Example 6 with PwmURL
use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class SessionFilter method handleStandardRequestOperations.
private ProcessStatus handleStandardRequestOperations(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Configuration config = pwmRequest.getConfig();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
final PwmResponse resp = pwmRequest.getPwmResponse();
// debug the http session headers
if (!pwmSession.getSessionStateBean().isDebugInitialized()) {
LOGGER.trace(pwmSession, pwmRequest.debugHttpHeaders());
pwmSession.getSessionStateBean().setDebugInitialized(true);
}
try {
pwmApplication.getSessionStateService().readLoginSessionState(pwmRequest);
} catch (PwmUnrecoverableException e) {
LOGGER.warn(pwmRequest, "error while reading login session state: " + e.getMessage());
}
// mark last url
if (!new PwmURL(pwmRequest.getHttpServletRequest()).isCommandServletURL()) {
ssBean.setLastRequestURL(pwmRequest.getHttpServletRequest().getRequestURI());
}
// mark last request time.
ssBean.setSessionLastAccessedTime(Instant.now());
// check the page leave notice
if (checkPageLeaveNotice(pwmSession, config)) {
LOGGER.warn("invalidating session due to dirty page leave time greater then configured timeout");
pwmRequest.invalidateSession();
resp.sendRedirect(pwmRequest.getHttpServletRequest().getRequestURI());
return ProcessStatus.Halt;
}
// override session locale due to parameter
handleLocaleParam(pwmRequest);
// set the session's theme
handleThemeParam(pwmRequest);
// check the sso override flag
handleSsoOverrideParam(pwmRequest);
// check for session verification failure
if (!ssBean.isSessionVerified()) {
// ignore resource requests
final SessionVerificationMode mode = config.readSettingAsEnum(PwmSetting.ENABLE_SESSION_VERIFICATION, SessionVerificationMode.class);
if (mode == SessionVerificationMode.OFF) {
ssBean.setSessionVerified(true);
} else {
if (verifySession(pwmRequest, mode) == ProcessStatus.Halt) {
return ProcessStatus.Halt;
}
}
}
{
final String forwardURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_FORWARD_URL);
final String forwardURL = pwmRequest.readParameterAsString(forwardURLParamName);
if (forwardURL != null && forwardURL.length() > 0) {
try {
checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), forwardURL);
} catch (PwmOperationalException e) {
LOGGER.error(pwmRequest, e.getErrorInformation());
pwmRequest.respondWithError(e.getErrorInformation());
return ProcessStatus.Halt;
}
ssBean.setForwardURL(forwardURL);
LOGGER.debug(pwmRequest, "forwardURL parameter detected in request, setting session forward url to " + forwardURL);
}
}
{
final String logoutURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_LOGOUT_URL);
final String logoutURL = pwmRequest.readParameterAsString(logoutURLParamName);
if (logoutURL != null && logoutURL.length() > 0) {
try {
checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), logoutURL);
} catch (PwmOperationalException e) {
LOGGER.error(pwmRequest, e.getErrorInformation());
pwmRequest.respondWithError(e.getErrorInformation());
return ProcessStatus.Halt;
}
ssBean.setLogoutURL(logoutURL);
LOGGER.debug(pwmRequest, "logoutURL parameter detected in request, setting session logout url to " + logoutURL);
}
}
{
final String expireParamName = pwmRequest.getConfig().readAppProperty(AppProperty.HTTP_PARAM_NAME_PASSWORD_EXPIRED);
if ("true".equalsIgnoreCase(pwmRequest.readParameterAsString(expireParamName))) {
LOGGER.debug(pwmSession, "detected param '" + expireParamName + "'=true in request, will force pw change");
pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
}
}
// update last request time.
ssBean.setSessionLastAccessedTime(Instant.now());
if (pwmApplication.getStatisticsManager() != null) {
pwmApplication.getStatisticsManager().incrementValue(Statistic.HTTP_REQUESTS);
}
return ProcessStatus.Continue;
}
Also used :
PwmApplication(password.pwm.PwmApplication)
Configuration(password.pwm.config.Configuration)
SessionVerificationMode(password.pwm.config.option.SessionVerificationMode)
PwmResponse(password.pwm.http.PwmResponse)
LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmURL(password.pwm.http.PwmURL)
PwmSession(password.pwm.http.PwmSession)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 7 with PwmURL
use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class ClientApiServlet method makeClientData.
