Commit 612358af authored by damianofalcioni's avatar damianofalcioni

Omilab Customizations

parent 028a48c4
......@@ -4,49 +4,22 @@ PWM is an open source password self service application for LDAP directories. PW
Official project page is at [https://github.com/pwm-project/pwm/](https://github.com/pwm-project/pwm/).
# Links
* [PWM-General Google Group](https://groups.google.com/group/pwm-general) - please ask for assistance here first.
* [PWM Documentation Wiki](https://github.com/pwm-project/pwm/wiki) - Home for PWM documentation
* [Current Builds](https://www.pwm-project.org/artifacts/pwm/) - Current downloads built from recent github project commits
* [PWM Reference](https://www.pwm-project.org/pwm/public/reference/) - Reference documentation built into PWM.
## Instructions
# Features
* Web based configuration manager with over 400 configurable settings
* Configurable display values for every user-facing text string
* Localized for Chinese (中文), Czech (ceština), Dutch (Nederlands), English, Finnish (suomi), French (français), German (Deutsch), Hebrew (עברית), Italian (italiano), Japanese (日本語), Korean (한국어), Polish (polski), Portuguese (português), Slovak (Slovenčina), Spanish (español), Thai (ไทย) and Turkish (Türkçe)
* Polished, intuitive end-user interface with as-you-type password rule enforcement
* Forgotten Password
* Store Responses in local server, standard RDBMS database, LDAP server or Novell NMAS repositories
* Use Forgotten Password, Email/SMS Token/PIN, TOTP, Remote REST service, User LDAP attribute values, or any combination
* Stand-alone, easy to deploy, java web application
* Helpdesk password reset and intruder lockout clearing
* New User Registration / Account Creation
* Guest User Registration / Updating
* PeopleSearch (white pages)
* Account Activation / First time password assignment
* Administration modules including intruder-lockout manager, and online log viewer, daily stats viewer and user information debugging
* Easy to customize JSP HTML pages
* Theme-able interface with several example CSS themes
* Support for large dictionary wordlists to enforce strong passwords
* Shared password history to prevent passwords from being reused organizationally
* Automatic LDAP server fail-over to multiple ldap servers
* Support for password replication checking and minimum time delays during password sets
* Captcha support using reCaptcha
* Integration with CAS
* Support for minimal, restricted and mobile browsers with no cookies, javascript or css
* Specialized skins for iPhone/Mobile devices
* Designed for integration with existing portals and web security gateways
* Directory Support
* Generic LDAP
* Directory 389
* NetIQ eDirectory
* Password Policies & Challenge Sets
* NMAS Operations and Error handling
* Support for NMAS user challenge/responses
* Microsoft Active Directory
* OpenLDAP
1) Deploy the application in Tomcat: extract pwm.war in the Tomcat webapp folder (in linux by default under opt/tomcat/webapps/).
2) In the web.xml file (under pwm/WEB-INF/web.xml) change the value of the param 'applicationPath' with the absolute path of your WEB-INF folder (Ex: c:\tomcat\webapps\pwm\WEB-INF)
OR (recommended)
Set up the system environment variable PWM_APPLICATIONPATH with the absolute path of your WEB-INF folder (Windows example: set "PWM_APPLICATIONPATH=c:\tomcat\webapps\pwm\WEB-INF" Linux example: export PWM_APPLICATIONPATH='/var/tomcat/webapps/pwm/WEB-INF')
The default configuration work with the default installed [LDAP](https://git.boc-group.eu/olive/ldap-config).
In order to adapt the settings simply edit the file 'pwm/WEB-INF/PwmConfiguratin.xml'.
A web interface is also available in order to change this settings and can be enabled changing the property 'configIsEditable' to true in the PwmConfiguratin.xml file.
The default password for entering the configuration web interface is 'password'.
[NetIQ SSPR](https://www.netiq.com/products/self-service-password-reset/) is a commercial, supported self service password reset product based on PWM.
# Build Information
......@@ -58,51 +31,4 @@ Build execution:
* Set `JAVA_HOME` environment variable to JDK home
* Run `mvn clean package` in base directory
A WAR file suitable for deployment on Apache Tomcat is created in `webapp/target` directory. Rename to `pwm.war` and copy into `tomcat/webapp` directory.
Alternatively, an executable JAR file is created in `onejar\target`. This JAR file is self-contained single executable with embedded Apache Tomcat runtime. To execute use a command similar to:
`java -jar pwm-onejar.jar`
The executable will show additional options that may be required.
