code reorg

src/main/java/password/pwm/AppProperty.java

@@ -201,6 +201,7 @@ public enum     AppProperty {
     NMAS_THREADS_MIN_SECONDS                        ("nmas.threads.minSeconds"),
     NMAS_THREADS_MAX_SECONDS                        ("nmas.threads.maxSeconds"),
     NMAS_THREADS_WATCHDOG_FREQUENCY                 ("nmas.threads.watchdogFrequencyMs"),
+    NMAS_THREADS_WATCHDOG_DEBUG                     ("nmas.threads.watchdogDebug"),
     NMAS_IGNORE_NMASCR_DURING_FORCECHECK            ("nmas.ignoreNmasCrDuringForceSetupCheck"),
     NMAS_USE_LOCAL_SASL_FACTORY                     ("nmas.useLocalSaslFactory"),
     NMAS_FORCE_SASL_FACTORY_REGISTRATION            ("nmas.forceSaslFactoryRegistration"),

src/main/java/password/pwm/PwmConstants.java

@@ -23,7 +23,6 @@
 package password.pwm;
 
 import org.apache.commons.csv.CSVFormat;
-import password.pwm.bean.SessionLabel;
 import password.pwm.util.java.JsonUtil;
 import password.pwm.util.secure.PwmBlockAlgorithm;
 import password.pwm.util.secure.PwmHashAlgorithm;
@@ -102,13 +101,6 @@ public abstract class PwmConstants {
     public static final int TRIAL_MAX_AUTHENTICATIONS = 100;
     public static final int TRIAL_MAX_TOTAL_AUTH = 10000;
 
-    public static final String SESSION_LABEL_SESSION_ID = "#";
-    public static final SessionLabel REPORTING_SESSION_LABEL = new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"reporting",null,null);
-    public static final SessionLabel HEALTH_SESSION_LABEL = new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"health",null,null);
-    public static final SessionLabel CLI_SESSION_LABEL= new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"cli",null,null);
-    public static final SessionLabel TOKEN_SESSION_LABEL = new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"token",null,null);
-    public static final SessionLabel PW_EXP_NOTICE_LABEL = new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"pwExpireNotice",null,null);
-
 
     public static final int DATABASE_ACCESSOR_KEY_LENGTH = Integer.parseInt(readPwmConstantsBundle("databaseAccessor.keyLength"));
 

src/main/java/password/pwm/PwmEnvironment.java

@@ -157,8 +157,8 @@ public class PwmEnvironment {
         this.internalRuntimeInstance = internalRuntimeInstance;
         this.configurationFile = configurationFile;
         this.contextManager = contextManager;
-        this.flags = flags == null ? Collections.<ApplicationFlag>emptySet() : Collections.unmodifiableSet(new HashSet<>(flags));
-        this.parameters = parameters == null ? Collections.<ApplicationParameter, String>emptyMap() : Collections.unmodifiableMap(parameters);
+        this.flags = flags == null ? Collections.emptySet() : Collections.unmodifiableSet(new HashSet<>(flags));
+        this.parameters = parameters == null ? Collections.emptyMap() : Collections.unmodifiableMap(parameters);
 
         this.fileLocker = new FileLocker();
 

src/main/java/password/pwm/bean/EmailItemBean.java

@@ -22,60 +22,23 @@
 
 package password.pwm.bean;
 
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
 import java.io.Serializable;
 
+@Getter
+@AllArgsConstructor
 public class EmailItemBean implements Serializable {
-    private String to;
-    private String from;
-    private String subject;
-    private String bodyPlain;
-    private String bodyHtml;
-
-
-    // --------------------------- CONSTRUCTORS ---------------------------
-    private EmailItemBean() {
-    }
-
-    public EmailItemBean(
-            final String to,
-            final String from,
-            final String subject,
-            final String bodyPlain,
-            final String bodyHtml
-    ) {
-        this.to = to;
-        this.from = from;
-        this.subject = subject;
-        this.bodyPlain = bodyPlain;
-        this.bodyHtml = bodyHtml;
-    }
-
-// --------------------- GETTER / SETTER METHODS ---------------------
-
-    public String getBodyPlain() {
-        return bodyPlain;
-    }
-
-    public String getFrom() {
-        return from;
-    }
-
-    public String getSubject() {
-        return subject;
-    }
-
-    public String getTo() {
-        return to;
-    }
-
-    public String getBodyHtml() {
-        return bodyHtml;
-    }
+    private final String to;
+    private final String from;
+    private final String subject;
+    private final String bodyPlain;
+    private final String bodyHtml;
 
     public String toString() {
         final StringBuilder sb = new StringBuilder();
         sb.append("from: ").append(from).append(", to: ").append(to).append(", subject: ").append(subject);
         return sb.toString();
     }
-
 }

src/main/java/password/pwm/bean/FormNonce.java

@@ -23,10 +23,14 @@
 package password.pwm.bean;
 
 import com.google.gson.annotations.SerializedName;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
 
 import java.io.Serializable;
 import java.time.Instant;
 
+@Getter
+@AllArgsConstructor
 public class FormNonce implements Serializable {
 
     @SerializedName("g")
@@ -40,27 +44,4 @@ public class FormNonce implements Serializable {
 
     @SerializedName("p")
     private final String payload;
-
-    public FormNonce(final String sessionGUID, final Instant timestamp, final int reqCounter, final String payload) {
-        this.sessionGUID = sessionGUID;
-        this.timestamp = timestamp;
-        this.reqCounter = reqCounter;
-        this.payload = payload;
-    }
-
-    public String getSessionGUID() {
-        return sessionGUID;
-    }
-
-    public Instant getTimestamp() {
-        return timestamp;
-    }
-
-    public int getRequestID() {
-        return reqCounter;
-    }
-
-    public String getPayload() {
-        return payload;
-    }
 }

src/main/java/password/pwm/bean/PrivateKeyCertificate.java

@@ -22,24 +22,16 @@
 
 package password.pwm.bean;
 
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
 import java.io.Serializable;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 
+@Getter
+@AllArgsConstructor
 public class PrivateKeyCertificate implements Serializable {
     private final X509Certificate[] certificates;
     private final PrivateKey key;
-
-    public PrivateKeyCertificate(final X509Certificate[] certificates, final PrivateKey key) {
-        this.certificates = certificates;
-        this.key = key;
-    }
-
-    public X509Certificate[] getCertificates() {
-        return certificates;
-    }
-
-    public PrivateKey getKey() {
-        return key;
-    }
 }

src/main/java/password/pwm/bean/SessionLabel.java

@@ -22,10 +22,21 @@
 
 package password.pwm.bean;
 
