spotbugs recommended fixes and refactorings

lib-util/src/main/java/password/pwm/util/java/CollectionUtil.java

@@ -20,6 +20,8 @@
 
 package password.pwm.util.java;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
@@ -156,7 +158,13 @@ public class CollectionUtil
                 .collect( Collectors.toUnmodifiableList() );
     }
 
-    public static <K, V> Map<K, V> combineMaps( final List<Map<K, V>> maps )
+    /**
+     * Combines an ordered sequence of ordered maps.  Duplicate keys in later maps in the list will
+     * silently overwrite the earlier values.  The returned map will be unmodifiable as per
+     * {@link Collections#unmodifiableMap(Map)}.
+     */
+    @SuppressFBWarnings( "OCP_OVERLY_CONCRETE_PARAMETER" )
+    public static <K, V> Map<K, V> combineOrderedMaps( final List<Map<K, V>> maps )
     {
         final Map<K, V> returnMap = new LinkedHashMap<>();
         for ( final Map<K, V> loopMap : maps )

lib-util/src/main/java/password/pwm/util/java/ConditionalTaskExecutor.java

@@ -53,14 +53,8 @@ public class ConditionalTaskExecutor
         {
             if ( predicate.getAsBoolean() )
             {
-                try
-                {
-                    task.run();
-                }
-                catch ( final Throwable t )
-                {
-                    throw new RuntimeException( t );
-                }
+
+                task.run();
             }
         }
         finally

lib-util/src/main/java/password/pwm/util/java/StringUtil.java

@@ -20,6 +20,7 @@
 
 package password.pwm.util.java;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.apache.commons.codec.binary.Base32;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.StringEscapeUtils;
@@ -278,6 +279,7 @@ public abstract class StringUtil
         return StringEscapeUtils.escapeXml11( input );
     }
 
+    @SuppressFBWarnings( "EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS" )
     public static String urlEncode( final String input )
     {
         try
@@ -290,6 +292,7 @@ public abstract class StringUtil
         }
     }
 
+    @SuppressFBWarnings( "EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS" )
     public static String urlDecode( final String input )
     {
         try
@@ -309,6 +312,7 @@ public abstract class StringUtil
         return new String( base32.encode( input ), STRING_UTIL_CHARSET.toString() );
     }
 
+    @SuppressFBWarnings( "EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS" )
     public static byte[] base64Decode( final CharSequence input, final StringUtil.Base64Options... options )
             throws IOException
     {
@@ -337,6 +341,7 @@ public abstract class StringUtil
         }
     }
 
+    @SuppressFBWarnings( "EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS" )
     public static String base64Encode( final byte[] input, final StringUtil.Base64Options... options )
     {
         final byte[] compressedBytes;

lib-util/src/main/java/password/pwm/util/java/TimeDuration.java

@@ -127,11 +127,6 @@ public class TimeDuration implements Comparable<TimeDuration>, Serializable
         return TimeDuration.fromCurrent( instant ).asCompactString();
     }
 
-    public static String asCompactString( final long ms )
-    {
-        return newTimeDuration( ms ).asCompactString();
-    }
-
     public long asMillis()
     {
         return ms;

server/src/main/java/password/pwm/PwmApplication.java

@@ -545,7 +545,7 @@ public class PwmApplication
                 else
                 {
                     LOGGER.error( () -> "can not output tomcat configuration file, source file parameter '"
-                            + PwmEnvironment.ApplicationParameter.AutoWriteTomcatConfSourceFile.toString() + "' is not specified." );
+                            + PwmEnvironment.ApplicationParameter.AutoWriteTomcatConfSourceFile + "' is not specified." );
                     return;
                 }
             }

server/src/main/java/password/pwm/PwmEnvironment.java

@@ -110,12 +110,12 @@ public class PwmEnvironment
 
         public String conicalJavaOptionSystemName( )
         {
-            return PwmConstants.PWM_APP_NAME.toLowerCase() + "." + this.toString();
+            return PwmConstants.PWM_APP_NAME.toLowerCase() + "." + this;
         }
 
         public String conicalEnvironmentSystemName( )
         {
-            return ( PwmConstants.PWM_APP_NAME.toLowerCase() + "_" + this.toString() ).toUpperCase();
+            return ( PwmConstants.PWM_APP_NAME.toLowerCase() + "_" + this ).toUpperCase();
         }
 
         public List<String> possibleNames( final String contextName )
@@ -128,7 +128,7 @@ public class PwmEnvironment
                         + "."
                         + contextName
                         + "."
-                        + this.toString();
+                        + this;
                 returnValues.add( value );
                 returnValues.add( value.toUpperCase() );
                 returnValues.add( value.replace( '.', '_' ) );
@@ -138,7 +138,7 @@ public class PwmEnvironment
                 // java property format <app>.<paramName> like pwm.applicationFlag
                 final String value = PwmConstants.PWM_APP_NAME.toLowerCase()
                         + "."
-                        + this.toString();
+                        + this;
                 returnValues.add( value );
                 returnValues.add( value.toUpperCase() );
                 returnValues.add( value.replace( '.', '_' ) );
@@ -310,7 +310,7 @@ public class PwmEnvironment
                 }
                 else
                 {
-                    LOGGER.warn( () -> "unknown " + EnvironmentParameter.applicationFlags.toString() + " value: " + input );
+                    LOGGER.warn( () -> "unknown " + EnvironmentParameter.applicationFlags + " value: " + input );
                 }
             }
             return returnFlags;

server/src/main/java/password/pwm/config/LDAPPermissionInfo.java

@@ -64,13 +64,13 @@ public class LDAPPermissionInfo implements Serializable
 
         public String getLabel( final Locale locale, final DomainConfig config )
         {
-            return LocaleHelper.getLocalizedMessage( locale, "Actor_Label_" + this.toString(), config, Config.class );
+            return LocaleHelper.getLocalizedMessage( locale, "Actor_Label_" + this, config, Config.class );
         }
 
         public String getDescription( final Locale locale, final DomainConfig config )
         {
             final MacroRequest macroRequest = MacroRequest.forStatic();
-            return macroRequest.expandMacros( LocaleHelper.getLocalizedMessage( locale, "Actor_Description_" + this.toString(), config, Config.class ) );
+            return macroRequest.expandMacros( LocaleHelper.getLocalizedMessage( locale, "Actor_Description_" + this, config, Config.class ) );
         }
     }
 }

server/src/main/java/password/pwm/config/PwmSettingMetaDataReader.java

@@ -388,7 +388,7 @@ public class PwmSettingMetaDataReader
                     }
                     catch ( final PatternSyntaxException e )
                     {
-                        final String errorMsg = "error compiling regex constraints for setting " + pwmSetting.toString() + ", error: " + e.getMessage();
+                        final String errorMsg = "error compiling regex constraints for setting " + pwmSetting + ", error: " + e.getMessage();
                         LOGGER.error( () -> errorMsg, e );
                         throw new IllegalStateException( errorMsg, e );
                     }

server/src/main/java/password/pwm/config/PwmSettingXml.java

@@ -120,7 +120,7 @@ public class PwmSettingXml
     {
         final String expression = "/settings/template[@key=\"" + template.toString() + "\"]";
         return XML_DOC_CACHE.get().evaluateXpathToElement( expression )
-                .orElseThrow( () -> new IllegalStateException( "PwmSetting.xml is missing template for key '" + template.toString() + "'" ) );
+                .orElseThrow( () -> new IllegalStateException( "PwmSetting.xml is missing template for key '" + template + "'" ) );
     }
 
     static Set<PwmSettingTemplate> parseTemplateAttribute( final XmlElement element )

server/src/main/java/password/pwm/config/StoredSettingReader.java

@@ -198,7 +198,7 @@ public class StoredSettingReader implements SettingReader
 
         if ( PwmSettingSyntax.PRIVATE_KEY != setting.getSyntax() )
         {
-            throw new IllegalArgumentException( "may not read PRIVATE_KEY value for setting: " + setting.toString() );
+            throw new IllegalArgumentException( "may not read PRIVATE_KEY value for setting: " + setting );
         }
 
         return ( PrivateKeyCertificate ) readSetting( setting ).toNativeObject();

server/src/main/java/password/pwm/config/profile/AbstractProfile.java

@@ -30,6 +30,7 @@ import password.pwm.config.value.data.ActionConfiguration;
 import password.pwm.config.value.data.FormConfiguration;
 import password.pwm.config.value.data.UserPermission;
 import password.pwm.util.PasswordData;
+import password.pwm.util.java.JavaHelper;
 
 import java.security.cert.X509Certificate;
 import java.util.Collections;
@@ -45,6 +46,13 @@ public abstract class AbstractProfile implements Profile
     private final StoredConfiguration storedConfiguration;
     private final StoredSettingReader settingReader;
 
+    public enum GuidMode
+    {
+        DN,
+        VENDORGUID,
+        ATTRIBUTE,
+    }
+
     AbstractProfile( final DomainID domainID, final String identifier, final StoredConfiguration storedConfiguration )
     {
         this.identifier = identifier;
@@ -162,4 +170,10 @@ public abstract class AbstractProfile implements Profile
         }
         return Collections.unmodifiableSet( result );
     }
+
+    public GuidMode readGuidMode()
+    {
+        final String guidAttributeName = readSettingAsString( PwmSetting.LDAP_GUID_ATTRIBUTE );
+        return JavaHelper.readEnumFromString( GuidMode.class, guidAttributeName ).orElse( GuidMode.VENDORGUID );
+    }
 }

server/src/main/java/password/pwm/config/profile/PwmPasswordRule.java

@@ -468,7 +468,7 @@ public enum PwmPasswordRule
 
     public String getLabel( final Locale locale, final DomainConfig config )
     {
-        final String key = "Rule_" + this.toString();
+        final String key = "Rule_" + this;
         try
         {
             return LocaleHelper.getLocalizedMessage( locale, key, config, Message.class );

server/src/main/java/password/pwm/config/stored/ConfigurationCleaner.java

@@ -212,7 +212,7 @@ public class ConfigurationCleaner
 
             for ( final String destProfile : targetProfiles )
             {
-                LOGGER.info( () -> "moving setting " + key.toString() + " without profile attribute to profile \"" + destProfile + "\"." );
+                LOGGER.info( () -> "moving setting " + key + " without profile attribute to profile \"" + destProfile + "\"." );
                 {
                     try
                     {
@@ -229,7 +229,7 @@ public class ConfigurationCleaner
 
             try
             {
-                LOGGER.info( () -> "removing setting " + key.toString() + " without profile" );
+                LOGGER.info( () -> "removing setting " + key + " without profile" );
                 modifier.deleteKey( key );
             }
             catch ( final PwmUnrecoverableException e )

server/src/main/java/password/pwm/config/stored/ConfigurationReader.java

@@ -240,7 +240,7 @@ public class ConfigurationReader
             if ( !backupDirectory.mkdirs() )
             {
                 throw new PwmOperationalException( new ErrorInformation( PwmError.ERROR_INTERNAL,
-                        "unable to create backup directory structure '" + backupDirectory.toString() + "'" ) );
+                        "unable to create backup directory structure '" + backupDirectory + "'" ) );
             }
         }
 

server/src/main/java/password/pwm/config/stored/StoredConfigZipJsonSerializer.java