A docker image is created in `docker/target` as jib-image.tar. You can import this docker image using a command similar to:
`docker load --input=jib-image.tar`
Create docker container and run using:
`docker run -d --name <container name> -p 8443:8443 pwm/pwm-webapp`
This will expose the https port to 8443. If you want the configuration to persist to you can also exposed configuration volume of `/config` using the docker `-v` option during the container
creation and map it to a directory on the docker host or use a docker volume container.
The PWM docker container will place all of it's configuration and runtime data in the `/config` volume.
# PWM Source Code License Update Plan for 2019
* Current License: GPL v2.0
* New License: Apache 2.0
* Notice Date: October 1, 2018
* Update Date: February 1, 2019.
The existing project is licensed using GPL v2.0 License
(https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html). On or about the update date,
the codebase will be updated as Apache 2.0 License (https://www.apache.org/licenses/LICENSE-2.0).
This change is being made to allow commercial organizations a more friendly license structure.
This will not change the nature or availability of the PWM Project. The development and open-source
nature of PWM will continue as before. Existing, published PWM source code will continue to be
available under the GPL v2.0 License, however all new development after the license date will only
be published using the new license type.
At the time of the license update, the existing source code will be branched and the code source
will be archived and published under the existing GPL v2.0 license terms in perpetuity.
Process:
* This notice is posted publicly
* Known contributors are sent this notice using last known address
* Any objections or concerns by contributors will be processed as appropriate
* On or about the update date:
* The existing code is branched and the GPL version will remain available
* License headers and notices will be updated to the new license type
* New development and contributions will be done under the new license type
A WAR file suitable for deployment on Apache Tomcat is created in `webapp/target` directory. Rename to `pwm.war` and copy into `tomcat/webapp` directory.
\ No newline at end of file
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.pwm-project</groupId>
<artifactId>pwm-parent</artifactId>
<version>1.8.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>pwm-data-service</artifactId>
<packaging>war</packaging>
<name>PWM Password Self Service: Data Service WAR</name>
<licenses>
<license>
<name>The GNU General Public License (GPL) Version 2</name>
<url>http://www.gnu.org/licenses/gpl-2.0.html</url>
<distribution>repo</distribution>
</license>
</licenses>
<organization>
<name>PWM Project</name>
<url>http://www.pwm-project.org</url>
</organization>
<properties>
<skipTests>false</skipTests>
<timestamp.iso>${maven.build.timestamp}</timestamp.iso>
<maven.build.timestamp.format>yyyy-MM-dd'T'HH:mm:ss'Z'</maven.build.timestamp.format>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.root.basedir>${project.basedir}/..</project.root.basedir>
</properties>
<profiles>
</profiles>
<build>
<plugins>
<plugin>
<!-- This plugin will set properties values using dependency information -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>properties</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>3.2.2</version>
<configuration>
<archiveClasses>true</archiveClasses>
<packagingExcludes>WEB-INF/classes</packagingExcludes>
<archive>
<manifestEntries>
<Implementation-Title>${project.name}</Implementation-Title>
<Implementation-Version>${project.version}</Implementation-Version>
<Implementation-Vendor>${project.organization.name}</Implementation-Vendor>
<Implementation-URL>${project.organization.url}</Implementation-URL>
<Implementation-Build>${build.number}</Implementation-Build>
<Implementation-Revision>${build.revision}</Implementation-Revision>
<Implementation-Version-Display>v${project.version} b${build.number} r${build.revision}</Implementation-Version-Display>
</manifestEntries>
</archive>
</configuration>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>copy-resources</id>
<phase>validate</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${project.build.outputDirectory}/src</outputDirectory>
<resources>
<resource><directory>src/main/java</directory></resource>
<resource><directory>src/main/resources</directory></resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-clean-plugin</artifactId>
<version>3.1.0</version>
</plugin>
</plugins>
</build>
<reporting>
</reporting>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>pwm-server</artifactId>
<version>${project.version}</version>
<type>jar</type>
</dependency>
<!-- container dependencies -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>4.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2.1-b03</version>
<scope>provided</scope>
</dependency>
<!-- / container dependencies -->
<dependency>
<groupId>commons-net</groupId>
<artifactId>commons-net</artifactId>
<version>3.6</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-csv</artifactId>
<version>1.6</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.8.1</version>
</dependency>
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>javax.mail</artifactId>
<version>1.6.2</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.7</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.jdom</groupId>
<artifactId>jdom2</artifactId>
<version>2.0.6</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.5</version>
</dependency>
<dependency>
<groupId>org.jetbrains.xodus</groupId>
<artifactId>xodus-environment</artifactId>
<version>1.3.0</version>
</dependency>
</dependencies>
</project>
/*
* Password Management Servlets (PWM)
* http://www.pwm-project.org
*
* Copyright (c) 2006-2009 Novell, Inc.
