Merge branch 'master' into enh-domain

# Conflicts:
#	server/src/main/java/password/pwm/config/function/UserMatchViewerFunction.java
#	server/src/main/java/password/pwm/ldap/permission/UserPermissionUtility.java

server/src/main/java/password/pwm/AppProperty.java

@@ -75,7 +75,6 @@ public enum AppProperty
     CONFIG_JBCRYPT_PWLIB_ENABLE                     ( "config.enableJbCryptPwLibrary" ),
     CONFIG_EDITOR_BLOCK_OLD_IE                      ( "configEditor.blockOldIE" ),
     CONFIG_EDITOR_USER_PERMISSION_MATCH_LIMIT       ( "configEditor.userPermission.matchResultsLimit" ),
-    CONFIG_EDITOR_USER_PERMISSION_TIMEOUT_SECONDS   ( "configEditor.userPermission.matchTimeoutSeconds" ),
     CONFIG_EDITOR_IDLE_TIMEOUT                      ( "configEditor.idleTimeoutSeconds" ),
     CONFIG_GUIDE_IDLE_TIMEOUT                       ( "configGuide.idleTimeoutSeconds" ),
     CONFIG_MANAGER_ZIPDEBUG_MAXLOGBYTES             ( "configManager.zipDebug.maxLogBytes" ),

server/src/main/java/password/pwm/config/function/UserMatchViewerFunction.java

@@ -27,15 +27,13 @@ import lombok.Builder;
 import lombok.Value;
 import password.pwm.AppProperty;
 import password.pwm.PwmApplication;
-import password.pwm.PwmDomain;
 import password.pwm.bean.SessionLabel;
 import password.pwm.bean.UserIdentity;
-import password.pwm.config.AppConfig;
+import password.pwm.config.Configuration;
+import password.pwm.config.PwmSetting;
 import password.pwm.config.SettingUIFunction;
-import password.pwm.config.stored.StoredConfigKey;
 import password.pwm.config.stored.StoredConfiguration;
 import password.pwm.config.stored.StoredConfigurationModifier;
-import password.pwm.config.stored.StoredConfigurationUtil;
 import password.pwm.config.value.StoredValue;
 import password.pwm.config.value.ValueTypeConverter;
 import password.pwm.config.value.data.UserPermission;
@@ -48,16 +46,12 @@ import password.pwm.i18n.Display;
 import password.pwm.ldap.permission.UserPermissionType;
 import password.pwm.ldap.permission.UserPermissionUtility;
 import password.pwm.util.i18n.LocaleHelper;
-import password.pwm.util.java.CollectionUtil;
 import password.pwm.util.java.TimeDuration;
 import password.pwm.util.logging.PwmLogger;
 
 import java.io.Serializable;
 import java.time.Instant;
-import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
-import java.util.Iterator;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
@@ -70,20 +64,16 @@ public class UserMatchViewerFunction implements SettingUIFunction
     public Serializable provideFunction(
             final PwmRequest pwmRequest,
             final StoredConfigurationModifier storedConfiguration,
-            final StoredConfigKey key,
+            final PwmSetting setting,
+            final String profile,
             final String extraData )
             throws Exception
     {
-        final PwmDomain pwmDomain = pwmRequest.getPwmDomain();
+        final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
 
         final Instant startSearchTime = Instant.now();
-        final int maxResultSize = Integer.parseInt( pwmDomain.getConfig().readAppProperty( AppProperty.CONFIG_EDITOR_USER_PERMISSION_MATCH_LIMIT ) );
-        final Collection<UserIdentity> users = discoverMatchingUsers(
-                pwmRequest.getLabel(),
-                pwmDomain,
-                maxResultSize,
-                storedConfiguration.newStoredConfiguration(),
-                key );
+        final int maxResultSize = Integer.parseInt( pwmApplication.getConfig().readAppProperty( AppProperty.CONFIG_EDITOR_USER_PERMISSION_MATCH_LIMIT ) );
+        final Collection<UserIdentity> users = discoverMatchingUsers( pwmApplication, maxResultSize, storedConfiguration.newStoredConfiguration(), setting, profile );
         final TimeDuration searchDuration = TimeDuration.fromCurrent( startSearchTime );
 
         final String message = LocaleHelper.getLocalizedMessage(
@@ -101,34 +91,28 @@ public class UserMatchViewerFunction implements SettingUIFunction
     }
 