@@ -287,7 +287,6 @@ public class StoredConfigZipJsonSerializer implements StoredConfigSerializer
     }
 
     private String hash( final FileValue.FileContent fileContent )
-            throws PwmUnrecoverableException
     {
         return SecureEngine.hash( fileContent.getContents().newByteArrayInputStream(), PwmHashAlgorithm.SHA256 );
     }

server/src/main/java/password/pwm/config/stored/StoredConfigurationUtil.java

@@ -80,7 +80,7 @@ public abstract class StoredConfigurationUtil
     {
         if ( !pwmSetting.getCategory().hasProfiles() && pwmSetting.getSyntax() != PwmSettingSyntax.PROFILE )
         {
-            throw new IllegalArgumentException( "cannot build profile list for non-profile setting " + pwmSetting.toString() );
+            throw new IllegalArgumentException( "cannot build profile list for non-profile setting " + pwmSetting );
         }
 
         final PwmSetting profileSetting;
@@ -116,7 +116,7 @@ public abstract class StoredConfigurationUtil
         final StoredValue storedValue = StoredConfigurationUtil.getValueOrDefault( storedConfiguration, key );
         final List<String> settingValues = ValueTypeConverter.valueToStringArray( storedValue );
         return settingValues.stream()
-                .filter( value -> StringUtil.notEmpty( value ) )
+                .filter( StringUtil::notEmpty )
                 .collect( Collectors.toUnmodifiableList() );
     }
 

server/src/main/java/password/pwm/config/value/AbstractValue.java

@@ -91,7 +91,6 @@ public abstract class AbstractValue implements StoredValue
     }
 
     protected static String b64encode( final ImmutableByteArray immutableByteArray )
-            throws PwmUnrecoverableException
     {
         final String input = StringUtil.base64Encode( immutableByteArray.copyOf(), StringUtil.Base64Options.GZIP );
         return "\n" + StringUtil.insertRepeatedLineBreaks( input, PwmConstants.XML_OUTPUT_LINE_WRAP_LENGTH ) + "\n";

server/src/main/java/password/pwm/config/value/CustomLinkValue.java

@@ -25,7 +25,6 @@ import org.jrivard.xmlchai.XmlElement;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.stored.XmlOutputProcessData;
 import password.pwm.config.value.data.CustomLinkConfiguration;
-import password.pwm.error.PwmOperationalException;
 import password.pwm.util.json.JsonFactory;
 import password.pwm.util.secure.PwmSecurityKey;
 
@@ -70,7 +69,6 @@ public class CustomLinkValue extends AbstractValue implements StoredValue
 
             @Override
             public CustomLinkValue fromXmlElement( final PwmSetting pwmSetting, final XmlElement settingElement, final PwmSecurityKey key )
-                    throws PwmOperationalException
             {
                 final List<XmlElement> valueElements = settingElement.getChildren( "value" );
                 final List<CustomLinkConfiguration> values = new ArrayList<>();

server/src/main/java/password/pwm/config/value/OptionListValue.java

@@ -24,7 +24,6 @@ import org.jrivard.xmlchai.XmlChai;
 import org.jrivard.xmlchai.XmlElement;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.stored.XmlOutputProcessData;
-import password.pwm.error.PwmOperationalException;
 import password.pwm.util.json.JsonFactory;
 import password.pwm.util.secure.PwmSecurityKey;
 
@@ -70,7 +69,6 @@ public class OptionListValue extends AbstractValue implements StoredValue
 
             @Override
             public OptionListValue fromXmlElement( final PwmSetting pwmSetting, final XmlElement settingElement, final PwmSecurityKey key )
-                    throws PwmOperationalException
             {
                 final List<XmlElement> valueElements = settingElement.getChildren( "value" );
                 final Set<String> values = new TreeSet<>();

server/src/main/java/password/pwm/config/value/StoredValueEncoder.java

@@ -198,7 +198,7 @@ public abstract class StoredValueEncoder
             {
                 final String errorMsg = "unable to decrypt config password value for setting: " + e.getMessage();
                 final ErrorInformation errorInfo = new ErrorInformation( PwmError.CONFIG_FORMAT_ERROR, errorMsg );
-                LOGGER.warn( () -> errorInfo.toDebugStr() );
+                LOGGER.warn( errorInfo::toDebugStr );
                 throw new PwmOperationalException( errorInfo );
             }
         }
@@ -250,7 +250,7 @@ public abstract class StoredValueEncoder
             {
                 final String errorMsg = "unable to decrypt password value for setting: " + e.getMessage();
                 final ErrorInformation errorInfo = new ErrorInformation( PwmError.CONFIG_FORMAT_ERROR, errorMsg );
-                LOGGER.warn( () -> errorInfo.toDebugStr() );
+                LOGGER.warn( errorInfo::toDebugStr );
                 throw new PwmOperationalException( errorInfo );
             }
         }

server/src/main/java/password/pwm/config/value/UserPermissionValue.java

@@ -26,7 +26,6 @@ import password.pwm.config.PwmSetting;
 import password.pwm.config.stored.StoredConfigXmlConstants;
 import password.pwm.config.stored.XmlOutputProcessData;
 import password.pwm.config.value.data.UserPermission;
-import password.pwm.error.PwmOperationalException;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.ldap.permission.UserPermissionType;
 import password.pwm.ldap.permission.UserPermissionUtility;
@@ -89,7 +88,6 @@ public class UserPermissionValue extends AbstractValue implements StoredValue
 
             @Override
             public UserPermissionValue fromXmlElement( final PwmSetting pwmSetting, final XmlElement settingElement, final PwmSecurityKey key )
-                    throws PwmOperationalException
             {
                 final boolean newType = "2".equals( settingElement.getAttribute( StoredConfigXmlConstants.XML_ATTRIBUTE_SYNTAX_VERSION )
                                 .orElse( "" ) );

server/src/main/java/password/pwm/config/value/ValueTypeConverter.java

@@ -141,7 +141,7 @@ public final class ValueTypeConverter
     {
         if ( PwmSettingSyntax.ACTION != setting.getSyntax() )
         {
-            throw new IllegalArgumentException( "may not read ACTION value for setting: " + setting.toString() );
+            throw new IllegalArgumentException( "may not read ACTION value for setting: " + setting );
         }
 
         return ( List<ActionConfiguration> ) storedValue.toNativeObject();
@@ -151,7 +151,7 @@ public final class ValueTypeConverter
     {
         if ( PwmSettingSyntax.X509CERT != setting.getSyntax() )
         {
-            throw new IllegalArgumentException( "may not read X509CERT value for setting: " + setting.toString() );
+            throw new IllegalArgumentException( "may not read X509CERT value for setting: " + setting );
         }
 
         return ( (X509CertificateValue) storedValue ).asX509Certificates();

server/src/main/java/password/pwm/config/value/VerificationMethodValue.java

@@ -27,7 +27,6 @@ import password.pwm.config.PwmSetting;
 import password.pwm.config.option.IdentityVerificationMethod;
 import password.pwm.config.stored.StoredConfigXmlConstants;
 import password.pwm.config.stored.XmlOutputProcessData;
-import password.pwm.error.PwmOperationalException;
 import password.pwm.i18n.Display;
 import password.pwm.util.i18n.LocaleHelper;
 import password.pwm.util.java.CollectionUtil;
@@ -140,7 +139,6 @@ public class VerificationMethodValue extends AbstractValue implements StoredValu
 
             @Override
             public VerificationMethodValue fromXmlElement( final PwmSetting pwmSetting, final XmlElement settingElement, final PwmSecurityKey key )
-                    throws PwmOperationalException
             {
                 final Optional<XmlElement> valueElement = settingElement.getChild( StoredConfigXmlConstants.XML_ELEMENT_VALUE );
                 if ( valueElement.isPresent() )

server/src/main/java/password/pwm/health/ApplianceStatusChecker.java

@@ -141,7 +141,7 @@ public class ApplianceStatusChecker implements HealthSupplier
         if ( StringUtil.isEmpty( tokenFile ) )
         {
             final String msg = "unable to determine appliance token, token file environment param "
-                    + PwmEnvironment.ApplicationParameter.ApplianceTokenFile.toString() + " is not set";
+                    + PwmEnvironment.ApplicationParameter.ApplianceTokenFile + " is not set";
             throw new PwmOperationalException( new ErrorInformation( PwmError.ERROR_INTERNAL, msg ) );
         }
         final String fileInput = readFileContents( tokenFile );
@@ -159,7 +159,7 @@ public class ApplianceStatusChecker implements HealthSupplier
         if ( StringUtil.isEmpty( hostnameFile ) )
         {
             final String msg = "unable to determine appliance hostname, hostname file environment param "
-                    + PwmEnvironment.ApplicationParameter.ApplianceHostnameFile.toString() + " is not set";
+                    + PwmEnvironment.ApplicationParameter.ApplianceHostnameFile + " is not set";
             throw new PwmOperationalException( new ErrorInformation( PwmError.ERROR_INTERNAL, msg ) );
         }
 

server/src/main/java/password/pwm/health/HealthMessage.java

@@ -136,7 +136,7 @@ public enum HealthMessage
 
     public String getKey( )
     {
-        return HealthMessage.class.getSimpleName() + "_" + this.toString();
+        return HealthMessage.class.getSimpleName() + "_" + this;
     }
 
     public String getDescription(

server/src/main/java/password/pwm/health/HealthStatus.java

@@ -41,7 +41,7 @@ public enum HealthStatus
 
     public String getKey( )
     {
-        return HealthStatus.class.getSimpleName() + "_" + this.toString();
+        return HealthStatus.class.getSimpleName() + "_" + this;
     }
 
     public String getDescription( final Locale locale, final SettingReader config )

server/src/main/java/password/pwm/health/HealthTopic.java

@@ -43,7 +43,7 @@ public enum HealthTopic
 
     public String getKey( )
     {
-        return HealthTopic.class.getSimpleName() + "_" + this.toString();
+        return HealthTopic.class.getSimpleName() + "_" + this;
     }
 
     public String getDescription( final Locale locale, final SettingReader config )

server/src/main/java/password/pwm/health/LDAPHealthChecker.java

@@ -775,7 +775,7 @@ public class LDAPHealthChecker implements HealthSupplier
             // cache the error
             healthProperties.put( HealthService.HealthMonitorFlag.LdapVendorSameCheck, healthRecords );
 