* Copyright (c) 2009-2018 The PWM Project
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package password.pwm.receiver;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.annotation.WebListener;
@WebListener
public class ContextManager implements ServletContextListener
{
private static final String CONTEXT_ATTR = "contextManager";
private PwmReceiverApp app;
@Override
public void contextInitialized( final ServletContextEvent sce )
{
app = new PwmReceiverApp();
sce.getServletContext().setAttribute( CONTEXT_ATTR, this );
}
@Override
public void contextDestroyed( final ServletContextEvent sce )
{
app.close();
app = null;
}
public PwmReceiverApp getApp( )
{
return app;
}
public static ContextManager getContextManager( final ServletContext serverContext )
{
return ( ContextManager ) serverContext.getAttribute( CONTEXT_ATTR );
}
}
/*
* Password Management Servlets (PWM)
* http://www.pwm-project.org
*
* Copyright (c) 2006-2009 Novell, Inc.
* Copyright (c) 2009-2018 The PWM Project
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package password.pwm.receiver;
import javax.servlet.annotation.WebServlet;
@WebServlet(
name = "TelemetryViewer",
urlPatterns = {
"/csv",
}
)
public class CsvDownloadServlet
{
}
/*
* Password Management Servlets (PWM)
* http://www.pwm-project.org
*
* Copyright (c) 2006-2009 Novell, Inc.
* Copyright (c) 2009-2018 The PWM Project
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package password.pwm.receiver;
import org.apache.commons.net.ftp.FTPClient;
import org.apache.commons.net.ftp.FTPFile;
import org.apache.commons.net.ftp.FTPSClient;
import password.pwm.PwmConstants;
import password.pwm.bean.TelemetryPublishBean;
import password.pwm.util.java.JsonUtil;
import password.pwm.util.java.StringUtil;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
class FtpDataIngestor
{
private static final PwmReceiverLogger LOGGER = PwmReceiverLogger.forClass( FtpDataIngestor.class );
private final Settings settings;
private final PwmReceiverApp app;
FtpDataIngestor( final PwmReceiverApp app, final Settings telemetrySettings )
{
this.app = app;
this.settings = telemetrySettings;
}
void readData( final Storage storage )
{
app.getStatus().setLastFtpStatus( "beginning ftp ingestion" );
LOGGER.debug( "beginning ftp ingestion" );
app.getStatus().setLastFtpIngest( Instant.now() );
try
{
final FTPClient ftpClient = getFtpClient();
final List<String> files = getFiles( ftpClient );
LOGGER.debug( "beginning ftp ingestion, listed " + files.size() + " files from server" );
for ( final String fileName : files )
{
if ( fileName != null && fileName.endsWith( ".zip" ) )
{
app.getStatus().setLastFtpIngest( Instant.now() );
app.getStatus().setLastFtpStatus( "reading file " + fileName );
LOGGER.debug( "read file " + fileName );
try
{
readFile( ftpClient, fileName, storage );
}
catch ( Exception e )
{
app.getStatus().setLastFtpIngest( Instant.now() );
final String msg = "error while reading ftp file '" + fileName + "': " + e.getMessage();
app.getStatus().setLastFtpStatus( msg );
LOGGER.error( msg );
}
}
else
{
LOGGER.info( "skipping ftp file " + fileName );
}
}
ftpClient.disconnect();
LOGGER.info( "completed ftp ingestion" );
app.getStatus().setLastFtpStatus( "completed successfully" );
app.getStatus().setLastFtpIngest( Instant.now() );
app.getStatus().setLastFtpFilesRead( files.size() );
}
catch ( Exception e )
{
app.getStatus().setLastFtpIngest( Instant.now() );
app.getStatus().setLastFtpStatus( "error during ftp scan: " + e.getMessage() );
}
}
private void readFile( final FTPClient ftpClient, final String fileName, final Storage storage ) throws Exception
{
final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
ftpClient.retrieveFile( fileName, byteArrayOutputStream );
final ByteArrayInputStream inputStream = new ByteArrayInputStream( byteArrayOutputStream.toByteArray() );
readZippedByteStream( inputStream, fileName, storage );
}
private void readZippedByteStream( final InputStream inputStream, final String fileName, final Storage storage ) throws Exception
{
try
{
final ZipInputStream zipInputStream = new ZipInputStream( inputStream );
