v0.5.14 update

Updated dependency PostgreSQL JDBC 42.7.5 -> 42.7.7
Updated dependency JSch 0.2.24 -> 2.27.2
Updated dependency JSON-java 20250107 -> 20250517
Shortened output of 'about' command
Fixed bug in version comparison logic
Minor front-end improvements
Order server list frontend to show offline servers last
added option to reenable WebCTRL's password policy for managed operators
connected servers will only auto-push operator updates back to the database when that operator has logged in within the past 8 hours
for WebCTRL8.0, auto-pushing operator updates to the database will no longer function
added auto_logout_exclude_ids setting to prevent operator session timeouts from syncing to particular servers
updated README

Author: cvogt729

README.md

@@ -143,7 +143,7 @@ Now you are ready to test the add-on's connection to your PostgreSQL server.
 
 Fill out all the required fields, click *Save Changes* and then click *Sync Now*. Be sure to specify the correct database name in the connection URL. After waiting a minute, go to the log viewer page and verify that the sync was successful. I suggest using `0 0 * * * *` for the cron expression and `900000` milliseconds for the random maximum offset. This cron expression specifies to start a sync at the beginning of each hour. The random maximum offset specifies to start the sync randomly at some time during the first 15 minutes of the hour. This randomization is important when there are many add-on instances trying to connect to the PostgreSQL database. It ensures the database is not flooded with too many requests all at once.
 
-When the add-on connects to the PostgreSQL database for the first time, it generates a unique server ID for itself. The *Reset ID* button can be used to delete the saved ID and generate a new one.
+When the add-on connects to the PostgreSQL database for the first time, it generates a unique server ID for itself. The *Reset ID* button can be used to delete the saved ID and generate a new one. By default, WebCTRL's password policy is disabled for operators managed by this add-on. The setting that forces users to change their passwords at next login is also disabled by default. To permit both behaviors, you may uncheck the *Bypass Password Policy* box.
 
 If firewall restrictions limit PostgreSQL traffic, you can try using an SSH proxy server as an intermediary. In the below example, you would connect to `127.0.0.1:5433/database` after the proxy is set. The proxy is activated only when the add-on tries to sync, and then is deactivated afterwards. For security and simplicity, proxy settings cannot be viewed from a web browser after they are set.
 
@@ -196,7 +196,7 @@ In addition to the SFTP connection settings shown in the previous section, there
 | `debug` | `false` | When enabled, log messages will be more verbose. |
 | `log_expiration` | `60` | Specifies how many days to retain log messages in the database. |
 | `auto_update` | `true` | Specifies whether to attempt automatic updates for this add-on. |
-| `version` | `0.5.13` | When `auto_update` is enabled, any connected client whose add-on version is less than this value will be updated. |
+| `version` | `0.5.14` | When `auto_update` is enabled, any connected client whose add-on version is less than this value will be updated. |
 | `download_path` | `/webctrl/addons/PostgreSQL_Connect.addon` | When `auto_update` is enabled, this is the SFTP server path where the latest version add-on file will be retrieved. |
 | `license_directory` | `/webctrl/licenses` | Specifies an SFTP server directory path for where to store WebCTRL license files. |
 | `ftp_host` | `postgresql.domain.com` | SFTP server hostname or IP address. |
@@ -206,6 +206,7 @@ In addition to the SFTP connection settings shown in the previous section, there
 | `ftp_key` | `-----BEGIN OPENSSH PRIVATE KEY----- ...` | Private key which authenticates the client to the SFTP server. |
 | `ftp_port_secondary` | `443` | Secondary SFTP port which may be utilized by some servers. This may be useful to bypass certain firewalls. |
 | `ftp_port_secondary_ids` | `46;51;60;61;62` | Semi-colon delimited list of server IDs which should use the secondary SFTP port. |
+| `auto_logout_exclude_ids` | `46;51;60;61;62` | Semi-colon delimited list of server IDs which should not synchronize operator session timeout thresholds. |
 
 When trying to push out an update for the add-on, you should do things in the following order:
 
