minor logging fixes/improvements

onejar/src/main/java/password/pwm/onejar/ArgumentParser.java

@@ -261,7 +261,7 @@ public class ArgumentParser
     private static void outputHelp( ) throws OnejarException
     {
         final HelpFormatter formatter = new HelpFormatter();
-        System.out.println( TomcatOnejarRunner.getVersion() );
+        System.out.println( "PWM " + TomcatOnejarRunner.getVersion() );
         System.out.println( "usage:" );
         formatter.printOptions(
                 System.console().writer(),

server/src/main/java/password/pwm/config/function/UserMatchViewerFunction.java

@@ -27,13 +27,16 @@ import lombok.Builder;
 import lombok.Value;
 import password.pwm.AppProperty;
 import password.pwm.PwmApplication;
+import password.pwm.PwmDomain;
 import password.pwm.bean.SessionLabel;
 import password.pwm.bean.UserIdentity;
-import password.pwm.config.Configuration;
+import password.pwm.config.AppConfig;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.SettingUIFunction;
+import password.pwm.config.stored.StoredConfigKey;
 import password.pwm.config.stored.StoredConfiguration;
 import password.pwm.config.stored.StoredConfigurationModifier;
+import password.pwm.config.stored.StoredConfigurationUtil;
 import password.pwm.config.value.StoredValue;
 import password.pwm.config.value.ValueTypeConverter;
 import password.pwm.config.value.data.UserPermission;
@@ -46,12 +49,16 @@ import password.pwm.i18n.Display;
 import password.pwm.ldap.permission.UserPermissionType;
 import password.pwm.ldap.permission.UserPermissionUtility;
 import password.pwm.util.i18n.LocaleHelper;
+import password.pwm.util.java.CollectionUtil;
 import password.pwm.util.java.TimeDuration;
 import password.pwm.util.logging.PwmLogger;
 
 import java.io.Serializable;
 import java.time.Instant;
+import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
+import java.util.Iterator;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
@@ -64,16 +71,20 @@ public class UserMatchViewerFunction implements SettingUIFunction
     public Serializable provideFunction(
             final PwmRequest pwmRequest,
             final StoredConfigurationModifier storedConfiguration,
-            final PwmSetting setting,
-            final String profile,
+            final StoredConfigKey key,
             final String extraData )
             throws Exception
     {
-        final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
+        final PwmDomain pwmDomain = pwmRequest.getPwmDomain();
 
         final Instant startSearchTime = Instant.now();
-        final int maxResultSize = Integer.parseInt( pwmApplication.getConfig().readAppProperty( AppProperty.CONFIG_EDITOR_USER_PERMISSION_MATCH_LIMIT ) );
-        final Collection<UserIdentity> users = discoverMatchingUsers( pwmApplication, maxResultSize, storedConfiguration.newStoredConfiguration(), setting, profile );
+        final int maxResultSize = Integer.parseInt( pwmDomain.getConfig().readAppProperty( AppProperty.CONFIG_EDITOR_USER_PERMISSION_MATCH_LIMIT ) );
+        final Collection<UserIdentity> users = discoverMatchingUsers(
+                pwmRequest.getLabel(),
+                pwmDomain,
+                maxResultSize,
+                storedConfiguration.newStoredConfiguration(),
+                key );
         final TimeDuration searchDuration = TimeDuration.fromCurrent( startSearchTime );
 
         final String message = LocaleHelper.getLocalizedMessage(
@@ -91,28 +102,34 @@ public class UserMatchViewerFunction implements SettingUIFunction
     }
 
     public List<UserIdentity> discoverMatchingUsers(
-            final PwmApplication pwmApplication,
+            final SessionLabel sessionLabel,
+            final PwmDomain pwmDomain,
             final int maxResultSize,
             final StoredConfiguration storedConfiguration,
-            final PwmSetting setting,
-            final String profile
+            final StoredConfigKey key
     )
             throws Exception
     {
-        final Configuration config = new Configuration( storedConfiguration );
-        final PwmApplication tempApplication = PwmApplication.createPwmApplication( pwmApplication.getPwmEnvironment().makeRuntimeInstance( config ) );
-        final StoredValue storedValue = storedConfiguration.readSetting( setting, profile );
+        final AppConfig config = new AppConfig( storedConfiguration );
+        final PwmApplication tempApplication = PwmApplication.createPwmApplication( pwmDomain.getPwmApplication().getPwmEnvironment().makeRuntimeInstance( config ) );
+        final StoredValue storedValue = StoredConfigurationUtil.getValueOrDefault( storedConfiguration, key );
         final List<UserPermission> permissions = ValueTypeConverter.valueToUserPermissions( storedValue );
+        final PwmDomain tempDomain = tempApplication.domains().get( key.getDomainID() );
 