-            LOGGER.warn( sessionLabel, () -> "multiple ldap vendors found: " + vendorMsg.toString() );
+            LOGGER.warn( sessionLabel, () -> "multiple ldap vendors found: " + vendorMsg );
         }
         else if ( discoveredVendors.size() == 1 )
         {

server/src/main/java/password/pwm/http/ContextManager.java

@@ -484,11 +484,11 @@ public class ContextManager implements Serializable
                     try
                     {
                         Files.move( source, dest );
-                        LOGGER.info( SESSION_LABEL, () -> "file " + source.toString() + " has been renamed to " + dest.toString() );
+                        LOGGER.info( SESSION_LABEL, () -> "file " + source + " has been renamed to " + dest );
                     }
                     catch ( final IOException e )
                     {
-                        LOGGER.error( SESSION_LABEL, () -> "error renaming file " + source.toString() + " to " + dest.toString() + ", error: " + e.getMessage() );
+                        LOGGER.error( SESSION_LABEL, () -> "error renaming file " + source + " to " + dest + ", error: " + e.getMessage() );
                     }
                 }
             }

server/src/main/java/password/pwm/http/JspUtility.java

@@ -203,7 +203,7 @@ public abstract class JspUtility
         {
             return LocaleHelper.valueNotApplicable( pwmRequest.getLocale() );
         }
-        return "<span class=\"timestamp\">" + instant.toString() + "</span>";
+        return "<span class=\"timestamp\">" + instant + "</span>";
     }
 
     public static String localizedString( final PageContext pageContext, final String key, final Class<? extends PwmDisplayBundle> bundleClass, final String... values )

server/src/main/java/password/pwm/http/PwmResponse.java

@@ -157,7 +157,7 @@ public class PwmResponse extends PwmHttpResponseWrapper
         }
         catch ( final PwmUnrecoverableException e )
         {
-            LOGGER.error( () -> "unexpected error sending user to success page: " + e.toString() );
+            LOGGER.error( () -> "unexpected error sending user to success page: " + e );
         }
     }
 
@@ -202,7 +202,7 @@ public class PwmResponse extends PwmHttpResponseWrapper
             }
             catch ( final PwmUnrecoverableException e )
             {
-                LOGGER.error( () -> "unexpected error sending user to error page: " + e.toString() );
+                LOGGER.error( () -> "unexpected error sending user to error page: " + e );
             }
         }
         else

server/src/main/java/password/pwm/http/SessionManager.java

@@ -235,11 +235,11 @@ public class SessionManager
                 final Permission.PermissionStatus finalStatus = status;
                 LOGGER.debug( pwmSession.getLabel(),
                         () -> String.format( "permission %s for user %s is %s",
-                                permission.toString(),
+                                permission,
                                 pwmSession.isAuthenticated()
                                         ? pwmSession.getUserInfo().getUserIdentity().toDelimitedKey()
                                         : "[unauthenticated]",
-                                finalStatus.toString() ) );
+                                finalStatus ) );
             }
         }
         return status == Permission.PermissionStatus.GRANTED;

server/src/main/java/password/pwm/http/auth/CASFilterAuthenticationProvider.java

@@ -27,10 +27,9 @@ import org.jasig.cas.client.util.AbstractCasFilter;
 import org.jasig.cas.client.util.CommonUtils;
 import org.jasig.cas.client.util.XmlUtils;
 import org.jasig.cas.client.validation.Assertion;
-import password.pwm.PwmDomain;
 import password.pwm.PwmConstants;
+import password.pwm.PwmDomain;
 import password.pwm.config.PwmSetting;
-import password.pwm.config.value.FileValue;
 import password.pwm.config.value.FileValue.FileContent;
 import password.pwm.config.value.FileValue.FileInformation;
 import password.pwm.error.ErrorInformation;
@@ -61,6 +60,7 @@ import java.security.PrivateKey;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Map;
+import java.util.Optional;
 
 public class CASFilterAuthenticationProvider implements PwmHttpFilterAuthenticationProvider
 {
@@ -162,7 +162,7 @@ public class CASFilterAuthenticationProvider implements PwmHttpFilterAuthenticat
             final Map<FileInformation, FileContent> privatekey = pwmRequest.getDomainConfig().readSettingAsFile( PwmSetting.CAS_CLEARPASS_KEY );
             final String alg = pwmRequest.getDomainConfig().readSettingAsString( PwmSetting.CAS_CLEARPASS_ALGORITHM );
 
-            password = decryptPassword( alg, privatekey, encodedPsw );
+            password = decryptPassword( alg, privatekey, encodedPsw ).orElse( null );
         }
 
         // If using the old method
@@ -209,87 +209,57 @@ public class CASFilterAuthenticationProvider implements PwmHttpFilterAuthenticat
         return true;
     }
 
-    private static PasswordData decryptPassword( final String alg,
-                                                 final Map<FileInformation, FileContent> privatekey, final String encodedPsw )
+    private static Optional<PasswordData> decryptPassword(
+            final String alg,
+            final Map<FileInformation, FileContent> inputFileMap,
+            final String encodedPsw
+    )
     {
-        PasswordData password = null;
-
         if ( alg == null || alg.trim().isEmpty() )
         {
-            return password;
+            return Optional.empty();
         }
 
-        final byte[] privateKeyBytes;
-        if ( privatekey != null && !privatekey.isEmpty() )
-        {
-            final FileValue.FileContent fileContent = privatekey.values().iterator().next();
-            privateKeyBytes = fileContent.getContents().copyOf();
-        }
-        else
+        if ( inputFileMap == null || inputFileMap.isEmpty() )
         {
-            privateKeyBytes = null;
+            return Optional.empty();
         }
 
-        if ( privateKeyBytes != null )
+        final FileContent fileContent = inputFileMap.values().iterator().next();
+        final byte[] privateKeyBytes = fileContent.getContents().copyOf();
+
+        final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec( privateKeyBytes );
+        try
         {
-            final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec( privateKeyBytes );
-            try
+            final KeyFactory kf = KeyFactory.getInstance( alg );
+            final PrivateKey privateKey = kf.generatePrivate( spec );
+            final Cipher cipher = Cipher.getInstance( privateKey.getAlgorithm() );
+            final byte[] cred64 = StringUtil.base64Decode( encodedPsw );
+            cipher.init( Cipher.DECRYPT_MODE, privateKey );
+            final byte[] cipherData = cipher.doFinal( cred64 );
+            if ( cipherData != null )
             {
-                final KeyFactory kf = KeyFactory.getInstance( alg );
-                final PrivateKey privateKey = kf.generatePrivate( spec );
-                final Cipher cipher = Cipher.getInstance( privateKey.getAlgorithm() );
-                final byte[] cred64 = StringUtil.base64Decode( encodedPsw );
-                cipher.init( Cipher.DECRYPT_MODE, privateKey );
-                final byte[] cipherData = cipher.doFinal( cred64 );
-                if ( cipherData != null )
+                try
                 {
-                    try
-                    {
-                        password = new PasswordData( new String( cipherData, PwmConstants.DEFAULT_CHARSET ) );
-                    }
-                    catch ( final PwmUnrecoverableException e )
-                    {
-                        LOGGER.error( () -> "Decryption failed", e );
-                        return password;
-                    }
+                    return Optional.of( new PasswordData( new String( cipherData, PwmConstants.DEFAULT_CHARSET ) ) );
+                }
+                catch ( final PwmUnrecoverableException e )
+                {
+                    LOGGER.error( () -> "Decryption failed", e );
                 }
-            }
-            catch ( final NoSuchAlgorithmException e1 )
-            {
-                LOGGER.error( () -> "Decryption failed", e1 );
-                return password;
-            }
-            catch ( final InvalidKeySpecException e1 )
-            {
-                LOGGER.error( () -> "Decryption failed", e1 );
-                return password;
-            }
-            catch ( final NoSuchPaddingException e1 )
-            {
-                LOGGER.error( () -> "Decryption failed", e1 );
-                return password;
-            }
-            catch ( final IOException e1 )
-            {
-                LOGGER.error( () -> "Decryption failed", e1 );
-                return password;
-            }
-            catch ( final InvalidKeyException e1 )
-            {
-                LOGGER.error( () -> "Decryption failed", e1 );
-                return password;
-            }
-            catch ( final IllegalBlockSizeException e )
-            {
-                LOGGER.error( () -> "Decryption failed", e );
-                return password;
-            }
-            catch ( final BadPaddingException e )
-            {
-                LOGGER.error( () -> "Decryption failed", e );
-                return password;
             }
         }
-        return password;
+        catch ( final NoSuchAlgorithmException
+                | BadPaddingException
+                | IllegalBlockSizeException
+                | InvalidKeyException
+                | IOException
+                | NoSuchPaddingException
+                | InvalidKeySpecException e1 )
+        {
+            LOGGER.error( () -> "Decryption failed", e1 );
+        }
+
+        return Optional.empty();
     }
 }

server/src/main/java/password/pwm/http/bean/SetupOtpBean.java

@@ -94,7 +94,7 @@ public class SetupOtpBean extends PwmSessionBean
             catch ( final NoSuchAlgorithmException | NoSuchProviderException ex )
             {
                 random = new SecureRandom();
-                LOGGER.error( () -> ex.getMessage(), ex );
+                LOGGER.error( ex::getMessage, ex );
             }
             random.setSeed( ( new Date() ).getTime() );
             challenge = random.nextLong() % ( 1_000_000 );

server/src/main/java/password/pwm/http/filter/ApplicationModeFilter.java

@@ -69,7 +69,7 @@ public class ApplicationModeFilter extends AbstractPwmFilter
                 {
                     try
                     {
-                        LOGGER.error( () -> e.getMessage() );
+                        LOGGER.error( e::getMessage );
                     }
                     catch ( final Exception ignore )
                     {

server/src/main/java/password/pwm/http/servlet/GuestRegistrationServlet.java

@@ -562,11 +562,11 @@ public class GuestRegistrationServlet extends ControlledPwmServlet
 
         if ( expirationDate.isAfter( futureDate ) )
         {
-            final String errorMsg = "expiration date must be sooner than " + futureDate.toString();
+            final String errorMsg = "expiration date must be sooner than " + futureDate;
             throw new PwmOperationalException( new ErrorInformation( PwmError.ERROR_FIELD_REQUIRED, errorMsg ) );
         }
 
-        LOGGER.trace( pwmRequest, () -> "read expiration date as " + expirationDate.toString() );
+        LOGGER.trace( pwmRequest, () -> "read expiration date as " + expirationDate );
         return expirationDate;
     }
 

server/src/main/java/password/pwm/http/servlet/LogoutServlet.java

@@ -245,7 +245,7 @@ public class LogoutServlet extends ControlledPwmServlet
             if ( matchedServlet != null )
             {
                 final PwmServletDefinition finalMatchedServlet = matchedServlet;
-                LOGGER.trace( pwmRequest, () -> "matched next url to servlet definition " + finalMatchedServlet.toString() );
+                LOGGER.trace( pwmRequest, () -> "matched next url to servlet definition " + finalMatchedServlet );
                 return Optional.of( basePath + matchedServlet.servletUrl() );
             }
             else

server/src/main/java/password/pwm/http/servlet/configeditor/ConfigEditorServlet.java

