Ejemplo n.º 1
0
  @GET
  @Produces(MediaType.APPLICATION_JSON + ";charset=UTF-8")
  @Path("/client")
  public Response doGetAppClientData(
      @QueryParam("pageUrl") String pageUrl,
      @PathParam(value = "eTagUri") final String eTagUri,
      @Context HttpServletRequest request,
      @Context HttpServletResponse response)
      throws PwmUnrecoverableException, IOException, ChaiUnavailableException {
    final int maxCacheAgeSeconds = 60 * 5;
    final RestRequestBean restRequestBean;
    try {
      restRequestBean =
          RestServerHelper.initializeRestRequest(
              request, response, ServicePermissions.PUBLIC, null);
    } catch (PwmUnrecoverableException e) {
      return RestResultBean.fromError(e.getErrorInformation()).asJsonResponse();
    }

    final String eTagValue =
        makeClientEtag(
            restRequestBean.getPwmApplication(), restRequestBean.getPwmSession(), request);

    // check the incoming header;
    final String ifNoneMatchValue = request.getHeader("If-None-Match");

    if (ifNoneMatchValue != null
        && ifNoneMatchValue.equals(eTagValue)
        && eTagValue.equals(eTagUri)) {
      return Response.notModified().build();
    }

    response.setHeader("ETag", eTagValue);
    response.setDateHeader("Expires", System.currentTimeMillis() + (maxCacheAgeSeconds * 1000));
    response.setHeader("Cache-Control", "public, max-age=" + maxCacheAgeSeconds);

    final AppData appData =
        makeAppData(
            restRequestBean.getPwmApplication(),
            restRequestBean.getPwmSession(),
            request,
            response,
            pageUrl);
    final RestResultBean restResultBean = new RestResultBean();
    restResultBean.setData(appData);
    return restResultBean.asJsonResponse();
  }
Ejemplo n.º 2
0
  @GET
  @Path("/intruder")
  @Produces(MediaType.APPLICATION_JSON + ";charset=UTF-8")
  public Response doGetAppIntruderData(@QueryParam("maximum") int maximum)
      throws ChaiUnavailableException, PwmUnrecoverableException {
    maximum = maximum > 0 ? maximum : 10 * 1000;

    final RestRequestBean restRequestBean;
    try {
      final ServicePermissions servicePermissions = new ServicePermissions();
      servicePermissions.setAdminOnly(true);
      servicePermissions.setAuthRequired(true);
      servicePermissions.setBlockExternal(true);
      restRequestBean =
          RestServerHelper.initializeRestRequest(request, response, servicePermissions, null);
    } catch (PwmUnrecoverableException e) {
      return RestResultBean.fromError(e.getErrorInformation()).asJsonResponse();
    }

    if (!restRequestBean
        .getPwmSession()
        .getSessionManager()
        .checkPermission(restRequestBean.getPwmApplication(), Permission.PWMADMIN)) {
      final ErrorInformation errorInfo = PwmError.ERROR_UNAUTHORIZED.toInfo();
      return RestResultBean.fromError(errorInfo, restRequestBean).asJsonResponse();
    }

    final TreeMap<String, Object> returnData = new TreeMap<>();
    try {
      for (final RecordType recordType : RecordType.values()) {
        returnData.put(
            recordType.toString(),
            restRequestBean
                .getPwmApplication()
                .getIntruderManager()
                .getRecords(recordType, maximum));
      }
    } catch (PwmOperationalException e) {
      final ErrorInformation errorInfo =
          new ErrorInformation(PwmError.ERROR_UNKNOWN, e.getMessage());
      return RestResultBean.fromError(errorInfo, restRequestBean).asJsonResponse();
    }

    final RestResultBean restResultBean = new RestResultBean();
    restResultBean.setData(returnData);
    return restResultBean.asJsonResponse();
  }
Ejemplo n.º 3
0
  @GET
  @Path("/audit")
  @Produces(MediaType.APPLICATION_JSON + ";charset=UTF-8")
  public Response doGetAppAuditData(@QueryParam("maximum") int maximum)
      throws ChaiUnavailableException, PwmUnrecoverableException {
    maximum = maximum > 0 ? maximum : 10 * 1000;

    final RestRequestBean restRequestBean;
    try {
      final ServicePermissions servicePermissions = new ServicePermissions();
      servicePermissions.setAdminOnly(true);
      servicePermissions.setAuthRequired(true);
      servicePermissions.setBlockExternal(true);
      restRequestBean =
          RestServerHelper.initializeRestRequest(request, response, servicePermissions, null);
    } catch (PwmUnrecoverableException e) {
      return RestResultBean.fromError(e.getErrorInformation()).asJsonResponse();
    }

