replace unsupported bitwalker browser api with blueconic browscap api

server/pom.xml

@@ -748,9 +748,9 @@
             <version>2.8.2</version>
         </dependency>
         <dependency>
-            <groupId>eu.bitwalker</groupId>
-            <artifactId>UserAgentUtils</artifactId>
-            <version>1.20</version>
+            <groupId>com.blueconic</groupId>
+            <artifactId>browscap-java</artifactId>
+            <version>1.2.1</version>
         </dependency>
         <dependency>
             <groupId>org.jetbrains.xodus</groupId>

server/src/build/checkstyle-import.xml

@@ -70,7 +70,6 @@
     <allow pkg="javax.annotation"/>
     <allow pkg="java.awt"/>
     <allow pkg="javax.security"/>
-    <allow pkg="eu.bitwalker.useragentutils"/>
     <allow pkg="javax.servlet"/>
     <allow pkg="javax.net"/>
     <allow pkg="javax.crypto"/>
@@ -137,5 +136,8 @@
         <allow pkg="com.github.ziplet.filter.compression"/>
     </subpackage>
 
+    <subpackage name="svc.sessiontrack">
+        <allow pkg="com.blueconic.browscap"/>
+    </subpackage>
 
 </import-control>

server/src/main/java/password/pwm/AppProperty.java

@@ -65,6 +65,7 @@ public enum AppProperty {
     CONFIG_NEWUSER_PASSWORD_POLICY_CACHE_MS         ("config.newuser.passwordPolicyCacheMS"),
     CONFIG_THEME                                    ("config.theme"),
     CONFIG_JBCRYPT_PWLIB_ENABLE                     ("config.enableJbCryptPwLibrary"),
+    CONFIG_EDITOR_BLOCK_OLD_IE                      ("configEditor.blockOldIE"),
     CONFIG_EDITOR_QUERY_FILTER_TEST_LIMIT           ("configEditor.queryFilter.testLimit"),
     CONFIG_EDITOR_IDLE_TIMEOUT                      ("configEditor.idleTimeoutSeconds"),
     CONFIG_GUIDE_IDLE_TIMEOUT                       ("configGuide.idleTimeoutSeconds"),

server/src/main/java/password/pwm/http/filter/ConfigAccessFilter.java

@@ -22,8 +22,6 @@
 
 package password.pwm.http.filter;
 
-import eu.bitwalker.useragentutils.Browser;
-import eu.bitwalker.useragentutils.UserAgent;
 import password.pwm.AppProperty;
 import password.pwm.Permission;
 import password.pwm.PwmApplication;
@@ -39,7 +37,6 @@ import password.pwm.error.PwmError;
 import password.pwm.error.PwmException;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.http.ContextManager;
-import password.pwm.http.HttpHeader;
 import password.pwm.http.JspUrl;
 import password.pwm.http.ProcessStatus;
 import password.pwm.http.PwmRequest;
@@ -48,6 +45,7 @@ import password.pwm.http.PwmSession;
 import password.pwm.http.PwmURL;
 import password.pwm.http.bean.ConfigManagerBean;
 import password.pwm.svc.intruder.RecordType;
+import password.pwm.svc.sessiontrack.UserAgentUtils;
 import password.pwm.util.java.JavaHelper;
 import password.pwm.util.java.JsonUtil;
 import password.pwm.util.java.TimeDuration;
@@ -76,11 +74,14 @@ public class ConfigAccessFilter extends AbstractPwmFilter {
             return;
         }
 
-        try {
-            checkUserAgent(pwmRequest);
-        } catch (PwmException e) {
-            pwmRequest.respondWithError(e.getErrorInformation());
-            return;
+        final boolean blockOldIE = Boolean.parseBoolean( pwmRequest.getPwmApplication().getConfig().readAppProperty( AppProperty.CONFIG_EDITOR_BLOCK_OLD_IE ) );
+        if (blockOldIE) {
+            try {
+                UserAgentUtils.checkIfPreIE11( pwmRequest );
+            } catch ( PwmException e ) {
+                pwmRequest.respondWithError( e.getErrorInformation() );
+                return;
+            }
         }
 
         final ConfigManagerBean configManagerBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ConfigManagerBean.class);
@@ -359,41 +360,6 @@ public class ConfigAccessFilter extends AbstractPwmFilter {
         return Integer.parseInt(pwmRequest.getConfig().readAppProperty(AppProperty.CONFIG_MAX_PERSISTENT_LOGIN_SECONDS));
     }
 