@@ -763,7 +763,7 @@ public class ConfigEditorServlet extends ControlledPwmServlet
             modifier.writeSetting( key, fileValue.get(), userIdentity );
             configManagerBean.setStoredConfiguration( modifier.newStoredConfiguration() );
             pwmRequest.outputJsonResult( RestResultBean.forSuccessMessage( pwmRequest, Message.Success_Unknown ) );
-            LOGGER.trace( pwmRequest, () -> "file upload completed for setting " + key.toString() + ", file: "
+            LOGGER.trace( pwmRequest, () -> "file upload completed for setting " + key + ", file: "
                     + fileValue.get().toDebugJsonObject( pwmRequest.getLocale() ) );
         }
         else

server/src/main/java/password/pwm/http/servlet/configguide/ConfigGuideServlet.java

@@ -503,7 +503,7 @@ public class ConfigGuideServlet extends ControlledPwmServlet
         {
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INTERNAL, e.getMessage() );
             pwmRequest.outputJsonResult( RestResultBean.fromError( errorInformation, pwmRequest ) );
-            LOGGER.error( pwmRequest, () -> e.getMessage(), e );
+            LOGGER.error( pwmRequest, e::getMessage, e );
         }
 
         return ProcessStatus.Halt;

server/src/main/java/password/pwm/http/servlet/configguide/ConfigGuideUtils.java

@@ -254,7 +254,7 @@ public class ConfigGuideUtils
                         throw new PwmOperationalException( new ErrorInformation( PwmError.CONFIG_FORMAT_ERROR, configErrors.get( 0 ) ) );
                     }
                     ConfigGuideUtils.writeConfig( ContextManager.getContextManager( req.getSession() ), storedConfig );
-                    LOGGER.trace( pwmRequest, () -> "read config from file: " + storedConfig.toString() );
+                    LOGGER.trace( pwmRequest, () -> "read config from file: " + storedConfig );
                     final RestResultBean restResultBean = RestResultBean.forSuccessMessage( pwmRequest, Message.Success_Unknown );
                     pwmRequest.getPwmResponse().outputJsonResult( restResultBean );
                     req.getSession().invalidate();
@@ -271,7 +271,7 @@ public class ConfigGuideUtils
                 final ErrorInformation errorInformation = new ErrorInformation( PwmError.CONFIG_UPLOAD_FAILURE, "error reading config file: no file present in upload" );
                 final RestResultBean restResultBean = RestResultBean.fromError( errorInformation, pwmRequest );
                 pwmRequest.getPwmResponse().outputJsonResult( restResultBean );
-                LOGGER.error( pwmRequest, () -> errorInformation.toDebugStr() );
+                LOGGER.error( pwmRequest, errorInformation::toDebugStr );
             }
         }
     }

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java

@@ -374,7 +374,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
         }
         catch ( final ChaiOperationException e )
         {
-            final String errorMsg = "error while attempting to delete user " + userIdentity.toString() + ", error: " + e.getMessage();
+            final String errorMsg = "error while attempting to delete user " + userIdentity + ", error: " + e.getMessage();
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INTERNAL, errorMsg );
             LOGGER.debug( pwmRequest, () -> errorMsg );
             pwmRequest.outputJsonResult( RestResultBean.fromError( errorInformation, pwmRequest ) );

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServletUtil.java

@@ -218,7 +218,7 @@ public class HelpdeskServletUtil
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_UNAUTHORIZED, errorMsg );
             throw new PwmUnrecoverableException( errorInformation );
         }
-        LOGGER.trace( pwmRequest, () -> "helpdesk detail view request for user details of " + userIdentity.toString() + " by actor " + actorUserIdentity.toString() );
+        LOGGER.trace( pwmRequest, () -> "helpdesk detail view request for user details of " + userIdentity.toString() + " by actor " + actorUserIdentity );
 
         final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(
                 pwmRequest,

server/src/main/java/password/pwm/http/servlet/oauth/OAuthConsumerServlet.java

@@ -189,7 +189,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
             }
             catch ( final PwmUnrecoverableException e )
             {
-                final String errorMsg = "unexpected error redirecting user to oauth page: " + e.toString();
+                final String errorMsg = "unexpected error redirecting user to oauth page: " + e;
                 final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_OAUTH_ERROR, errorMsg );
                 setLastError( pwmRequest, errorInformation );
                 LOGGER.error( errorInformation::toDebugStr );
@@ -206,7 +206,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
         }
         catch ( final PwmException e )
         {
-            final String errorMsg = "unexpected error communicating with oauth server: " + e.toString();
+            final String errorMsg = "unexpected error communicating with oauth server: " + e;
             final ErrorInformation errorInformation = new ErrorInformation( e.getError(), errorMsg );
             setLastError( pwmRequest, errorInformation );
             LOGGER.error( errorInformation::toDebugStr );

server/src/main/java/password/pwm/http/servlet/peoplesearch/PhotoDataReader.java

@@ -200,7 +200,7 @@ public class PhotoDataReader
             if ( finalData.isPresent() )
             {
                 LOGGER.trace( pwmRequest, () -> "user photo data received for " + userIdentity.toDisplayString()
-                        + " " + finalData.get().toString()
+                        + " " + finalData.get()
                         + " (" + TimeDuration.compactFromCurrent( startTime ) + ")" );
             }
             else

server/src/main/java/password/pwm/http/servlet/updateprofile/UpdateProfileServlet.java

@@ -331,7 +331,7 @@ public class UpdateProfileServlet extends ControlledPwmServlet
         }
         catch ( final PwmOperationalException e )
         {
-            LOGGER.error( pwmRequest, () -> e.getMessage() );
+            LOGGER.error( pwmRequest, e::getMessage );
             setLastError( pwmRequest, e.getErrorInformation() );
         }
 
@@ -401,7 +401,7 @@ public class UpdateProfileServlet extends ControlledPwmServlet
         }
         catch ( final PwmException e )
         {
-            LOGGER.error( pwmRequest, () -> e.getMessage() );
+            LOGGER.error( pwmRequest, e::getMessage );
             setLastError( pwmRequest, e.getErrorInformation() );
             UpdateProfileUtil.forwardToForm( pwmRequest, updateProfileProfile, updateProfileBean );
             return;
@@ -450,13 +450,13 @@ public class UpdateProfileServlet extends ControlledPwmServlet
         }
         catch ( final PwmException e )
         {
-            LOGGER.error( pwmRequest, () -> e.getMessage() );
+            LOGGER.error( pwmRequest, e::getMessage );
             setLastError( pwmRequest, e.getErrorInformation() );
         }
         catch ( final ChaiException e )
         {
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_UPDATE_ATTRS_FAILURE, e.toString() );
-            LOGGER.error( pwmRequest, () -> errorInformation.toDebugStr() );
+            LOGGER.error( pwmRequest, errorInformation::toDebugStr );
             setLastError( pwmRequest, errorInformation );
         }
 

server/src/main/java/password/pwm/http/tag/conditional/PwmIfTag.java

@@ -95,7 +95,7 @@ public class PwmIfTag extends BodyTagSupport
                         }
                         catch ( final ChaiUnavailableException e )
                         {
-                            LOGGER.error( () -> "error testing jsp if '" + testEnum.toString() + "', error: " + e.getMessage() );
+                            LOGGER.error( () -> "error testing jsp if '" + testEnum + "', error: " + e.getMessage() );
                         }
                     }
                     else

server/src/main/java/password/pwm/http/tag/url/PwmThemeURL.java

@@ -37,7 +37,7 @@ public enum PwmThemeURL
 
     public String token( )
     {
-        return "%" + this.toString() + "%";
+        return "%" + this + "%";
     }
 
     public String getCssName( )

server/src/main/java/password/pwm/http/tag/value/PwmValueTag.java

@@ -105,7 +105,7 @@ public class PwmValueTag extends TagSupport
             }
             catch ( final Exception e )
             {
-                LOGGER.error( () -> "error executing value tag option '" + value.toString() + "', error: " + e.getMessage() );
+                LOGGER.error( () -> "error executing value tag option '" + value + "', error: " + e.getMessage() );
             }
         }
 

server/src/main/java/password/pwm/ldap/LdapOperationsHelper.java

@@ -42,6 +42,7 @@ import password.pwm.bean.UserIdentity;
 import password.pwm.config.DomainConfig;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.option.AutoSetLdapUserLanguage;
+import password.pwm.config.profile.AbstractProfile;
 import password.pwm.config.profile.LdapProfile;
 import password.pwm.config.value.data.FormConfiguration;
 import password.pwm.error.ErrorInformation;
@@ -226,7 +227,7 @@ public class LdapOperationsHelper
             }
         }
 
-        final String existingValue = GUIDHelper.readExistingGuidValue(
+        final String existingValue = GuidReaderUtil.readExistingGuidValue(
                 pwmDomain,
                 sessionLabel,
                 userIdentity,
@@ -242,11 +243,11 @@ public class LdapOperationsHelper
                 if ( ldapProfile.readSettingAsBoolean( PwmSetting.LDAP_GUID_AUTO_ADD ) )
                 {
                     LOGGER.trace( () -> "assigning new GUID to user " + userIdentity );
-                    return GUIDHelper.assignGuidToUser( pwmDomain, sessionLabel, userIdentity, guidAttributeName );
+                    return GuidReaderUtil.assignGuidToUser( pwmDomain, sessionLabel, userIdentity, guidAttributeName );
                 }
             }
-            final String errorMsg = "unable to resolve GUID value for user " + userIdentity.toString();
-            GUIDHelper.processError( errorMsg, throwExceptionOnError );
+            final String errorMsg = "unable to resolve GUID value for user " + userIdentity;
+            GuidReaderUtil.processError( errorMsg, throwExceptionOnError );
         }
 
         if ( enableCache )
@@ -429,7 +430,7 @@ public class LdapOperationsHelper
         }
     }
 
-    private static class GUIDHelper
+    private static class GuidReaderUtil
     {
         private static String readExistingGuidValue(
                 final PwmDomain pwmDomain,
@@ -441,35 +442,30 @@ public class LdapOperationsHelper
         {
             final ChaiUser theUser = pwmDomain.getProxiedChaiUser( sessionLabel, userIdentity );
             final LdapProfile ldapProfile = pwmDomain.getConfig().getLdapProfiles().get( userIdentity.getLdapProfileID() );
-            final String guidAttributeName = ldapProfile.readSettingAsString( PwmSetting.LDAP_GUID_ATTRIBUTE );
+            final AbstractProfile.GuidMode guidMode = ldapProfile.readGuidMode();
 
-            if ( "DN".equalsIgnoreCase( guidAttributeName ) )
+            if ( guidMode == AbstractProfile.GuidMode.DN )
             {
                 return userIdentity.toDelimitedKey();
             }
 