    final ArrayList<UserAuditRecord> userRecords = new ArrayList<>();
    final ArrayList<HelpdeskAuditRecord> helpdeskRecords = new ArrayList<>();
    final ArrayList<SystemAuditRecord> systemRecords = new ArrayList<>();
    final Iterator<AuditRecord> iterator =
        restRequestBean.getPwmApplication().getAuditManager().readVault();
    int counter = 0;
    while (iterator.hasNext() && counter <= maximum) {
      final AuditRecord loopRecord = iterator.next();
      counter++;
      if (loopRecord instanceof SystemAuditRecord) {
        systemRecords.add((SystemAuditRecord) loopRecord);
      } else if (loopRecord instanceof HelpdeskAuditRecord) {
        helpdeskRecords.add((HelpdeskAuditRecord) loopRecord);
      } else if (loopRecord instanceof UserAuditRecord) {
        userRecords.add((UserAuditRecord) loopRecord);
      }
    }
    final HashMap<String, List> outputMap = new HashMap<>();
    outputMap.put("user", userRecords);
    outputMap.put("helpdesk", helpdeskRecords);
    outputMap.put("system", systemRecords);

    final RestResultBean restResultBean = new RestResultBean();
    restResultBean.setData(outputMap);
    LOGGER.debug(restRequestBean.getPwmSession(), "output " + counter + " audit records.");
    return restResultBean.asJsonResponse();
  }
Ejemplo n.º 4
0
  @GET
  @Produces(MediaType.APPLICATION_JSON + ";charset=UTF-8")
  @Path("/strings/{bundle}")
  public Response doGetStringData(@PathParam(value = "bundle") final String bundleName)
      throws PwmUnrecoverableException, IOException, ChaiUnavailableException {
    final int maxCacheAgeSeconds = 60 * 5;
    final RestRequestBean restRequestBean;
    try {
      restRequestBean =
          RestServerHelper.initializeRestRequest(
              request, response, ServicePermissions.PUBLIC, null);
    } catch (PwmUnrecoverableException e) {
      return RestResultBean.fromError(e.getErrorInformation()).asJsonResponse();
    }

    final String eTagValue =
        makeClientEtag(
            restRequestBean.getPwmApplication(), restRequestBean.getPwmSession(), request);
    response.setHeader("ETag", eTagValue);
    response.setDateHeader("Expires", System.currentTimeMillis() + (maxCacheAgeSeconds * 1000));
    response.setHeader("Cache-Control", "public, max-age=" + maxCacheAgeSeconds);

    try {
      final LinkedHashMap<String, String> displayData =
          new LinkedHashMap<>(
              makeDisplayData(
                  restRequestBean.getPwmApplication(),
                  restRequestBean.getPwmSession(),
                  bundleName));
      final RestResultBean restResultBean = new RestResultBean();
      restResultBean.setData(displayData);
      return restResultBean.asJsonResponse();
    } catch (Exception e) {
      final String errorMSg =
          "error during rest /strings call for bundle " + bundleName + ", error: " + e.getMessage();
      final ErrorInformation errorInformation =
          new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMSg);
      return RestResultBean.fromError(errorInformation).asJsonResponse();
    }
  }
Ejemplo n.º 5
0
  @GET
  @Path("/session")
  @Produces(MediaType.APPLICATION_JSON + ";charset=UTF-8")
  public Response doGetAppSessionData(@QueryParam("maximum") int maximum)
      throws ChaiUnavailableException, PwmUnrecoverableException {
    maximum = maximum > 0 ? maximum : 10 * 1000;

    final RestRequestBean restRequestBean;
    try {
      final ServicePermissions servicePermissions = new ServicePermissions();
      servicePermissions.setAdminOnly(true);
      servicePermissions.setAuthRequired(true);
      servicePermissions.setBlockExternal(true);
      restRequestBean =
          RestServerHelper.initializeRestRequest(request, response, servicePermissions, null);
    } catch (PwmUnrecoverableException e) {
      return RestResultBean.fromError(e.getErrorInformation()).asJsonResponse();
    }

    if (!restRequestBean
        .getPwmSession()
        .getSessionManager()
        .checkPermission(restRequestBean.getPwmApplication(), Permission.PWMADMIN)) {
      final ErrorInformation errorInfo = PwmError.ERROR_UNAUTHORIZED.toInfo();
      return RestResultBean.fromError(errorInfo, restRequestBean).asJsonResponse();
    }