@@ -229,7 +230,7 @@ This page lists all connected servers. If a server is decomissioned or permanent
 | ID | `1` | Internal ID which uniquely identifies the server within the PostgreSQL database. (Read-only) |
 | Name | `ACES Main Building` | User-friendly display name for the server. This defaults to the display name of the root of the Geo tree. |
 | WebCTRL Version | `8.5.002.20230323-123687` | Full version of the WebCTRL server. (Read-only) |
-| Add-On Version | `0.5.13` | Installed version of the PostgreSQL_Connect add-on. (Read-only) |
+| Add-On Version | `0.5.14` | Installed version of the PostgreSQL_Connect add-on. (Read-only) |
 | IP Address | `123.45.67.89` | External IP address of the server as viewed by the PostgreSQL database. (Read-only) |
 | Last Sync | `2024-12-02 14:05:32` | Timestamp of the last successful synchronization. If synced within the last 24 hours, the background color is green; otherwise, the background is red. (Read-only) |
 | License | `WebCTRL Premium` | Click this field to download WebCTRL's license. (Read-only) |
@@ -284,7 +285,7 @@ The table structure of this page is identical to that of the operator whitelist
 
 ### Reverse Operator Sync
 
-When whitelisted operators changes their passwords (or other attributes) locally on the WebCTRL server, the changes are pushed back to the database during the next sync interval. It can take up to two full sync cycles for the password change to propogate to other connected server. This process can be sped up by clicking the *Sync Operator Data* item in WebCTRL's main menu in the upper-right corner (then propogation will only take one sync cycle).
+When whitelisted operators changes their passwords (or other attributes) locally on the WebCTRL server, the changes are pushed back to the database during the next sync interval. It can take up to two full sync cycles for the password change to propogate to other connected server. With this logic as stated, it would be possible for a local admin at one site to reset the passwords of everyone across all sites (either accidentally or maliciously). To mitigiate this possibility, the whitelisted operators being updated must have logged into the server within the past 8 hours in order for changes to propagate. Note that this reverse sync only functions on WebCTRL versions 8.5 and later.
 
 ### Operator Blacklist
 
@@ -346,12 +347,12 @@ Commands chained together using new-lines in a single entry are fail-fast, which
 | `exists <path>` | Asserts that the specified file or directory exists. If non-existent, then command execution is terminated. |
 | `!exists <path>` | Asserts that the specified file or directory does not exists. If it exists, then command execution is terminated. |
 | `regex <file_path> <find> [replace]` | If a replacement string is not given, then this commands logs all matches of the regular expression in the specified file. If a replacement string is given, then this command edits the specified file by replacing all matches of the regular expression. The file's contents are assumed to be UTF-8 encoded text. The [MULTILINE](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/util/regex/Pattern.html#MULTILINE) and [DOTALL](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/util/regex/Pattern.html#DOTALL) flags are used by default. |
-| `download <sftp_file_path> <local_file_path>` | Downloads a file from the SFTP server into the local file system of the WebCTRL server. |
+| `download <sftp_file_path> <local_file_path>` | Downloads a file from the SFTP server into the local file system of the WebCTRL server, overwriting if the file already exists. |
 | `upload <local_file_path> <sftp_file_path>` | Uploads a file from the local file system of the WebCTRL server into the SFTP server. |
 | `canApplyUpdate <file_path>` | Asserts that WebCTRL is able to apply the specified *.update* patch file. If the update cannot be applied, then command execution is terminated. |
 | `!canApplyUpdate <file_path>` | Asserts that WebCTRL is not able to apply the specified *.update* patch file. If the update can be applied, then command execution is terminated. |
 | `updateDST` | Updates daylight savings dates stored in the WebCTRL database and marks controllers for a pending parameter download. |
-| `opentunnel <listen_port> <target_port> [timeout]` | Open a reverse SSH tunnel from the WebCTRL server to the SFTP server. `listen_port` is opened on the SFTP server, and connections to this port are forwarded to `target_port` on the WebCTRL server. After `timeout` expires, the tunnel will be closed at the next sync. If `timeout` is undefined, then the tunnel stays open until the next server reboot. |
+| `opentunnel <listen_port> <target_port> [timeout]` | Open a reverse SSH tunnel from the WebCTRL server to the SFTP server. `listen_port` is opened on the SFTP server, and connections to this port are forwarded to `target_port` on the WebCTRL server. After `timeout` expires (milliseconds), the tunnel will be closed at the next sync. If `timeout` is undefined, then the tunnel stays open until the next server reboot. |
 | `closetunnel [listen_port]` | Close a reverse SSH tunnel that was previously opened with the `opentunnel` command. If `listen_port` is unspecified, all tunnels are closed (excluding those configured in the [SSH Tunnels](#ssh-tunnels) section). |
 | `listtunnels` | Logs a list of all open SSH tunnels. |
 
