introduce domain properties

Author: jrivard

server/src/main/java/password/pwm/AppProperty.java

@@ -60,8 +60,6 @@ public enum AppProperty
     CACHE_FORM_UNIQUE_VALUE_LIFETIME_MS             ( "cache.uniqueFormValueLifetimeMS" ),
     CLIENT_ACTIVITY_MAX_EPS_RATE                    ( "client.ajax.activityMaxEpsRate" ),
     CLIENT_AJAX_PW_WAIT_CHECK_SECONDS               ( "client.ajax.changePasswordWaitCheckSeconds" ),
-    CLIENT_AJAX_TYPING_TIMEOUT                      ( "client.ajax.typingTimeout" ),
-    CLIENT_AJAX_TYPING_WAIT                         ( "client.ajax.typingWait" ),
     CLIENT_FORM_NONCE_ENABLE                        ( "client.formNonce.enable" ),
     CLIENT_FORM_NONCE_LENGTH                        ( "client.formNonce.length" ),
     CLIENT_FORM_CLIENT_REGEX_ENABLED                ( "client.form.clientRegexEnable" ),
@@ -112,20 +110,6 @@ public enum AppProperty
     HTTP_RESOURCES_ENABLE_PATH_NONCE                ( "http.resources.pathNonceEnable" ),
     HTTP_RESOURCES_NONCE_PATH_PREFIX                ( "http.resources.pathNoncePrefix" ),
     HTTP_RESOURCES_ZIP_FILES                        ( "http.resources.zipFiles" ),
-    HTTP_COOKIE_DEFAULT_SECURE_FLAG                 ( "http.cookie.default.secureFlag" ),
-    HTTP_COOKIE_HTTPONLY_ENABLE                     ( "http.cookie.httponly.enable" ),
-    HTTP_COOKIE_THEME_NAME                          ( "http.cookie.theme.name" ),
-    HTTP_COOKIE_THEME_AGE                           ( "http.cookie.theme.age" ),
-    HTTP_COOKIE_LOCALE_NAME                         ( "http.cookie.locale.name" ),
-    HTTP_COOKIE_AUTHRECORD_NAME                     ( "http.cookie.authRecord.name" ),
-    HTTP_COOKIE_AUTHRECORD_AGE                      ( "http.cookie.authRecord.age" ),
-    HTTP_COOKIE_MAX_READ_LENGTH                     ( "http.cookie.maxReadLength" ),
-    HTTP_COOKIE_CAPTCHA_SKIP_NAME                   ( "http.cookie.captchaSkip.name" ),
-    HTTP_COOKIE_CAPTCHA_SKIP_AGE                    ( "http.cookie.captchaSkip.age" ),
-    HTTP_COOKIE_LOGIN_NAME                          ( "http.cookie.login.name" ),
-    HTTP_COOKIE_NONCE_NAME                          ( "http.cookie.nonce.name" ),
-    HTTP_COOKIE_NONCE_LENGTH                        ( "http.cookie.nonce.length" ),
-    HTTP_COOKIE_SAMESITE_VALUE                      ( "http.cookie.sameSite.value" ),
     HTTP_BASIC_AUTH_CHARSET                         ( "http.basicAuth.charset" ),
     HTTP_BODY_MAXREAD_LENGTH                        ( "http.body.maxReadLength" ),
     HTTP_CLIENT_ALWAYS_LOG_ENTITIES                 ( "http.client.alwaysLogEntities" ),
@@ -218,31 +202,6 @@ public enum AppProperty
     HELPDESK_TOKEN_VALUE                            ( "helpdesk.token.value" ),
