private void restBrowseLdap(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
throws IOException, ServletException, PwmUnrecoverableException {
final StoredConfigurationImpl storedConfiguration =
StoredConfigurationImpl.copy(configGuideBean.getStoredConfiguration());
if (configGuideBean.getStep() == STEP.LDAP_ADMIN) {
storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_KEY, null);
storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_KEY, null);
}
final Date startTime = new Date();
final Map<String, String> inputMap =
pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation);
final String profile = inputMap.get("profile");
final String dn = inputMap.containsKey("dn") ? inputMap.get("dn") : "";
final LdapBrowser ldapBrowser = new LdapBrowser(storedConfiguration);
final LdapBrowser.LdapBrowseResult result = ldapBrowser.doBrowse(profile, dn);
ldapBrowser.close();
LOGGER.trace(
pwmRequest,
"performed ldapBrowse operation in "
+ TimeDuration.fromCurrent(startTime).asCompactString()
+ ", result="
+ JsonUtil.serialize(result));
pwmRequest.outputJsonResult(new RestResultBean(result));
}
static void forwardToJSP(final PwmRequest pwmRequest)
throws IOException, ServletException, PwmUnrecoverableException {
final HttpServletRequest req = pwmRequest.getHttpServletRequest();
final ServletContext servletContext = req.getSession().getServletContext();
final ConfigGuideBean configGuideBean =
pwmRequest.getPwmSession().getSessionBean(ConfigGuideBean.class);
String destURL = '/' + PwmConstants.URL_JSP_CONFIG_GUIDE;
destURL = destURL.replace("%1%", configGuideBean.getStep().toString().toLowerCase());
servletContext
.getRequestDispatcher(destURL)
.forward(req, pwmRequest.getPwmResponse().getHttpServletResponse());
}
private void restGotoStep(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
throws PwmUnrecoverableException, IOException, ServletException {
final String requestedStep = pwmRequest.readParameterAsString("step");
STEP step = null;
if (requestedStep != null && requestedStep.length() > 0) {
try {
step = STEP.valueOf(requestedStep);
} catch (IllegalArgumentException e) {
/* */
}
}
final boolean ldapSchemaPermitted =
"LDAP".equals(configGuideBean.getFormData().get(PARAM_CR_STORAGE_PREF))
&& configGuideBean.getSelectedTemplate() == PwmSettingTemplate.NOVL;
if ("NEXT".equals(requestedStep)) {
step = configGuideBean.getStep().next();
if (step == STEP.LDAP_SCHEMA && !ldapSchemaPermitted) {
step = step.next();
}
} else if ("PREVIOUS".equals(requestedStep)) {
step = configGuideBean.getStep().previous();
if (step == STEP.LDAP_SCHEMA && !ldapSchemaPermitted) {
step = step.previous();
}
}
if (step == null) {
final String errorMsg = "unknown goto step request: " + requestedStep;
final ErrorInformation errorInformation =
new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, errorMsg);
final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest);
LOGGER.error(pwmRequest, errorInformation.toDebugStr());
pwmRequest.outputJsonResult(restResultBean);
return;
}
if (step == STEP.FINISH) {
final ContextManager contextManager = ContextManager.getContextManager(pwmRequest);
try {
writeConfig(contextManager, configGuideBean);
} catch (PwmException e) {
final RestResultBean restResultBean =
RestResultBean.fromError(e.getErrorInformation(), pwmRequest);
pwmRequest.outputJsonResult(restResultBean);
return;
} catch (Exception e) {
final RestResultBean restResultBean =
RestResultBean.fromError(
new ErrorInformation(
PwmError.ERROR_UNKNOWN, "error during save: " + e.getMessage()),
pwmRequest);
pwmRequest.outputJsonResult(restResultBean);
return;
}
final HashMap<String, String> resultData = new HashMap<>();
resultData.put("serverRestart", "true");
pwmRequest.outputJsonResult(new RestResultBean(resultData));
pwmRequest.invalidateSession();
} else {
configGuideBean.setStep(step);
pwmRequest.outputJsonResult(new RestResultBean());
LOGGER.trace("setting current step to: " + step);
}
}
private void restLdapHealth(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
throws IOException, PwmUnrecoverableException {
final Configuration tempConfiguration =
new Configuration(configGuideBean.getStoredConfiguration());
final PwmApplication tempApplication =
new PwmApplication.PwmEnvironment(
tempConfiguration, pwmRequest.getPwmApplication().getApplicationPath())
.setApplicationMode(PwmApplication.MODE.NEW)
.setInternalRuntimeInstance(true)
.setWebInfPath(pwmRequest.getPwmApplication().getWebInfPath())
.createPwmApplication();
final LDAPStatusChecker ldapStatusChecker = new LDAPStatusChecker();
final List<HealthRecord> records = new ArrayList<>();
final LdapProfile ldapProfile = tempConfiguration.getDefaultLdapProfile();
switch (configGuideBean.getStep()) {
case LDAP_SERVER:
{
try {
checkLdapServer(configGuideBean);
records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
} catch (Exception e) {
records.add(
new HealthRecord(
HealthStatus.WARN,
HealthTopic.LDAP,
"Can not connect to remote server: " + e.getMessage()));
}
}
break;
case LDAP_ADMIN:
{
records.addAll(
ldapStatusChecker.checkBasicLdapConnectivity(
tempApplication, tempConfiguration, ldapProfile, false));