-            if ( "VENDORGUID".equalsIgnoreCase( guidAttributeName ) )
+            if ( guidMode == AbstractProfile.GuidMode.VENDORGUID )
             {
-                try
-                {
-                    final String guidValue = theUser.readGUID();
-                    if ( guidValue != null && guidValue.length() > 1 )
-                    {
-                        LOGGER.trace( sessionLabel, () -> "read VENDORGUID value for user " + theUser + ": " + guidValue );
-                    }
-                    else
-                    {
-                        LOGGER.trace( sessionLabel, () -> "unable to find a VENDORGUID value for user " + theUser.getEntryDN() );
-                    }
-                    return guidValue;
-                }
-                catch ( final Exception e )
-                {
-                    final String errorMsg = "error while reading vendor GUID value for user " + theUser.getEntryDN() + ", error: " + e.getMessage();
-                    return processError( errorMsg, throwExceptionOnError );
-                }
+               return readVendorGuid( theUser, sessionLabel, throwExceptionOnError );
             }
 
+           return readAttributeGuid( ldapProfile, userIdentity, theUser, throwExceptionOnError );
+        }
+
+        private static String readAttributeGuid(
+                final LdapProfile ldapProfile,
+                final UserIdentity userIdentity,
+                final ChaiUser theUser,
+                final boolean throwExceptionOnError
+        )
+                throws PwmUnrecoverableException
+        {
+            final String guidAttributeName = ldapProfile.readSettingAsString( PwmSetting.LDAP_GUID_ATTRIBUTE );
             try
             {
                 return theUser.readStringAttribute( guidAttributeName );
@@ -486,6 +482,33 @@ public class LdapOperationsHelper
             }
         }
 
+        private static String readVendorGuid(
+                final ChaiUser theUser,
+                final SessionLabel sessionLabel,
+                final boolean throwExceptionOnError
+        )
+                throws PwmUnrecoverableException
+        {
+            try
+            {
+                final String guidValue = theUser.readGUID();
+                if ( guidValue != null && guidValue.length() > 1 )
+                {
+                    LOGGER.trace( sessionLabel, () -> "read VENDORGUID value for user " + theUser + ": " + guidValue );
+                }
+                else
+                {
+                    LOGGER.trace( sessionLabel, () -> "unable to find a VENDORGUID value for user " + theUser.getEntryDN() );
+                }
+                return guidValue;
+            }
+            catch ( final Exception e )
+            {
+                final String errorMsg = "error while reading vendor GUID value for user " + theUser.getEntryDN() + ", error: " + e.getMessage();
+                return processError( errorMsg, throwExceptionOnError );
+            }
+        }
+
         private static String processError( final String errorMsg, final boolean throwExceptionOnError )
                 throws PwmUnrecoverableException
         {

server/src/main/java/password/pwm/ldap/UserInfoReader.java

@@ -659,11 +659,11 @@ public class UserInfoReader implements UserInfo
                 if ( profileID.isPresent() )
                 {
                     returnMap.put( profileDefinition, profileID.get() );
-                    LOGGER.debug( sessionLabel, () -> "assigned " + profileDefinition.toString() + " profileID \"" + profileID.get() + "\" to " + userIdentity.toDisplayString() );
+                    LOGGER.debug( sessionLabel, () -> "assigned " + profileDefinition + " profileID \"" + profileID.get() + "\" to " + userIdentity.toDisplayString() );
                 }
                 else
                 {
-                    LOGGER.debug( sessionLabel, () -> profileDefinition.toString() + " has no matching profiles for user " + userIdentity.toDisplayString() );
+                    LOGGER.debug( sessionLabel, () -> profileDefinition + " has no matching profiles for user " + userIdentity.toDisplayString() );
                 }
             }
         }

server/src/main/java/password/pwm/svc/PwmServiceManager.java

@@ -141,7 +141,7 @@ public class PwmServiceManager
         }
         catch ( final Exception e )
         {
-            final String errorMsg = "unexpected error instantiating service class '" + serviceName + "', error: " + e.toString();
+            final String errorMsg = "unexpected error instantiating service class '" + serviceName + "', error: " + e;
             LOGGER.fatal( () -> errorMsg, e );
             throw new PwmUnrecoverableException( new ErrorInformation( PwmError.ERROR_STARTUP_ERROR, errorMsg ) );
         }

server/src/main/java/password/pwm/svc/cr/CrService.java

@@ -157,7 +157,7 @@ public class CrService extends AbstractPwmService implements PwmService
                     else
                     {
                         final ChallengeSet finalReturnSet = returnSet;
-                        LOGGER.debug( sessionLabel, () -> "using nmas c/r policy for user " + theUser.getEntryDN() + ": " + finalReturnSet.toString() );
+                        LOGGER.debug( sessionLabel, () -> "using nmas c/r policy for user " + theUser.getEntryDN() + ": " + finalReturnSet );
 
                         final String challengeID = "nmasPolicy-" + userIdentity.toDelimitedKey();
 
@@ -171,7 +171,7 @@ public class CrService extends AbstractPwmService implements PwmService
                         );
 
                         LOGGER.debug( sessionLabel, () -> "using ldap c/r policy for user " + theUser.getEntryDN() + ": "
-                                + finalReturnSet.toString() );
+                                + finalReturnSet );
                         LOGGER.trace( sessionLabel, () -> "readUserChallengeProfile completed, result=" + JsonFactory.get().serialize( challengeProfile ),
                                 () -> TimeDuration.fromCurrent( methodStartTime ) );
 

server/src/main/java/password/pwm/svc/cr/NMASCrOperator.java

@@ -118,7 +118,7 @@ public class NMASCrOperator implements CrOperator
     private static final PwmLogger LOGGER = PwmLogger.forClass( NMASCrOperator.class );
 
     private final AtomicLoopIntIncrementer threadCounter = new AtomicLoopIntIncrementer();
-    private final List<NMASSessionThread> sessionMonitorThreads = Collections.synchronizedList( new ArrayList<NMASSessionThread>() );
+    private final List<NMASSessionThread> sessionMonitorThreads = Collections.synchronizedList( new ArrayList<>() );
     private final PwmDomain pwmDomain;
     private final TimeDuration maxThreadIdleTime;
     private final int maxThreadCount;
@@ -740,7 +740,7 @@ public class NMASCrOperator implements CrOperator
                 for ( final Callback callback : callbacks )
                 {
                     final String callbackClassname = callback.getClass().getName();
-                    LOGGER.trace( () -> "evaluating callback: " + callback.toString() + ", class=" + callbackClassname );
+                    LOGGER.trace( () -> "evaluating callback: " + callback + ", class=" + callbackClassname );
 
                     // note in some cases instanceof check fails due to classloader issues, using getName string comparison instead
                     if ( NMASCompletionCallback.class.getName().equals( callbackClassname ) )
@@ -774,7 +774,7 @@ public class NMASCrOperator implements CrOperator
                     else
                     {
                         unsupportedCallbackHasOccurred = true;
-                        LOGGER.trace( () -> "throwing UnsupportedCallbackException for " + callback.toString() + ", class=" + callback.getClass().getName() );
+                        LOGGER.trace( () -> "throwing UnsupportedCallbackException for " + callback + ", class=" + callback.getClass().getName() );
                         throw new UnsupportedCallbackException( callback );
                     }
                 }
@@ -983,7 +983,7 @@ public class NMASCrOperator implements CrOperator
                 }
                 else
                 {
-                    LOGGER.error( () -> "NMASLoginMonitor: LDAPException " + e.toString() );
+                    LOGGER.error( () -> "NMASLoginMonitor: LDAPException " + e );
                 }
                 setLoginState( NMASThreadState.COMPLETED );
                 final com.novell.security.nmas.client.NMASLoginResult localNMASLoginResult
@@ -1071,7 +1071,7 @@ public class NMASCrOperator implements CrOperator
             {
                 threadDebugInfo.append( "\n " ).append( thread.toDebugString() );
             }
-            LOGGER.trace( () -> threadDebugInfo.toString() );
+            LOGGER.trace( threadDebugInfo::toString );
         }
 
     }

server/src/main/java/password/pwm/svc/db/DatabaseAccessorImpl.java

@@ -116,7 +116,7 @@ class DatabaseAccessorImpl implements DatabaseAccessor
 
             if ( exists )
             {
-                final String sqlText = "UPDATE " + table.toString()
+                final String sqlText = "UPDATE " + table
                         + " SET " + DatabaseService.VALUE_COLUMN + "=? WHERE "
                         + DatabaseService.KEY_COLUMN + "=?";
 
@@ -125,7 +125,7 @@ class DatabaseAccessorImpl implements DatabaseAccessor
             }
             else
             {
-                final String sqlText = "INSERT INTO " + table.toString()
+                final String sqlText = "INSERT INTO " + table
                         + "(" + DatabaseService.KEY_COLUMN + ", "
                         + DatabaseService.VALUE_COLUMN + ") VALUES(?,?)";
                 executeUpdate( sqlText, debugInfo, key, value );

server/src/main/java/password/pwm/svc/db/DatabaseUtil.java

@@ -153,11 +153,11 @@ class DatabaseUtil
                 statement = connection.createStatement();
                 statement.execute( sqlString );
                 connection.commit();
-                LOGGER.debug( () -> "created table " + table.toString() );
+                LOGGER.debug( () -> "created table " + table );
             }
             catch ( final SQLException ex )
             {
-                final String errorMsg = "error creating new table " + table.toString() + ": " + ex.getMessage();
+                final String errorMsg = "error creating new table " + table + ": " + ex.getMessage();
                 final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_DB_UNAVAILABLE, errorMsg );
                 throw new DatabaseException( errorInformation );
             }
@@ -168,9 +168,9 @@ class DatabaseUtil
         }
 
         {
-            final String indexName = table.toString() + INDEX_NAME_SUFFIX;
+            final String indexName = table + INDEX_NAME_SUFFIX;
             final String sqlString = "CREATE index " + indexName
-                    + " ON " + table.toString()
+                    + " ON " + table
                     + " (" + DatabaseService.KEY_COLUMN + ")";
 
             Statement statement = null;
@@ -194,7 +194,7 @@ class DatabaseUtil
                 }
                 else
                 {
-                    LOGGER.warn( () -> errorInformation.toDebugStr() );
+                    LOGGER.warn( errorInformation::toDebugStr );
                 }
             }
             finally

server/src/main/java/password/pwm/svc/intruder/IntruderDomainService.java

@@ -180,7 +180,7 @@ public class IntruderDomainService extends AbstractPwmService implements PwmServ
             final IntruderSettings.TypeSettings typeSettings = intruderSettings.getTargetSettings().get( type );
             if ( typeSettings.isConfigured() )
             {
-                LOGGER.debug( getSessionLabel(), () -> "starting record manager for type '" + type + "' with settings: " + typeSettings.toString() );
+                LOGGER.debug( getSessionLabel(), () -> "starting record manager for type '" + type + "' with settings: " + typeSettings );
                 recordManagers.put( type, new IntruderRecordManagerImpl( pwmDomain, type, recordStore, intruderSettings ) );
             }
             else

server/src/main/java/password/pwm/svc/intruder/StubRecordManager.java

@@ -64,27 +64,27 @@ class StubRecordManager implements IntruderRecordManager
     @Override
     public ClosableIterator<IntruderRecord> iterator( ) throws PwmOperationalException
     {
-        return new ClosableIterator<IntruderRecord>()
+        return new ClosableIterator<>()
         {
             @Override
-            public boolean hasNext( )
+            public boolean hasNext()
             {
                 return false;
             }
 