private static Map<String, Object> makeClientData(final PwmApplication pwmApplication, final PwmSession pwmSession, final HttpServletRequest request, final HttpServletResponse response, final String pageUrl) throws ChaiUnavailableException, PwmUnrecoverableException {
final Locale userLocale = pwmSession.getSessionStateBean().getLocale();
final Configuration config = pwmApplication.getConfig();
final TreeMap<String, Object> settingMap = new TreeMap<>();
settingMap.put("client.ajaxTypingTimeout", Integer.parseInt(config.readAppProperty(AppProperty.CLIENT_AJAX_TYPING_TIMEOUT)));
settingMap.put("client.ajaxTypingWait", Integer.parseInt(config.readAppProperty(AppProperty.CLIENT_AJAX_TYPING_WAIT)));
settingMap.put("client.activityMaxEpsRate", Integer.parseInt(config.readAppProperty(AppProperty.CLIENT_ACTIVITY_MAX_EPS_RATE)));
settingMap.put("client.js.enableHtml5Dialog", Boolean.parseBoolean(config.readAppProperty(AppProperty.CLIENT_JS_ENABLE_HTML5DIALOG)));
settingMap.put("client.locale", LocaleHelper.getBrowserLocaleString(pwmSession.getSessionStateBean().getLocale()));
settingMap.put("client.pwShowRevertTimeout", Integer.parseInt(config.readAppProperty(AppProperty.CLIENT_PW_SHOW_REVERT_TIMEOUT)));
settingMap.put("enableIdleTimeout", config.readSettingAsBoolean(PwmSetting.DISPLAY_IDLE_TIMEOUT));
settingMap.put("pageLeaveNotice", config.readSettingAsLong(PwmSetting.SECURITY_PAGE_LEAVE_NOTICE_TIMEOUT));
settingMap.put("setting-showHidePasswordFields", pwmApplication.getConfig().readSettingAsBoolean(password.pwm.config.PwmSetting.DISPLAY_SHOW_HIDE_PASSWORD_FIELDS));
settingMap.put("setting-displayEula", PwmConstants.ENABLE_EULA_DISPLAY);
settingMap.put("setting-showStrengthMeter", config.readSettingAsBoolean(PwmSetting.PASSWORD_SHOW_STRENGTH_METER));
{
long idleSeconds = config.readSettingAsLong(PwmSetting.IDLE_TIMEOUT_SECONDS);
if (pageUrl == null || pageUrl.isEmpty()) {
LOGGER.warn(pwmSession, "request to /client data did not include pageUrl");
} else {
try {
final PwmURL pwmURL = new PwmURL(new URI(pageUrl), request.getContextPath());
final TimeDuration maxIdleTime = IdleTimeoutCalculator.idleTimeoutForRequest(pwmURL, pwmApplication, pwmSession);
idleSeconds = maxIdleTime.getTotalSeconds();
} catch (Exception e) {
LOGGER.error(pwmSession, "error determining idle timeout time for request: " + e.getMessage());
}
}
settingMap.put("MaxInactiveInterval", idleSeconds);
}
settingMap.put("paramName.locale", config.readAppProperty(AppProperty.HTTP_PARAM_NAME_LOCALE));
settingMap.put("runtimeNonce", pwmApplication.getRuntimeNonce());
settingMap.put("applicationMode", pwmApplication.getApplicationMode());
final String contextPath = request.getContextPath();
settingMap.put("url-context", contextPath);
settingMap.put("url-logout", contextPath + PwmServletDefinition.Logout.servletUrl());
settingMap.put("url-command", contextPath + PwmServletDefinition.PublicCommand.servletUrl());
settingMap.put("url-resources", contextPath + "/public/resources" + pwmApplication.getResourceServletService().getResourceNonce());
settingMap.put("url-restservice", contextPath + "/public/rest");
{
String passwordGuideText = pwmApplication.getConfig().readSettingAsLocalizedString(PwmSetting.DISPLAY_PASSWORD_GUIDE_TEXT, pwmSession.getSessionStateBean().getLocale());
final MacroMachine macroMachine = pwmSession.getSessionManager().getMacroMachine(pwmApplication);
passwordGuideText = macroMachine.expandMacros(passwordGuideText);
settingMap.put("passwordGuideText", passwordGuideText);
}
{
final List<String> formTypeOptions = new ArrayList<>();
for (final FormConfiguration.Type type : FormConfiguration.Type.values()) {
formTypeOptions.add(type.toString());
}
settingMap.put("formTypeOptions", formTypeOptions);
}
{
final List<String> actionTypeOptions = new ArrayList<>();
for (final ActionConfiguration.Type type : ActionConfiguration.Type.values()) {
actionTypeOptions.add(type.toString());
}
settingMap.put("actionTypeOptions", actionTypeOptions);
}
{
final List<String> epsTypes = new ArrayList<>();
for (final EpsStatistic loopEpsType : EpsStatistic.values()) {
epsTypes.add(loopEpsType.toString());
}
settingMap.put("epsTypes", epsTypes);
}
{
final List<String> epsDurations = new ArrayList<>();
for (final Statistic.EpsDuration loopEpsDuration : Statistic.EpsDuration.values()) {
epsDurations.add(loopEpsDuration.toString());
}
settingMap.put("epsDurations", epsDurations);
}
{
final Map<String, String> localeInfo = new LinkedHashMap<>();
final Map<String, String> localeDisplayNames = new LinkedHashMap<>();
final Map<String, String> localeFlags = new LinkedHashMap<>();
final List<Locale> knownLocales = new ArrayList<>(pwmApplication.getConfig().getKnownLocales());
knownLocales.sort(LocaleHelper.localeComparator(PwmConstants.DEFAULT_LOCALE));