     HELPDESK_VERIFICATION_INVALID_DELAY_MS          ( "helpdesk.verification.invalid.delayMs" ),
     HELPDESK_VERIFICATION_TIMEOUT_SECONDS           ( "helpdesk.verification.timeoutSeconds" ),
-    LDAP_RESOLVE_CANONICAL_DN                       ( "ldap.resolveCanonicalDN" ),
-    LDAP_CACHE_CANONICAL_ENABLE                     ( "ldap.cache.canonical.enable" ),
-    LDAP_CACHE_CANONICAL_SECONDS                    ( "ldap.cache.canonical.seconds" ),
-    LDAP_CACHE_USER_GUID_ENABLE                     ( "ldap.cache.userGuid.enable" ),
-    LDAP_CACHE_USER_GUID_SECONDS                    ( "ldap.cache.userGuid.seconds" ),
-    LDAP_CHAI_SETTINGS                              ( "ldap.chaiSettings" ),
-    LDAP_PROXY_CONNECTION_PER_PROFILE               ( "ldap.proxy.connectionsPerProfile" ),
-    LDAP_PROXY_MAX_CONNECTIONS                      ( "ldap.proxy.maxConnections" ),
-    LDAP_PROXY_IDLE_THREAD_LOCAL_TIMEOUT_MS         ( "ldap.proxy.idleThreadLocal.timeoutMS" ),
-    LDAP_EXTENSIONS_NMAS_ENABLE                     ( "ldap.extensions.nmas.enable" ),
-    LDAP_CONNECTION_TIMEOUT                         ( "ldap.connection.timeoutMS" ),
-    LDAP_PROFILE_RETRY_DELAY                        ( "ldap.profile.retryDelayMS" ),
-    LDAP_PROMISCUOUS_ENABLE                         ( "ldap.promiscuousEnable" ),
-    LDAP_PASSWORD_REPLICA_CHECK_INIT_DELAY_MS       ( "ldap.password.replicaCheck.initialDelayMS" ),
-    LDAP_PASSWORD_REPLICA_CHECK_CYCLE_DELAY_MS      ( "ldap.password.replicaCheck.cycleDelayMS" ),
-    LDAP_PASSWORD_CHANGE_SELF_ENABLE                ( "ldap.password.change.self.enable" ),
-    LDAP_PASSWORD_CHANGE_HELPDESK_ENABLE            ( "ldap.password.change.helpdesk.enable" ),
-    LDAP_GUID_PATTERN                               ( "ldap.guid.pattern" ),
-    LDAP_BROWSER_MAX_ENTRIES                        ( "ldap.browser.maxEntries" ),
-    LDAP_SEARCH_PAGING_ENABLE                       ( "ldap.search.paging.enable" ),
-    LDAP_SEARCH_PAGING_SIZE                         ( "ldap.search.paging.size" ),
-    LDAP_SEARCH_PARALLEL_ENABLE                     ( "ldap.search.parallel.enable" ),
-    LDAP_SEARCH_PARALLEL_FACTOR                     ( "ldap.search.parallel.factor" ),
-    LDAP_SEARCH_PARALLEL_THREAD_MAX                 ( "ldap.search.parallel.threadMax" ),
-    LDAP_ORACLE_POST_TEMPPW_USE_CURRENT_TIME        ( "ldap.oracle.postTempPasswordUseCurrentTime" ),
     LOGGING_OUTPUT_CONFIGURATION                    ( "logging.output.configuration.enable" ),
     LOGGING_OUTPUT_HEALTHCHECK                      ( "logging.output.healthCheck.enable" ),
     LOGGING_OUTPUT_RUNTIME                          ( "logging.output.runtime.enable" ),