-    private void checkUserAgent(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
-        final String userAgentString = pwmRequest.readHeaderValueAsString(HttpHeader.UserAgent);
-        if (userAgentString == null || userAgentString.isEmpty()) {
-            return;
-        }
-
-        boolean badBrowser = false;
-        try {
-            final UserAgent userAgent = new UserAgent(userAgentString);
-            final Browser browser = userAgent.getBrowser();
-            switch (browser) {
-                case IE5:
-                case IE5_5:
-                case IE6:
-                case IE7:
-                case IE8:
-                case IE9:
-                case IE10:
-                    badBrowser = true;
-                    break;
-
-                default:
-                    //other browsers okay
-                    break;
-
-            }
-        } catch (Exception e) {
-            LOGGER.error(pwmRequest, "error during browser user-agent detection: " + e.getMessage());
-        }
-
-        if (badBrowser) {
-            final String errorMsg = "Internet Explorer version is not supported for this function.  Please use Internet Explorer 11 or higher or another web browser.";
-            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg));
-        }
-    }
 
     private static ProcessStatus denyAndError(final PwmRequest pwmRequest, final ErrorInformation errorInformation)
             throws ServletException, PwmUnrecoverableException, IOException

server/src/main/java/password/pwm/svc/sessiontrack/SessionTrackService.java

@@ -28,12 +28,12 @@ import password.pwm.PwmApplication;
 import password.pwm.bean.LocalSessionStateBean;
 import password.pwm.bean.LoginInfoBean;
 import password.pwm.bean.UserIdentity;
-import password.pwm.error.PwmUnrecoverableException;
-import password.pwm.ldap.UserInfo;
 import password.pwm.bean.pub.SessionStateInfoBean;
 import password.pwm.error.PwmException;
+import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.health.HealthRecord;
 import password.pwm.http.PwmSession;
+import password.pwm.ldap.UserInfo;
 import password.pwm.svc.PwmService;
 import password.pwm.util.logging.PwmLogger;
 
@@ -214,4 +214,6 @@ public class SessionTrackService implements PwmService {
     public List<UserIdentity> getRecentLogins() {
         return Collections.unmodifiableList(new ArrayList<>(recentLoginCache.asMap().keySet()));
     }
+
+
 }

server/src/main/java/password/pwm/svc/sessiontrack/UserAgentUtils.java

@@ -0,0 +1,65 @@
+package password.pwm.svc.sessiontrack;
+
+import com.blueconic.browscap.Capabilities;
+import com.blueconic.browscap.ParseException;
+import com.blueconic.browscap.UserAgentParser;
+import com.blueconic.browscap.UserAgentService;
+import password.pwm.error.ErrorInformation;
+import password.pwm.error.PwmError;
+import password.pwm.error.PwmUnrecoverableException;
+import password.pwm.http.HttpHeader;
+import password.pwm.http.PwmRequest;
+import password.pwm.util.java.StringUtil;
+import password.pwm.util.logging.PwmLogger;
+
+import java.io.IOException;
+
+public class UserAgentUtils  {
+    private static final PwmLogger LOGGER = PwmLogger.forClass( UserAgentUtils.class );
+
+    private static UserAgentParser cachedParser;
+
+    private static UserAgentParser getUserAgentParser() throws PwmUnrecoverableException
+    {
+        if (cachedParser == null) {
+            try {
+                cachedParser = new UserAgentService().loadParser();
+            }  catch ( IOException | ParseException e ) {
+                final String msg = "error loading user-agent parser: " + e.getMessage();
+                LOGGER.error( msg, e );
+                throw new PwmUnrecoverableException( PwmError.ERROR_UNKNOWN, msg );
+            }
+        }
+        return cachedParser;
+    }
+
+    public static void checkIfPreIE11( final PwmRequest pwmRequest) throws PwmUnrecoverableException  {
+        final String userAgentString = pwmRequest.readHeaderValueAsString( HttpHeader.UserAgent);
+        if ( StringUtil.isEmpty( userAgentString )) {
+            return ;
+        }
+
+        boolean badBrowser = false;
+
+        final UserAgentParser userAgentParser = getUserAgentParser();
+        final Capabilities capabilities = userAgentParser.parse( userAgentString );
+        final String browser = capabilities.getBrowser();
+        final String browserMajorVersion = capabilities.getBrowserMajorVersion();
+
+        if ("IE".equalsIgnoreCase( browser )) {
+            try {
+                final int majorVersionInt = Integer.parseInt( browserMajorVersion );
+                if (majorVersionInt <= 10) {
+                    badBrowser = true;
+                }
+            }  catch ( NumberFormatException e ) {
+                LOGGER.error( "error parsing user-agent major version" + e.getMessage(), e );
+            }
+        }
+
+        if (badBrowser) {
+            final String errorMsg = "Internet Explorer version is not supported for this function.  Please use Internet Explorer 11 or higher or another web browser.";
+            throw new PwmUnrecoverableException(new ErrorInformation( PwmError.ERROR_UNAUTHORIZED, errorMsg));
+        }
+    }
+}

server/src/main/resources/password/pwm/AppProperty.properties

@@ -61,6 +61,7 @@ config.fileScanFrequencyMS=5017
 config.newuser.passwordPolicyCacheMS=3600000
 config.theme=pwm
 config.enableJbCryptPwLibrary=true
+configEditor.blockOldIE=true
 configEditor.queryFilter.testLimit=5000
 configEditor.idleTimeoutSeconds=900
 configGuide.idleTimeoutSeconds=3600