final ZipEntry zipEntry = zipInputStream.getNextEntry();
final String zipEntryName = zipEntry.getName();
if ( zipEntryName != null && zipEntryName.endsWith( ".json" ) )
{
LOGGER.info( "reading ftp file " + fileName + ":" + zipEntryName );
final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
final byte[] buffer = new byte[ 1024 ];
int len;
while ( ( len = zipInputStream.read( buffer ) ) > 0 )
{
byteArrayOutputStream.write( buffer, 0, len );
}
final String resultsStr = byteArrayOutputStream.toString( PwmConstants.DEFAULT_CHARSET.name() );
final TelemetryPublishBean bean = JsonUtil.deserialize( resultsStr, TelemetryPublishBean.class );
storage.store( bean );
}
}
catch ( Exception e )
{
final String msg = "error reading ftp file '" + fileName + "', error: " + e.getMessage();
LOGGER.info( msg );
throw new Exception( e );
}
}
private List<String> getFiles( final FTPClient ftpClient ) throws IOException
{
final String pathname = settings.getSetting( Settings.Setting.ftpReadPath );
final FTPFile[] files = ftpClient.listFiles( pathname );
final List<String> returnFiles = new ArrayList<>();
for ( final FTPFile ftpFile : files )
{
final String name = ftpFile.getName();
final String fullPath = pathname + "/" + name;
returnFiles.add( fullPath );
}
return Collections.unmodifiableList( returnFiles );
}
private FTPClient getFtpClient( ) throws IOException
{
final FTPClient ftpClient;
final Settings.FtpMode ftpMode = Settings.FtpMode.valueOf( settings.getSetting( Settings.Setting.ftpMode ) );
switch ( ftpMode )
{
case ftp:
ftpClient = new FTPClient();
break;
case ftps:
ftpClient = new FTPSClient();
break;
default:
throw new IllegalArgumentException( "unexpected ftp mode" );
}
ftpClient.connect( settings.getSetting( Settings.Setting.ftpSite ) );
LOGGER.info( "ftp connect complete" );
if ( !StringUtil.isEmpty( settings.getSetting( Settings.Setting.ftpUser ) ) && !StringUtil.isEmpty( settings.getSetting( Settings.Setting.ftpPassword ) ) )
{
final boolean loggedInSuccess = ftpClient.login( settings.getSetting( Settings.Setting.ftpUser ), settings.getSetting( Settings.Setting.ftpPassword ) );
LOGGER.info( "ftp login complete, success=" + loggedInSuccess );
}
ftpClient.enterLocalPassiveMode();
return ftpClient;
}
}
/*
* Password Management Servlets (PWM)
* http://www.pwm-project.org
*
* Copyright (c) 2006-2009 Novell, Inc.
* Copyright (c) 2009-2018 The PWM Project
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package password.pwm.receiver;
public class Logger
{
private final String name;
private Logger( final String name )
{
this.name = name;
}
public static Logger createLogger( final String name )
{
return new Logger( name );
}
public void info( final CharSequence input )
{
System.out.println( input );
}
}
/*
* Password Management Servlets (PWM)
* http://www.pwm-project.org
*
* Copyright (c) 2006-2009 Novell, Inc.
* Copyright (c) 2009-2018 The PWM Project
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package password.pwm.receiver;
import password.pwm.util.java.JavaHelper;
import password.pwm.util.java.StringUtil;
import java.io.IOException;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
public class PwmReceiverApp
{
private static final PwmReceiverLogger LOGGER = PwmReceiverLogger.forClass( PwmReceiverApp.class );
private static final String ENV_NAME = "DATA_SERVICE_PROPS";
private Storage storage;
private ScheduledExecutorService scheduledExecutorService = Executors.newSingleThreadScheduledExecutor();
private Settings settings;
private Status status = new Status();
public PwmReceiverApp( )
{
final String propsFile = System.getenv( ENV_NAME );
if ( StringUtil.isEmpty( propsFile ) )
{
final String errorMsg = "Missing environment variable '" + ENV_NAME + "', can't load configuration";
status.setErrorState( errorMsg );
LOGGER.error( errorMsg );
return;
}
try
{
settings = Settings.readFromFile( propsFile );
}
catch ( IOException e )
{
final String errorMsg = "can't read configuration: " + JavaHelper.readHostileExceptionMessage( e );
status.setErrorState( errorMsg );
LOGGER.error( errorMsg, e );
return;
}
try
{
storage = new Storage( settings );