Examples with PwmSession password.pwm.http.PwmSession used on opensource projects

Search in sources :

Example 41 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class PasswordRequirementsTag method doEndTag.

public int doEndTag() throws javax.servlet.jsp.JspTagException {
    try {
        final PwmRequest pwmRequest = PwmRequest.forRequest((HttpServletRequest) pageContext.getRequest(), (HttpServletResponse) pageContext.getResponse());
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
        final Configuration config = pwmApplication.getConfig();
        final Locale locale = pwmSession.getSessionStateBean().getLocale();
        pwmSession.getSessionManager().getMacroMachine(pwmApplication);
        final PwmPasswordPolicy passwordPolicy;
        if (getForm() != null && getForm().equalsIgnoreCase("newuser")) {
            final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
            passwordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmApplication, locale);
        } else {
            passwordPolicy = pwmSession.getUserInfo().getPasswordPolicy();
        }
        final String configuredRuleText = passwordPolicy.getRuleText();
        if (configuredRuleText != null && configuredRuleText.length() > 0) {
            pageContext.getOut().write(configuredRuleText);
        } else {
            final MacroMachine macroMachine = pwmSession.getSessionManager().getMacroMachine(pwmApplication);
            final String pre = prepend != null && prepend.length() > 0 ? prepend : "";
            final String sep = separator != null && separator.length() > 0 ? separator : "<br/>";
            final List<String> requirementsList = getPasswordRequirementsStrings(passwordPolicy, config, locale, macroMachine);
            final StringBuilder requirementsText = new StringBuilder();
            for (final String requirementStatement : requirementsList) {
                requirementsText.append(pre);
                requirementsText.append(requirementStatement);
                requirementsText.append(sep);
            }
            pageContext.getOut().write(requirementsText.toString());
        }
    } catch (IOException | PwmException e) {
        LOGGER.error("unexpected error during password requirements generation: " + e.getMessage(), e);
        throw new JspTagException(e.getMessage());
    }
    return EVAL_PAGE;
}
Also used : Locale(java.util.Locale) PwmApplication(password.pwm.PwmApplication) PwmRequest(password.pwm.http.PwmRequest) Configuration(password.pwm.config.Configuration) IOException(java.io.IOException) NewUserProfile(password.pwm.config.profile.NewUserProfile) PwmException(password.pwm.error.PwmException) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) MacroMachine(password.pwm.util.macro.MacroMachine) PwmSession(password.pwm.http.PwmSession) JspTagException(javax.servlet.jsp.JspTagException)

Example 42 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class PwmLogger method doPwmRequestLogEvent.

private void doPwmRequestLogEvent(final PwmLogLevel level, final PwmRequest pwmRequest, final Object message, final Throwable e) {
    final PwmSession pwmSession = pwmRequest != null ? pwmRequest.getPwmSession() : null;
    doPwmSessionLogEvent(level, pwmSession, message, e);
}
Also used : PwmSession(password.pwm.http.PwmSession)

Example 43 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class AbstractUriCertImportFunction method provideFunction.

@Override
public String provideFunction(final PwmRequest pwmRequest, final StoredConfigurationImpl storedConfiguration, final PwmSetting setting, final String profile, final String extraData) throws PwmOperationalException, PwmUnrecoverableException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final List<X509Certificate> certs;
    final String urlString = getUri(storedConfiguration, setting, profile, extraData);
    try {
        certs = X509Utils.readRemoteCertificates(URI.create(urlString));
    } catch (Exception e) {
        if (e instanceof PwmException) {
            throw new PwmOperationalException(((PwmException) e).getErrorInformation());
        }
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, "error importing certificates: " + e.getMessage());
        throw new PwmOperationalException(errorInformation);
    }
    final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;
    store(certs, storedConfiguration, setting, profile, extraData, userIdentity);
    final StringBuffer returnStr = new StringBuffer();
    for (final X509Certificate loopCert : certs) {
        returnStr.append(X509Utils.makeDebugText(loopCert));
        returnStr.append("\n\n");
    }
    return returnStr.toString();
}
Also used : PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) UserIdentity(password.pwm.bean.UserIdentity) PwmSession(password.pwm.http.PwmSession) X509Certificate(java.security.cert.X509Certificate) PwmOperationalException(password.pwm.error.PwmOperationalException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmException(password.pwm.error.PwmException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 44 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class SessionFilter method handleStandardRequestOperations.