-        validateUserPermissionLdapValues( tempApplication, permissions );
+        validateUserPermissionLdapValues( sessionLabel, tempDomain, permissions );
 
-        final long maxSearchSeconds = config.getLdapProfiles().getOrDefault( profile, config.getDefaultLdapProfile() ).readSettingAsLong( PwmSetting.LDAP_SEARCH_TIMEOUT );
+        final long maxSearchSeconds = pwmDomain.getConfig().getDefaultLdapProfile().readSettingAsLong( PwmSetting.LDAP_SEARCH_TIMEOUT );
         final TimeDuration maxSearchTime = TimeDuration.of( maxSearchSeconds, TimeDuration.Unit.SECONDS );
-        return UserPermissionUtility.discoverMatchingUsers( tempApplication, permissions, SessionLabel.SYSTEM_LABEL, maxResultSize, maxSearchTime );
+        final Iterator<UserIdentity> matches =  UserPermissionUtility.discoverMatchingUsers( tempDomain, permissions, SessionLabel.SYSTEM_LABEL, maxResultSize, maxSearchTime );
+        final List<UserIdentity> sortedResults = new ArrayList<>( CollectionUtil.iteratorToList( matches ) );
+        Collections.sort( sortedResults );
+        return Collections.unmodifiableList ( sortedResults );
+
     }
 
     private static void validateUserPermissionLdapValues(
-            final PwmApplication pwmApplication,
+            final SessionLabel sessionLabel,
+            final PwmDomain pwmDomain,
             final List<UserPermission> permissions
     )
             throws PwmUnrecoverableException, PwmOperationalException
@@ -123,25 +140,30 @@ public class UserMatchViewerFunction implements SettingUIFunction
             {
                 if ( userPermission.getLdapBase() != null && !userPermission.getLdapBase().isEmpty() )
                 {
-                    testIfLdapDNIsValid( pwmApplication, userPermission.getLdapBase(), userPermission.getLdapProfileID() );
+                    testIfLdapDNIsValid( sessionLabel, pwmDomain, userPermission.getLdapBase(), userPermission.getLdapProfileID() );
                 }
             }
             else if ( userPermission.getType() == UserPermissionType.ldapGroup )
             {
-                testIfLdapDNIsValid( pwmApplication, userPermission.getLdapBase(), userPermission.getLdapProfileID() );
+                testIfLdapDNIsValid( sessionLabel, pwmDomain, userPermission.getLdapBase(), userPermission.getLdapProfileID() );
             }
         }
     }
 
 
-    private static void testIfLdapDNIsValid( final PwmApplication pwmApplication, final String baseDN, final String profileID )
+    private static void testIfLdapDNIsValid(
+            final SessionLabel sessionLabel,
+            final PwmDomain pwmDomain,
+            final String baseDN,
+            final String profileID
+    )
             throws PwmOperationalException, PwmUnrecoverableException
     {
         final Set<String> profileIDsToTest = new LinkedHashSet<>();
 
         if ( UserPermissionUtility.isAllProfiles( profileID ) )
         {
-            profileIDsToTest.addAll( pwmApplication.getConfig().getLdapProfiles().keySet() );
+            profileIDsToTest.addAll( pwmDomain.getConfig().getLdapProfiles().keySet() );
         }
         else
         {
@@ -158,7 +180,7 @@ public class UserMatchViewerFunction implements SettingUIFunction
             ChaiEntry chaiEntry = null;
             try
             {
-                final ChaiProvider proxiedProvider = pwmApplication.getProxyChaiProvider( loopID );
+                final ChaiProvider proxiedProvider = pwmDomain.getProxyChaiProvider( sessionLabel, loopID );
                 chaiEntry = proxiedProvider.getEntryFactory().newChaiEntry( baseDN );
             }
             catch ( final Exception e )

server/src/main/java/password/pwm/config/value/data/UserPermission.java

@@ -71,6 +71,11 @@ public class UserPermission implements Serializable, Comparable<UserPermission>
                 + "]";
     }
 