             @Override
-            public IntruderRecord next( )
+            public IntruderRecord next()
             {
                 throw new NoSuchElementException();
             }
 
             @Override
-            public void remove( )
+            public void remove()
             {
             }
 
             @Override
-            public void close( )
+            public void close()
             {
             }
         };

server/src/main/java/password/pwm/svc/otp/AbstractOtpOperator.java

@@ -75,7 +75,7 @@ public abstract class AbstractOtpOperator implements OtpOperator
                     value = OTPPamUtil.composePamData( otpUserRecord );
                     break;
                 default:
-                    final String errorStr = String.format( "Unsupported storage format: %s", format.toString() );
+                    final String errorStr = String.format( "Unsupported storage format: %s", format );
                     final ErrorInformation error = new ErrorInformation( PwmError.ERROR_INVALID_CONFIG, errorStr );
                     throw new PwmUnrecoverableException( error );
             }

server/src/main/java/password/pwm/svc/otp/DbOtpOperator.java

@@ -81,7 +81,7 @@ public class DbOtpOperator extends AbstractOtpOperator
                         final OTPUserRecord otpConfig = decomposeOtpAttribute( decryptAttributeValue );
                         if ( otpConfig != null )
                         {
-                            LOGGER.debug( sessionLabel, () -> "found user OTP secret in db: " + otpConfig.toString() );
+                            LOGGER.debug( sessionLabel, () -> "found user OTP secret in db: " + otpConfig );
                             return Optional.of( otpConfig );
                         }
                     }
@@ -128,8 +128,7 @@ public class DbOtpOperator extends AbstractOtpOperator
         catch ( final PwmOperationalException ex )
         {
             final ErrorInformation errorInfo = new ErrorInformation( PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp to db: " + ex.getMessage() );
-            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo );
-            pwmOE.initCause( ex );
+            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo, ex );
             throw pwmOE;
         }
     }
@@ -166,8 +165,7 @@ public class DbOtpOperator extends AbstractOtpOperator
                     PwmError.ERROR_WRITING_OTP_SECRET,
                     "unexpected error saving otp to db: " + ex.getMessage()
             );
-            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo );
-            pwmOE.initCause( ex );
+            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo, ex );
             throw pwmOE;
         }
     }

server/src/main/java/password/pwm/svc/otp/LdapOtpOperator.java

@@ -148,8 +148,7 @@ public class LdapOtpOperator extends AbstractOtpOperator
                 errorMsg = "error writing OTP secret to ldap attribute '" + ldapStorageAttribute + "': " + ex.getMessage();
             }
             final ErrorInformation errorInfo = new ErrorInformation( PwmError.ERROR_WRITING_OTP_SECRET, errorMsg );
-            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo );
-            pwmOE.initCause( ex );
+            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo, ex );
             throw pwmOE;
         }
     }
@@ -192,8 +191,7 @@ public class LdapOtpOperator extends AbstractOtpOperator
                 errorMsg = "error clearing OTP secret to ldap attribute '" + ldapStorageAttribute + "': " + e.getMessage();
             }
             final ErrorInformation errorInfo = new ErrorInformation( PwmError.ERROR_WRITING_OTP_SECRET, errorMsg );
-            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo );
-            pwmOE.initCause( e );
+            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo, e );
             throw pwmOE;
         }
         catch ( final ChaiUnavailableException e )

server/src/main/java/password/pwm/svc/otp/LocalDbOtpOperator.java

@@ -94,7 +94,7 @@ public class LocalDbOtpOperator extends AbstractOtpOperator
                         final OTPUserRecord otpConfig = decomposeOtpAttribute( decryptAttributeValue );
                         if ( otpConfig != null )
                         {
-                            LOGGER.debug( sessionLabel, () -> "found user OTP secret in LocalDB: " + otpConfig.toString() );
+                            LOGGER.debug( sessionLabel, () -> "found user OTP secret in LocalDB: " + otpConfig );
                             return Optional.of( otpConfig );
                         }
                     }
@@ -149,8 +149,7 @@ public class LocalDbOtpOperator extends AbstractOtpOperator
         catch ( final PwmOperationalException ex )
         {
             final ErrorInformation errorInfo = new ErrorInformation( PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp to localDB: " + ex.getMessage() );
-            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo );
-            pwmOE.initCause( ex );
+            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo, ex );
             throw pwmOE;
         }
     }
@@ -185,8 +184,7 @@ public class LocalDbOtpOperator extends AbstractOtpOperator
         catch ( final LocalDBException ex )
         {
             final ErrorInformation errorInfo = new ErrorInformation( PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp to localDB: " + ex.getMessage() );
-            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo );
-            pwmOE.initCause( ex );
+            final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException( errorInfo, ex );
             throw pwmOE;
         }
     }

server/src/main/java/password/pwm/svc/otp/OtpService.java

@@ -413,7 +413,7 @@ public class OtpService extends AbstractPwmService implements PwmService
         if ( attempts != successes )
         {
             // should be impossible to read here, but just in case.
-            final String errorMsg = "OTP secret write only partially successful; attempts=" + attempts + ", successes=" + successes + ", errors: " + errorMsgs.toString();
+            final String errorMsg = "OTP secret write only partially successful; attempts=" + attempts + ", successes=" + successes + ", errors: " + errorMsgs;
             final ErrorInformation errorInfo = new ErrorInformation( PwmError.ERROR_WRITING_OTP_SECRET, errorMsg );
             throw new PwmOperationalException( errorInfo );
         }
@@ -474,7 +474,7 @@ public class OtpService extends AbstractPwmService implements PwmService
         if ( attempts != successes )
         {
             // should be impossible to read here, but just in case.
-            final String errorMsg = "OTP secret clearing only partially successful; attempts=" + attempts + ", successes=" + successes + ", error: " + errorMsgs.toString();
+            final String errorMsg = "OTP secret clearing only partially successful; attempts=" + attempts + ", successes=" + successes + ", error: " + errorMsgs;
             //@todo: replace error message
             final ErrorInformation errorInfo = new ErrorInformation( PwmError.ERROR_WRITING_OTP_SECRET, errorMsg );
             throw new PwmOperationalException( errorInfo );

server/src/main/java/password/pwm/svc/otp/PasscodeGenerator.java

@@ -87,14 +87,7 @@ public class PasscodeGenerator
      */
     public PasscodeGenerator( final Mac mac, final int passCodeLength, final int interval )
     {
-        this( new Signer()
-        {
-            @Override
-            public byte[] sign( final byte[] data )
-            {
-                return mac.doFinal( data );
-            }
-        }, passCodeLength, interval );
+        this( mac::doFinal, passCodeLength, interval );
     }
 
     public PasscodeGenerator( final Signer signer, final int passCodeLength, final int interval )

server/src/main/java/password/pwm/svc/secure/AbstractSecureService.java

@@ -139,7 +139,7 @@ public abstract class AbstractSecureService extends AbstractPwmService implement
     public ServiceInfoBean serviceInfo( )
     {
         return ServiceInfoBean.builder()
-                .debugProperties( CollectionUtil.combineMaps( List.of(
+                .debugProperties( CollectionUtil.combineOrderedMaps( List.of(
                         stats.debugStats(),
                         CollectionUtil.enumMapToStringMap( debugData() ) ) ) )
                 .build();

server/src/main/java/password/pwm/svc/sms/SmsQueueService.java

@@ -245,13 +245,13 @@ public class SmsQueueService extends AbstractPwmService implements PwmService
 
         if ( smsItem.getTo() == null || smsItem.getTo().length() < 1 )
         {
-            LOGGER.debug( () -> "discarding sms send event (no to address) " + smsItem.toString() );
+            LOGGER.debug( () -> "discarding sms send event (no to address) " + smsItem );
             return false;
         }
 
         if ( smsItem.getMessage() == null || smsItem.getMessage().length() < 1 )
         {
-            LOGGER.debug( () -> "discarding sms send event (no message) " + smsItem.toString() );
+            LOGGER.debug( () -> "discarding sms send event (no message) " + smsItem );
             return false;
         }
 

server/src/main/java/password/pwm/svc/wordlist/SharedHistoryService.java

@@ -79,7 +79,7 @@ public class SharedHistoryService extends AbstractPwmService implements PwmServi
 
     private LocalDB localDB;
     private String salt;
-    private long oldestEntry;
+    private Instant oldestEntry;
 
     private Settings settings = Settings.builder().build();
     private final Lock addWordLock = new ReentrantLock();
@@ -142,11 +142,7 @@ public class SharedHistoryService extends AbstractPwmService implements PwmServi
 
     public Instant getOldestEntryTime( )
     {
-        if ( size() > 0 )
-        {
-            return Instant.ofEpochMilli( oldestEntry );
-        }
-        return null;
+       return oldestEntry;
     }
 
     public long size( )
@@ -212,12 +208,12 @@ public class SharedHistoryService extends AbstractPwmService implements PwmServi
             final Optional<String> oldestEntryStr = localDB.get( META_DB, KEY_OLDEST_ENTRY );
             if ( oldestEntryStr.isPresent() )
             {
-                oldestEntry = Long.parseLong( oldestEntryStr.get() );
+                oldestEntry = Instant.ofEpochMilli( Long.parseLong( oldestEntryStr.get() ) );
                 LOGGER.trace( getSessionLabel(), () -> "oldest timestamp loaded from localDB, age is " + TimeDuration.fromCurrent( oldestEntry ).asCompactString() );
             }
             else
             {
-                oldestEntry = 0;
+                oldestEntry = Instant.now();
                 LOGGER.trace( getSessionLabel(), () -> "no oldestEntry timestamp stored, will rescan" );
                 }
         }
@@ -359,12 +355,12 @@ public class SharedHistoryService extends AbstractPwmService implements PwmServi
                 return;
             }
 
-            final long oldestEntryAge = System.currentTimeMillis() - oldestEntry;
+            final TimeDuration oldestEntryAge = TimeDuration.fromCurrent( oldestEntry );
             if ( settings.getMaxAge().isLongerThan( oldestEntryAge ) )
 
                 {
                 LOGGER.debug( getSessionLabel(), () -> "skipping wordDB reduce operation, eldestEntry="
-                        + TimeDuration.asCompactString( oldestEntryAge )
+                        + oldestEntryAge.asCompactString()
                         + ", maxAge="
                         + settings.getMaxAge().asCompactString() );
                 return;
@@ -373,7 +369,7 @@ public class SharedHistoryService extends AbstractPwmService implements PwmServi
             final Instant startTime = Instant.now();
             final long initialSize = size();
             int removeCount = 0;
-            long localOldestEntry = System.currentTimeMillis();
+            Instant localOldestEntry = Instant.now();
 