for (final Locale locale : knownLocales) {
final String flagCode = pwmApplication.getConfig().getKnownLocaleFlagMap().get(locale);
localeFlags.put(locale.toString(), flagCode);
localeInfo.put(locale.toString(), locale.getDisplayName(PwmConstants.DEFAULT_LOCALE) + " - " + locale.getDisplayLanguage(userLocale));
localeDisplayNames.put(locale.toString(), locale.getDisplayLanguage());
}
settingMap.put("localeInfo", localeInfo);
settingMap.put("localeDisplayNames", localeDisplayNames);
settingMap.put("localeFlags", localeFlags);
settingMap.put("defaultLocale", PwmConstants.DEFAULT_LOCALE.toString());
}
if (pwmApplication.getConfig().readSettingAsEnum(PwmSetting.LDAP_SELECTABLE_CONTEXT_MODE, SelectableContextMode.class) != SelectableContextMode.NONE) {
final Map<String, Map<String, String>> ldapProfiles = new LinkedHashMap<>();
for (final String ldapProfile : pwmApplication.getConfig().getLdapProfiles().keySet()) {
final Map<String, String> contexts = pwmApplication.getConfig().getLdapProfiles().get(ldapProfile).getSelectableContexts(pwmApplication);
ldapProfiles.put(ldapProfile, contexts);
}
settingMap.put("ldapProfiles", ldapProfiles);
}
return settingMap;
}
Also used :
Locale(java.util.Locale)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ActionConfiguration(password.pwm.config.value.data.ActionConfiguration)
Configuration(password.pwm.config.Configuration)
PwmURL(password.pwm.http.PwmURL)
SelectableContextMode(password.pwm.config.option.SelectableContextMode)
TreeMap(java.util.TreeMap)
URI(java.net.URI)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
LinkedHashMap(java.util.LinkedHashMap)
MacroMachine(password.pwm.util.macro.MacroMachine)
TimeDuration(password.pwm.util.java.TimeDuration)
List(java.util.List)
ArrayList(java.util.ArrayList)
EpsStatistic(password.pwm.svc.stats.EpsStatistic)
Map(java.util.Map)
LinkedHashMap(java.util.LinkedHashMap)
TreeMap(java.util.TreeMap)
Example 8 with PwmURL
use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class LoginServlet method determinePostLoginUrl.
private static String determinePostLoginUrl(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
final LoginServletBean loginServletBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, LoginServletBean.class);
final String decryptedValue = loginServletBean.getNextUrl();
if (decryptedValue != null && !decryptedValue.isEmpty()) {
final PwmURL originalPwmURL = new PwmURL(URI.create(decryptedValue), pwmRequest.getContextPath());
if (!originalPwmURL.isLoginServlet()) {
loginServletBean.setNextUrl(null);
return decryptedValue;
}
}
return pwmRequest.getContextPath();
}
Also used :
PwmURL(password.pwm.http.PwmURL)
LoginServletBean(password.pwm.http.bean.LoginServletBean)
Example 9 with PwmURL
use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class AbstractPwmFilter method doFilter.
@Override
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest req = (HttpServletRequest) servletRequest;
final HttpServletResponse resp = (HttpServletResponse) servletResponse;
final PwmApplicationMode mode = PwmApplicationMode.determineMode(req);
final boolean interested;
try {
final PwmURL pwmURL = new PwmURL(req);
interested = isInterested(mode, pwmURL);
} catch (Exception e) {
LOGGER.error("unexpected error processing filter chain during isInterested(): " + e.getMessage(), e);
resp.sendError(500, "unexpected error processing filter chain during isInterested");
return;
}
if (interested) {
PwmRequest pwmRequest = null;
try {
pwmRequest = PwmRequest.forRequest(req, resp);
} catch (PwmException e) {
final PwmURL pwmURL = new PwmURL(req);
if (pwmURL.isResourceURL()) {
filterChain.doFilter(req, resp);
return;
}
LOGGER.error(pwmRequest, "unexpected error processing filter chain: " + e.getMessage(), e);
}
try {
final PwmFilterChain pwmFilterChain = new PwmFilterChain(servletRequest, servletResponse, filterChain);
processFilter(mode, pwmRequest, pwmFilterChain);
} catch (PwmException e) {
LOGGER.error(pwmRequest, "unexpected error processing filter chain: " + e.getMessage(), e);
} catch (IOException e) {
LOGGER.debug(pwmRequest, "i/o error processing request: " + e.getMessage());
}
} else {
filterChain.doFilter(req, resp);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PwmException(password.pwm.error.PwmException)
PwmRequest(password.pwm.http.PwmRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
PwmURL(password.pwm.http.PwmURL)
IOException(java.io.IOException)
PwmApplicationMode(password.pwm.PwmApplicationMode)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
PwmException(password.pwm.error.PwmException)
Example 10 with PwmURL
use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class AuthenticationFilter method forceRequiredRedirects.