server/src/main/java/password/pwm/DomainProperty.java

@@ -0,0 +1,106 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://www.pwm-project.org
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2021 The PWM Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package password.pwm;
+
+import password.pwm.util.java.EnumUtil;
+
+import java.util.Objects;
+import java.util.Optional;
+import java.util.ResourceBundle;
+
+public enum DomainProperty
+{
+    CLIENT_AJAX_TYPING_TIMEOUT                      ( "client.ajax.typingTimeout" ),
+    CLIENT_AJAX_TYPING_WAIT                         ( "client.ajax.typingWait" ),
+    HTTP_COOKIE_DEFAULT_SECURE_FLAG                 ( "http.cookie.default.secureFlag" ),
+    HTTP_COOKIE_HTTPONLY_ENABLE                     ( "http.cookie.httponly.enable" ),
+    HTTP_COOKIE_THEME_NAME                          ( "http.cookie.theme.name" ),
+    HTTP_COOKIE_THEME_AGE                           ( "http.cookie.theme.age" ),
+    HTTP_COOKIE_LOCALE_NAME                         ( "http.cookie.locale.name" ),
+    HTTP_COOKIE_AUTHRECORD_NAME                     ( "http.cookie.authRecord.name" ),
+    HTTP_COOKIE_AUTHRECORD_AGE                      ( "http.cookie.authRecord.age" ),
+    HTTP_COOKIE_MAX_READ_LENGTH                     ( "http.cookie.maxReadLength" ),
+    HTTP_COOKIE_CAPTCHA_SKIP_NAME                   ( "http.cookie.captchaSkip.name" ),
+    HTTP_COOKIE_CAPTCHA_SKIP_AGE                    ( "http.cookie.captchaSkip.age" ),
+    HTTP_COOKIE_LOGIN_NAME                          ( "http.cookie.login.name" ),
+    HTTP_COOKIE_NONCE_NAME                          ( "http.cookie.nonce.name" ),
+    HTTP_COOKIE_NONCE_LENGTH                        ( "http.cookie.nonce.length" ),
+    HTTP_COOKIE_SAMESITE_VALUE                      ( "http.cookie.sameSite.value" ),
+    LDAP_RESOLVE_CANONICAL_DN                       ( "ldap.resolveCanonicalDN" ),
+    LDAP_CACHE_CANONICAL_ENABLE                     ( "ldap.cache.canonical.enable" ),
+    LDAP_CACHE_CANONICAL_SECONDS                    ( "ldap.cache.canonical.seconds" ),
+    LDAP_CACHE_USER_GUID_ENABLE                     ( "ldap.cache.userGuid.enable" ),
+    LDAP_CACHE_USER_GUID_SECONDS                    ( "ldap.cache.userGuid.seconds" ),
+    LDAP_CHAI_SETTINGS                              ( "ldap.chaiSettings" ),
+    LDAP_PROXY_CONNECTION_PER_PROFILE               ( "ldap.proxy.connectionsPerProfile" ),
+    LDAP_PROXY_MAX_CONNECTIONS                      ( "ldap.proxy.maxConnections" ),
+    LDAP_PROXY_IDLE_THREAD_LOCAL_TIMEOUT_MS         ( "ldap.proxy.idleThreadLocal.timeoutMS" ),
+    LDAP_EXTENSIONS_NMAS_ENABLE                     ( "ldap.extensions.nmas.enable" ),
+    LDAP_CONNECTION_TIMEOUT                         ( "ldap.connection.timeoutMS" ),
+    LDAP_PROFILE_RETRY_DELAY                        ( "ldap.profile.retryDelayMS" ),
+    LDAP_PROMISCUOUS_ENABLE                         ( "ldap.promiscuousEnable" ),
+    LDAP_PASSWORD_REPLICA_CHECK_INIT_DELAY_MS       ( "ldap.password.replicaCheck.initialDelayMS" ),
+    LDAP_PASSWORD_REPLICA_CHECK_CYCLE_DELAY_MS      ( "ldap.password.replicaCheck.cycleDelayMS" ),
+    LDAP_PASSWORD_CHANGE_SELF_ENABLE                ( "ldap.password.change.self.enable" ),
+    LDAP_PASSWORD_CHANGE_HELPDESK_ENABLE            ( "ldap.password.change.helpdesk.enable" ),
+    LDAP_GUID_PATTERN                               ( "ldap.guid.pattern" ),
+    LDAP_BROWSER_MAX_ENTRIES                        ( "ldap.browser.maxEntries" ),
+    LDAP_SEARCH_PAGING_ENABLE                       ( "ldap.search.paging.enable" ),
+    LDAP_SEARCH_PAGING_SIZE                         ( "ldap.search.paging.size" ),
+    LDAP_SEARCH_PARALLEL_ENABLE                     ( "ldap.search.parallel.enable" ),
+    LDAP_SEARCH_PARALLEL_FACTOR                     ( "ldap.search.parallel.factor" ),
+    LDAP_SEARCH_PARALLEL_THREAD_MAX                 ( "ldap.search.parallel.threadMax" ),
+    LDAP_ORACLE_POST_TEMPPW_USE_CURRENT_TIME        ( "ldap.oracle.postTempPasswordUseCurrentTime" ),;
+
+    private final String key;
+    private final String defaultValue;
+
+    DomainProperty( final String key )
+    {
+        this.key = key;
+        this.defaultValue = readDomainPropertiesBundle( key );
+    }
+
+    public String getKey( )
+    {
+        return key;
+    }
+
+    public String getDefaultValue( )
+    {
+        return defaultValue;
+    }
+
+    public boolean isDefaultValue( final String value )
+    {
+        return Objects.equals( defaultValue, value );
+    }
+
+    public static Optional<DomainProperty> forKey( final String key )
+    {
+        return EnumUtil.readEnumFromPredicate( DomainProperty.class, domainProperty -> Objects.equals( domainProperty.getKey(), key ) );
+    }
+
+    private static String readDomainPropertiesBundle( final String key )
+    {
+        return ResourceBundle.getBundle( DomainProperty.class.getName() ).getString( key );
+    }
+}

server/src/main/java/password/pwm/config/DomainConfig.java

@@ -21,6 +21,7 @@
 package password.pwm.config;
 
 import password.pwm.AppProperty;
+import password.pwm.DomainProperty;
 import password.pwm.bean.DomainID;
 import password.pwm.bean.EmailItemBean;
 import password.pwm.bean.PrivateKeyCertificate;
@@ -56,11 +57,12 @@
 import password.pwm.util.java.CollectionUtil;
 import password.pwm.util.java.CollectorUtil;
 import password.pwm.util.java.EnumUtil;
+import password.pwm.util.java.StringUtil;
 import password.pwm.util.secure.PwmSecurityKey;
 