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
 import java.io.Serializable;
 
+@Getter
+@AllArgsConstructor
 public class SessionLabel implements Serializable {
     public static final SessionLabel SYSTEM_LABEL = null;
+    public static final String SESSION_LABEL_SESSION_ID = "#";
+    public static final SessionLabel PW_EXP_NOTICE_LABEL = new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"pwExpireNotice",null,null);
+    public static final SessionLabel TOKEN_SESSION_LABEL = new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"token",null,null);
+    public static final SessionLabel CLI_SESSION_LABEL= new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"cli",null,null);
+    public static final SessionLabel HEALTH_SESSION_LABEL = new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"health",null,null);
+    public static final SessionLabel REPORTING_SESSION_LABEL = new SessionLabel(SESSION_LABEL_SESSION_ID ,null,"reporting",null,null);
 
     private final String sessionID;
     private final UserIdentity userIdentity;
@@ -33,40 +44,6 @@ public class SessionLabel implements Serializable {
     private final String srcAddress;
     private final String srcHostname;
 
-    public SessionLabel(final String sessionID, final UserIdentity userIdentity, final String username, final String srcAddress, final String srcHostname)
-    {
-        this.sessionID = sessionID;
-        this.userIdentity = userIdentity;
-        this.username = username;
-        this.srcAddress = srcAddress;
-        this.srcHostname = srcHostname;
-    }
-
-    public String getSessionID()
-    {
-        return sessionID;
-    }
-
-    public String getUsername()
-    {
-        return username;
-    }
-
-    public UserIdentity getUserIdentity()
-    {
-        return userIdentity;
-    }
-
-    public String getSrcAddress()
-    {
-        return srcAddress;
-    }
-
-    public String getSrcHostname()
-    {
-        return srcHostname;
-    }
-    
     public String toString() {
         if (this.getSessionID() == null || this.getSessionID().isEmpty()) {
             return "";

src/main/java/password/pwm/bean/SmsItemBean.java

@@ -23,37 +23,19 @@
 package password.pwm.bean;
 
 
+import lombok.AllArgsConstructor;
+import lombok.Getter;
 import password.pwm.util.java.JsonUtil;
 
 import java.io.Serializable;
 
+@Getter
+@AllArgsConstructor
 public class SmsItemBean implements Serializable {
-    private String to;
-    private String message;
+    private final String to;
+    private final String message;
 
-    // --------------------------- CONSTRUCTORS ---------------------------
-    public SmsItemBean(
-            final String to,
-            final String message
-    ) {
-        this.to = to;
-        this.message = message;
-    }
-
-// --------------------- GETTER / SETTER METHODS ---------------------
-
-    public String getMessage() {
-        return message;
-    }
 
-    public void setMessage(final String message) {
-        this.message = message;
-    }
-
-    public String getTo() {
-        return to;
-    }
-    
     public String toString() {
         return "SMS Item: " + JsonUtil.serialize(this);
     }

src/main/java/password/pwm/bean/StatsPublishBean.java

@@ -22,19 +22,24 @@
 
 package password.pwm.bean;
 
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
 import java.io.Serializable;
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 
+@Getter
+@AllArgsConstructor
 public class StatsPublishBean implements Serializable {
-    private String instanceID;
-    private Instant timestamp;
-    private Map<String,String> totalStatistics;
-    private List<String> configuredSettings;
-    private String versionBuild;
-    private String versionVersion;
-    private Map<String,String> otherInfo;
+    private final String instanceID;
+    private final Instant timestamp;
+    private final Map<String,String> totalStatistics;
+    private final List<String> configuredSettings;
+    private final String versionBuild;
+    private final String versionVersion;
+    private final Map<String,String> otherInfo;
 
     public enum KEYS {
         SITE_URL,
@@ -42,53 +47,4 @@ public class StatsPublishBean implements Serializable {
         INSTALL_DATE,
         LDAP_VENDOR
     }
-
-    public StatsPublishBean() {
-    }
-
-    public StatsPublishBean(
-            final String instanceID,
-            final Instant timestamp,
-            final Map<String, String> totalStatistics,
-            final List<String> configuredSettings,
-            final String versionBuild,
-            final String versionVersion,
-            final Map<String,String> otherInfo
-    ) {
-        this.instanceID = instanceID;
-        this.timestamp = timestamp;
-        this.totalStatistics = totalStatistics;
-        this.configuredSettings = configuredSettings;
-        this.versionBuild = versionBuild;
-        this.versionVersion = versionVersion;
-        this.otherInfo = otherInfo;
-    }
-
-    public String getInstanceID() {
-        return instanceID;
-    }
-
-    public Instant getTimestamp() {
-        return timestamp;
-    }
-
-    public Map<String, String> getTotalStatistics() {
-        return totalStatistics;
-    }
-
-    public List<String> getConfiguredSettings() {
-        return configuredSettings;
-    }
-
-    public String getVersionBuild() {
-        return versionBuild;
-    }
-
-    public String getVersionVersion() {
-        return versionVersion;
-    }
-
-    public Map<String, String> getOtherInfo() {
-        return otherInfo;
-    }
 }

src/main/java/password/pwm/health/ApplianceStatusChecker.java

@@ -24,8 +24,8 @@ package password.pwm.health;
 
 import org.apache.commons.io.FileUtils;
 import password.pwm.PwmApplication;
-import password.pwm.PwmConstants;
 import password.pwm.PwmEnvironment;
+import password.pwm.bean.SessionLabel;
 import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
 import password.pwm.error.PwmOperationalException;
@@ -69,7 +69,7 @@ public class ApplianceStatusChecker implements HealthChecker {
         try {
             healthRecords.addAll(readApplianceHealthStatus(pwmApplication));
         } catch (Exception e) {
-            LOGGER.error(PwmConstants.HEALTH_SESSION_LABEL, "error communicating with client " + e.getMessage());
+            LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error communicating with client " + e.getMessage());
         }
 
         return healthRecords;
@@ -85,11 +85,11 @@ public class ApplianceStatusChecker implements HealthChecker {
                 .setPromiscuous(true)
                 .create();
 