@@ -463,9 +464,9 @@ CREATE INDEX webctrl_trend_data_time ON webctrl.trend_data ("time" DESC);
 
 ### Packaged Dependencies
 
-- [PostgreSQL JDBC 42.7.5](https://jdbc.postgresql.org/) - Used to connect to PostgreSQL databases.
-- [JSch 0.2.24](https://github.com/mwiede/jsch) - Used to connect to SFTP servers.
-- [JSON-java 20250107](https://github.com/stleary/JSON-java) - Used to encode and decode JSON data.
+- [PostgreSQL JDBC 42.7.7](https://jdbc.postgresql.org/) - Used to connect to PostgreSQL databases.
+- [JSch 2.27.2](https://github.com/mwiede/jsch) - Used to connect to SFTP servers.
+- [JSON-java 20250517](https://github.com/stleary/JSON-java) - Used to encode and decode JSON data.
 
 ### Server ID Reset
 

config/BUILD_DETAILS

@@ -1,7 +1,7 @@
 JDK Version:
-openjdk 22.0.1 2024-04-16
-OpenJDK Runtime Environment (build 22.0.1+8-16)
-OpenJDK 64-Bit Server VM (build 22.0.1+8-16, mixed mode, sharing)
+openjdk 24.0.1 2025-04-15
+OpenJDK Runtime Environment (build 24.0.1+9-30)
+OpenJDK 64-Bit Server VM (build 24.0.1+9-30, mixed mode, sharing)
 
 Compilation Flags:
 --release 11
@@ -10,7 +10,10 @@ Runtime Dependencies:
 addonsupport-api-addon-1.10.0
 alarmmanager-api-addon-1.10.0
 bacnet-api-core-1.10.007-20240227.1003r
+datatable-api-addon-1.10.0
 directaccess-api-addon-1.10.0
+logicbuilder-api-addon-1.10.0
+semantics-api-addon-1.10.0
 tomcat-embed-core-9.0.87
 webaccess-api-addon-1.10.0
 xdatabase-api-addon-1.10.0
@@ -33,9 +36,9 @@ webserver-api-9.0.002
 webui-9.0.002
 
 Packaged Dependencies:
-jsch-0.2.24-sources
-jsch-0.2.24
-json-20250107-sources
-json-20250107
-postgresql-42.7.5-sources
-postgresql-42.7.5
+jsch-2.27.2-sources
+jsch-2.27.2
+json-20250517-sources
+json-20250517
+postgresql-42.7.7-sources
+postgresql-42.7.7

config/EXTERNAL_DEPS

@@ -1,6 +1,6 @@
-url:postgresql-42.7.5.jar:https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.5/postgresql-42.7.5.jar
-url:postgresql-42.7.5-sources.jar:https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.5/postgresql-42.7.5-sources.jar
-url:jsch-0.2.24.jar:https://repo1.maven.org/maven2/com/github/mwiede/jsch/0.2.24/jsch-0.2.24.jar
-url:jsch-0.2.24-sources.jar:https://repo1.maven.org/maven2/com/github/mwiede/jsch/0.2.24/jsch-0.2.24-sources.jar
-url:json-20250107.jar:https://repo1.maven.org/maven2/org/json/json/20250107/json-20250107.jar
-url:json-20250107-sources.jar:https://repo1.maven.org/maven2/org/json/json/20250107/json-20250107-sources.jar
+url:postgresql-42.7.7.jar:https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.7/postgresql-42.7.7.jar
+url:postgresql-42.7.7-sources.jar:https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.7/postgresql-42.7.7-sources.jar
+url:jsch-2.27.2.jar:https://repo1.maven.org/maven2/com/github/mwiede/jsch/2.27.2/jsch-2.27.2.jar
+url:jsch-2.27.2-sources.jar:https://repo1.maven.org/maven2/com/github/mwiede/jsch/2.27.2/jsch-2.27.2-sources.jar
+url:json-20250517.jar:https://repo1.maven.org/maven2/org/json/json/20250517/json-20250517.jar
+url:json-20250517-sources.jar:https://repo1.maven.org/maven2/org/json/json/20250517/json-20250517-sources.jar