             LOGGER.debug( getSessionLabel(), () -> "beginning wordDB reduce operation, examining " + initialSize
                     + " words for entries older than " + settings.getMaxAge().asCompactString() );
@@ -386,10 +382,9 @@ public class SharedHistoryService extends AbstractPwmService implements PwmServi
                     final Map.Entry<String, String> entry = keyIterator.next();
                     final String key = entry.getKey();
                     final String value = entry.getValue();
-                    final long timeStamp = Long.parseLong( value );
-                    final long entryAge = System.currentTimeMillis() - timeStamp;
+                    final Instant entryTimestamp = Instant.ofEpochMilli( Long.parseLong( value ) );
 
-                    if ( settings.getMaxAge().isLongerThan( entryAge ) )
+                    if ( settings.getMaxAge().isLongerThan( TimeDuration.fromCurrent( entryTimestamp ) ) )
                     {
                         localDB.remove( WORDS_DB, key );
                         removeCount++;
@@ -402,7 +397,7 @@ public class SharedHistoryService extends AbstractPwmService implements PwmServi
                     }
                     else
                     {
-                        localOldestEntry = timeStamp < localOldestEntry ? timeStamp : localOldestEntry;
+                        localOldestEntry = localOldestEntry.isBefore( entryTimestamp ) ? entryTimestamp : localOldestEntry;
                     }
                 }
             }
@@ -411,14 +406,14 @@ public class SharedHistoryService extends AbstractPwmService implements PwmServi
             if ( status() == STATUS.OPEN )
             {
                 oldestEntry = localOldestEntry;
-                localDB.put( META_DB, KEY_OLDEST_ENTRY, Long.toString( oldestEntry ) );
+                localDB.put( META_DB, KEY_OLDEST_ENTRY, Long.toString( oldestEntry.getEpochSecond() ) );
             }
 
             {
                 final int finalRemove = removeCount;
                 LOGGER.debug( getSessionLabel(), () -> "completed wordDB reduce operation" + ", removed=" + finalRemove
                         + ", totalRemaining=" + size()
-                        + ", oldestEntry=" + TimeDuration.asCompactString( oldestEntry )
+                        + ", oldestEntry=" + oldestEntry
                         + " in ", () -> TimeDuration.fromCurrent( startTime ) );
             }
         }
@@ -527,4 +522,5 @@ public class SharedHistoryService extends AbstractPwmService implements PwmServi
             return ServiceInfoBean.builder().build();
         }
     }
+
 }

server/src/main/java/password/pwm/util/cli/MainClass.java

@@ -365,7 +365,7 @@ public class MainClass
         {
             final String errorMsg = "unable to establish operating environment: " + e.getMessage();
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_ENVIRONMENT_ERROR, errorMsg );
-            LOGGER.error( () -> errorInformation.toDebugStr(), e );
+            LOGGER.error( errorInformation::toDebugStr, e );
             out( "unable to establish operating environment: " + e.getMessage() );
             System.exit( -1 );
             return;

server/src/main/java/password/pwm/util/debug/AboutItemGenerator.java

@@ -36,7 +36,7 @@ class AboutItemGenerator implements AppItemGenerator
     }
 
     @Override
-    public void outputItem( final AppDebugItemInput debugItemInput, final OutputStream outputStream ) throws Exception
+    public void outputItem( final AppDebugItemInput debugItemInput, final OutputStream outputStream )
     {
         final Map<PwmAboutProperty, String> infoBeanMap = PwmAboutProperty.makeInfoBean( debugItemInput.getPwmApplication() );
         final String jsonValue = JsonFactory.get().serializeMap( infoBeanMap, JsonProvider.Flag.PrettyPrint );

server/src/main/java/password/pwm/util/debug/DebugItemGenerator.java

@@ -209,7 +209,7 @@ public class DebugItemGenerator
         }
         catch ( final Throwable e )
         {
-            final String errorMsg = "unexpected error executing debug item output class '" + serviceClass.getName() + "', error: " + e.toString();
+            final String errorMsg = "unexpected error executing debug item output class '" + serviceClass.getName() + "', error: " + e;
             LOGGER.error( sessionLabel, () -> errorMsg, e );
             debugGeneratorLogFile.appendLine( errorMsg );
             debugGeneratorLogFile.appendLine( JavaHelper.stackTraceToString( e ) );

server/src/main/java/password/pwm/util/form/FormUtility.java

@@ -295,7 +295,7 @@ public class FormUtility
 
         final CacheService cacheService = pwmDomain.getCacheService();
         final CacheKey cacheKey = CacheKey.newKey(
-                Validator.class, null, "attr_unique_check_" + filter.toString()
+                Validator.class, null, "attr_unique_check_" + filter
         );
         if ( allowResultCaching && cacheService != null )
         {

server/src/main/java/password/pwm/util/i18n/LocaleHelper.java

@@ -177,7 +177,7 @@ public class LocaleHelper
     {
         if ( !PwmDisplayBundle.class.isAssignableFrom( bundleClass ) )
         {
-            LOGGER.warn( () -> "attempt to resolve locale for non-DisplayBundleMarker class type " + bundleClass.toString() );
+            LOGGER.warn( () -> "attempt to resolve locale for non-DisplayBundleMarker class type " + bundleClass );
             return null;
         }
 

server/src/main/java/password/pwm/util/i18n/LocaleStats.java

@@ -202,7 +202,7 @@ public class LocaleStats
             {
                 if ( DEBUG_FLAG )
                 {
-                    LOGGER.trace( () -> "missing resource bundle: bundle=" + pwmLocaleBundle.getTheClass().getName() + ", locale=" + locale.toString() );
+                    LOGGER.trace( () -> "missing resource bundle: bundle=" + pwmLocaleBundle.getTheClass().getName() + ", locale=" + locale );
                 }
                 returnList.addAll( pwmLocaleBundle.getDisplayKeys() );
             }
@@ -216,7 +216,7 @@ public class LocaleStats
                     {
                         if ( DEBUG_FLAG )
                         {
-                            LOGGER.trace( () -> "missing resource: bundle=" + pwmLocaleBundle.getTheClass().toString() + ", locale=" + locale.toString() + "' key=" + key );
+                            LOGGER.trace( () -> "missing resource: bundle=" + pwmLocaleBundle.getTheClass() + ", locale=" + locale + "' key=" + key );
                         }
                         returnList.add( key );
                     }
@@ -227,8 +227,8 @@ public class LocaleStats
         {
             if ( DEBUG_FLAG )
             {
-                LOGGER.trace( () -> "error loading resource bundle for class='" + pwmLocaleBundle.getTheClass().toString()
-                        + ", locale=" + locale.toString() + "', error: " + e.getMessage() );
+                LOGGER.trace( () -> "error loading resource bundle for class='" + pwmLocaleBundle.getTheClass()
+                        + ", locale=" + locale + "', error: " + e.getMessage() );
             }
         }
         Collections.sort( returnList );

server/src/main/java/password/pwm/util/localdb/AbstractJDBCLocalDB.java

@@ -101,11 +101,11 @@ public abstract class AbstractJDBCLocalDB implements LocalDBProvider
                     statement = connection.createStatement();
                     statement.execute( sqlString );
                     connection.commit();
-                    LOGGER.debug( () -> "created table " + db.toString() + " (" + TimeDuration.fromCurrent( startTime ).asCompactString() + ")" );
+                    LOGGER.debug( () -> "created table " + db + " (" + TimeDuration.fromCurrent( startTime ).asCompactString() + ")" );
                 }
                 catch ( final SQLException ex )
                 {
-                    LOGGER.error( () -> "error creating new table " + db.toString() + ": " + ex.getMessage() );
+                    LOGGER.error( () -> "error creating new table " + db + ": " + ex.getMessage() );
                 }
                 finally
                 {
@@ -115,7 +115,7 @@ public abstract class AbstractJDBCLocalDB implements LocalDBProvider
 
             {
                 final Instant startTime = Instant.now();
-                final String indexName = db.toString() + "_IDX";
+                final String indexName = db + "_IDX";
                 final StringBuilder sqlString = new StringBuilder();
                 sqlString.append( "CREATE index " ).append( indexName );
                 sqlString.append( " ON " ).append( db );
@@ -327,7 +327,7 @@ public abstract class AbstractJDBCLocalDB implements LocalDBProvider
         PreparedStatement removeStatement = null;
 
         final String removeSqlString = "DELETE FROM " + db.toString() + " WHERE " + KEY_COLUMN + "=?";
-        final String insertSqlString = "INSERT INTO " + db.toString() + "(" + KEY_COLUMN + ", " + VALUE_COLUMN + ") VALUES(?,?)";
+        final String insertSqlString = "INSERT INTO " + db + "(" + KEY_COLUMN + ", " + VALUE_COLUMN + ") VALUES(?,?)";
 
         try
         {
@@ -437,7 +437,7 @@ public abstract class AbstractJDBCLocalDB implements LocalDBProvider
 
                 if ( !valueExists )
                 {
-                    final String insertSql = "INSERT INTO " + db.toString() + "(" + KEY_COLUMN + ", " + VALUE_COLUMN + ") VALUES(?,?)";
+                    final String insertSql = "INSERT INTO " + db + "(" + KEY_COLUMN + ", " + VALUE_COLUMN + ") VALUES(?,?)";
                     insertStatement = dbConnection.prepareStatement( insertSql );
                     insertStatement.setString( 1, key );
                     insertStatement.setString( 2, value );

server/src/main/java/password/pwm/util/localdb/LocalDBUtility.java

@@ -119,7 +119,7 @@ public class LocalDBUtility
             {
                 if ( loopDB.isBackup() )
                 {
-                    csvPrinter.printComment( "Export of " + loopDB.toString() );
+                    csvPrinter.printComment( "Export of " + loopDB );
                     try ( LocalDB.LocalDBIterator<Map.Entry<String, String>> localDBIterator = localDB.iterator( loopDB ) )
                     {
                         while ( localDBIterator.hasNext() )

server/src/main/java/password/pwm/util/logging/PwmLogger.java

@@ -560,7 +560,7 @@ public class PwmLogger
             while ( length > 0 )
             {
                 final String line = buffer.substring( 0, length );
-                buffer.delete( 0, +length + 1 );
+                buffer.delete( 0, length + 1 );
                 doLogEvent( logLevel, sessionLabel, () -> line, null );
                 length = buffer.indexOf( "\n" );
             }

server/src/main/java/password/pwm/util/macro/StaticMacros.java

@@ -159,7 +159,7 @@ public abstract class StaticMacros
                         return StringUtil.base64Encode( input.getBytes( PwmConstants.DEFAULT_CHARSET ) );
 
                     default:
-                        throw new MacroParseException( "unimplemented encodeType '" + this.toString() + "' for Encode macro" );
+                        throw new MacroParseException( "unimplemented encodeType '" + this + "' for Encode macro" );
                 }
             }
 
@@ -251,7 +251,7 @@ public abstract class StaticMacros
                         return doHash( input, PwmHashAlgorithm.SHA512 );
 
                     default:
-                        throw new MacroParseException( "unimplemented hashtype '" + this.toString() + "' for Hash macro" );
+                        throw new MacroParseException( "unimplemented hashtype '" + this + "' for Hash macro" );
                 }
             }
 