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
-import java.util.Collections;
+import java.util.EnumMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@@ -85,13 +87,17 @@ public class DomainConfig implements SettingReader
     private final StoredSettingReader settingReader;
     private final PwmSecurityKey domainSecurityKey;
 
+    private final Map<DomainProperty, String> domainProperties;
+
     public DomainConfig( final AppConfig appConfig, final DomainID domainID )
     {
         this.appConfig = Objects.requireNonNull( appConfig );
         this.storedConfiguration = appConfig.getStoredConfiguration();
         this.domainID = Objects.requireNonNull( domainID );
         this.settingReader = new StoredSettingReader( storedConfiguration, null, domainID );
 
+        this.domainProperties = makeDomainPropertyOverrides( domainID, appConfig );
+
         this.cachedPasswordPolicy = getPasswordProfileIDs().stream()
                 .map( profile -> PwmPasswordPolicy.createPwmPasswordPolicy( this, profile ) )
                 .collect( CollectorUtil.toUnmodifiableLinkedMap(
@@ -283,6 +289,11 @@ public String readAppProperty( final AppProperty property )
         return appConfig.readAppProperty( property );
     }
 
+    public String readDomainProperty( final DomainProperty property )
+    {
+        return domainProperties.getOrDefault( property, property.getDefaultValue() );
+    }
+
     public DomainID getDomainID()
     {
         return domainID;
@@ -395,7 +406,7 @@ private List<DataStorageMethod> calculateMethods(
         {
             methods.add( DataStorageMethod.NMAS );
         }
-        return Collections.unmodifiableList( methods );
+        return List.copyOf( methods );
     }
 
 
@@ -427,6 +438,35 @@ private static PwmSecurityKey makeDomainSecurityKey(
         }
     }
 
+    private static Map<DomainProperty, String> makeDomainPropertyOverrides( final DomainID domainID, final AppConfig appConfig )
+    {
+        final List<String> settingValues = appConfig.readSettingAsStringArray( PwmSetting.APP_PROPERTY_OVERRIDES );
+
+        final Map<String, String> stringMap = StringUtil.convertStringListToNameValuePair( settingValues, "=" );
+
+        final Map<DomainProperty, String> appPropertyMap = new EnumMap<>( DomainProperty.class );
+        for ( final Map.Entry<String, String> stringEntry : stringMap.entrySet() )
+        {
+            final String value = stringEntry.getValue();
+            final String domainPrefixedPropKey = domainID.stringValue() + "." + stringEntry.getKey();
+
+            final Optional<DomainProperty> domainProperty = DomainProperty.forKey( domainPrefixedPropKey )
+                    .or( () -> DomainProperty.forKey( stringEntry.getKey() ) );
+
+            domainProperty
+                    .ifPresent( domainPropertyKey ->
+                    {
+                        if ( !domainPropertyKey.isDefaultValue( value ) )
+                        {
+                            appPropertyMap.put( domainPropertyKey, value );
+                        }
+                    } );
+        }
+
+        return CollectionUtil.unmodifiableEnumMap( appPropertyMap, DomainProperty.class );
+    }
+
+
     @Override
     public String getValueHash()
     {

server/src/main/java/password/pwm/config/profile/LdapProfile.java

@@ -24,7 +24,7 @@
 import com.novell.ldapchai.exception.ChaiOperationException;
 import com.novell.ldapchai.exception.ChaiUnavailableException;
 import com.novell.ldapchai.provider.ChaiProvider;
-import password.pwm.AppProperty;
+import password.pwm.DomainProperty;
 import password.pwm.PwmDomain;
 import password.pwm.bean.DomainID;
 import password.pwm.bean.ProfileID;
@@ -168,14 +168,14 @@ public String readCanonicalDN(
         final Instant startTime = Instant.now();
 
         {
-            final boolean doCanonicalDnResolve = Boolean.parseBoolean( pwmDomain.getConfig().readAppProperty( AppProperty.LDAP_RESOLVE_CANONICAL_DN ) );
+            final boolean doCanonicalDnResolve = Boolean.parseBoolean( pwmDomain.getConfig().readDomainProperty( DomainProperty.LDAP_RESOLVE_CANONICAL_DN ) );
             if ( !doCanonicalDnResolve )
             {
                 return dnValue;
             }
         }
 