resources/postgresql_config.png

@@ -1,7 +1,7 @@
 <extension version="1">
   <name>PostgreSQL_Connect</name>
   <description>Periodically synchronizes operators, add-ons, and specified trends with an external PostgreSQL database.</description>
-  <version>0.5.13</version>
+  <version>0.5.14</version>
   <vendor>Automatic Controls Equipment Systems, Inc.</vendor>
   <system-menu-provider>aces.webctrl.postgresql.web.SystemMenuEditor</system-menu-provider>
 </extension>

root/info.xml

@@ -8,6 +8,7 @@ public class Config {
   public volatile static String username = null;
   public volatile static String password = null;
   public volatile static String keystorePassword = null;
+  public volatile static boolean bypassPasswordPolicy = true;
   public volatile static int ID;
   public final static CronExpression cron = new CronExpression();
   public volatile static long maxRandomOffset;
@@ -18,6 +19,7 @@ private static void revertDefaults(){
     username = "";
     password = "";
     keystorePassword = "";
+    bypassPasswordPolicy = true;
     maxRandomOffset = 900000L;
     cron.set("0 0 * * * *");
   }

src/aces/webctrl/postgresql/core/Config.java

@@ -179,20 +179,33 @@ public static void about(final StringBuilder sb){
       int i,j;
       String[] jvmAtt;
       String[] jvmVal;
+      String s;
+      final HashSet<String> ignore = new HashSet<String>();
+      ignore.add("java.class.path");
+      ignore.add("jarstoskip");
       for (Object[] jvmProp : jvm.getOrderedJavaProperties()) {
-        jvmAtt = CJStringTokenizer.split((String)jvmProp[0], 39);
+        s = (String)jvmProp[0];
+        if (ignore.contains(s.toLowerCase())){
+          continue;
+        }
+        jvmAtt = CJStringTokenizer.split(s, 39);
         jvmVal = CJStringTokenizer.split((String)jvmProp[1], 135);
         j = Math.max(jvmAtt.length, jvmVal.length);
+        if (j>4){
+          continue;
+        }
         for (i = 0; i < j; ++i) {
           if (i < jvmAtt.length) {
-            w.print(CJIO.formatToLength(jvmAtt[i], 40, true));
+            if (i < jvmVal.length && jvmVal[i].length()>0){
+              w.print(CJIO.formatToLength(jvmAtt[i], 40, true));
+            }else{
+              w.print(jvmAtt[i]);
+            }
           } else {
             w.print(CJIO.formatToLength("", 40, true));
           }
           if (i < jvmVal.length) {
-            w.print(CJIO.formatToLength(jvmVal[i], 135, true));
-          } else {
-            w.print(CJIO.formatToLength("", 135, true));
+            w.print(jvmVal[i]);
           }
           w.println();
         }
@@ -838,10 +851,10 @@ private void writeUpdatesForType(PrintWriter out, List<UpdateInfo> updatesByType
           if ("null".equalsIgnoreCase(notesText)) {
             notesText = "No notes available.";
           }
-          out.println("Update : " + nextUpdInfo.getFileName());
-          out.println("Created: " + nextUpdInfo.getCreatedDate());
-          out.println("Applied: " + nextUpdInfo.getDateApplied());
-          out.println("Notes  : " + notesText);
+          out.println(nextUpdInfo.getFileName());
+          //out.println("Created: " + nextUpdInfo.getCreatedDate());
+          //out.println("Applied: " + nextUpdInfo.getDateApplied());
+          //out.println("Notes  : " + notesText);
           out.println();
         }
       }