if (records.isEmpty()) {
records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
}
}
break;
case LDAP_CONTEXT:
{
records.addAll(
ldapStatusChecker.checkBasicLdapConnectivity(
tempApplication, tempConfiguration, ldapProfile, true));
if (records.isEmpty()) {
records.add(
new HealthRecord(
HealthStatus.GOOD, HealthTopic.LDAP, "LDAP Contextless Login Root validated"));
}
try {
final UserMatchViewerFunction userMatchViewerFunction = new UserMatchViewerFunction();
final Collection<UserIdentity> results =
userMatchViewerFunction.discoverMatchingUsers(
pwmRequest.getPwmApplication(),
2,
configGuideBean.getStoredConfiguration(),
PwmSetting.QUERY_MATCH_PWM_ADMIN,
null);
if (results.isEmpty()) {
records.add(
new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "No matching admin users"));
} else {
records.add(
new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "Admin group validated"));
}
} catch (PwmException e) {
records.add(
new HealthRecord(
HealthStatus.WARN,
HealthTopic.LDAP,
"Error during admin group validation: "
+ e.getErrorInformation().toDebugStr()));
} catch (Exception e) {
records.add(
new HealthRecord(
HealthStatus.WARN,
HealthTopic.LDAP,
"Error during admin group validation: " + e.getMessage()));
}
}
break;
case LDAP_TESTUSER:
{
final String testUserValue = configGuideBean.getFormData().get(PARAM_LDAP_TEST_USER);
if (testUserValue != null && !testUserValue.isEmpty()) {
records.addAll(
ldapStatusChecker.checkBasicLdapConnectivity(
tempApplication, tempConfiguration, ldapProfile, false));
records.addAll(
ldapStatusChecker.doLdapTestUserCheck(
tempConfiguration, ldapProfile, tempApplication));
} else {
records.add(
new HealthRecord(HealthStatus.CAUTION, HealthTopic.LDAP, "No test user specified"));
}
}
break;
}
HealthData jsonOutput = new HealthData();
jsonOutput.records =
password.pwm.ws.server.rest.bean.HealthRecord.fromHealthRecords(
records, pwmRequest.getLocale(), tempConfiguration);
jsonOutput.timestamp = new Date();
jsonOutput.overall = HealthMonitor.getMostSevereHealthStatus(records).toString();
final RestResultBean restResultBean = new RestResultBean();
restResultBean.setData(jsonOutput);
pwmRequest.outputJsonResult(restResultBean);
}
@Override
protected void processAction(final PwmRequest pwmRequest)
throws ServletException, IOException, ChaiUnavailableException, PwmUnrecoverableException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
if ((pwmSession.getSessionBean(ConfigGuideBean.class)).getStep() == STEP.START) {
pwmSession.clearSessionBeans();
pwmSession.getSessionStateBean().setTheme(null);
}
final ConfigGuideBean configGuideBean = pwmSession.getSessionBean(ConfigGuideBean.class);
if (pwmApplication.getApplicationMode() != PwmApplication.MODE.NEW) {
final ErrorInformation errorInformation =
new ErrorInformation(
PwmError.ERROR_SERVICE_NOT_AVAILABLE, "ConfigGuide unavailable unless in NEW mode");
LOGGER.error(pwmSession, errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
return;
}
if (!configGuideBean.getFormData().containsKey(PARAM_APP_SITEURL)) {
final URI uri = URI.create(pwmRequest.getHttpServletRequest().getRequestURL().toString());
final int port = Helper.portForUriSchema(uri);
final String newUri =
uri.getScheme() + "://" + uri.getHost() + ":" + port + pwmRequest.getContextPath();
configGuideBean.getFormData().put(PARAM_APP_SITEURL, newUri);
}
pwmSession.setSessionTimeout(
pwmRequest.getHttpServletRequest().getSession(),
Integer.parseInt(
pwmApplication.getConfig().readAppProperty(AppProperty.CONFIG_GUIDE_IDLE_TIMEOUT)));
if (configGuideBean.getStep() == STEP.LDAP_CERT) {
final String ldapServerString =
((List<String>)
configGuideBean
.getStoredConfiguration()
.readSetting(PwmSetting.LDAP_SERVER_URLS, LDAP_PROFILE_KEY)
.toNativeObject())
.get(0);
try {
final URI ldapServerUri = new URI(ldapServerString);
if ("ldaps".equalsIgnoreCase(ldapServerUri.getScheme())) {
configGuideBean.setLdapCertificates(X509Utils.readRemoteCertificates(ldapServerUri));
configGuideBean.setCertsTrustedbyKeystore(
X509Utils.testIfLdapServerCertsInDefaultKeystore(ldapServerUri));
} else {
configGuideBean.setLdapCertificates(null);
configGuideBean.setCertsTrustedbyKeystore(false);
}
} catch (Exception e) {
LOGGER.error("error reading/testing ldap server certificates: " + e.getMessage());
}
}
final ConfigGuideAction action = readProcessAction(pwmRequest);
if (action != null) {
pwmRequest.validatePwmFormID();
switch (action) {
case ldapHealth:
restLdapHealth(pwmRequest, configGuideBean);
return;
case updateForm:
restUpdateLdapForm(pwmRequest, configGuideBean);
return;
case gotoStep:
restGotoStep(pwmRequest, configGuideBean);
return;
case useConfiguredCerts:
restUseConfiguredCerts(pwmRequest, configGuideBean);
return;
case uploadConfig:
restUploadConfig(pwmRequest);
return;
case extendSchema:
restExtendSchema(pwmRequest, configGuideBean);
return;
case viewAdminMatches:
restViewAdminMatches(pwmRequest, configGuideBean);
return;
case browseLdap:
restBrowseLdap(pwmRequest, configGuideBean);
}
}
if (!pwmRequest.getPwmResponse().getHttpServletResponse().isCommitted()) {
forwardToJSP(pwmRequest);
}
}