+    public String toString()
+    {
+        return debugString();
+    }
+
     @Override
     public int compareTo( @NotNull final UserPermission o )
     {

server/src/main/java/password/pwm/health/LDAPHealthChecker.java

@@ -984,28 +984,29 @@ public class LDAPHealthChecker implements HealthSupplier
                         return Collections.emptyList();
                     }
                 }
-
-                final UserIdentity newUserTemplateIdentity = UserIdentity.create( policyUserStr, ldapProfile.getIdentifier(), pwmDomain.getDomainID() );
-
-                final ChaiUser chaiUser = pwmDomain.getProxiedChaiUser( sessionLabel, newUserTemplateIdentity );
-
-                try
+                else
                 {
-                    if ( !chaiUser.exists() )
+                    final UserIdentity newUserTemplateIdentity = UserIdentity.create( policyUserStr, ldapProfile.getIdentifier(), pwmDomain.getDomainID() );
+                    final ChaiUser chaiUser = pwmDomain.getProxiedChaiUser( sessionLabel, newUserTemplateIdentity );
+
+                    try
                     {
-                        return Collections.singletonList(
-                                HealthRecord.forMessage(
-                                        pwmDomain.getDomainID(),
-                                        HealthMessage.NewUser_PwTemplateBad,
-                                        PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug( newUserProfile.getIdentifier(), locale ),
-                                        "userDN value is not valid"
-                                )
-                        );
+                        if ( !chaiUser.exists() )
+                        {
+                            return Collections.singletonList(
+                                    HealthRecord.forMessage(
+                                            pwmDomain.getDomainID(),
+                                            HealthMessage.NewUser_PwTemplateBad,
+                                            PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug( newUserProfile.getIdentifier(), locale ),
+                                            "userDN value is not valid"
+                                    )
+                            );
+                        }
+                    }
+                    catch ( final ChaiUnavailableException e )
+                    {
+                        throw PwmUnrecoverableException.fromChaiException( e );
                     }
-                }
-                catch ( final ChaiUnavailableException e )
-                {
-                    throw PwmUnrecoverableException.fromChaiException( e );
                 }
             }
             catch ( final PwmUnrecoverableException e )

server/src/main/java/password/pwm/http/HttpEventManager.java

@@ -179,8 +179,11 @@ public class HttpEventManager implements
         debugItems.put( "requests", sessionStateBean.getRequestCount().toString() );
         final Instant startTime = sessionStateBean.getSessionCreationTime();
         final Instant lastAccessedTime = sessionStateBean.getSessionLastAccessedTime();
-        final TimeDuration timeDuration = TimeDuration.between( startTime, lastAccessedTime );
-        debugItems.put( "firstToLastRequestInterval", timeDuration.asCompactString() );
+        if ( startTime != null && lastAccessedTime != null )
+        {
+            final TimeDuration timeDuration = TimeDuration.between( startTime, lastAccessedTime );
+            debugItems.put( "firstToLastRequestInterval", timeDuration.asCompactString() );
+        }
         final TimeDuration avgReqDuration =  sessionStateBean.getAvgRequestDuration().getAverageAsDuration();
         debugItems.put( "avgRequestDuration", avgReqDuration.asCompactString() );
         return StringHelper.stringMapToString( debugItems, "," );

server/src/main/java/password/pwm/http/PwmRequest.java

@@ -160,6 +160,15 @@ public class PwmRequest extends PwmHttpRequestWrapper
 
     private SessionLabel makeSessionLabel( )
     {
+        if ( getHttpServletRequest().getSession( false ) == null )
+        {
+            // in case session does not exist, invoked for some non-servlet requests such as logging
+            return SessionLabel.builder()
+                    .domain( domainID.stringValue() )
+                    .build();
+        }
+
+        // nominal case
         return getPwmSession().getLabel().toBuilder()
                 .requestID( pwmRequestID.toString() )
                 .build();

server/src/main/java/password/pwm/http/filter/RequestInitializationFilter.java

@@ -43,6 +43,7 @@ import password.pwm.http.PwmResponse;
 import password.pwm.http.PwmSession;
 import password.pwm.http.PwmSessionFactory;
 import password.pwm.http.PwmURL;
+import password.pwm.http.servlet.PwmServletDefinition;
 import password.pwm.svc.intruder.IntruderServiceClient;
 import password.pwm.svc.stats.EpsStatistic;
 import password.pwm.svc.stats.Statistic;
@@ -70,12 +71,14 @@ import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Optional;
+import java.util.stream.Collectors;
 
 public class RequestInitializationFilter implements Filter
 {
@@ -118,13 +121,23 @@ public class RequestInitializationFilter implements Filter
 
         final PwmURL pwmURL = PwmURL.create( req, localPwmApplication.getConfig() );
 