-        final PwmHttpClient pwmHttpClient = new PwmHttpClient(pwmApplication, PwmConstants.HEALTH_SESSION_LABEL, pwmHttpClientConfiguration);
+        final PwmHttpClient pwmHttpClient = new PwmHttpClient(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, pwmHttpClientConfiguration);
         final PwmHttpClientRequest pwmHttpClientRequest = new PwmHttpClientRequest(HttpMethod.GET, url, null, requestHeaders);
         final PwmHttpClientResponse response = pwmHttpClient.makeRequest(pwmHttpClientRequest);
 
-        LOGGER.trace(PwmConstants.HEALTH_SESSION_LABEL, "https response from appliance server request: " + response.getBody());
+        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "https response from appliance server request: " + response.getBody());
 
         final String jsonString = response.getBody();
 
@@ -139,7 +139,7 @@ public class ApplianceStatusChecker implements HealthChecker {
         final String port = pwmApplication.getPwmEnvironment().getParameters().get(PwmEnvironment.ApplicationParameter.AppliancePort);
 
         final String url = "https://" + hostname + ":" + port + "/sspr/appliance-update-status";
-        LOGGER.trace(PwmConstants.HEALTH_SESSION_LABEL, "calculated appliance host url as: " + url);
+        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "calculated appliance host url as: " + url);
         return url;
     }
 

src/main/java/password/pwm/health/ConfigurationChecker.java

@@ -26,6 +26,7 @@ import password.pwm.AppProperty;
 import password.pwm.PwmApplication;
 import password.pwm.PwmApplicationMode;
 import password.pwm.PwmConstants;
+import password.pwm.bean.SessionLabel;
 import password.pwm.config.Configuration;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.PwmSettingSyntax;
@@ -101,7 +102,7 @@ public class ConfigurationChecker implements HealthChecker {
                         HealthRecord.forMessage(HealthMessage.Config_NoSiteURL, PwmSetting.PWM_SITE_URL.toMenuLocationDebug(null,locale)));
             }
         } catch (PwmException e) {
-            LOGGER.error(PwmConstants.HEALTH_SESSION_LABEL,"error while inspecting site URL setting: " + e.getMessage());
+            LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL,"error while inspecting site URL setting: " + e.getMessage());
         }
 
         if (config.readSettingAsBoolean(PwmSetting.LDAP_ENABLE_WIRE_TRACE)) {
@@ -163,7 +164,7 @@ public class ConfigurationChecker implements HealthChecker {
                                             setting.toMenuLocationDebug(null,locale), String.valueOf(strength)));
                                 }
                             } catch (Exception e) {
-                                LOGGER.error(PwmConstants.HEALTH_SESSION_LABEL,"error while inspecting setting "
+                                LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL,"error while inspecting setting "
                                         + setting.toMenuLocationDebug(null,locale) +  ", error: " + e.getMessage());
                             }
                         }
@@ -181,7 +182,7 @@ public class ConfigurationChecker implements HealthChecker {
                                 String.valueOf(strength)));
                     }
                 } catch (PwmException e) {
-                    LOGGER.error(PwmConstants.HEALTH_SESSION_LABEL,"error while inspecting setting " + setting.toMenuLocationDebug(profile.getIdentifier(),locale) +  ", error: " + e.getMessage());
+                    LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL,"error while inspecting setting " + setting.toMenuLocationDebug(profile.getIdentifier(),locale) +  ", error: " + e.getMessage());
                 }
             }
         }

src/main/java/password/pwm/health/LDAPStatusChecker.java

@@ -38,6 +38,7 @@ import password.pwm.AppProperty;
 import password.pwm.PwmApplication;
 import password.pwm.PwmConstants;
 import password.pwm.bean.PasswordStatus;
+import password.pwm.bean.SessionLabel;
 import password.pwm.bean.UserIdentity;
 import password.pwm.bean.UserInfoBean;
 import password.pwm.config.Configuration;
@@ -165,7 +166,7 @@ public class LDAPStatusChecker implements HealthChecker {
             try {
 
                 chaiProvider = LdapOperationsHelper.createChaiProvider(
-                        PwmConstants.HEALTH_SESSION_LABEL,
+                        SessionLabel.HEALTH_SESSION_LABEL,
                         ldapProfile,
                         config,
                         proxyUserDN,
@@ -182,7 +183,7 @@ public class LDAPStatusChecker implements HealthChecker {
                 return returnRecords;
             } catch (Throwable e) {
                 final String msgString = e.getMessage();
-                LOGGER.trace(PwmConstants.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
+                LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
                 returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected,
                         PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE),
                         msgString
@@ -200,7 +201,7 @@ public class LDAPStatusChecker implements HealthChecker {
                 return returnRecords;
             }
 
-            LOGGER.trace(PwmConstants.HEALTH_SESSION_LABEL, "beginning process to check ldap test user password read/write operations for profile " + ldapProfile.getIdentifier());
+            LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning process to check ldap test user password read/write operations for profile " + ldapProfile.getIdentifier());
             try {
                 final boolean readPwdEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_USER_PWD)
                         && theUser.getChaiProvider().getDirectoryVendor() == ChaiProvider.DIRECTORY_VENDOR.NOVELL_EDIRECTORY;
@@ -209,7 +210,7 @@ public class LDAPStatusChecker implements HealthChecker {
                     try {
                         theUser.readPassword();
                     } catch (Exception e) {
-                        LOGGER.debug(PwmConstants.HEALTH_SESSION_LABEL, "error reading user password from directory " + e.getMessage());
+                        LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "error reading user password from directory " + e.getMessage());
                         returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserReadPwError,
                                 PwmSetting.EDIRECTORY_READ_USER_PWD.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE),
                                 PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE),
@@ -229,27 +230,27 @@ public class LDAPStatusChecker implements HealthChecker {
                     if (minLifetimeSeconds > 0) {
                         final Instant pwdLastModified = PasswordUtility.determinePwdLastModified(
                                 pwmApplication,
-                                PwmConstants.HEALTH_SESSION_LABEL,
+                                SessionLabel.HEALTH_SESSION_LABEL,
                                 userIdentity
                         );
 
 
                         final PasswordStatus passwordStatus;
                         {
-                            final UserStatusReader userStatusReader = new UserStatusReader(pwmApplication, PwmConstants.HEALTH_SESSION_LABEL);
+                            final UserStatusReader userStatusReader = new UserStatusReader(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL);
                             passwordStatus = userStatusReader.readPasswordStatus(theUser, passwordPolicy, null, null);
                         }
 