     public List<UserIdentity> discoverMatchingUsers(
-            final SessionLabel sessionLabel,
-            final PwmDomain pwmDomain,
+            final PwmApplication pwmApplication,
             final int maxResultSize,
             final StoredConfiguration storedConfiguration,
-            final StoredConfigKey key
+            final PwmSetting setting,
+            final String profile
     )
             throws Exception
     {
-        final AppConfig config = new AppConfig( storedConfiguration );
-        final PwmApplication tempApplication = PwmApplication.createPwmApplication( pwmDomain.getPwmApplication().getPwmEnvironment().makeRuntimeInstance( config ) );
-        final StoredValue storedValue = StoredConfigurationUtil.getValueOrDefault( storedConfiguration, key );
+        final Configuration config = new Configuration( storedConfiguration );
+        final PwmApplication tempApplication = PwmApplication.createPwmApplication( pwmApplication.getPwmEnvironment().makeRuntimeInstance( config ) );
+        final StoredValue storedValue = storedConfiguration.readSetting( setting, profile );
         final List<UserPermission> permissions = ValueTypeConverter.valueToUserPermissions( storedValue );
-        final PwmDomain tempDomain = tempApplication.domains().get( key.getDomainID() );
 
-        validateUserPermissionLdapValues( sessionLabel, tempDomain, permissions );
+        validateUserPermissionLdapValues( tempApplication, permissions );
 
-        final int maxSearchSeconds = Integer.parseInt( pwmDomain.getConfig().readAppProperty( AppProperty.CONFIG_EDITOR_USER_PERMISSION_TIMEOUT_SECONDS ) );
+        final long maxSearchSeconds = config.getLdapProfiles().getOrDefault( profile, config.getDefaultLdapProfile() ).readSettingAsLong( PwmSetting.LDAP_SEARCH_TIMEOUT );
         final TimeDuration maxSearchTime = TimeDuration.of( maxSearchSeconds, TimeDuration.Unit.SECONDS );
-        final Iterator<UserIdentity> matches =  UserPermissionUtility.discoverMatchingUsers( tempDomain, permissions, SessionLabel.SYSTEM_LABEL, maxResultSize, maxSearchTime );
-        final List<UserIdentity> sortedResults = new ArrayList<>( CollectionUtil.iteratorToList( matches ) );
-        Collections.sort( sortedResults );
-        return Collections.unmodifiableList ( sortedResults );
-
+        return UserPermissionUtility.discoverMatchingUsers( tempApplication, permissions, SessionLabel.SYSTEM_LABEL, maxResultSize, maxSearchTime );
     }
 
     private static void validateUserPermissionLdapValues(
-            final SessionLabel sessionLabel,
-            final PwmDomain pwmDomain,
+            final PwmApplication pwmApplication,
             final List<UserPermission> permissions
     )
             throws PwmUnrecoverableException, PwmOperationalException
@@ -139,30 +123,25 @@ public class UserMatchViewerFunction implements SettingUIFunction
             {
                 if ( userPermission.getLdapBase() != null && !userPermission.getLdapBase().isEmpty() )
                 {
-                    testIfLdapDNIsValid( sessionLabel, pwmDomain, userPermission.getLdapBase(), userPermission.getLdapProfileID() );
+                    testIfLdapDNIsValid( pwmApplication, userPermission.getLdapBase(), userPermission.getLdapProfileID() );
                 }
             }
             else if ( userPermission.getType() == UserPermissionType.ldapGroup )
             {
-                testIfLdapDNIsValid( sessionLabel, pwmDomain, userPermission.getLdapBase(), userPermission.getLdapProfileID() );
+                testIfLdapDNIsValid( pwmApplication, userPermission.getLdapBase(), userPermission.getLdapProfileID() );
             }
         }
     }
 
 
-    private static void testIfLdapDNIsValid(
-            final SessionLabel sessionLabel,
-            final PwmDomain pwmDomain,
-            final String baseDN,
-            final String profileID
-    )
+    private static void testIfLdapDNIsValid( final PwmApplication pwmApplication, final String baseDN, final String profileID )
             throws PwmOperationalException, PwmUnrecoverableException
     {
         final Set<String> profileIDsToTest = new LinkedHashSet<>();
 
         if ( UserPermissionUtility.isAllProfiles( profileID ) )
         {
-            profileIDsToTest.addAll( pwmDomain.getConfig().getLdapProfiles().keySet() );
+            profileIDsToTest.addAll( pwmApplication.getConfig().getLdapProfiles().keySet() );
         }
         else
         {
@@ -179,7 +158,7 @@ public class UserMatchViewerFunction implements SettingUIFunction
             ChaiEntry chaiEntry = null;
             try
             {
-                final ChaiProvider proxiedProvider = pwmDomain.getProxyChaiProvider( sessionLabel, loopID );
+                final ChaiProvider proxiedProvider = pwmApplication.getProxyChaiProvider( loopID );
                 chaiEntry = proxiedProvider.getEntryFactory().newChaiEntry( baseDN );
             }
             catch ( final Exception e )