-        if ( pwmURL.isResourceURL() )
+        if ( pwmURL.isRestService() )
         {
             filterChain.doFilter( req, resp );
             return;
         }
 
-        if ( pwmURL.isRestService() )
+        try
+        {
+            // for servlet requests make sure the session is initialized
+            req.getSession( true );
+        }
+        catch ( final Exception e )
+        {
+            LOGGER.trace( () -> "error reading session for servlet request: " + e.getMessage() );
+        }
+
+        if ( pwmURL.isResourceURL() )
         {
             filterChain.doFilter( req, resp );
             return;
@@ -311,11 +324,14 @@ public class RequestInitializationFilter implements Filter
         }
     }
 
+    private static final List<PwmServletDefinition> NON_API_SERVLETS = Arrays.stream( PwmServletDefinition.values() )
+            .filter( definition -> definition != PwmServletDefinition.ClientApi )
+            .collect( Collectors.toList() );
+
     private void checkIfSessionRecycleNeeded( final PwmRequest pwmRequest )
     {
         if ( pwmRequest.getPwmSession().getSessionStateBean().isSessionIdRecycleNeeded()
-                && !pwmRequest.getURL().isResourceURL()
-                && !pwmRequest.getURL().isClientApiServlet()
+                && pwmRequest.getURL().matches( NON_API_SERVLETS )
         )
         {
             if ( pwmRequest.getAppConfig().readBooleanAppProperty( AppProperty.HTTP_SESSION_RECYCLE_AT_AUTH ) )

server/src/main/java/password/pwm/ldap/permission/UserPermissionUtility.java

@@ -23,6 +23,7 @@ package password.pwm.ldap.permission;
 import com.novell.ldapchai.util.StringHelper;
 import password.pwm.PwmApplication;
 import password.pwm.PwmConstants;
+import password.pwm.PwmDomain;
 import password.pwm.bean.SessionLabel;
 import password.pwm.bean.UserIdentity;
 import password.pwm.config.profile.LdapProfile;
@@ -40,9 +41,11 @@ import password.pwm.util.logging.PwmLogger;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 public class UserPermissionUtility
@@ -57,14 +60,14 @@ public class UserPermissionUtility
             throws PwmUnrecoverableException
     {
         return testUserPermission(
-                pwmRequestContext.getPwmApplication(),
+                pwmRequestContext.getPwmDomain(),
                 pwmRequestContext.getSessionLabel(),
                 userIdentity,
                 Collections.singletonList( userPermissions ) );
     }
 
     public static boolean testUserPermission(
-            final PwmApplication pwmApplication,
+            final PwmDomain pwmDomain,
             final SessionLabel sessionLabel,
             final UserIdentity userIdentity,
             final List<UserPermission> userPermissions
@@ -81,7 +84,7 @@ public class UserPermissionUtility
 
         for ( final UserPermission userPermission : sortedList )
         {
-            if ( testUserPermission( pwmApplication, sessionLabel, userIdentity, userPermission ) )
+            if ( testUserPermission( pwmDomain, sessionLabel, userIdentity, userPermission ) )
             {
                 return true;
             }
@@ -101,7 +104,7 @@ public class UserPermissionUtility
     }
 
     private static boolean testUserPermission(
-            final PwmApplication pwmApplication,
+            final PwmDomain pwmDomain,
             final SessionLabel sessionLabel,
             final UserIdentity userIdentity,
             final UserPermission userPermission
@@ -120,7 +123,7 @@ public class UserPermissionUtility
 
         final PermissionTypeHelper permissionTypeHelper = userPermission.getType().getPermissionTypeTester();
         final Instant startTime = Instant.now();
-        final boolean match = permissionTypeHelper.testMatch( pwmApplication, sessionLabel, userIdentity, userPermission );
+        final boolean match = permissionTypeHelper.testMatch( pwmDomain, sessionLabel, userIdentity, userPermission );
         LOGGER.debug( sessionLabel, () -> "user " + userIdentity.toDisplayString() + " is "
                         + ( match ? "" : "not " )
                         + "a match for permission '" + userPermission + "'",
@@ -128,8 +131,8 @@ public class UserPermissionUtility
         return match;
     }
 