                         try {
                             PasswordUtility.checkIfPasswordWithinMinimumLifetime(
                                     theUser,
-                                    PwmConstants.HEALTH_SESSION_LABEL,
+                                    SessionLabel.HEALTH_SESSION_LABEL,
                                     passwordPolicy,
                                     pwdLastModified,
                                     passwordStatus
                             );
                         } catch (PwmException e) {
-                            LOGGER.trace(PwmConstants.HEALTH_SESSION_LABEL, "skipping test user password set: " + e.getMessage());
+                            LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "skipping test user password set: " + e.getMessage());
                             doPasswordChange = false;
                         }
                     }
@@ -257,7 +258,7 @@ public class LDAPStatusChecker implements HealthChecker {
                         final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(null, passwordPolicy, pwmApplication);
                         try {
                             theUser.setPassword(newPassword.getStringValue());
-                            LOGGER.debug(PwmConstants.HEALTH_SESSION_LABEL, "set random password on test user " + userIdentity.toDisplayString());
+                            LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "set random password on test user " + userIdentity.toDisplayString());
                         } catch (ChaiException e) {
                             returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserWritePwError,
                                     PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE),
@@ -270,7 +271,7 @@ public class LDAPStatusChecker implements HealthChecker {
                 }
             } catch (Exception e) {
                 final String msg = "error setting test user password: " + JavaHelper.readHostileExceptionMessage(e);
-                LOGGER.error(PwmConstants.HEALTH_SESSION_LABEL, msg, e);
+                LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, msg, e);
                 returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected,
                         PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE),
                         msg
@@ -283,7 +284,7 @@ public class LDAPStatusChecker implements HealthChecker {
                 final UserStatusReader.Settings readerSettings = new UserStatusReader.Settings();
                 final UserStatusReader userStatusReader = new UserStatusReader(
                         pwmApplication,
-                        PwmConstants.HEALTH_SESSION_LABEL,
+                        SessionLabel.HEALTH_SESSION_LABEL,
                         readerSettings
                 );
                 userStatusReader.populateUserInfoBean(
@@ -322,7 +323,7 @@ public class LDAPStatusChecker implements HealthChecker {
             ChaiProvider chaiProvider = null;
             try {
                 chaiProvider = LdapOperationsHelper.createChaiProvider(
-                        PwmConstants.HEALTH_SESSION_LABEL,
+                        SessionLabel.HEALTH_SESSION_LABEL,
                         config,
                         ldapProfile,
                         Collections.singletonList(loopURL),
@@ -366,7 +367,7 @@ public class LDAPStatusChecker implements HealthChecker {
                 if (proxyPW == null) {
                     return Collections.singletonList(new HealthRecord(HealthStatus.WARN,HealthTopic.LDAP,"Missing Proxy User Password"));
                 }
-                chaiProvider = LdapOperationsHelper.createChaiProvider(PwmConstants.HEALTH_SESSION_LABEL,ldapProfile,config,proxyDN,proxyPW);
+                chaiProvider = LdapOperationsHelper.createChaiProvider(SessionLabel.HEALTH_SESSION_LABEL,ldapProfile,config,proxyDN,proxyPW);
                 final ChaiEntry adminEntry = ChaiFactory.createChaiEntry(proxyDN,chaiProvider);
                 adminEntry.isValid();
                 directoryVendor = chaiProvider.getDirectoryVendor();
@@ -497,7 +498,7 @@ public class LDAPStatusChecker implements HealthChecker {
             return (List<HealthRecord>)healthProperties.get(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck);
         }
 
-        LOGGER.trace(PwmConstants.HEALTH_SESSION_LABEL,"beginning check for replica vendor sameness");
+        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL,"beginning check for replica vendor sameness");
         boolean errorReachingServer = false;
         final Map<String,ChaiProvider.DIRECTORY_VENDOR> replicaVendorMap = new HashMap<>();
 
@@ -515,7 +516,7 @@ public class LDAPStatusChecker implements HealthChecker {
             }
         } catch (Exception e) {
             errorReachingServer = true;
-            LOGGER.error(PwmConstants.HEALTH_SESSION_LABEL,"error during replica vendor sameness check: " + e.getMessage());
+            LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL,"error during replica vendor sameness check: " + e.getMessage());
         }
 
         final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
@@ -534,7 +535,7 @@ public class LDAPStatusChecker implements HealthChecker {
             // cache the error
             healthProperties.put(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck, healthRecords);
 
-            LOGGER.warn(PwmConstants.HEALTH_SESSION_LABEL,"multiple ldap vendors found: " + vendorMsg.toString());
+            LOGGER.warn(SessionLabel.HEALTH_SESSION_LABEL,"multiple ldap vendors found: " + vendorMsg.toString());
         } else if (discoveredVendors.size() == 1) {
             if (!errorReachingServer) {
                 // cache the no errors
@@ -558,7 +559,7 @@ public class LDAPStatusChecker implements HealthChecker {
             return (List<HealthRecord>)healthProperties.get(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck);
         }
 
-        LOGGER.trace(PwmConstants.HEALTH_SESSION_LABEL,"beginning check for ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") support");
+        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL,"beginning check for ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") support");
         boolean errorReachingServer = false;
         final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
 
@@ -588,7 +589,7 @@ public class LDAPStatusChecker implements HealthChecker {
             }
         } catch (Exception e) {
             errorReachingServer = true;
-            LOGGER.error(PwmConstants.HEALTH_SESSION_LABEL,
+            LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL,
                     "error during ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") check: " + e.getMessage());
         }
 

src/main/java/password/pwm/http/tag/conditional/PwmIfOptions.java

@@ -22,36 +22,17 @@
 
 package password.pwm.http.tag.conditional;
 
+import lombok.AllArgsConstructor;
+import lombok.Getter;
 import password.pwm.Permission;
 import password.pwm.config.PwmSetting;
 import password.pwm.http.PwmRequestFlag;
 
+@Getter
+@AllArgsConstructor
 class PwmIfOptions {
-    private boolean negate;
-    private Permission permission;
-    private PwmSetting pwmSetting;
-    private PwmRequestFlag requestFlag;
-
-    PwmIfOptions(final boolean negate, final PwmSetting pwmSetting, final Permission permission, final PwmRequestFlag pwmRequestFlag) {
-        this.negate = negate;
-        this.permission = permission;
-        this.pwmSetting = pwmSetting;
-        this.requestFlag = pwmRequestFlag;
-    }
-
-    public boolean isNegate() {
-        return negate;
-    }
-
-    public Permission getPermission() {
-        return permission;
-    }
-
-    public PwmRequestFlag getRequestFlag() {
-        return requestFlag;
-    }
-
-    public PwmSetting getPwmSetting() {
-        return pwmSetting;
-    }
+    private final boolean negate;
+    private final Permission permission;
+    private final PwmSetting pwmSetting;
+    private final PwmRequestFlag requestFlag;
 }

src/main/java/password/pwm/http/tag/conditional/PwmIfTag.java

@@ -86,7 +86,7 @@ public class PwmIfTag extends BodyTagSupport {
                     final PwmIfTest testEnum = test;
                     if (testEnum != null) {
                         try {
-                            final PwmIfOptions options = new PwmIfOptions(negate, setting, permission, requestFlag);
+                            final PwmIfOptions options = new PwmIfOptions(negate, permission, setting, requestFlag);
                             showBody = testEnum.passed(pwmRequest, options);
                         } catch (ChaiUnavailableException e) {
                             LOGGER.error("error testing jsp if '" + testEnum.toString() + "', error: " + e.getMessage());

src/main/java/password/pwm/svc/pwnotify/PasswordExpireNotificationEngine.java

@@ -62,7 +62,7 @@ public class PasswordExpireNotificationEngine {
 
     private static final PwmLogger LOGGER = PwmLogger.forClass(PasswordExpireNotificationEngine.class);
 
-    private static final SessionLabel SESSION_LABEL = PwmConstants.PW_EXP_NOTICE_LABEL;
+    private static final SessionLabel SESSION_LABEL = SessionLabel.PW_EXP_NOTICE_LABEL;
 
     private final Settings settings;
     private final PwmApplication pwmApplication;

src/main/java/password/pwm/svc/report/ReportService.java

@@ -28,6 +28,7 @@ import com.novell.ldapchai.provider.ChaiProvider;
 import password.pwm.PwmApplication;
 import password.pwm.PwmApplicationMode;
 import password.pwm.PwmConstants;
+import password.pwm.bean.SessionLabel;
 import password.pwm.bean.UserIdentity;
 import password.pwm.bean.UserInfoBean;
 import password.pwm.config.PwmSetting;
@@ -112,13 +113,13 @@ public class ReportService implements PwmService {
         this.pwmApplication = pwmApplication;
 
         if (pwmApplication.getApplicationMode() == PwmApplicationMode.READ_ONLY) {
-            LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL,"application mode is read-only, will remain closed");
+            LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL,"application mode is read-only, will remain closed");
             status = STATUS.CLOSED;
             return;
         }
 
         if (pwmApplication.getLocalDB() == null || LocalDB.Status.OPEN != pwmApplication.getLocalDB().status()) {
-            LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL,"LocalDB is not open, will remain closed");
+            LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL,"LocalDB is not open, will remain closed");
             status = STATUS.CLOSED;
             return;
         }
@@ -127,7 +128,7 @@ public class ReportService implements PwmService {
             userCacheService = new UserCacheService();
             userCacheService.init(pwmApplication);
         } catch (Exception e) {
-            LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL,"unable to init cache service");
+            LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL,"unable to init cache service");
             status = STATUS.CLOSED;
             return;
         }
@@ -172,7 +173,7 @@ public class ReportService implements PwmService {
         try {
             pwmApplication.writeAppAttribute(PwmApplication.AppAttribute.REPORT_STATUS, reportStatus);
         } catch (Exception e) {
-            LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL,"error writing cached report dredge info into memory: " + e.getMessage());
+            LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL,"error writing cached report dredge info into memory: " + e.getMessage());
         }
     }
 
@@ -199,7 +200,7 @@ public class ReportService implements PwmService {
                 {
                     executorService.execute(new ClearTask());
                     executorService.execute(new ReadLDAPTask());
-                    LOGGER.trace(PwmConstants.REPORTING_SESSION_LABEL,"submitted new ldap dredge task to executorService");
+                    LOGGER.trace(SessionLabel.REPORTING_SESSION_LABEL,"submitted new ldap dredge task to executorService");
                 }
             }
             break;
@@ -283,10 +284,10 @@ public class ReportService implements PwmService {
                         returnBean = userCacheService.readStorageKey(key);
                         if (returnBean != null) {
                             if (returnBean.getCacheTimestamp() == null) {
-                                LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL,"purging record due to missing cache timestamp: " + JsonUtil.serialize(returnBean));
+                                LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL,"purging record due to missing cache timestamp: " + JsonUtil.serialize(returnBean));
                                 userCacheService.removeStorageKey(key);
                             } else if (TimeDuration.fromCurrent(returnBean.getCacheTimestamp()).isLongerThan(settings.getMaxCacheAge())) {
-                                LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL,"purging record due to old age timestamp: " + JsonUtil.serialize(returnBean));
+                                LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL,"purging record due to old age timestamp: " + JsonUtil.serialize(returnBean));
                                 userCacheService.removeStorageKey(key);
                             } else {
                                 return returnBean;
@@ -368,11 +369,11 @@ public class ReportService implements PwmService {
                 if (e instanceof PwmException) {
                     if (((PwmException) e).getErrorInformation().getError() == PwmError.ERROR_DIRECTORY_UNAVAILABLE) {
                         if (executorService != null) {
-                            LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL, "directory unavailable error during background SearchLDAP, will retry; error: " + e.getMessage());
+                            LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL, "directory unavailable error during background SearchLDAP, will retry; error: " + e.getMessage());
                             executorService.schedule(new ReadLDAPTask(), 10, TimeUnit.MINUTES);
                         }
                     } else {
-                        LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL, "error during background ReadData: " + e.getMessage());
+                        LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL, "error during background ReadData: " + e.getMessage());
                     }
                 }
             } finally {
@@ -391,7 +392,7 @@ public class ReportService implements PwmService {
 
             final Iterator<UserIdentity> memQueue = LdapOperationsHelper.readAllUsersFromLdap(
                     pwmApplication,
-                    PwmConstants.REPORTING_SESSION_LABEL,
+                    SessionLabel.REPORTING_SESSION_LABEL,
                     settings.getSearchFilter(),
                     settings.getMaxSearchSize()
             );
@@ -432,11 +433,11 @@ public class ReportService implements PwmService {
                 if (e instanceof PwmException) {
                     if (((PwmException) e).getErrorInformation().getError() == PwmError.ERROR_DIRECTORY_UNAVAILABLE) {
                         if (executorService != null) {
-                            LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL, "directory unavailable error during background ReadData, will retry; error: " + e.getMessage());
+                            LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL, "directory unavailable error during background ReadData, will retry; error: " + e.getMessage());
                             executorService.schedule(new ProcessWorkQueueTask(), 10, TimeUnit.MINUTES);
                         }
                     } else {
-                        LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL, "error during background ReadData: " + e.getMessage());
+                        LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL, "error during background ReadData: " + e.getMessage());
                     }
                 }
             } finally {
@@ -447,7 +448,7 @@ public class ReportService implements PwmService {
         private void processWorkQueue()
                 throws ChaiUnavailableException, ChaiOperationException, PwmOperationalException, PwmUnrecoverableException
         {
-            LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL, "beginning process to updating user cache records from ldap");
+            LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL, "beginning process to updating user cache records from ldap");
             if (status != STATUS.OPEN) {
                 return;
             }
@@ -467,17 +468,17 @@ public class ReportService implements PwmService {
             final Lock updateTimeLock = new ReentrantLock();
 
             try {
-                LOGGER.trace(PwmConstants.REPORTING_SESSION_LABEL, "about to begin ldap processing with thread count of " + threadCount);
+                LOGGER.trace(SessionLabel.REPORTING_SESSION_LABEL, "about to begin ldap processing with thread count of " + threadCount);
                 final BlockingThreadPool threadService = new BlockingThreadPool(threadCount, "reporting-thread");
                 while (status == STATUS.OPEN && !dnQueue.isEmpty() && !cancelFlag) {
                     final UserIdentity userIdentity = UserIdentity.fromDelimitedKey(dnQueue.poll());
                     if (pwmApplication.getConfig().isDevDebugMode()) {
-                        LOGGER.trace(PwmConstants.REPORTING_SESSION_LABEL, "submit " + Instant.now().toString()
+                        LOGGER.trace(SessionLabel.REPORTING_SESSION_LABEL, "submit " + Instant.now().toString()
                                 + " size=" + threadService.getQueue().size());
                     }
                     threadService.blockingSubmit(() -> {
                         if (pwmApplication.getConfig().isDevDebugMode()) {
-                            LOGGER.trace(PwmConstants.REPORTING_SESSION_LABEL, "start " + Instant.now().toString()
+                            LOGGER.trace(SessionLabel.REPORTING_SESSION_LABEL, "start " + Instant.now().toString()
                                     + " size=" + threadService.getQueue().size());
                         }
                         try {
@@ -504,18 +505,18 @@ public class ReportService implements PwmService {
                             errorMsg += e instanceof PwmException ? ((PwmException) e).getErrorInformation().toDebugStr() : e.getMessage();
                             final ErrorInformation errorInformation;
                             errorInformation = new ErrorInformation(PwmError.ERROR_REPORTING_ERROR,errorMsg);
-                            LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL,errorInformation.toDebugStr(), e);
+                            LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL,errorInformation.toDebugStr(), e);
                             reportStatus.setLastError(errorInformation);
                             reportStatus.setErrors(reportStatus.getErrors() + 1);
                         }
                         if (pwmApplication.getConfig().isDevDebugMode()) {
-                            LOGGER.trace(PwmConstants.REPORTING_SESSION_LABEL, "finish " + Instant.now().toString()
+                            LOGGER.trace(SessionLabel.REPORTING_SESSION_LABEL, "finish " + Instant.now().toString()
                                     + " size=" + threadService.getQueue().size());
                         }
                     });
                 }
                 if (pwmApplication.getConfig().isDevDebugMode()) {
-                    LOGGER.trace(PwmConstants.REPORTING_SESSION_LABEL, "exit " + Instant.now().toString()
+                    LOGGER.trace(SessionLabel.REPORTING_SESSION_LABEL, "exit " + Instant.now().toString()
                             + " size=" + threadService.getQueue().size());
                 }
 
@@ -528,7 +529,7 @@ public class ReportService implements PwmService {
                 reportStatus.setFinishDate(Instant.now());
                 saveTempData();
             }
-            LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL,"update user cache process completed: " + JsonUtil.serialize(reportStatus));
+            LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL,"update user cache process completed: " + JsonUtil.serialize(reportStatus));
         }
 
 
@@ -549,7 +550,7 @@ public class ReportService implements PwmService {
             final UserInfoBean userInfoBean = new UserInfoBean();
             final UserStatusReader.Settings readerSettings = new UserStatusReader.Settings();
             final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
-            final UserStatusReader userStatusReader = new UserStatusReader(pwmApplication,PwmConstants.REPORTING_SESSION_LABEL,readerSettings);
+            final UserStatusReader userStatusReader = new UserStatusReader(pwmApplication, SessionLabel.REPORTING_SESSION_LABEL,readerSettings);
             userStatusReader.populateUserInfoBean(
                     userInfoBean,
                     PwmConstants.DEFAULT_LOCALE,
@@ -561,7 +562,7 @@ public class ReportService implements PwmService {
             userCacheService.store(newUserCacheRecord);
             summaryData.update(newUserCacheRecord);
 
-            LOGGER.trace(PwmConstants.REPORTING_SESSION_LABEL,"stored cache for " + userIdentity);
+            LOGGER.trace(SessionLabel.REPORTING_SESSION_LABEL,"stored cache for " + userIdentity);
         }
     }
 
@@ -584,7 +585,7 @@ public class ReportService implements PwmService {
 
             try (ClosableIterator<UserCacheRecord> iterator = iterator()) {
                 final int totalRecords = userCacheService.size();
-                LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL, "beginning cache review process of " + totalRecords + " records");
+                LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL, "beginning cache review process of " + totalRecords + " records");
                 Instant lastLogOutputTime = Instant.now();
 
                 while (!cancelFlag && iterator.hasNext() && status == STATUS.OPEN) {
@@ -598,14 +599,14 @@ public class ReportService implements PwmService {
 
                     if (TimeDuration.fromCurrent(lastLogOutputTime).isLongerThan(30, TimeUnit.SECONDS)) {
                         final TimeDuration progressDuration = TimeDuration.fromCurrent(startTime);
-                        LOGGER.trace(PwmConstants.REPORTING_SESSION_LABEL,
+                        LOGGER.trace(SessionLabel.REPORTING_SESSION_LABEL,
                                 "cache review process in progress, examined " + examinedRecords
                                         + " in " + progressDuration.asCompactString());
                         lastLogOutputTime = Instant.now();
                     }
                 }
                 final TimeDuration totalTime = TimeDuration.fromCurrent(startTime);
-                LOGGER.info(PwmConstants.REPORTING_SESSION_LABEL,
+                LOGGER.info(SessionLabel.REPORTING_SESSION_LABEL,
                         "completed cache review process of " + examinedRecords
                                 + " cached report records in " + totalTime.asCompactString());
             }
@@ -626,7 +627,7 @@ public class ReportService implements PwmService {
             try {
                 initTempData();
             } catch (LocalDBException | PwmUnrecoverableException e) {
-                LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL, "error during initialization: " + e.getMessage());
+                LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL, "error during initialization: " + e.getMessage());
                 status = STATUS.CLOSED;
                 return;
             }
@@ -649,17 +650,17 @@ public class ReportService implements PwmService {
             try {
                 reportStatus = pwmApplication.readAppAttribute(PwmApplication.AppAttribute.REPORT_STATUS, ReportStatusInfo.class);
             } catch (Exception e) {
-                LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL,"error loading cached report status info into memory: " + e.getMessage());
+                LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL,"error loading cached report status info into memory: " + e.getMessage());
             }
 
             boolean clearFlag = false;
             if (reportStatus == null) {
                 clearFlag = true;
-                LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL,"report service did not close cleanly, will clear data.");
+                LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL,"report service did not close cleanly, will clear data.");
             } else {
                 final String currentSettingCache = settings.getSettingsHash();
                 if (reportStatus.getSettingsHash() != null && !reportStatus.getSettingsHash().equals(currentSettingCache)) {
-                    LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL, "configuration has changed, will clear cached report data");
+                    LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL, "configuration has changed, will clear cached report data");
                     clearFlag = true;
                 }
             }
@@ -677,20 +678,20 @@ public class ReportService implements PwmService {
             try {
                 doClear();
             } catch (LocalDBException | PwmUnrecoverableException e) {
-                LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL, "error during clear operation: " + e.getMessage());
+                LOGGER.error(SessionLabel.REPORTING_SESSION_LABEL, "error during clear operation: " + e.getMessage());
             }
         }
 
         private void doClear() throws LocalDBException, PwmUnrecoverableException {
             final Instant startTime = Instant.now();
-            LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL,"clearing cached report data");
+            LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL,"clearing cached report data");
             clearWorkQueue();
             if (userCacheService != null) {
                 userCacheService.clear();
             }
             summaryData = ReportSummaryData.newSummaryData(settings.getTrackDays());
             reportStatus = new ReportStatusInfo(settings.getSettingsHash());
-            LOGGER.debug(PwmConstants.REPORTING_SESSION_LABEL,"finished clearing report " + TimeDuration.fromCurrent(startTime).asCompactString());
+            LOGGER.debug(SessionLabel.REPORTING_SESSION_LABEL,"finished clearing report " + TimeDuration.fromCurrent(startTime).asCompactString());
         }
     }
 }

src/main/java/password/pwm/svc/token/CryptoTokenMachine.java

@@ -29,7 +29,7 @@ import password.pwm.util.java.ClosableIterator;
 
 class CryptoTokenMachine implements TokenMachine {
 
-    private TokenService tokenService;
+    private final TokenService tokenService;
 
     CryptoTokenMachine(final TokenService tokenService)
             throws PwmOperationalException

src/main/java/password/pwm/util/Validator.java

@@ -98,7 +98,7 @@ public class Validator {
                         submittedPwmFormID,
                         FormNonce.class
                 );
-                final String submittedRequestVerificationKey = String.valueOf(formNonce.getRequestID());
+                final String submittedRequestVerificationKey = String.valueOf(formNonce.getReqCounter());
                 if (!requestVerificationKey.equals(submittedRequestVerificationKey)) {
                     final String debugMsg = "expectedPageID=" + requestVerificationKey
                             + ", submittedPageID=" + submittedRequestVerificationKey

src/main/java/password/pwm/util/cli/commands/ConfigLockCommand.java

@@ -22,7 +22,7 @@
 
 package password.pwm.util.cli.commands;
 
-import password.pwm.PwmConstants;
+import password.pwm.bean.SessionLabel;
 import password.pwm.config.stored.ConfigurationProperty;
 import password.pwm.config.stored.ConfigurationReader;
 import password.pwm.config.stored.StoredConfigurationImpl;
@@ -40,7 +40,7 @@ public class ConfigLockCommand extends AbstractCliCommand {
         }
 
         storedConfiguration.writeConfigProperty(ConfigurationProperty.CONFIG_IS_EDITABLE,Boolean.toString(false));
-        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), PwmConstants.CLI_SESSION_LABEL);
+        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), SessionLabel.CLI_SESSION_LABEL);
         out("success");
     }
 

src/main/java/password/pwm/util/cli/commands/ConfigResetHttpsCommand.java

@@ -22,7 +22,7 @@
 
 package password.pwm.util.cli.commands;
 
-import password.pwm.PwmConstants;
+import password.pwm.bean.SessionLabel;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.PwmSettingCategory;
 import password.pwm.config.stored.ConfigurationReader;
@@ -53,7 +53,7 @@ public class ConfigResetHttpsCommand
         for (final PwmSetting setting : PwmSettingCategory.HTTPS_SERVER.getSettings()) {
             storedConfiguration.resetSetting(setting,null,null);
         }
-        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), PwmConstants.CLI_SESSION_LABEL);
+        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), SessionLabel.CLI_SESSION_LABEL);
         out("success");
     }
 

src/main/java/password/pwm/util/cli/commands/ConfigSetPasswordCommand.java

@@ -22,7 +22,7 @@
 
 package password.pwm.util.cli.commands;
 
-import password.pwm.PwmConstants;
+import password.pwm.bean.SessionLabel;
 import password.pwm.config.stored.ConfigurationReader;
 import password.pwm.config.stored.StoredConfigurationImpl;
 import password.pwm.util.cli.CliParameters;
@@ -38,7 +38,7 @@ public class ConfigSetPasswordCommand extends AbstractCliCommand {
         final StoredConfigurationImpl storedConfiguration = configurationReader.getStoredConfiguration();
         final String password = getOptionalPassword();
         storedConfiguration.setPassword(password);
-        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), PwmConstants.CLI_SESSION_LABEL);
+        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), SessionLabel.CLI_SESSION_LABEL);
         out("success");
     }
 

src/main/java/password/pwm/util/cli/commands/ConfigUnlockCommand.java

@@ -22,7 +22,7 @@
 
 package password.pwm.util.cli.commands;
 
-import password.pwm.PwmConstants;
+import password.pwm.bean.SessionLabel;
 import password.pwm.config.stored.ConfigurationProperty;
 import password.pwm.config.stored.ConfigurationReader;
 import password.pwm.config.stored.StoredConfigurationImpl;
@@ -40,7 +40,7 @@ public class ConfigUnlockCommand extends AbstractCliCommand {
         }
         
         storedConfiguration.writeConfigProperty(ConfigurationProperty.CONFIG_IS_EDITABLE,Boolean.toString(true));
-        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), PwmConstants.CLI_SESSION_LABEL);
+        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), SessionLabel.CLI_SESSION_LABEL);
         out("success");
     }
 

src/main/java/password/pwm/util/cli/commands/ImportHttpsKeyStoreCommand.java

@@ -22,7 +22,7 @@
 
 package password.pwm.util.cli.commands;
 
-import password.pwm.PwmConstants;
+import password.pwm.bean.SessionLabel;
 import password.pwm.config.stored.ConfigurationReader;
 import password.pwm.config.stored.StoredConfigurationImpl;
 import password.pwm.util.PasswordData;
@@ -76,7 +76,7 @@ public class ImportHttpsKeyStoreCommand extends AbstractCliCommand {
             return;
         }
 
-        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), PwmConstants.CLI_SESSION_LABEL);
+        configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), SessionLabel.CLI_SESSION_LABEL);
         out("success");
     }
 

src/main/java/password/pwm/util/cli/commands/TokenInfoCommand.java

@@ -23,7 +23,7 @@
 package password.pwm.util.cli.commands;
 
 import password.pwm.PwmApplication;
-import password.pwm.PwmConstants;
+import password.pwm.bean.SessionLabel;
 import password.pwm.svc.token.TokenPayload;
 import password.pwm.svc.token.TokenService;
 import password.pwm.util.cli.CliParameters;
@@ -44,7 +44,7 @@ public class TokenInfoCommand extends AbstractCliCommand {
         TokenPayload tokenPayload = null;
         Exception lookupError = null;
         try {
-            tokenPayload = tokenService.retrieveTokenData(PwmConstants.TOKEN_SESSION_LABEL, tokenKey);
+            tokenPayload = tokenService.retrieveTokenData(SessionLabel.TOKEN_SESSION_LABEL, tokenKey);
         } catch (Exception e) {
             lookupError = e;
         }

src/main/java/password/pwm/util/operations/cr/NMASCrOperator.java

@@ -217,7 +217,8 @@ public class NMASCrOperator implements CrOperator {
                     LOGGER.debug("starting NMASCrOperator watchdog timer, maxIdleThreadTime=" + maxThreadIdleTime.asCompactString());
                     timer = new Timer(PwmConstants.PWM_APP_NAME + "-NMASCrOperator watchdog timer",true);
                     final long frequency = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.NMAS_THREADS_WATCHDOG_FREQUENCY));
-                    timer.schedule(new ThreadWatchdogTask(),frequency,frequency);
+                    final boolean debugOutput = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.NMAS_THREADS_WATCHDOG_DEBUG));
+                    timer.schedule(new ThreadWatchdogTask(debugOutput),frequency,frequency);
                 }
             }
         }
@@ -833,9 +834,20 @@ public class NMASCrOperator implements CrOperator {
     }
 
     private class ThreadWatchdogTask extends TimerTask {
+
+        private final boolean debugOutput;
+
+        ThreadWatchdogTask(final boolean debugOutput)
+        {
+            this.debugOutput = debugOutput;
+        }
+
         @Override
         public void run() {
-            logThreadInfo();
+            if (debugOutput) {
+                logThreadInfo();
+            }
+
             final List<NMASSessionThread> threads = new ArrayList<>(sessionMonitorThreads);
             for (final NMASSessionThread thread : threads) {
                 final TimeDuration idleTime = TimeDuration.fromCurrent(thread.getLastActivityTimestamp());

src/main/java/password/pwm/util/queue/SmsQueueManager.java

@@ -172,24 +172,26 @@ public class SmsQueueManager implements PwmService {
     public void addSmsToQueue(final SmsItemBean smsItem)
             throws PwmUnrecoverableException
     {
-        shortenMessageIfNeeded(smsItem);
-        if (!determineIfItemCanBeDelivered(smsItem)) {
+        final SmsItemBean shortenedBean = shortenMessageIfNeeded(smsItem);
+        if (!determineIfItemCanBeDelivered(shortenedBean)) {
             return;
         }
 
         try {
-            workQueueProcessor.submit(smsItem);
+            workQueueProcessor.submit(shortenedBean);
         } catch (Exception e) {
             LOGGER.error("error writing to LocalDB queue, discarding sms send request: " + e.getMessage());
         }
     }
 
-    protected void shortenMessageIfNeeded(final SmsItemBean smsItem) throws PwmUnrecoverableException {
+    SmsItemBean shortenMessageIfNeeded(final SmsItemBean smsItem) throws PwmUnrecoverableException {
         final Boolean shorten = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.SMS_USE_URL_SHORTENER);
         if (shorten) {
             final String message = smsItem.getMessage();
-            smsItem.setMessage(pwmApplication.getUrlShortener().shortenUrlInText(message));
+            final String shortenedMessage = pwmApplication.getUrlShortener().shortenUrlInText(message);
+            return new SmsItemBean(smsItem.getTo(), shortenedMessage);
         }
+        return smsItem;
     }
 
     public static boolean smsIsConfigured(final Configuration config) {

src/main/resources/password/pwm/AppProperty.properties

@@ -188,6 +188,7 @@ nmas.threads.maxCount=500
 nmas.threads.minSeconds=1800
 nmas.threads.maxSeconds=3000
 nmas.threads.watchdogFrequencyMs=1000
+nmas.threads.watchdogDebug=false
 nmas.ignoreNmasCrDuringForceSetupCheck=false
 nmas.useLocalSaslFactory=true
 nmas.forceSaslFactoryRegistration=true