src/aces/webctrl/postgresql/core/HelperAPI.java

@@ -32,6 +32,8 @@ public class Initializer implements ServletContextListener {
   public volatile static Path pgsslkey;
   /** Path to the SSL key file to use for SFTP */
   public volatile static Path sftpkey;
+  /** The existence of this file indicates that WebCTRL's password policy should not be bypassed */
+  public volatile static Path pwPolicyFlag;
   /** Path to a temporary file used when downloading addons */
   public volatile static Path tmpAddonFile;
   /** Path to the directory containing addons */
@@ -141,6 +143,7 @@ public class Initializer implements ServletContextListener {
     pgsslroot = root.resolve("pgsslroot.cer");
     pgsslkey = root.resolve("pgsslkey.pfx");
     sftpkey = root.resolve("id_rsa");
+    pwPolicyFlag = root.resolve("enf_pw_policy");
     if (EMBEDDED_CONNECTION){
       try{
         if (!Files.exists(pgsslroot)){
@@ -157,6 +160,11 @@ public class Initializer implements ServletContextListener {
       }
     }
     Config.load();
+    try{
+      Config.bypassPasswordPolicy = !Files.exists(pwPolicyFlag);
+    }catch(Throwable t){
+      log(t);
+    }
     TableCache.init();
     try{
       Class.forName("org.postgresql.Driver");
@@ -281,6 +289,7 @@ public static boolean debug(){
    * Tells the processing thread to invoke a synchronization event ASAP.
    */
   public static void syncNow(){
+    status = "Sync Initiated";
     syncNow = true;
     synchronized (syncNotifier){
       syncNotifier.notifyAll();

src/aces/webctrl/postgresql/core/Initializer.java

@@ -34,10 +34,12 @@ public void read(CoreNode op, boolean readUsername) throws CoreNotFoundException
   public void write(OperatorLink link, CoreNode op, boolean admin) throws CoreNotFoundException, CoreDatabaseException, CJDataValueException {
     op.setAttribute(CoreNode.KEY, username);
     op.setAttribute(NodeAttribute.lookup(CoreNode.DISPLAY_NAME, "en", true), display_name);
-    link.setRawPassword(op, password, false);
+    link.setRawPassword(op, password, false, false);
     final CoreNode pref = op.getChild("preferences");
     pref.getChild("lvl5_auto_collapse").setBooleanAttribute(CoreNode.VALUE, lvl5_auto_collapse);
-    pref.getChild("lvl5_auto_logout").setIntAttribute(CoreNode.VALUE, lvl5_auto_logout);
+    if (!Sync.excludeAutoLogoutTime){
+      pref.getChild("lvl5_auto_logout").setIntAttribute(CoreNode.VALUE, lvl5_auto_logout);
+    }
     if (admin){
       link.assignAdminRole(op);
     }
@@ -48,7 +50,7 @@ public void write(OperatorLink link, CoreNode op, boolean admin) throws CoreNotF
     }
     if (obj instanceof OperatorData){
       OperatorData op = (OperatorData)obj;
-      return lvl5_auto_collapse==op.lvl5_auto_collapse && lvl5_auto_logout==op.lvl5_auto_logout && username.equals(op.username) && display_name.equals(op.display_name) && password.equals(op.password);
+      return lvl5_auto_collapse==op.lvl5_auto_collapse && (Sync.excludeAutoLogoutTime || lvl5_auto_logout==op.lvl5_auto_logout) && username.equals(op.username) && display_name.equals(op.display_name) && password.equals(op.password);
     }else{
       return false;
     }
@@ -73,7 +75,7 @@ public String query(OperatorData op){
       }
       sb.append(" \"password\" = ").append(Utility.escapePostgreSQL(op.password));
     }
-    if (lvl5_auto_logout!=op.lvl5_auto_logout){
+    if (!Sync.excludeAutoLogoutTime && lvl5_auto_logout!=op.lvl5_auto_logout){
       if (first){
         first = false;
       }else{