-    public static List<UserIdentity> discoverMatchingUsers(
-            final PwmApplication pwmApplication,
+    public static Iterator<UserIdentity> discoverMatchingUsers(
+            final PwmDomain pwmDomain,
             final List<UserPermission> userPermissions,
             final SessionLabel sessionLabel,
             final int maxResultSize,
@@ -139,13 +142,13 @@ public class UserPermissionUtility
     {
         if ( userPermissions == null )
         {
-            return Collections.emptyList();
+            return Collections.emptyIterator();
         }
 
         final List<UserPermission> sortedPermissions = new ArrayList<>( userPermissions );
         Collections.sort( sortedPermissions );
 
-        final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
+        final UserSearchEngine userSearchEngine = pwmDomain.getUserSearchEngine();
         final List<UserIdentity> resultSet = new ArrayList<>();
 
         for ( final UserPermission userPermission : sortedPermissions )
@@ -177,23 +180,23 @@ public class UserPermissionUtility
             }
         }
 
-        final List<UserIdentity> strippedResults = stripUserMatchesOutsideUserContexts( sessionLabel, pwmApplication, resultSet );
+        final List<UserIdentity> strippedResults = stripUserMatchesOutsideUserContexts( sessionLabel, pwmDomain.getPwmApplication(), resultSet );
         return strippedResults.stream()
                 .distinct()
                 .sorted()
-                .collect( Collectors.toUnmodifiableList() );
+                .iterator();
     }
 
-    static String profileIdForPermission( final UserPermission userPermission )
+    static Optional<String> profileIdForPermission( final UserPermission userPermission )
     {
         if ( userPermission.getLdapProfileID() != null
                 && !userPermission.getLdapProfileID().isEmpty()
                 && !userPermission.getLdapProfileID().equals( PwmConstants.PROFILE_ID_ALL ) )
         {
-            return userPermission.getLdapProfileID();
+            return Optional.of( userPermission.getLdapProfileID() );
         }
 
-        return null;
+        return Optional.empty();
     }
 
     public static void validatePermissionSyntax( final UserPermission userPermission )
@@ -240,14 +243,16 @@ public class UserPermissionUtility
     )
     {
         final String ldapProfileID = userIdentity.getLdapProfileID();
-        final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get( ldapProfileID );
+        final PwmDomain pwmDomain = pwmApplication.domains().get( userIdentity.getDomainID() );
+        final LdapProfile ldapProfile = pwmDomain.getConfig().getLdapProfiles().get( ldapProfileID );
+
         try
         {
-            final List<String> rootContexts = ldapProfile.getRootContexts( pwmApplication );
+            final List<String> rootContexts = ldapProfile.getRootContexts( sessionLabel, pwmDomain );
 
             for ( final String rootContext : rootContexts )
             {
-                if ( testBaseDnMatch( pwmApplication, rootContext, userIdentity ) )
+                if ( testBaseDnMatch( sessionLabel, pwmDomain, rootContext, userIdentity ) )
                 {
                     return true;
                 }
@@ -266,7 +271,8 @@ public class UserPermissionUtility
     }
 
     static boolean testBaseDnMatch(
-            final PwmApplication pwmApplication,
+            final SessionLabel sessionLabel,
+            final PwmDomain pwmDomain,
             final String canonicalBaseDN,
             final UserIdentity userIdentity
     )
@@ -277,7 +283,7 @@ public class UserPermissionUtility
             return false;
         }
 
-        final String userDN = userIdentity.canonicalized( pwmApplication ).getUserDN();
+        final String userDN = userIdentity.canonicalized( sessionLabel, pwmDomain.getPwmApplication() ).getUserDN();
         return userDN.endsWith( canonicalBaseDN );
     }
 

server/src/main/resources/password/pwm/i18n/PwmSetting.properties

@@ -883,7 +883,7 @@ Setting_Label_display.showLoginPageOptions=Show Login Page Options
 Setting_Label_display.showSuccessPage=Show Success Pages
 Setting_Label_display.tokenSuccessPage=Show Token Entry Success Pages
 Setting_Label_display.updateAttributes.agreement=Update Profile Agreement Message
-Setting_Label_domain.list=Domains
+Setting_Label_domain.list=List of domains.  Domains provide a way for multiple systems/sites/tenants to use a single instance of the @PwmAppName@ application.  Typically only a single instance is required.  If multiple domains are listed, the configuration editor will allow per-domain configuration of many settings.  Other settings are system-level and apply to the entire application instance.
 Setting_Label_domain.hosts=Domain Hostnames
 Setting_Label_domain.system.adminDomain=Administrative Domain
 Setting_Label_domain.system.domainPaths=Enable Domain Paths