From d64d789ad789e950c3b5e5443fb418a722b917c4 Mon Sep 17 00:00:00 2001 From: "Kajur, Harish (vk250x)" Date: Mon, 26 Nov 2018 00:07:25 -0500 Subject: Initial commit of the schema service Issue-ID: AAI-1950 Change-Id: If2fd9e344d8c4ae1fa1b11e449b686035f55354f Signed-off-by: Kajur, Harish (vk250x) --- aai-schema-service/.gitignore | 17 + aai-schema-service/LICENSE.TXT | 17 + aai-schema-service/pom.xml | 749 +++++++++++++++++++++ .../src/main/assembly/descriptor.xml | 32 + aai-schema-service/src/main/docker/Dockerfile | 24 + aai-schema-service/src/main/docker/aai.sh | 44 ++ .../src/main/docker/docker-entrypoint.sh | 138 ++++ .../java/org/onap/aai/schemaservice/Profiles.java | 32 + .../onap/aai/schemaservice/SchemaServiceApp.java | 153 +++++ .../aai/schemaservice/config/ErrorHandler.java | 143 ++++ .../schemaservice/config/JettyPasswordDecoder.java | 33 + .../aai/schemaservice/config/PasswordDecoder.java | 25 + .../config/PropertyPasswordConfiguration.java | 78 +++ .../interceptors/AAIContainerFilter.java | 41 ++ .../interceptors/AAIHeaderProperties.java | 34 + .../schemaservice/interceptors/package-info.java | 36 + .../post/AAIResponseFilterPriority.java | 38 ++ .../interceptors/post/InvalidResponseStatus.java | 65 ++ .../interceptors/post/ResetLoggingContext.java | 96 +++ .../post/ResponseHeaderManipulation.java | 64 ++ .../post/ResponseTransactionLogging.java | 124 ++++ .../interceptors/pre/AAIRequestFilterPriority.java | 34 + .../interceptors/pre/HeaderValidation.java | 86 +++ .../interceptors/pre/HttpHeaderInterceptor.java | 50 ++ .../interceptors/pre/OneWaySslAuthorization.java | 82 +++ .../pre/RequestHeaderManipulation.java | 63 ++ .../pre/RequestTransactionLogging.java | 113 ++++ .../interceptors/pre/SetLoggingContext.java | 69 ++ .../interceptors/pre/TwoWaySslAuthorization.java | 187 +++++ .../schemaservice/logging/LocalHostAccessLog.java | 68 ++ .../service/AuthorizationService.java | 109 +++ .../aai/schemaservice/web/JerseyConfiguration.java | 122 ++++ .../src/main/resources/application.properties | 65 ++ .../resources/etc/appprops/aaiconfig.properties | 21 + .../main/resources/etc/appprops/error.properties | 182 +++++ .../src/main/resources/etc/auth/aai_keystore | Bin 0 -> 4928 bytes .../src/main/resources/etc/auth/realm.properties | 13 + .../main/resources/localhost-access-logback.xml | 62 ++ aai-schema-service/src/main/resources/logback.xml | 269 ++++++++ .../src/test/resources/application-test.properties | 53 ++ aai-schema-service/src/test/resources/logback.xml | 392 +++++++++++ 41 files changed, 4023 insertions(+) create mode 100644 aai-schema-service/.gitignore create mode 100644 aai-schema-service/LICENSE.TXT create mode 100644 aai-schema-service/pom.xml create mode 100644 aai-schema-service/src/main/assembly/descriptor.xml create mode 100644 aai-schema-service/src/main/docker/Dockerfile create mode 100644 aai-schema-service/src/main/docker/aai.sh create mode 100644 aai-schema-service/src/main/docker/docker-entrypoint.sh create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/Profiles.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/ErrorHandler.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/JettyPasswordDecoder.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PasswordDecoder.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PropertyPasswordConfiguration.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/AAIContainerFilter.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/AAIHeaderProperties.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/package-info.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/AAIResponseFilterPriority.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/InvalidResponseStatus.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResetLoggingContext.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResponseHeaderManipulation.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResponseTransactionLogging.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/AAIRequestFilterPriority.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/HeaderValidation.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/HttpHeaderInterceptor.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/OneWaySslAuthorization.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/RequestHeaderManipulation.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/RequestTransactionLogging.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/SetLoggingContext.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/TwoWaySslAuthorization.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/logging/LocalHostAccessLog.