    final ArrayList<SessionStateInfoBean> gridData = new ArrayList<>();
    int counter = 0;
    final Iterator<SessionStateInfoBean> infos =
        restRequestBean.getPwmApplication().getSessionTrackService().getSessionInfoIterator();
    while (counter < maximum && infos.hasNext()) {
      gridData.add(infos.next());
      counter++;
    }
    final RestResultBean restResultBean = new RestResultBean();
    restResultBean.setData(gridData);
    return restResultBean.asJsonResponse();
  }
Ejemplo n.º 6
0
  private void restLdapHealth(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
      throws IOException, PwmUnrecoverableException {
    final Configuration tempConfiguration =
        new Configuration(configGuideBean.getStoredConfiguration());
    final PwmApplication tempApplication =
        new PwmApplication.PwmEnvironment(
                tempConfiguration, pwmRequest.getPwmApplication().getApplicationPath())
            .setApplicationMode(PwmApplication.MODE.NEW)
            .setInternalRuntimeInstance(true)
            .setWebInfPath(pwmRequest.getPwmApplication().getWebInfPath())
            .createPwmApplication();
    final LDAPStatusChecker ldapStatusChecker = new LDAPStatusChecker();
    final List<HealthRecord> records = new ArrayList<>();
    final LdapProfile ldapProfile = tempConfiguration.getDefaultLdapProfile();
    switch (configGuideBean.getStep()) {
      case LDAP_SERVER:
        {
          try {
            checkLdapServer(configGuideBean);
            records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
          } catch (Exception e) {
            records.add(
                new HealthRecord(
                    HealthStatus.WARN,
                    HealthTopic.LDAP,
                    "Can not connect to remote server: " + e.getMessage()));
          }
        }
        break;

      case LDAP_ADMIN:
        {
          records.addAll(
              ldapStatusChecker.checkBasicLdapConnectivity(
                  tempApplication, tempConfiguration, ldapProfile, false));
          if (records.isEmpty()) {
            records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
          }
        }
        break;

      case LDAP_CONTEXT:
        {
          records.addAll(
              ldapStatusChecker.checkBasicLdapConnectivity(
                  tempApplication, tempConfiguration, ldapProfile, true));
          if (records.isEmpty()) {
            records.add(
                new HealthRecord(
                    HealthStatus.GOOD, HealthTopic.LDAP, "LDAP Contextless Login Root validated"));
          }
          try {
            final UserMatchViewerFunction userMatchViewerFunction = new UserMatchViewerFunction();
            final Collection<UserIdentity> results =
                userMatchViewerFunction.discoverMatchingUsers(
                    pwmRequest.getPwmApplication(),
                    2,
                    configGuideBean.getStoredConfiguration(),
                    PwmSetting.QUERY_MATCH_PWM_ADMIN,
                    null);

            if (results.isEmpty()) {
              records.add(
                  new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "No matching admin users"));
            } else {
              records.add(
                  new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "Admin group validated"));
            }
          } catch (PwmException e) {
            records.add(
                new HealthRecord(
                    HealthStatus.WARN,
                    HealthTopic.LDAP,
                    "Error during admin group validation: "
                        + e.getErrorInformation().toDebugStr()));
          } catch (Exception e) {
            records.add(
                new HealthRecord(
                    HealthStatus.WARN,
                    HealthTopic.LDAP,
                    "Error during admin group validation: " + e.getMessage()));
          }
        }
        break;

      case LDAP_TESTUSER:
        {
          final String testUserValue = configGuideBean.getFormData().get(PARAM_LDAP_TEST_USER);
          if (testUserValue != null && !testUserValue.isEmpty()) {
            records.addAll(
                ldapStatusChecker.checkBasicLdapConnectivity(
                    tempApplication, tempConfiguration, ldapProfile, false));
            records.addAll(
                ldapStatusChecker.doLdapTestUserCheck(
                    tempConfiguration, ldapProfile, tempApplication));
          } else {
            records.add(
                new HealthRecord(HealthStatus.CAUTION, HealthTopic.LDAP, "No test user specified"));
          }
        }
        break;
    }

    HealthData jsonOutput = new HealthData();
    jsonOutput.records =
        password.pwm.ws.server.rest.bean.HealthRecord.fromHealthRecords(
            records, pwmRequest.getLocale(), tempConfiguration);
    jsonOutput.timestamp = new Date();
    jsonOutput.overall = HealthMonitor.getMostSevereHealthStatus(records).toString();
    final RestResultBean restResultBean = new RestResultBean();
    restResultBean.setData(jsonOutput);
    pwmRequest.outputJsonResult(restResultBean);
  }