server/src/main/java/password/pwm/http/filter/RequestInitializationFilter.java

@@ -314,7 +314,9 @@ public class RequestInitializationFilter implements Filter
     private void checkIfSessionRecycleNeeded( final PwmRequest pwmRequest )
     {
         if ( pwmRequest.getPwmSession().getSessionStateBean().isSessionIdRecycleNeeded()
-                && !pwmRequest.getURL().isResourceURL() )
+                && !pwmRequest.getURL().isResourceURL()
+                && !pwmRequest.getURL().isClientApiServlet()
+        )
         {
             if ( pwmRequest.getAppConfig().readBooleanAppProperty( AppProperty.HTTP_SESSION_RECYCLE_AT_AUTH ) )
             {

server/src/main/java/password/pwm/ldap/permission/LdapGroupTypeHelper.java

@@ -49,14 +49,14 @@ class LdapGroupTypeHelper implements PermissionTypeHelper
             throws PwmUnrecoverableException
     {
         final Instant startTime = Instant.now();
-        final String groupDN = userPermission.getLdapQuery();
+        final String groupDN = userPermission.getLdapBase();
 
         if ( userIdentity == null )
         {
             return false;
         }
 
-        LOGGER.trace( sessionLabel, () -> "begin check for ldapGroup match for " + userIdentity + " using queryMatch: " + groupDN );
+        LOGGER.trace( sessionLabel, () -> "begin check for ldapGroup match for " + userIdentity + " using groupMatch: " + groupDN );
 
         boolean result = false;
         if ( StringUtil.isEmpty( groupDN ) )

server/src/main/java/password/pwm/ldap/permission/UserPermissionUtility.java

@@ -23,7 +23,6 @@ package password.pwm.ldap.permission;
 import com.novell.ldapchai.util.StringHelper;
 import password.pwm.PwmApplication;
 import password.pwm.PwmConstants;
-import password.pwm.PwmDomain;
 import password.pwm.bean.SessionLabel;
 import password.pwm.bean.UserIdentity;
 import password.pwm.config.profile.LdapProfile;
@@ -34,7 +33,6 @@ import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.http.PwmRequestContext;
 import password.pwm.ldap.search.SearchConfiguration;
 import password.pwm.ldap.search.UserSearchEngine;
-import password.pwm.util.java.QueueBackedIterator;
 import password.pwm.util.java.StringUtil;
 import password.pwm.util.java.TimeDuration;
 import password.pwm.util.logging.PwmLogger;
@@ -42,11 +40,9 @@ import password.pwm.util.logging.PwmLogger;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
-import java.util.Optional;
 import java.util.stream.Collectors;
 
 public class UserPermissionUtility
@@ -61,14 +57,14 @@ public class UserPermissionUtility
             throws PwmUnrecoverableException
     {
         return testUserPermission(
-                pwmRequestContext.getPwmDomain(),
+                pwmRequestContext.getPwmApplication(),
                 pwmRequestContext.getSessionLabel(),
                 userIdentity,
                 Collections.singletonList( userPermissions ) );
     }
 
     public static boolean testUserPermission(
-            final PwmDomain pwmDomain,
+            final PwmApplication pwmApplication,
             final SessionLabel sessionLabel,
             final UserIdentity userIdentity,
             final List<UserPermission> userPermissions
@@ -85,7 +81,7 @@ public class UserPermissionUtility
 
         for ( final UserPermission userPermission : sortedList )
         {
-            if ( testUserPermission( pwmDomain, sessionLabel, userIdentity, userPermission ) )
+            if ( testUserPermission( pwmApplication, sessionLabel, userIdentity, userPermission ) )
             {
                 return true;
             }
@@ -105,7 +101,7 @@ public class UserPermissionUtility
     }
 
     private static boolean testUserPermission(
-            final PwmDomain pwmDomain,
+            final PwmApplication pwmApplication,
             final SessionLabel sessionLabel,
             final UserIdentity userIdentity,
             final UserPermission userPermission
@@ -124,7 +120,7 @@ public class UserPermissionUtility
 
         final PermissionTypeHelper permissionTypeHelper = userPermission.getType().getPermissionTypeTester();
         final Instant startTime = Instant.now();
-        final boolean match = permissionTypeHelper.testMatch( pwmDomain, sessionLabel, userIdentity, userPermission );
+        final boolean match = permissionTypeHelper.testMatch( pwmApplication, sessionLabel, userIdentity, userPermission );
         LOGGER.debug( sessionLabel, () -> "user " + userIdentity.toDisplayString() + " is "
                         + ( match ? "" : "not " )
                         + "a match for permission '" + userPermission + "'",
@@ -132,8 +128,8 @@ public class UserPermissionUtility
         return match;
     }
 