@@ -351,7 +351,7 @@ public abstract class StaticMacros
                                 : input.toLowerCase();
 
                     default:
-                        throw new MacroParseException( "unimplemented casetype '" + this.toString() + "' for Case macro" );
+                        throw new MacroParseException( "unimplemented casetype '" + this + "' for Case macro" );
                 }
             }
 

server/src/main/java/password/pwm/util/operations/ActionExecutor.java

@@ -274,7 +274,7 @@ public class ActionExecutor
                 : attrValue;
 
 
-        LOGGER.trace( sessionLabel, () -> "beginning ldap " + effectiveLdapMethod.toString() + " operation on " + theUser.getEntryDN() + ", attribute " + attrName );
+        LOGGER.trace( sessionLabel, () -> "beginning ldap " + effectiveLdapMethod + " operation on " + theUser.getEntryDN() + ", attribute " + attrName );
         switch ( effectiveLdapMethod )
         {
             case replace:
@@ -288,8 +288,7 @@ public class ActionExecutor
                 {
                     final String errorMsg = "error setting '" + attrName + "' attribute on user " + theUser.getEntryDN() + ", error: " + e.getMessage();
                     final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INTERNAL, errorMsg );
-                    final PwmOperationalException newException = new PwmOperationalException( errorInformation );
-                    newException.initCause( e );
+                    final PwmOperationalException newException = new PwmOperationalException( errorInformation, e );
                     throw newException;
                 }
             }
@@ -306,8 +305,7 @@ public class ActionExecutor
                 {
                     final String errorMsg = "error adding '" + attrName + "' attribute value from user " + theUser.getEntryDN() + ", error: " + e.getMessage();
                     final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INTERNAL, errorMsg );
-                    final PwmOperationalException newException = new PwmOperationalException( errorInformation );
-                    newException.initCause( e );
+                    final PwmOperationalException newException = new PwmOperationalException( errorInformation, e );
                     throw newException;
                 }
 
@@ -325,8 +323,7 @@ public class ActionExecutor
                 {
                     final String errorMsg = "error deleting '" + attrName + "' attribute value on user " + theUser.getEntryDN() + ", error: " + e.getMessage();
                     final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INTERNAL, errorMsg );
-                    final PwmOperationalException newException = new PwmOperationalException( errorInformation );
-                    newException.initCause( e );
+                    final PwmOperationalException newException = new PwmOperationalException( errorInformation, e );
                     throw newException;
                 }
             }

server/src/main/java/password/pwm/util/password/PasswordRuleChecks.java

@@ -652,7 +652,7 @@ public class PasswordRuleChecks
                     errorList.add( new ErrorInformation( PwmError.PASSWORD_INVALID_CHAR ) );
                     if ( EXTRA_LOGGING )
                     {
-                        LOGGER.trace( () -> "password rejected, does not match configured regex pattern: " + pattern.toString() );
+                        LOGGER.trace( () -> "password rejected, does not match configured regex pattern: " + pattern );
                     }
                 }
             }
@@ -665,7 +665,7 @@ public class PasswordRuleChecks
                     errorList.add( new ErrorInformation( PwmError.PASSWORD_INVALID_CHAR ) );
                     if ( EXTRA_LOGGING )
                     {
-                        LOGGER.trace( () -> "password rejected, matches configured no-regex pattern: " + pattern.toString() );
+                        LOGGER.trace( () -> "password rejected, matches configured no-regex pattern: " + pattern );
                     }
                 }
             }

server/src/main/java/password/pwm/util/password/PasswordRuleReaderHelper.java

@@ -70,7 +70,7 @@ public class PasswordRuleReaderHelper
         else
         {
             // Strip off any thresholds from attribute (specified as: "attributeName:N", where N is a numeric value).
-            final List<String> strippedDisallowedAttributes = new ArrayList<String>();
+            final List<String> strippedDisallowedAttributes = new ArrayList<>();
 
             if ( disallowedAttributes != null )
             {

server/src/main/java/password/pwm/util/password/PasswordUtility.java

@@ -458,7 +458,7 @@ public class PasswordUtility
         }
         catch ( final ChaiPasswordPolicyException e )
         {
-            final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.toString();
+            final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e;
             final Optional<PwmError> pwmError = PwmError.forChaiError( e.getErrorCode() );
             final ErrorInformation error = new ErrorInformation( pwmError.orElse( PwmError.PASSWORD_UNKNOWN_VALIDATION ), errorMsg );
             throw new PwmOperationalException( error );

server/src/main/java/password/pwm/util/password/PwmPasswordRuleValidator.java

@@ -133,12 +133,12 @@ public class PwmPasswordRuleValidator
             }
             catch ( final UnsupportedOperationException e )
             {
-                LOGGER.trace( () -> "Unsupported operation was thrown while validating password: " + e.toString() );
+                LOGGER.trace( () -> "Unsupported operation was thrown while validating password: " + e );
             }
             catch ( final ChaiUnavailableException e )
             {
                 StatisticsClient.incrementStat( pwmDomain.getPwmApplication(), Statistic.LDAP_UNAVAILABLE_COUNT );
-                LOGGER.warn( () -> "ChaiUnavailableException was thrown while validating password: " + e.toString() );
+                LOGGER.warn( () -> "ChaiUnavailableException was thrown while validating password: " + e );
                 throw e;
             }
             catch ( final ChaiPasswordPolicyException e )
@@ -146,7 +146,7 @@ public class PwmPasswordRuleValidator
                 final ChaiError passwordError = e.getErrorCode();
                 final PwmError pwmError = PwmError.forChaiError( passwordError ).orElse( PwmError.PASSWORD_UNKNOWN_VALIDATION );
                 final ErrorInformation info = new ErrorInformation( pwmError );
-                LOGGER.trace( () -> "ChaiPasswordPolicyException was thrown while validating password: " + e.toString() );
+                LOGGER.trace( () -> "ChaiPasswordPolicyException was thrown while validating password: " + e );
                 errorResults.add( info );
             }
         }

server/src/main/java/password/pwm/util/secure/PwmTrustManager.java

@@ -156,7 +156,7 @@ public class PwmTrustManager implements X509TrustManager
         if ( !passed )
         {
             final String errorMsg = "server certificate " + X509Utils.makeDebugText( testCertificate )
-                    + " is not signed by configured ROOT CA certificate(s): " + errorText.toString();
+                    + " is not signed by configured ROOT CA certificate(s): " + errorText;
             throw PwmUnrecoverableException.newException( PwmError.ERROR_CERTIFICATE_ERROR, errorMsg );
         }
     }

server/src/main/java/password/pwm/util/secure/SecureEngine.java

@@ -238,7 +238,7 @@ public class SecureEngine
                 workingValue = Arrays.copyOfRange( workingValue, 1, workingValue.length );
                 if ( workingValue.length <= nonceLength )
                 {
-                    throw new PwmUnrecoverableException( new ErrorInformation( PwmError.ERROR_CRYPT_ERROR, "incoming " + blockAlgorithm.toString() + " data is missing nonce" ) );
+                    throw new PwmUnrecoverableException( new ErrorInformation( PwmError.ERROR_CRYPT_ERROR, "incoming " + blockAlgorithm + " data is missing nonce" ) );
                 }
                 final byte[] nonce = Arrays.copyOfRange( workingValue, 0, nonceLength );
                 workingValue = Arrays.copyOfRange( workingValue, nonceLength, workingValue.length );

server/src/main/java/password/pwm/ws/server/rest/RestCheckPasswordServer.java

@@ -219,7 +219,7 @@ public class RestCheckPasswordServer extends RestServlet
         {
             final String errorMessage = "unexpected error executing web service: " + e.getMessage();
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INTERNAL, errorMessage );
-            LOGGER.error( restRequest.getSessionLabel(), () -> errorInformation.toDebugStr(), e );
+            LOGGER.error( restRequest.getSessionLabel(), errorInformation::toDebugStr, e );
             return RestResultBean.fromError( restRequest, errorInformation );
         }
     }

webapp/src/main/webapp/WEB-INF/jsp/forgottenpassword-method.jsp

@@ -33,7 +33,7 @@
 <%@ taglib uri="pwm" prefix="pwm" %>
 <%
     final PwmRequest pwmRequest = PwmRequest.forRequest(request, response);
-    final Set<IdentityVerificationMethod> methods = new LinkedHashSet<IdentityVerificationMethod>((Set<IdentityVerificationMethod>) JspUtility.getAttribute(pageContext, PwmRequestAttribute.AvailableAuthMethods));
+    final Set<IdentityVerificationMethod> methods = new LinkedHashSet<>( ( Set<IdentityVerificationMethod> ) JspUtility.getAttribute( pageContext, PwmRequestAttribute.AvailableAuthMethods ) );
 %>
 <html lang="<pwm:value name="<%=PwmValue.localeCode%>"/>" dir="<pwm:value name="<%=PwmValue.localeDir%>"/>">
 <%@ include file="fragment/header.jsp" %>

webapp/src/main/webapp/WEB-INF/jsp/fragment/ldap-permissions.jsp

@@ -69,7 +69,7 @@
         </td>
         <td style="text-align: left">
             <%
-                final Set<String> menuLocations = new TreeSet<String>();
+                final Set<String> menuLocations = new TreeSet<>();
                 for (final LDAPPermissionCalculator.PermissionRecord record : entry.getValue().get(access)) {
                     if (record.getPwmSetting() != null) {
                         menuLocations.add(record.getPwmSetting().toMenuLocationDebug(record.getProfile(), JspUtility.locale(request)));

webapp/src/main/webapp/WEB-INF/jsp/fragment/setupresponses-form.jsp

@@ -68,7 +68,7 @@
 <%---------------------- display fields for pwmRandom challenges using SIMPLE mode ----------------------------------------%>
 <% if (setupData.isSimpleMode()) {  %>
 <% // need to output all the random options for the javascript functions.
-    final List<String> questionTexts = new ArrayList<String>();
+    final List<String> questionTexts = new ArrayList<>();
     for (final String indexKey : setupData.getIndexedChallenges().keySet()) {
         final Challenge challenge = setupData.getIndexedChallenges().get(indexKey);
         if (!challenge.isRequired()) {

webapp/src/main/webapp/public/reference/displaystrings.jsp

@@ -62,7 +62,7 @@
         </h2>
         <table>
             <% final ResourceBundle resourceBundle = ResourceBundle.getBundle(bundle.getTheClass().getName()); %>
-            <% for (final String key : new TreeSet<String>(Collections.list(resourceBundle.getKeys()))) { %>
+            <% for (final String key : new TreeSet<>( Collections.list( resourceBundle.getKeys() ) )) { %>
             <% final Map<Locale,String> values = LocaleHelper.getUniqueLocalizations(pwmRequest != null ? pwmRequest.getDomainConfig() : null, bundle.getTheClass(), key, PwmConstants.DEFAULT_LOCALE); %>
             <% for (final Map.Entry<Locale,String> entry : values.entrySet()) { %>
             <% final Locale locale = entry.getKey(); %>