Merge branch 'master' into feature/advanced-search

# Conflicts:
#	server/src/main/java/password/pwm/http/PwmSession.java
#	server/src/main/resources/password/pwm/i18n/PwmSetting.properties

data-service/pom.xml

@@ -157,11 +157,6 @@
             <artifactId>log4j</artifactId>
             <version>1.2.17</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.axis</groupId>
-            <artifactId>axis</artifactId>
-            <version>1.4</version>
-        </dependency>
         <dependency>
             <groupId>org.jdom</groupId>
             <artifactId>jdom2</artifactId>

pom.xml

@@ -235,12 +235,12 @@
             <plugin>
                 <groupId>com.github.spotbugs</groupId>
                 <artifactId>spotbugs-maven-plugin</artifactId>
-                <version>3.1.6</version>
+                <version>3.1.7</version>
                 <dependencies>
                     <dependency>
                         <groupId>com.github.spotbugs</groupId>
                         <artifactId>spotbugs</artifactId>
-                        <version>3.1.7</version>
+                        <version>3.1.8</version>
                     </dependency>
                 </dependencies>
                 <configuration>
@@ -289,7 +289,7 @@
         <dependency>
             <groupId>com.github.spotbugs</groupId>
             <artifactId>spotbugs-annotations</artifactId>
-            <version>3.1.7</version>
+            <version>3.1.8</version>
             <scope>provided</scope>
         </dependency>
     </dependencies>

rest-test-service/pom.xml

@@ -12,7 +12,7 @@
     <artifactId>rest-test-service</artifactId>
     <packaging>war</packaging>
 
-    <name>PWM Password Self Service: Web Service Test Server</name>
+    <name>PWM Password Self Service: REST Test Server</name>
 
     <properties>
         <project.root.basedir>${project.basedir}/..</project.root.basedir>
@@ -69,13 +69,13 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>2.13.0</version>
+            <version>2.23.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.assertj</groupId>
             <artifactId>assertj-core</artifactId>
-            <version>3.9.1</version>
+            <version>3.11.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>

server/pom.xml

@@ -80,35 +80,8 @@
                     </execution>
                 </executions>
                 <configuration>
-                    <outputFile>${project.build.directory}/classes/attribution.xml</outputFile>
+                    <outputFile>${project.build.directory}/classes/server-attribution.xml</outputFile>
                     <dependencyOverrides>
-                        <dependencyOverride>
-                            <forDependency>org.apache.axis:axis</forDependency>
-                            <projectUrl>https://axis.apache.org/axis/</projectUrl>
-                            <license>
-                                <name>Apache License, Version 2.0</name>
-                                <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-                            </license>
-                        </dependencyOverride>
-                        <dependencyOverride>
-                            <forDependency>net.iharder:base64</forDependency>
-                            <license>
-                                <name>Public Domain (any license you desire)</name>
-                                <url>http://iharder.sourceforge.net/current/java/base64/</url>
-                            </license>
-                        </dependencyOverride>
-                        <dependencyOverride>
-                            <forDependency>javax.xml:jaxrpc-api</forDependency>
-                            <projectUrl>https://java.net/projects/jax-rpc/</projectUrl>
-                            <license>
-                                <name>CDDL-1.0</name>
-                                <url>https://opensource.org/licenses/cddl1.php</url>
-                            </license>
-                        </dependencyOverride>
-                        <dependencyOverride>
-                            <forDependency>org.hamcrest:hamcrest-core</forDependency>
-                            <projectUrl>http://hamcrest.org/JavaHamcrest/</projectUrl>
-                        </dependencyOverride>
                         <dependencyOverride>
                             <forDependency>jaxen:jaxen</forDependency>
                             <license>
@@ -223,13 +196,13 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>2.21.0</version>
+            <version>2.23.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.assertj</groupId>
             <artifactId>assertj-core</artifactId>
-            <version>3.10.0</version>
+            <version>3.11.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -296,7 +269,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-text</artifactId>
-            <version>1.4</version>
+            <version>1.6</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
@@ -338,11 +311,6 @@
             <artifactId>log4j</artifactId>
             <version>1.2.17</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.axis</groupId>
-            <artifactId>axis</artifactId>
-            <version>1.4</version>
-        </dependency>
         <dependency>
             <groupId>org.jasig.cas.client</groupId>
             <artifactId>cas-client-core</artifactId>
@@ -363,11 +331,6 @@
             <artifactId>bcpkix-jdk15on</artifactId>
             <version>1.60</version>
         </dependency>
-        <dependency>
-            <groupId>javax.xml</groupId>
-            <artifactId>jaxrpc-api</artifactId>
-            <version>1.1</version>
-        </dependency>
         <dependency>
             <groupId>jaxen</groupId>
             <artifactId>jaxen</artifactId>