-        final boolean enableCanonicalCache = Boolean.parseBoolean( pwmDomain.getConfig().readAppProperty( AppProperty.LDAP_CACHE_CANONICAL_ENABLE ) );
+        final boolean enableCanonicalCache = Boolean.parseBoolean( pwmDomain.getConfig().readDomainProperty( DomainProperty.LDAP_CACHE_CANONICAL_ENABLE ) );
 
         String canonicalValue = null;
         final CacheKey cacheKey = CacheKey.newKey( LdapProfile.class, null, "canonicalDN-" + this.getId() + "-" + dnValue );
@@ -198,7 +198,7 @@ public String readCanonicalDN(
 
                 if ( enableCanonicalCache )
                 {
-                    final long cacheSeconds = Long.parseLong( pwmDomain.getConfig().readAppProperty( AppProperty.LDAP_CACHE_CANONICAL_SECONDS ) );
+                    final long cacheSeconds = Long.parseLong( pwmDomain.getConfig().readDomainProperty( DomainProperty.LDAP_CACHE_CANONICAL_SECONDS ) );
                     final CachePolicy cachePolicy = CachePolicy.makePolicyWithExpiration( TimeDuration.of( cacheSeconds, TimeDuration.Unit.SECONDS ) );
                     pwmDomain.getCacheService().put( cacheKey, cachePolicy, canonicalValue );
                 }

server/src/main/java/password/pwm/health/ConfigurationChecker.java

@@ -21,7 +21,7 @@
 package password.pwm.health;
 
 import lombok.Value;
-import password.pwm.AppProperty;
+import password.pwm.DomainProperty;
 import password.pwm.PwmApplication;
 import password.pwm.PwmApplicationMode;
 import password.pwm.PwmConstants;
@@ -91,10 +91,10 @@ public class ConfigurationChecker implements HealthSupplier
             VerifyIfDeprecatedJsFormOptionUsed.class,
             VerifyNewUserLdapProfile.class,
             VerifyPasswordWaitTimes.class,
+            VerifyBasicSystemConfigs.class,
             VerifyUserPermissionSettings.class );
 
     private static final List<Class<? extends ConfigSystemHealthCheck>> SYSTEM_CHECKS = List.of(
-            VerifyBasicSystemConfigs.class,
             VerifyDbConfiguredIfNeededSystem.class );
 
     @Override
@@ -214,20 +214,20 @@ public List<HealthRecord> healthCheck( final DomainHealthCheckRequest domainHeal
         }
     }
 
-    static class VerifyBasicSystemConfigs implements ConfigSystemHealthCheck
+    static class VerifyBasicSystemConfigs implements ConfigDomainHealthCheck
     {
         @Override
-        public List<HealthRecord> healthCheck( final SystemHealthCheckRequest systemHealthCheckRequest )
+        public List<HealthRecord> healthCheck( final DomainHealthCheckRequest domainHealthCheckRequest )
         {
-            final AppConfig config = systemHealthCheckRequest.getDomainConfig();
-            final Locale locale = systemHealthCheckRequest.getLocale();
+            final DomainConfig config = domainHealthCheckRequest.getDomainConfig();
+            final Locale locale = domainHealthCheckRequest.getLocale();
 
             final String separator = LocaleHelper.getLocalizedMessage( locale, Config.Display_SettingNavigationSeparator, null );
             final List<HealthRecord> records = new ArrayList<>();
 
-            if ( Boolean.parseBoolean( config.readAppProperty( AppProperty.LDAP_PROMISCUOUS_ENABLE ) ) )
+            if ( Boolean.parseBoolean( config.readDomainProperty( DomainProperty.LDAP_PROMISCUOUS_ENABLE ) ) )
             {
-                final String appPropertyKey = "AppProperty" + separator + AppProperty.LDAP_PROMISCUOUS_ENABLE.getKey();
+                final String appPropertyKey = "AppProperty" + separator + DomainProperty.LDAP_PROMISCUOUS_ENABLE.getKey();
                 records.add( HealthRecord.forMessage(
                         DomainID.systemId(),
                         HealthMessage.Config_PromiscuousLDAP,

server/src/main/java/password/pwm/http/PwmHttpRequestWrapper.java

@@ -388,7 +388,7 @@ public List<String> parameterNames( )
 
         return CollectionUtil.iteratorToStream( getHttpServletRequest().getParameterNames().asIterator() )
                 .map( s -> Validator.sanitizeInputValue( appConfig, s, maxChars ) )
-                .collect( Collectors.toUnmodifiableList() );
+                .toList();
 
     }