http.PwmSession)
Example 14 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class ConfigAccessFilter method checkAuthentication.
@SuppressWarnings("checkstyle:MethodLength")
static ProcessStatus checkAuthentication(final PwmRequest pwmRequest, final ConfigManagerBean configManagerBean) throws IOException, PwmUnrecoverableException, ServletException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final ConfigurationReader runningConfigReader = ContextManager.getContextManager(pwmRequest.getHttpServletRequest().getSession()).getConfigReader();
final StoredConfigurationImpl storedConfig = runningConfigReader.getStoredConfiguration();
boolean authRequired = false;
if (storedConfig.hasPassword()) {
authRequired = true;
}
if (PwmApplicationMode.RUNNING == pwmRequest.getPwmApplication().getApplicationMode()) {
if (!pwmRequest.isAuthenticated()) {
throw new PwmUnrecoverableException(PwmError.ERROR_AUTHENTICATION_REQUIRED);
}
if (!pwmRequest.getPwmSession().getSessionManager().checkPermission(pwmRequest.getPwmApplication(), Permission.PWMADMIN)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED);
denyAndError(pwmRequest, errorInformation);
return ProcessStatus.Halt;
}
}
if (PwmApplicationMode.CONFIGURATION != pwmRequest.getPwmApplication().getApplicationMode()) {
authRequired = true;
}
if (!authRequired) {
return ProcessStatus.Continue;
}
if (!storedConfig.hasPassword()) {
final String errorMsg = "config file does not have a configuration password";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, errorMsg, new String[] { errorMsg });
return denyAndError(pwmRequest, errorInformation);
}
if (configManagerBean.isPasswordVerified()) {
return ProcessStatus.Continue;
}
String persistentLoginValue = null;
boolean persistentLoginAccepted = false;
boolean persistentLoginEnabled = false;
if (pwmRequest.getConfig().isDefaultValue(PwmSetting.PWM_SECURITY_KEY)) {
LOGGER.debug(pwmRequest, "security not available, persistent login not possible.");
} else {
persistentLoginEnabled = true;
final PwmSecurityKey securityKey = pwmRequest.getConfig().getSecurityKey();
if (PwmApplicationMode.RUNNING == pwmRequest.getPwmApplication().getApplicationMode()) {
persistentLoginValue = SecureEngine.hash(storedConfig.readConfigProperty(ConfigurationProperty.PASSWORD_HASH) + pwmSession.getUserInfo().getUserIdentity().toDelimitedKey(), PwmHashAlgorithm.SHA512);
} else {
persistentLoginValue = SecureEngine.hash(storedConfig.readConfigProperty(ConfigurationProperty.PASSWORD_HASH), PwmHashAlgorithm.SHA512);
}
{
final String cookieStr = pwmRequest.readCookie(PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN);
if (securityKey != null && cookieStr != null && !cookieStr.isEmpty()) {
try {
final String jsonStr = pwmApplication.getSecureService().decryptStringValue(cookieStr);
final PersistentLoginInfo persistentLoginInfo = JsonUtil.deserialize(jsonStr, PersistentLoginInfo.class);
if (persistentLoginInfo != null && persistentLoginValue != null) {
if (persistentLoginInfo.getExpireDate().isAfter(Instant.now())) {
if (persistentLoginValue.equals(persistentLoginInfo.getPassword())) {
persistentLoginAccepted = true;
LOGGER.debug(pwmRequest, "accepting persistent config login from cookie (expires " + JavaHelper.toIsoDate(persistentLoginInfo.getExpireDate()) + ")");
}
}
}
} catch (Exception e) {
LOGGER.error(pwmRequest, "error examining persistent config login cookie: " + e.getMessage());
}
if (!persistentLoginAccepted) {
pwmRequest.getPwmResponse().removeCookie(PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN, null);
LOGGER.debug(pwmRequest, "removing non-working persistent config login cookie");
}
}
}
}
final String password = pwmRequest.readParameterAsString("password");
boolean passwordAccepted = false;
if (!persistentLoginAccepted) {
if (password != null && password.length() > 0) {
if (storedConfig.verifyPassword(password, pwmRequest.getConfig())) {
passwordAccepted = true;
LOGGER.trace(pwmRequest, "valid configuration password accepted");
updateLoginHistory(pwmRequest, pwmRequest.getUserInfoIfLoggedIn(), true);
} else {
LOGGER.trace(pwmRequest, "configuration password is not correct");
pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
pwmApplication.getIntruderManager().mark(RecordType.USERNAME, PwmConstants.CONFIGMANAGER_INTRUDER_USERNAME, pwmSession.getLabel());
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_PASSWORD_ONLY_BAD);
updateLoginHistory(pwmRequest, pwmRequest.getUserInfoIfLoggedIn(), false);
return denyAndError(pwmRequest, errorInformation);
}
}
}
if ((persistentLoginAccepted || passwordAccepted)) {
configManagerBean.setPasswordVerified(true);
pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
pwmApplication.getIntruderManager().clear(RecordType.USERNAME, PwmConstants.CONFIGMANAGER_INTRUDER_USERNAME);
if (persistentLoginEnabled && !persistentLoginAccepted && "on".equals(pwmRequest.readParameterAsString("remember"))) {
final int persistentSeconds = figureMaxLoginSeconds(pwmRequest);
if (persistentSeconds > 0) {
final Instant expirationDate = Instant.ofEpochMilli(System.currentTimeMillis() + (persistentSeconds * 1000));
final PersistentLoginInfo persistentLoginInfo = new PersistentLoginInfo(expirationDate, persistentLoginValue);
final String jsonPersistentLoginInfo = JsonUtil.serialize(persistentLoginInfo);
final String cookieValue = pwmApplication.getSecureService().encryptToString(jsonPersistentLoginInfo);
pwmRequest.getPwmResponse().writeCookie(PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN, cookieValue, persistentSeconds);
LOGGER.debug(pwmRequest, "set persistent config login cookie (expires " + JavaHelper.toIsoDate(expirationDate) + ")");
}
}
if (configManagerBean.getPrePasswordEntryUrl() != null) {
final String originalUrl = configManagerBean.getPrePasswordEntryUrl();
configManagerBean.setPrePasswordEntryUrl(null);
pwmRequest.getPwmResponse().sendRedirect(originalUrl);
return ProcessStatus.Halt;
}
return ProcessStatus.Continue;
}
if (configManagerBean.getPrePasswordEntryUrl() == null) {
configManagerBean.setPrePasswordEntryUrl(pwmRequest.getHttpServletRequest().getRequestURL().toString());
}
forwardToJsp(pwmRequest);
return ProcessStatus.Halt;
}
Also used :
PwmApplication(password.pwm.PwmApplication)
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
Instant(java.time.Instant)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmSecurityKey(password.pwm.util.secure.PwmSecurityKey)
PwmSession(password.pwm.http.PwmSession)
ConfigurationReader(password.pwm.config.stored.ConfigurationReader)
Example 15 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class SessionManager method getActor.
public ChaiUser getActor(final PwmApplication pwmApplication, final UserIdentity userIdentity) throws PwmUnrecoverableException {
try {
if (!pwmSession.isAuthenticated()) {
throw new PwmUnrecoverableException(PwmError.ERROR_AUTHENTICATION_REQUIRED);
}
final UserIdentity thisIdentity = pwmSession.getUserInfo().getUserIdentity();
if (thisIdentity.getLdapProfileID() == null || userIdentity.getLdapProfileID() == null) {
throw new PwmUnrecoverableException(PwmError.ERROR_NO_LDAP_CONNECTION);
}
final ChaiProvider provider = this.getChaiProvider();
return provider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Aggregations
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)282
ErrorInformation (password.pwm.error.ErrorInformation)201
PwmOperationalException (password.pwm.error.PwmOperationalException)85
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)75
IOException (java.io.IOException)72
PwmException (password.pwm.error.PwmException)69
PwmApplication (password.pwm.PwmApplication)48
UserIdentity (password.pwm.bean.UserIdentity)48
Configuration (password.pwm.config.Configuration)43
ServletException (javax.servlet.ServletException)38
LinkedHashMap (java.util.LinkedHashMap)37
Instant (java.time.Instant)35
ArrayList (java.util.ArrayList)31
PwmSession (password.pwm.http.PwmSession)30
Map (java.util.Map)28
ChaiUser (com.novell.ldapchai.ChaiUser)26
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)25
FormConfiguration (password.pwm.config.value.data.FormConfiguration)24
HashMap (java.util.HashMap)23
ChaiException (com.novell.ldapchai.exception.ChaiException)22