server/src/main/java/password/pwm/http/PwmSession.java

@@ -267,9 +267,10 @@ public class PwmSession implements Serializable
 
         if ( pwmRequest != null )
         {
+
             final String nonceCookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_NONCE_NAME );
-            pwmRequest.getPwmResponse().removeCookie( nonceCookieName, PwmHttpResponseWrapper.CookiePath.Application );
             pwmRequest.setAttribute( PwmRequestAttribute.CookieNonce, null );
+            pwmRequest.getPwmResponse().removeCookie( nonceCookieName, PwmHttpResponseWrapper.CookiePath.Application );
 
             try
             {
@@ -377,6 +378,7 @@ public class PwmSession implements Serializable
             nonce = pwmRequest.readCookie( cookieName );
         }
 
+        boolean newNonce = false;
         if ( nonce == null || nonce.length() < length )
         {
             // random value
@@ -386,6 +388,7 @@ public class PwmSession implements Serializable
             final String prefix = Long.toString( System.currentTimeMillis(), Character.MAX_RADIX );
 
             nonce = random + prefix;
+            newNonce = true;
         }
 
         final PwmSecurityKey securityKey = pwmRequest.getConfig().getSecurityKey();
@@ -393,8 +396,11 @@ public class PwmSession implements Serializable
         final String hashValue = pwmRequest.getPwmApplication().getSecureService().hash( concatValue );
         final PwmSecurityKey pwmSecurityKey = new PwmSecurityKey( hashValue );
 
-        pwmRequest.setAttribute( PwmRequestAttribute.CookieNonce, nonce );
-        pwmRequest.getPwmResponse().writeCookie( cookieName, nonce, -1, PwmHttpResponseWrapper.CookiePath.Application );
+        if ( newNonce )
+        {
+            pwmRequest.setAttribute( PwmRequestAttribute.CookieNonce, nonce );
+            pwmRequest.getPwmResponse().writeCookie( cookieName, nonce, -1, PwmHttpResponseWrapper.CookiePath.Application );
+        }
 
         return pwmSecurityKey;
     }

server/src/main/java/password/pwm/http/filter/AuthenticationFilter.java

@@ -322,6 +322,12 @@ public class AuthenticationFilter extends AbstractPwmFilter
             return;
         }
 
+        if ( pwmRequest.isJsonRequest() )
+        {
+            pwmRequest.respondWithError( new ErrorInformation( PwmError.ERROR_AUTHENTICATION_REQUIRED ) );
+            return;
+        }
+
         //user is not authenticated so forward to LoginPage.
         LOGGER.trace( pwmSession.getLabel(),
                 "user requested resource requiring authentication (" + req.getRequestURI()

server/src/main/java/password/pwm/util/java/XmlUtil.java

@@ -42,6 +42,7 @@ import java.io.Reader;
 import java.io.Writer;
 import java.nio.charset.Charset;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
@@ -119,40 +120,44 @@ public class XmlUtil
 
     public static List<DependencyInfo> getLicenseInfos( ) throws PwmUnrecoverableException
     {
+        final List<String> attributionFiles = Arrays.asList( "/server-attribution.xml", "/webapp-attribution.xml" );
         final List<DependencyInfo> returnList = new ArrayList<>();
 
-        final InputStream attributionInputStream = XmlUtil.class.getResourceAsStream( "/attribution.xml" );
-
-        if ( attributionInputStream != null )
+        for ( final String attributionFile : attributionFiles )
         {
-            final Document document = XmlUtil.parseXml( attributionInputStream );
-            final Element dependencies = document.getRootElement().getChild( "dependencies" );
+            final InputStream attributionInputStream = XmlUtil.class.getResourceAsStream( attributionFile );
 
-            for ( final Element dependency : dependencies.getChildren( "dependency" ) )
+            if ( attributionInputStream != null )
             {
-                final String projectUrl = dependency.getChildText( "projectUrl" );
-                final String name = dependency.getChildText( "name" );
-                final String artifactId = dependency.getChildText( "artifactId" );
-                final String version = dependency.getChildText( "version" );
-                final String type = dependency.getChildText( "type" );
+                final Document document = XmlUtil.parseXml( attributionInputStream );
+                final Element dependencies = document.getRootElement().getChild( "dependencies" );
 