private ProcessStatus handleStandardRequestOperations(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmRequest.getConfig();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final PwmResponse resp = pwmRequest.getPwmResponse();
    // debug the http session headers
    if (!pwmSession.getSessionStateBean().isDebugInitialized()) {
        LOGGER.trace(pwmSession, pwmRequest.debugHttpHeaders());
        pwmSession.getSessionStateBean().setDebugInitialized(true);
    }
    try {
        pwmApplication.getSessionStateService().readLoginSessionState(pwmRequest);
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn(pwmRequest, "error while reading login session state: " + e.getMessage());
    }
    // mark last url
    if (!new PwmURL(pwmRequest.getHttpServletRequest()).isCommandServletURL()) {
        ssBean.setLastRequestURL(pwmRequest.getHttpServletRequest().getRequestURI());
    }
    // mark last request time.
    ssBean.setSessionLastAccessedTime(Instant.now());
    // check the page leave notice
    if (checkPageLeaveNotice(pwmSession, config)) {
        LOGGER.warn("invalidating session due to dirty page leave time greater then configured timeout");
        pwmRequest.invalidateSession();
        resp.sendRedirect(pwmRequest.getHttpServletRequest().getRequestURI());
        return ProcessStatus.Halt;
    }
    // override session locale due to parameter
    handleLocaleParam(pwmRequest);
    // set the session's theme
    handleThemeParam(pwmRequest);
    // check the sso override flag
    handleSsoOverrideParam(pwmRequest);
    // check for session verification failure
    if (!ssBean.isSessionVerified()) {
        // ignore resource requests
        final SessionVerificationMode mode = config.readSettingAsEnum(PwmSetting.ENABLE_SESSION_VERIFICATION, SessionVerificationMode.class);
        if (mode == SessionVerificationMode.OFF) {
            ssBean.setSessionVerified(true);
        } else {
            if (verifySession(pwmRequest, mode) == ProcessStatus.Halt) {
                return ProcessStatus.Halt;
            }
        }
    }
    {
        final String forwardURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_FORWARD_URL);
        final String forwardURL = pwmRequest.readParameterAsString(forwardURLParamName);
        if (forwardURL != null && forwardURL.length() > 0) {
            try {
                checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), forwardURL);
            } catch (PwmOperationalException e) {
                LOGGER.error(pwmRequest, e.getErrorInformation());
                pwmRequest.respondWithError(e.getErrorInformation());
                return ProcessStatus.Halt;
            }
            ssBean.setForwardURL(forwardURL);
            LOGGER.debug(pwmRequest, "forwardURL parameter detected in request, setting session forward url to " + forwardURL);
        }
    }
    {
        final String logoutURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_LOGOUT_URL);
        final String logoutURL = pwmRequest.readParameterAsString(logoutURLParamName);
        if (logoutURL != null && logoutURL.length() > 0) {
            try {
                checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), logoutURL);
            } catch (PwmOperationalException e) {
                LOGGER.error(pwmRequest, e.getErrorInformation());
                pwmRequest.respondWithError(e.getErrorInformation());
                return ProcessStatus.Halt;
            }
            ssBean.setLogoutURL(logoutURL);
            LOGGER.debug(pwmRequest, "logoutURL parameter detected in request, setting session logout url to " + logoutURL);
        }
    }
    {
        final String expireParamName = pwmRequest.getConfig().readAppProperty(AppProperty.HTTP_PARAM_NAME_PASSWORD_EXPIRED);
        if ("true".equalsIgnoreCase(pwmRequest.readParameterAsString(expireParamName))) {
            LOGGER.debug(pwmSession, "detected param '" + expireParamName + "'=true in request, will force pw change");
            pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
        }
    }
    // update last request time.
    ssBean.setSessionLastAccessedTime(Instant.now());
    if (pwmApplication.getStatisticsManager() != null) {
        pwmApplication.getStatisticsManager().incrementValue(Statistic.HTTP_REQUESTS);
    }
    return ProcessStatus.Continue;
}
Also used : PwmApplication(password.pwm.PwmApplication) Configuration(password.pwm.config.Configuration) SessionVerificationMode(password.pwm.config.option.SessionVerificationMode) PwmResponse(password.pwm.http.PwmResponse) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmURL(password.pwm.http.PwmURL) PwmSession(password.pwm.http.PwmSession) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 45 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class GuestRegistrationServlet method processAction.

protected void processAction(final PwmRequest pwmRequest) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
    // Fetch the session state bean.
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final GuestRegistrationBean guestRegistrationBean = pwmApplication.getSessionStateService().getBean(pwmRequest, GuestRegistrationBean.class);
    final Configuration config = pwmApplication.getConfig();
    if (!config.readSettingAsBoolean(PwmSetting.GUEST_ENABLE)) {
        pwmRequest.respondWithError(PwmError.ERROR_SERVICE_NOT_AVAILABLE.toInfo());
        return;
    }
    if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.GUEST_REGISTRATION)) {
        pwmRequest.respondWithError(PwmError.ERROR_UNAUTHORIZED.toInfo());
        return;
    }
    checkConfiguration(config);
    final GuestRegistrationAction action = readProcessAction(pwmRequest);
    if (action != null) {
        pwmRequest.validatePwmFormID();
        switch(action) {
            case create:
                handleCreateRequest(pwmRequest, guestRegistrationBean);
                return;
            case search:
                handleSearchRequest(pwmRequest, guestRegistrationBean);
                return;
            case update:
                handleUpdateRequest(pwmRequest, guestRegistrationBean);
                return;
            case selectPage:
                handleSelectPageRequest(pwmRequest, guestRegistrationBean);
                return;
            default:
                JavaHelper.unhandledSwitchStatement(action);
        }
    }
    this.forwardToJSP(pwmRequest, guestRegistrationBean);
}
Also used : PwmApplication(password.pwm.PwmApplication) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) Configuration(password.pwm.config.Configuration) PwmSession(password.pwm.http.PwmSession) GuestRegistrationBean(password.pwm.http.bean.GuestRegistrationBean)

Aggregations

PwmSession (password.pwm.http.PwmSession)74 PwmApplication (password.pwm.PwmApplication)55 ErrorInformation (password.pwm.error.ErrorInformation)38 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)30 PwmOperationalException (password.pwm.error.PwmOperationalException)29 Configuration (password.pwm.config.Configuration)21 UserIdentity (password.pwm.bean.UserIdentity)20 FormConfiguration (password.pwm.config.value.data.FormConfiguration)19 PwmException (password.pwm.error.PwmException)14 ChaiUser (com.novell.ldapchai.ChaiUser)12 ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)12 UserInfo (password.pwm.ldap.UserInfo)12 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)11 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)9 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)9 IOException (java.io.IOException)9 Instant (java.time.Instant)9 RestResultBean (password.pwm.ws.server.RestResultBean)9 ServletException (javax.servlet.ServletException)8 MacroMachine (password.pwm.util.macro.MacroMachine)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial