- allow new user profile selection by url

- fix improper use of ldap connection proxy bind with eDir

pwm/servlet/src/password/pwm/PwmConstants.java

@@ -166,6 +166,7 @@ public abstract class PwmConstants {
         ForgottenPasswordPrompts,
         ForgottenPasswordInstructions,
 
+        NewUser_FormShowBackButton,
     }
 
 

pwm/servlet/src/password/pwm/config/profile/PwmPasswordPolicy.java

@@ -239,7 +239,10 @@ public class PwmPasswordPolicy implements Profile,Serializable {
         }
 
         final ChaiPasswordPolicy backingPolicy = this.chaiPasswordPolicy != null ? chaiPasswordPolicy : otherPolicy.chaiPasswordPolicy;
-        return createPwmPasswordPolicy(newPasswordPolicies, backingPolicy);
+        final PwmPasswordPolicy returnPolicy = createPwmPasswordPolicy(newPasswordPolicies, backingPolicy);
+        final String newRuleText = (ruleText != null && !ruleText.isEmpty()) ? ruleText : otherPolicy.ruleText;
+        returnPolicy.setRuleText(newRuleText);
+        return returnPolicy;
     }
 
     protected static String mergeMin(final String value1, final String value2) {

pwm/servlet/src/password/pwm/event/DatabaseUserHistory.java

@@ -55,12 +55,20 @@ class DatabaseUserHistory implements UserHistoryStore {
 
     @Override
     public void updateUserHistory(UserAuditRecord auditRecord) throws PwmUnrecoverableException {
-        final UserIdentity targetUserDN = new UserIdentity(auditRecord.getPerpetratorDN(),auditRecord.getPerpetratorLdapProfile());
+        // user info
+        final UserIdentity userIdentity;
+        if (auditRecord instanceof HelpdeskAuditRecord && auditRecord.getType() == AuditEvent.Type.HELPDESK) {
+            final HelpdeskAuditRecord helpdeskAuditRecord = (HelpdeskAuditRecord)auditRecord;
+            userIdentity = new UserIdentity(helpdeskAuditRecord.getTargetDN(),helpdeskAuditRecord.getTargetLdapProfile());
+        } else {
+            userIdentity = new UserIdentity(auditRecord.getPerpetratorDN(),auditRecord.getPerpetratorLdapProfile());
+        }
+
         final String guid;
         try {
-            guid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, null, targetUserDN, false);
+            guid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, null, userIdentity, false);
         } catch (ChaiUnavailableException e) {
-            LOGGER.error("unable to read guid for user '" + targetUserDN + "', cannot update user history, error: " + e.getMessage());
+            LOGGER.error("unable to read guid for user '" + userIdentity + "', cannot update user history, error: " + e.getMessage());
             return;
         }
 

pwm/servlet/src/password/pwm/event/LdapXmlUserHistory.java

@@ -89,7 +89,13 @@ class LdapXmlUserHistory implements UserHistoryStore, Serializable {
             throws PwmUnrecoverableException, ChaiUnavailableException
     {
         // user info
-        final UserIdentity userIdentity = new UserIdentity(auditRecord.getPerpetratorDN(),auditRecord.getPerpetratorLdapProfile());
+        final UserIdentity userIdentity;
+        if (auditRecord instanceof HelpdeskAuditRecord && auditRecord.getType() == AuditEvent.Type.HELPDESK) {
+            final HelpdeskAuditRecord helpdeskAuditRecord = (HelpdeskAuditRecord)auditRecord;
+            userIdentity = new UserIdentity(helpdeskAuditRecord.getTargetDN(),helpdeskAuditRecord.getTargetLdapProfile());
+        } else {
+            userIdentity = new UserIdentity(auditRecord.getPerpetratorDN(),auditRecord.getPerpetratorLdapProfile());
+        }
         final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
 
         // settings

pwm/servlet/src/password/pwm/http/PwmRequest.java

@@ -597,6 +597,11 @@ public class PwmRequest extends PwmHttpRequestWrapper implements Serializable {
         return ServletHelper.appendAndEncodeUrlParameters(req.getRequestURI(), readParametersAsMap());
     }
 
+    public String getURLwithoutQueryString() throws PwmUnrecoverableException {
+        final HttpServletRequest req = this.getHttpServletRequest();
+        return req.getRequestURI();
+    }
+
     private void checkRequestInstanceNonce() {
         final String cookieName = getConfig().readAppProperty(AppProperty.HTTP_COOKIE_INSTANCE_GUID_NAME);
         final String cookieValue = readCookie(cookieName);

pwm/servlet/src/password/pwm/http/bean/NewUserBean.java

@@ -46,6 +46,7 @@ public class NewUserBean implements PwmSessionBean {
     private NewUserVerificationPhase verificationPhase = NewUserVerificationPhase.NONE;
     private Date createStartTime;
     private NewUserServlet.Page currentPage;
+    private boolean urlSpecifiedProfile;
 
     public static class NewUserForm implements Serializable {
         private Map<FormConfiguration,String> formData;
@@ -211,4 +212,12 @@ public class NewUserBean implements PwmSessionBean {
     public void setCurrentPage(NewUserServlet.Page currentPage) {
         this.currentPage = currentPage;
     }
+
+    public boolean isUrlSpecifiedProfile() {
+        return urlSpecifiedProfile;
+    }
+
+    public void setUrlSpecifiedProfile(boolean urlSpecifiedProfile) {
+        this.urlSpecifiedProfile = urlSpecifiedProfile;
+    }
 }

pwm/servlet/src/password/pwm/http/servlet/NewUserServlet.java

@@ -132,6 +132,7 @@ public class NewUserServlet extends AbstractPwmServlet {
         }
     }
 
+
     protected void processAction(final PwmRequest pwmRequest)
             throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException
     {
@@ -146,15 +147,20 @@ public class NewUserServlet extends AbstractPwmServlet {
             return;
         }
 
-        // convert a url command like /pwm/public/NewUserServlet/12321321 to redirect with a process action.
+        final NewUserBean newUserBean = pwmSession.getNewUserBean();
+
+        // convert a url command like /public/newuser/profile/xxx to set profile.
+        if (readProfileFromUrl(pwmRequest, newUserBean)) {
+            return;
+        }
+
+        // convert a url command like /public/newuser/12321321 to redirect with a process action.
         if (action == null) {
             if (pwmRequest.convertURLtokenCommand()) {
                 return;
             }
         }
 
-        final NewUserBean newUserBean = pwmSession.getNewUserBean();
-
         if (action != null) {
             switch (action) {
                 case checkProgress:
@@ -240,7 +246,7 @@ public class NewUserServlet extends AbstractPwmServlet {
         newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmSession.getSessionStateBean().getLocale());//
 
         if (newUserBean.getNewUserForm() == null) {
-            forwardToFormPage(pwmRequest);
+            forwardToFormPage(pwmRequest, newUserBean);
             return;
         }
 
@@ -283,7 +289,7 @@ public class NewUserServlet extends AbstractPwmServlet {
         }
 
         if (!newUserBean.isFormPassed()) {
-            forwardToFormPage(pwmRequest);
+            forwardToFormPage(pwmRequest, newUserBean);
         }
 
         // success so create the new user.
@@ -303,6 +309,28 @@ public class NewUserServlet extends AbstractPwmServlet {
         }
     }
 
+    protected boolean readProfileFromUrl(final PwmRequest pwmRequest, final NewUserBean newUserBean) throws ChaiUnavailableException, PwmUnrecoverableException, ServletException, IOException {
+        final String PROFILE_URL_SEGMENT = "/profile/";
+        final String uriRemainder = PwmServletDefinition.NewUser.uriRemainder(pwmRequest);
+
+        if (uriRemainder.startsWith(PROFILE_URL_SEGMENT)) {
+            final String requestedProfile = uriRemainder.substring(PROFILE_URL_SEGMENT.length(), uriRemainder.length());
+            final Collection<String> profileIDs = pwmRequest.getConfig().getNewUserProfiles().keySet();
+            if (profileIDs.contains(requestedProfile)) {
+                LOGGER.debug(pwmRequest, "detected profile on request uri: " + requestedProfile);
+                newUserBean.setProfileID(requestedProfile);
+                newUserBean.setUrlSpecifiedProfile(true);
+                pwmRequest.sendRedirect(PwmServletDefinition.NewUser);
+                return true;
+            } else {
+                final String errorMsg = "unknown requested new user profile";
+                LOGGER.debug(pwmRequest, errorMsg + ": " + requestedProfile);
+                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE));
+            }
+        }
+        return false;
+    }
+
 
     protected static void restValidateForm(
             final PwmRequest pwmRequest
@@ -466,8 +494,8 @@ public class NewUserServlet extends AbstractPwmServlet {
         if (requestedProfileID == null || requestedProfileID.isEmpty()) {
             newUserBean.setProfileID(null);
         } if (profileIDs.contains(requestedProfileID)) {
-            newUserBean.setProfileID(requestedProfileID);
-        }
+        newUserBean.setProfileID(requestedProfileID);
+    }
 
         this.advancedToNextStage(pwmRequest, newUserBean);
     }
@@ -487,7 +515,7 @@ public class NewUserServlet extends AbstractPwmServlet {
             this.advancedToNextStage(pwmRequest, newUserBean);
         } catch (PwmOperationalException e) {
             pwmRequest.setResponseError(e.getErrorInformation());
-            forwardToFormPage(pwmRequest);
+            forwardToFormPage(pwmRequest, newUserBean);
         }
     }
 
@@ -1194,11 +1222,18 @@ public class NewUserServlet extends AbstractPwmServlet {
         return pwmRequest.getConfig().getNewUserProfiles().get(profileID);
     }
 
-    void forwardToFormPage(final PwmRequest pwmRequest)
+    void forwardToFormPage(final PwmRequest pwmRequest, final NewUserBean newUserBean)
             throws ServletException, PwmUnrecoverableException, IOException
     {
         final List<FormConfiguration> formConfiguration = getFormDefinition(pwmRequest);
         pwmRequest.addFormInfoToRequestAttr(formConfiguration, null, false, true);
+
+        {
+            final boolean showBack = !newUserBean.isUrlSpecifiedProfile()
+                    && pwmRequest.getConfig().getNewUserProfiles().keySet().size() > 1;
+            pwmRequest.setAttribute(PwmConstants.REQUEST_ATTR.NewUser_FormShowBackButton, showBack);
+        }
+
         pwmRequest.forwardToJsp(PwmConstants.JSP_URL.NEW_USER);
     }
 }

pwm/servlet/src/password/pwm/http/servlet/PwmServletDefinition.java

@@ -25,6 +25,7 @@ package password.pwm.http.servlet;
 import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
 import password.pwm.error.PwmUnrecoverableException;
+import password.pwm.http.PwmRequest;
 import password.pwm.http.servlet.configmanager.ConfigManagerServlet;
 import password.pwm.http.servlet.configmanager.ConfigManagerWordlistServlet;
 
@@ -98,4 +99,17 @@ public enum PwmServletDefinition {
         throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN,"missing WebServlet annotation for class " + this.getClass().getName()));
     }
 
+    public String uriRemainder(PwmRequest pwmRequest) throws PwmUnrecoverableException {
+        String uri = pwmRequest.getURLwithoutQueryString();
+        if (uri.startsWith(pwmRequest.getContextPath())) {
+            uri = uri.substring(pwmRequest.getContextPath().length(), uri.length());
+        }
+        for (final String servletUri : urlPatterns()) {
+            if (uri.startsWith(servletUri)) {
+                uri = uri.substring(servletUri.length(), uri.length());
+            }
+        }
+        return uri;
+    }
+
 }

pwm/servlet/src/password/pwm/i18n/ConfigEditor.properties

@@ -455,7 +455,7 @@ Setting_Description_password.policy.minimumUpperCase=Minimum amount of uppercase
 Setting_Description_password.policy.queryMatch=Settings here are used to determine if this password policy applies to a given user.  During login, if a previous policy has not yet been assigned to the user, the matches here are considered and if positive, the user will then be assigned this policy.
 Setting_Description_password.policy.regExMatch=A Regular Expression pattern the password must match in order to be allowed.  Multiple patterns can be listed.  A pattern must match the <i>entire</i> password to be applied.  A partial match is ignored.
 Setting_Description_password.policy.regExNoMatch=A Regular Expression pattern the password must <b>not</b> match in order to be allowed.  Multiple patterns can be listed.  A pattern must match the <i>entire</i> password to be applied.  A partial match is ignored.
-Setting_Description_password.policy.ruleText=Rules to display to user.  By default this is blank, and appropriate rule text will be auto-generated to show to the user.  However if this setting is configured, the text in this setting will replace the automatically generated rule text.  HTML tags are permitted.
+Setting_Description_password.policy.ruleText=When blank, an automatically generated rule list will be displayed to the user. The automated rule list may not be inclusive of all settings in the password policy. Some of the more esoteric or difficult to communicate rules will not appear in the automatically generated list.  This is done in an attempt to not overwhelm the user with having to read and parse the rules before attempting to change the password.  Should the user type a password that conflicts with such a rule - the per-keystroke rule checker will provide direct feedback to the user on how to correct the problem.<br/><br/>If the automatically generated rule list is not desired, it can be overridden by setting a value here.  HTML tags are permitted.
 Setting_Description_password.policy.source=This setting determines where password policy settings should be read from.  If <code>LDAP</code> is selected, an attempt to read the policy out of the ldap directory will be made, and many of the following settings could be ignored.  If <code>Local Config</code> is selected, the policy settings on this page are used, and any policy settings in the LDAP directory are ignored.  If <code>Merge</code> is selected, both policies are read, and where there is any conflict, The application will chose the most restrictive value of the policy.<br/><br/>The capability to read policy from LDAP is only available with some LDAP directory types.  <p>Additionally, the password policy used is only the "local" policy used by this application.  Upon a password set operation, the LDAP directory will typically enforce whatever policies are configured in the directory itself.
 Setting_Description_password.profile.list=List of Password Policy Profiles.  When multiple password policy profiles are configured, all profiles are evaluated in order to check if the setting <code>@PwmSettingReference\:password.policy.queryMatch@</code> matches the user.
 Setting_Description_password.require.form=Values required to be entered prior to password change.

pwm/servlet/src/password/pwm/ldap/auth/LDAPAuthenticationRequest.java

@@ -28,6 +28,7 @@ import com.novell.ldapchai.ChaiUser;
 import com.novell.ldapchai.exception.*;
 import com.novell.ldapchai.impl.oracleds.entry.OracleDSEntries;
 import com.novell.ldapchai.provider.ChaiProvider;
+import com.novell.ldapchai.provider.ChaiSetting;
 import password.pwm.PwmApplication;
 import password.pwm.PwmConstants;
 import password.pwm.bean.SessionLabel;
@@ -239,6 +240,7 @@ class LDAPAuthenticationRequest implements AuthenticationRequest {
         debugMsg.append(" (").append(TimeDuration.fromCurrent(startTime).asCompactString()).append(")");
         debugMsg.append(" type: ").append(returnAuthType).append(", using strategy ").append(strategy);
         debugMsg.append(", using proxy connection: ").append(useProxy);
+        debugMsg.append(", returning bind dn: ").append(returnProvider == null ? "none" : returnProvider.getChaiConfiguration().getSetting(ChaiSetting.BIND_DN));
         log(PwmLogLevel.INFO, debugMsg);
         pwmApplication.getAuditManager().submit(pwmApplication.getAuditManager().createUserAuditRecord(
                 AuditEvent.AUTHENTICATE,
@@ -485,7 +487,7 @@ class LDAPAuthenticationRequest implements AuthenticationRequest {
             throws ChaiUnavailableException, PwmUnrecoverableException
     {
         if (userProvider != null) {
-            return true;
+            return false;
         }
 
         final boolean authIsBindInhibit = authenticationType == AuthenticationType.AUTH_BIND_INHIBIT;

pwm/servlet/web/WEB-INF/jsp/login.jsp

@@ -76,7 +76,7 @@
                 <pwm:if test="forgottenUsernameEnabled">
                     <tr style="border:0">
                         <td style="border:0" class="menubutton_key">
-                            <a class="menubutton" id="Title_ForgottenUsername" href="<pwm:context/><pwm:url url='/public/ForgottenUsername'/>">
+                            <a class="menubutton" href="<pwm:url addContext="true" url='<%=PwmServletDefinition.ForgottenUsername.servletUrl()%>'/>">
                                 <pwm:if test="showIcons"><span class="btn-icon fa fa-unlock"></span></pwm:if>
                                 <pwm:display key="Title_ForgottenUsername"/>
                             </a>
@@ -89,7 +89,7 @@
                 <pwm:if test="activateUserEnabled">
                     <tr style="border:0">
                         <td style="border:0" class="menubutton_key">
-                            <a class="menubutton" id="Title_ActivateUser" href="<pwm:context/><pwm:url url='/public/ActivateUser'/>">
+                            <a class="menubutton" href="<pwm:url addContext="true" url='<%=PwmServletDefinition.ActivateUser.servletUrl()%>'/>">
                                 <pwm:if test="showIcons"><span class="btn-icon fa fa-graduation-cap"></span></pwm:if>
                                 <pwm:display key="Title_ActivateUser"/>
                             </a>
@@ -102,7 +102,7 @@
                 <pwm:if test="newUserRegistrationEnabled">
                     <tr style="border:0">
                         <td style="border:0" class="menubutton_key">
-                            <a class="menubutton" id="Title_NewUser" href="<pwm:context/><pwm:url url='/public/NewUser'/>">
+                            <a class="menubutton" href="<pwm:url addContext="true" url='<%=PwmServletDefinition.NewUser.servletUrl()%>'/>">
                                 <pwm:if test="showIcons"><span class="btn-icon fa fa-file-text-o"></span></pwm:if>
                                 <pwm:display key="Title_NewUser"/>
                             </a>

pwm/servlet/web/WEB-INF/jsp/newuser-agreement.jsp

@@ -1,3 +1,4 @@
+<%@ page import="password.pwm.http.servlet.PwmServletDefinition" %>
 <%--
   ~ Password Management Servlets (PWM)
   ~ http://code.google.com/p/pwm/
@@ -38,7 +39,7 @@
         <br/><br/>
         <div id="agreementText" class="agreementText"><%= expandedText %></div>
         <div class="buttonbar">
-            <form action="<pwm:url url='NewUser'/>" method="post" enctype="application/x-www-form-urlencoded" class="pwm-form">
+            <form action="<pwm:url url='<%=PwmServletDefinition.NewUser.servletUrlName()%>'/>" method="post" enctype="application/x-www-form-urlencoded" class="pwm-form">
                 <%-- remove the next line to remove the "I Agree" checkbox --%>
                 <label class="checkboxWrapper">
                     <input type="checkbox" id="agreeCheckBox"/>
@@ -53,7 +54,7 @@
             </form>
         </div>
         <div style="text-align: center">
-            <form action="<pwm:context/>/public/<pwm:url url='NewUser'/>" method="post"
+            <form action="<%=PwmServletDefinition.NewUser.servletUrlName()%>" method="post"
                   enctype="application/x-www-form-urlencoded">
                 <input type="hidden" name="processAction" value="reset"/>
                 <button type="submit" name="button" class="btn" id="button_reset">

pwm/servlet/web/WEB-INF/jsp/newuser-entercode.jsp

@@ -1,5 +1,6 @@
 <%@ page import="password.pwm.http.bean.NewUserBean" %>
 <%@ page import="password.pwm.http.servlet.NewUserServlet" %>
+<%@ page import="password.pwm.http.servlet.PwmServletDefinition" %>
 
 <%--
   ~ Password Management Servlets (PWM)
@@ -43,7 +44,7 @@
         <% } else if (newUserBean.getVerificationPhase() == NewUserBean.NewUserVerificationPhase.SMS) { %>
         <p><pwm:display key="Display_RecoverEnterCodeSMS" value1="<%=destination%>"/></p>
         <% } %>
-        <form action="<pwm:url url='NewUser'/>" method="post"
+        <form action="<%=PwmServletDefinition.NewUser.servletUrlName()%>" method="post"
               enctype="application/x-www-form-urlencoded" name="search" class="pwm-form">
             <%@ include file="fragment/message.jsp" %>
             <h2><label for="<%=PwmConstants.PARAM_TOKEN%>"><pwm:display key="Field_Code"/></label></h2>

pwm/servlet/web/WEB-INF/jsp/newuser-profilechoice.jsp

@@ -1,5 +1,6 @@
 <%@ page import="password.pwm.config.profile.NewUserProfile" %>
 <%@ page import="password.pwm.http.servlet.NewUserServlet" %>
+<%@ page import="password.pwm.http.servlet.PwmServletDefinition" %>
 <%@ page import="java.util.Map" %>
 <%--
   ~ Password Management Servlets (PWM)
@@ -49,7 +50,7 @@
             <% for (final NewUserProfile profile : newUserProfiles.values()) { %>
             <tr>
                 <td>
-                    <form action="<pwm:url url='NewUser'/>" method="post" class="pwm-form"
+                    <form action="<pwm:url url='<%=PwmServletDefinition.NewUser.servletUrlName()%>'/>" method="post" class="pwm-form"
                           enctype="application/x-www-form-urlencoded" name="search">
                         <button class="btn" type="submit" name="submitBtn">
                             <pwm:if test="showIcons"><span class="btn-icon fa fa-forward"></span></pwm:if>

pwm/servlet/web/WEB-INF/jsp/newuser-wait.jsp

@@ -1,5 +1,6 @@
 <%@ page import="password.pwm.error.PwmException" %>
 <%@ page import="password.pwm.http.servlet.NewUserServlet" %>
+<%@ page import="password.pwm.http.servlet.PwmServletDefinition" %>
 <%--
   ~ Password Management Servlets (PWM)
   ~ http://code.google.com/p/pwm/
@@ -42,7 +43,7 @@
         /* noop */
     }
 %>
-<meta http-equiv="refresh" content="<%=refreshSeconds%>;url=NewUser?processAction=complete&pwmFormID=<pwm:FormID/>">
+<meta http-equiv="refresh" content="<%=refreshSeconds%>;url=<%=PwmServletDefinition.NewUser.servletUrlName()%>?processAction=complete&pwmFormID=<pwm:FormID/>">
 <div id="wrapper">
 
     <jsp:include page="fragment/header-body.jsp">

pwm/servlet/web/WEB-INF/jsp/newuser.jsp

@@ -1,4 +1,5 @@
 <%@ page import="password.pwm.http.servlet.NewUserServlet" %>
+<%@ page import="password.pwm.http.servlet.PwmServletDefinition" %>
 <%--
   ~ Password Management Servlets (PWM)
   ~ http://code.google.com/p/pwm/
@@ -25,7 +26,6 @@
 <% JspUtility.setFlag(pageContext, PwmRequest.Flag.ALWAYS_EXPAND_MESSAGE_TEXT); %>
 <%@ page language="java" session="true" isThreadSafe="true" contentType="text/html" %>
 <%@ taglib uri="pwm" prefix="pwm" %>
-<% final PwmRequest pwmRequest = PwmRequest.forRequest(request,response); %>
 <html dir="<pwm:LocaleOrientation/>">
 <%@ include file="fragment/header.jsp" %>
 <body class="nihilo">
@@ -37,7 +37,7 @@
         <p><pwm:display key="Display_NewUser"/></p>
         <%@ include file="fragment/message.jsp" %>
         <br/>
-        <form action="<pwm:url url='NewUser'/>" method="post" name="newUser" enctype="application/x-www-form-urlencoded"
+        <form action="<pwm:url url='<%=PwmServletDefinition.NewUser.servletUrlName()%>'/>" method="post" name="newUser" enctype="application/x-www-form-urlencoded"
               id="newUserForm" class="pwm-form">
             <jsp:include page="fragment/form.jsp"/>
             <div class="buttonbar">
@@ -48,7 +48,7 @@
                 </button>
                 <input type="hidden" name="pwmFormID" value="<pwm:FormID/>"/>
 
-                <% if (pwmRequest.getConfig().getNewUserProfiles().keySet().size() > 1) { %>
+                <% if ((Boolean)JspUtility.getAttribute(pageContext, PwmConstants.REQUEST_ATTR.NewUser_FormShowBackButton)) { %>
                 <button type="button" id="button-goBack" name="button-goBack" class="btn" >
                     <pwm:if test="showIcons"><span class="btn-icon fa fa-backward"></span></pwm:if>
                     <pwm:display key="Button_GoBack"/>
@@ -70,10 +70,10 @@
         PWM_GLOBAL['startupFunctions'].push(function(){
             PWM_MAIN.addEventHandler('newUserForm','input',function(){PWM_NEWUSER.validateNewUserForm()});
             PWM_MAIN.addEventHandler('button-goBack', 'click',function() {
-                PWM_MAIN.submitPostAction('NewUser', '<%=NewUserServlet.NewUserAction.profileChoice%>');
+                PWM_MAIN.submitPostAction('<%=PwmServletDefinition.NewUser.servletUrlName()%>', '<%=NewUserServlet.NewUserAction.profileChoice%>');
             });
             PWM_MAIN.addEventHandler('button-cancel','click',function() {
-                PWM_MAIN.submitPostAction('NewUser', '<%=NewUserServlet.NewUserAction.reset%>');
+                PWM_MAIN.submitPostAction('<%=PwmServletDefinition.NewUser.servletUrlName()%>', '<%=NewUserServlet.NewUserAction.reset%>');
             });
         });
     </script>

pwm/servlet/web/public/index.jsp

@@ -1,4 +1,5 @@
 <%@ page import="password.pwm.http.JspUtility" %>
+<%@ page import="password.pwm.http.servlet.PwmServletDefinition" %>
 <%--
   ~ Password Management Servlets (PWM)
   ~ http://code.google.com/p/pwm/
@@ -49,7 +50,7 @@
             <% if (index_pwmRequest.getConfig() != null && index_pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.FORGOTTEN_PASSWORD_ENABLE)) { %>
             <tr>
                 <td class="menubutton_key">
-                    <a class="menubutton" id="Title_ForgottenPassword" href="<pwm:context/><pwm:url url='/public/ForgottenPassword'/>">
+                    <a class="menubutton" id="Title_ForgottenPassword" href="<pwm:url addContext="true" url='<%=PwmServletDefinition.ForgottenPassword.servletUrl()%>'/>">
                         <pwm:if test="showIcons"><span class="btn-icon fa fa-unlock"></span></pwm:if>
                         <pwm:display key="Title_ForgottenPassword"/>
                     </a>
@@ -62,7 +63,7 @@
             <% if (index_pwmRequest.getConfig() != null && index_pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.FORGOTTEN_USERNAME_ENABLE)) { %>
             <tr>
                 <td class="menubutton_key">
-                    <a class="menubutton" id="Title_ForgottenUsername" href="<pwm:context/><pwm:url url='/public/ForgottenUsername'/>">
+                    <a class="menubutton" id="Title_ForgottenUsername" href="<pwm:url addContext="true" url='<%=PwmServletDefinition.ForgottenUsername.servletUrl()%>'/>">
                         <pwm:if test="showIcons"><span class="btn-icon fa fa-unlock"></span></pwm:if>
                         <pwm:display key="Title_ForgottenUsername"/>
                     </a>
@@ -75,7 +76,7 @@
             <% if (index_pwmRequest.getConfig() != null && index_pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.ACTIVATE_USER_ENABLE)) { %>
             <tr>
                 <td class="menubutton_key">
-                    <a class="menubutton" id="Title_ActivateUser" href="<pwm:context/><pwm:url url='/public/ActivateUser'/>">
+                    <a class="menubutton" id="Title_ActivateUser" href="<pwm:url addContext="true" url='<%=PwmServletDefinition.ActivateUser.servletUrl()%>'/>">
                         <pwm:if test="showIcons"><span class="btn-icon fa fa-graduation-cap"></span></pwm:if>
                         <pwm:display key="Title_ActivateUser"/>
                     </a>
@@ -88,7 +89,7 @@
             <% if (index_pwmRequest.getConfig() != null && index_pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.NEWUSER_ENABLE)) { %>
             <tr>
                 <td class="menubutton_key">
-                    <a class="menubutton" id="Title_NewUser" href="<pwm:context/><pwm:url url='/public/NewUser'/>">
+                    <a class="menubutton" id="Title_NewUser" href="<pwm:url addContext="true" url='<%=PwmServletDefinition.NewUser.servletUrl()%>'/>">
                         <pwm:if test="showIcons"><span class="btn-icon fa fa-file-text-o"></span></pwm:if>
                         <pwm:display key="Title_NewUser"/>
                     </a>
@@ -101,7 +102,7 @@
             <% if (index_pwmRequest.getConfig() != null && index_pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.PEOPLE_SEARCH_ENABLE_PUBLIC)) { %>
             <tr>
                 <td class="menubutton_key">
-                    <a class="menubutton" href="<pwm:url url='PeopleSearch'/>">
+                    <a class="menubutton" href="<pwm:url addContext="true" url='<%=PwmConstants.URL_PREFIX_PUBLIC + "/" + PwmServletDefinition.PeopleSearch.servletUrlName()%>'/>">
                         <pwm:if test="showIcons"><span class="btn-icon fa fa-search"></span></pwm:if>
                         <pwm:display key="Title_PeopleSearch"/>
                     </a>