public static ProcessStatus forceRequiredRedirects(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmURL pwmURL = pwmRequest.getURL();
final UserInfo userInfo = pwmSession.getUserInfo();
final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
if (pwmURL.isResourceURL() || pwmURL.isConfigManagerURL() || pwmURL.isLogoutURL() || pwmURL.isLoginServlet()) {
return ProcessStatus.Continue;
}
if (pwmRequest.getPwmApplication().getApplicationMode() != PwmApplicationMode.RUNNING) {
return ProcessStatus.Continue;
}
// high priority pw change
if (loginInfoBean.getType() == AuthenticationType.AUTH_FROM_PUBLIC_MODULE) {
if (!pwmURL.isChangePasswordURL()) {
LOGGER.debug(pwmRequest, "user is authenticated via forgotten password mechanism, redirecting to change password servlet");
pwmRequest.sendRedirect(pwmRequest.getContextPath() + PwmConstants.URL_PREFIX_PUBLIC + "/" + PwmServletDefinition.PrivateChangePassword.servletUrlName());
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
// if change password in progress and req is for ChangePassword servlet, then allow request as is
if (pwmURL.isChangePasswordURL()) {
final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
final PasswordChangeProgressChecker.ProgressTracker progressTracker = cpb.getChangeProgressTracker();
if (progressTracker != null && progressTracker.getBeginTime() != null) {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresResponseConfig()) {
if (!pwmURL.isSetupResponsesURL()) {
LOGGER.debug(pwmRequest, "user is required to setup responses, redirecting to setup responses servlet");
pwmRequest.sendRedirect(PwmServletDefinition.SetupResponses);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresOtpConfig() && !pwmSession.getLoginInfoBean().isLoginFlag(LoginInfoBean.LoginFlag.skipOtp)) {
if (!pwmURL.isSetupOtpSecretURL()) {
LOGGER.debug(pwmRequest, "user is required to setup OTP configuration, redirecting to OTP setup page");
pwmRequest.sendRedirect(PwmServletDefinition.SetupOtp);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresUpdateProfile()) {
if (!pwmURL.isProfileUpdateURL()) {
LOGGER.debug(pwmRequest, "user is required to update profile, redirecting to profile update servlet");
pwmRequest.sendRedirect(PwmServletDefinition.UpdateProfile);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (!pwmURL.isChangePasswordURL()) {
if (userInfo.isRequiresNewPassword() && !loginInfoBean.isLoginFlag(LoginInfoBean.LoginFlag.skipNewPw)) {
LOGGER.debug(pwmRequest, "user password in ldap requires changing, redirecting to change password servlet");
pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
return ProcessStatus.Halt;
} else if (loginInfoBean.getLoginFlags().contains(LoginInfoBean.LoginFlag.forcePwChange)) {
LOGGER.debug(pwmRequest, "previous activity in application requires forcing pw change, redirecting to change password servlet");
pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
return ProcessStatus.Continue;
}
Also used :
ChangePasswordBean(password.pwm.http.bean.ChangePasswordBean)
LoginInfoBean(password.pwm.bean.LoginInfoBean)
PwmURL(password.pwm.http.PwmURL)
UserInfo(password.pwm.ldap.UserInfo)
PwmSession(password.pwm.http.PwmSession)
PasswordChangeProgressChecker(password.pwm.ldap.PasswordChangeProgressChecker)
Aggregations
PwmURL (password.pwm.http.PwmURL)14
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)6
IOException (java.io.IOException)5
ServletException (javax.servlet.ServletException)5
PwmApplication (password.pwm.PwmApplication)4
PwmException (password.pwm.error.PwmException)4
PwmApplicationMode (password.pwm.PwmApplicationMode)3
PwmSession (password.pwm.http.PwmSession)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
LocalSessionStateBean (password.pwm.bean.LocalSessionStateBean)2
Configuration (password.pwm.config.Configuration)2
ErrorInformation (password.pwm.error.ErrorInformation)2
PwmRequest (password.pwm.http.PwmRequest)2
TimeDuration (password.pwm.util.java.TimeDuration)2
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)1
URI (java.net.URI)1
UnknownHostException (java.net.UnknownHostException)1
Instant (java.time.Instant)1
ArrayList (java.util.ArrayList)1