-    public static Iterator<UserIdentity> discoverMatchingUsers(
-            final PwmDomain pwmDomain,
+    public static List<UserIdentity> discoverMatchingUsers(
+            final PwmApplication pwmApplication,
             final List<UserPermission> userPermissions,
             final SessionLabel sessionLabel,
             final int maxResultSize,
@@ -143,13 +139,13 @@ public class UserPermissionUtility
     {
         if ( userPermissions == null )
         {
-            return Collections.emptyIterator();
+            return Collections.emptyList();
         }
 
         final List<UserPermission> sortedPermissions = new ArrayList<>( userPermissions );
         Collections.sort( sortedPermissions );
 
-        final UserSearchEngine userSearchEngine = pwmDomain.getUserSearchEngine();
+        final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
         final List<UserIdentity> resultSet = new ArrayList<>();
 
         for ( final UserPermission userPermission : sortedPermissions )
@@ -181,20 +177,23 @@ public class UserPermissionUtility
             }
         }
 
-        final List<UserIdentity> strippedResults = stripUserMatchesOutsideUserContexts( sessionLabel, pwmDomain.getPwmApplication(), resultSet );
-        return new QueueBackedIterator<>( strippedResults );
+        final List<UserIdentity> strippedResults = stripUserMatchesOutsideUserContexts( sessionLabel, pwmApplication, resultSet );
+        return strippedResults.stream()
+                .distinct()
+                .sorted()
+                .collect( Collectors.toUnmodifiableList() );
     }
 
-    static Optional<String> profileIdForPermission( final UserPermission userPermission )
+    static String profileIdForPermission( final UserPermission userPermission )
     {
         if ( userPermission.getLdapProfileID() != null
                 && !userPermission.getLdapProfileID().isEmpty()
                 && !userPermission.getLdapProfileID().equals( PwmConstants.PROFILE_ID_ALL ) )
         {
-            return Optional.of( userPermission.getLdapProfileID() );
+            return userPermission.getLdapProfileID();
         }
 
-        return Optional.empty();
+        return null;
     }
 
     public static void validatePermissionSyntax( final UserPermission userPermission )
@@ -241,16 +240,14 @@ public class UserPermissionUtility
     )
     {
         final String ldapProfileID = userIdentity.getLdapProfileID();
-        final PwmDomain pwmDomain = pwmApplication.domains().get( userIdentity.getDomainID() );
-        final LdapProfile ldapProfile = pwmDomain.getConfig().getLdapProfiles().get( ldapProfileID );
-
+        final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get( ldapProfileID );
         try
         {
-            final List<String> rootContexts = ldapProfile.getRootContexts( sessionLabel, pwmDomain );
+            final List<String> rootContexts = ldapProfile.getRootContexts( pwmApplication );
 
             for ( final String rootContext : rootContexts )
             {
-                if ( testBaseDnMatch( sessionLabel, pwmDomain, rootContext, userIdentity ) )
+                if ( testBaseDnMatch( pwmApplication, rootContext, userIdentity ) )
                 {
                     return true;
                 }
@@ -269,8 +266,7 @@ public class UserPermissionUtility
     }
 
     static boolean testBaseDnMatch(
-            final SessionLabel sessionLabel,
-            final PwmDomain pwmDomain,
+            final PwmApplication pwmApplication,
             final String canonicalBaseDN,
             final UserIdentity userIdentity
     )
@@ -281,7 +277,7 @@ public class UserPermissionUtility
             return false;
         }
 
-        final String userDN = userIdentity.canonicalized( sessionLabel, pwmDomain.getPwmApplication() ).getUserDN();
+        final String userDN = userIdentity.canonicalized( pwmApplication ).getUserDN();
         return userDN.endsWith( canonicalBaseDN );
     }
 

server/src/main/resources/password/pwm/AppProperty.properties

@@ -74,7 +74,6 @@ config.theme=pwm
 config.enableJbCryptPwLibrary=true
 configEditor.blockOldIE=true
 configEditor.userPermission.matchResultsLimit=5000
-configEditor.userPermission.matchTimeoutSeconds=10
 configEditor.idleTimeoutSeconds=900
 configGuide.idleTimeoutSeconds=3600
 configManager.zipDebug.maxLogBytes=50000000