-                final List<LicenseInfo> licenseInfos = new ArrayList<>();
+                for ( final Element dependency : dependencies.getChildren( "dependency" ) )
                 {
-                    final Element licenses = dependency.getChild( "licenses" );
-                    final List<Element> licenseList = licenses.getChildren( "license" );
-                    for ( final Element license : licenseList )
+                    final String projectUrl = dependency.getChildText( "projectUrl" );
+                    final String name = dependency.getChildText( "name" );
+                    final String artifactId = dependency.getChildText( "artifactId" );
+                    final String version = dependency.getChildText( "version" );
+                    final String type = dependency.getChildText( "type" );
+
+                    final List<LicenseInfo> licenseInfos = new ArrayList<>();
                     {
-                        final String licenseUrl = license.getChildText( "url" );
-                        final String licenseName = license.getChildText( "name" );
-                        final LicenseInfo licenseInfo = new LicenseInfo( licenseUrl, licenseName );
-                        licenseInfos.add( licenseInfo );
+                        final Element licenses = dependency.getChild( "licenses" );
+                        final List<Element> licenseList = licenses.getChildren( "license" );
+                        for ( final Element license : licenseList )
+                        {
+                            final String licenseUrl = license.getChildText( "url" );
+                            final String licenseName = license.getChildText( "name" );
+                            final LicenseInfo licenseInfo = new LicenseInfo( licenseUrl, licenseName );
+                            licenseInfos.add( licenseInfo );
+                        }
                     }
-                }
 
-                final DependencyInfo dependencyInfo = new DependencyInfo( projectUrl, name, artifactId, version, type,
-                        Collections.unmodifiableList( licenseInfos ) );
+                    final DependencyInfo dependencyInfo = new DependencyInfo( projectUrl, name, artifactId, version, type,
+                            Collections.unmodifiableList( licenseInfos ) );
 
-                returnList.add( dependencyInfo );
+                    returnList.add( dependencyInfo );
+                }
             }
         }
         return Collections.unmodifiableList( returnList );

server/src/main/resources/password/pwm/i18n/PwmSetting.properties

@@ -393,7 +393,7 @@ Setting_Description_helpdesk.displayName=Specify the display name you use to ide
 Setting_Description_helpdesk.displayName.cardLabels=Specify the display labels for the user panel in the Help Desk Search detail.  You can use LDAP attribute value such as <code>@LDAP\:givenName@</code> macros.
 Setting_Description_helpdesk.enable=Enable this option to enable the Help Desk module.
 Setting_Description_helpdesk.enablePhotos=Enable photos in helpdesk search screen 
-Setting_Description_helpdesk.enableUnlock=Enable this option to enable the Help Desk module users to unlock an intruder LDAP locked account.
+Setting_Description_helpdesk.enableUnlock=Enable this option to enable the Help Desk module users to unlock an LDAP intruder locked account.
 Setting_Description_helpdesk.enforcePasswordPolicy=Enable this option to require that the passwords set by Help Desk must meet the same password policy that normally constrains the user.
 Setting_Description_helpdesk.filter=Specify the LDAP search filter to query the directory.  Substitute <i>%USERNAME%</i> for user supplied user name.  If not specified, @PwmAppName@ auto calculates a search filter based on the Help Desk Search Results.<p>Examples<ul><li>Edirectory\: <code>(&(objectClass\=Person)(|((cn\=*%USERNAME%*)(uid\=*%USERNAME%*)(givenName\=*%USERNAME%*)(sn\=*%USERNAME%*))))</code></li><li>Active Directory\: <code>(&(objectClass\=Person)(|((cn\=*%USERNAME%*)(uid\=*%USERNAME%*)(sAMAccountName\=*%USERNAME%*)(userprincipalname\=*%USERNAME%*)(givenName\=*%USERNAME%*)(sn\=*%USERNAME%*))))</code></li></ul>
 Setting_Description_helpdesk.forcePwExpiration=Enable this option to force the system to expire the password for the users when the help desk operator sets a user's password.

webapp/pom.xml

@@ -155,6 +155,42 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <!-- creates the classes directory early in the build so the attribution plugin doesn't fail -->
+                <artifactId>maven-antrun-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>generate-sources</id>
+                        <phase>generate-sources</phase>
+                        <configuration>
+                            <tasks>
+                                <mkdir dir="${project.build.directory}/classes"/>
+                            </tasks>
+                        </configuration>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <!-- builds xml file of dependencies and licenses for use in about page -->
+                <groupId>com.github.jinnovations</groupId>
+                <artifactId>attribution-maven-plugin</artifactId>
+                <version>0.9.5</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>generate-attribution-file</goal>
+                        </goals>
+                        <phase>generate-resources</phase>
+                    </execution>
+                </executions>
+                <configuration>
+                    <outputFile>${project.build.directory}/classes/webapp-attribution.xml</outputFile>
+                </configuration>
+            </plugin>
         </plugins>
     </build>