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/service/AuthorizationService.java create mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/web/JerseyConfiguration.java create mode 100644 aai-schema-service/src/main/resources/application.properties create mode 100644 aai-schema-service/src/main/resources/etc/appprops/aaiconfig.properties create mode 100644 aai-schema-service/src/main/resources/etc/appprops/error.properties create mode 100644 aai-schema-service/src/main/resources/etc/auth/aai_keystore create mode 100644 aai-schema-service/src/main/resources/etc/auth/realm.properties create mode 100644 aai-schema-service/src/main/resources/localhost-access-logback.xml create mode 100644 aai-schema-service/src/main/resources/logback.xml create mode 100644 aai-schema-service/src/test/resources/application-test.properties create mode 100644 aai-schema-service/src/test/resources/logback.xml (limited to 'aai-schema-service') diff --git a/aai-schema-service/.gitignore b/aai-schema-service/.gitignore new file mode 100644 index 0000000..3b2d955 --- /dev/null +++ b/aai-schema-service/.gitignore @@ -0,0 +1,17 @@ +.settings +target/ +**/logs/ +bundleconfig-local/etc/auth/aai-client-cert.p12 +bundleconfig-local/etc/auth/tomcat_keystore +bundleconfig-local/etc/oxm +src/main/aai_schema +bundleconfig-local/etc/logback.xml +/.pydevproject +/test_csvWriter.csv +/bin/ +**/.idea/ +*/.idea +*.iml +**/dbedgerules/** +**/oxm/** +**/query/** diff --git a/aai-schema-service/LICENSE.TXT b/aai-schema-service/LICENSE.TXT new file mode 100644 index 0000000..3455862 --- /dev/null +++ b/aai-schema-service/LICENSE.TXT @@ -0,0 +1,17 @@ +============LICENSE_START======================================================= +org.onap.aai +================================================================================ +Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. +================================================================================ +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +============LICENSE_END========================================================= diff --git a/aai-schema-service/pom.xml b/aai-schema-service/pom.xml new file mode 100644 index 0000000..955d228 --- /dev/null +++ b/aai-schema-service/pom.xml @@ -0,0 +1,749 @@ + + + + 4.0.0 + org.onap.aai.schema-service + aai-schema-service + 1.0.0-SNAPSHOT + + org.onap.aai.schema-service + schema-service + 1.0.0-SNAPSHOT + + + 1.8 + org.onap.aai.schemaservice.SchemaServiceApp + + 1.4.0-SNAPSHOT + + 1.5.15.RELEASE + + + java + jacoco + ${project.build.directory}/surefire-reports + ${project.build.directory}/coverage-reports/jacoco.exec + false + ${project.version} + + + + 1.0.0 + 1.2.3 + 2.0.0.0 + 4.12 + 16.0.1 + 0.2.0 + 1.10.19 + 1.6.2 + 2.2.11 + 2.6.2 + + + 0.23.0 + + docker.io + + + localhost:5000 + + + ${project.build.directory}/${project.artifactId}-${project.version}-build/ + + onap + + true + + 0.68 + + + yyyyMMdd'T'HHmmss'Z' + 2.10.4 + + + onap + N/A + ${project.basedir}/src/main/resources/schema/${schema.source.name}/oxm + ${project.basedir}/src/main/resources/schema/${schema.source.name}/dbedgerules + v10 + v10 + v11 + v12 + v12 + v15 + v10,v11,v12,v13,v14,v15 + /aai/schema-service + + + + + + + + docker + + + + io.fabric8 + docker-maven-plugin + ${docker.fabric.version} + + true + 1.23 + + + ${docker.push.registry}/${aai.docker.namespace}/${project.artifactId}:%l + + @ + + latest + ${project.docker.latesttag.version} + ${project.major.version}.${project.minor.version}-STAGING-${maven.build.timestamp} + + try + ${project.basedir}/src/main/docker + + + + + ${aai.build.directory} + /${project.artifactId} + + + + + + + + + + + clean-images + pre-clean + + remove + + + true + + + + generate-images + package + + build + + + + push-images + deploy + + push + + + + + + + + + + onap + + onap + v12 + v10,v11,v12,v13,v14,v15 + + + + + runAjsc + + ${maven.skip.tests} + + + pre-integration-test + + + org.codehaus.mojo + exec-maven-plugin + 1.6.0 + + + run-spring-boot + package + + java + + + + + ${start-class} + + + schema.source.name + ${schema.source.name} + + + schema.configuration.location + ${schema.configuration.location} + + + schema.nodes.location + ${schema.nodes.location} + + + schema.edges.location + ${schema.edges.location} + + + schema.version.depth.start + ${schema.version.depth.start} + + + schema.version.related.link.start + ${schema.version.related.link.start} + + + schema.version.app.root.start + ${schema.version.app.root.start} + + + schema.version.namespace.change.start + ${schema.version.namespace.change.start} + + + schema.version.edge.label.start + ${schema.version.edge.label.start} + + + schema.version.api.default + ${schema.version.api.default} + + + schema.version.list + ${schema.version.list} + + + schema.uri.base.path + ${schema.uri.base.path} + + + java + + + + + + + + + + org.springframework.boot + spring-boot-starter-parent + ${spring.boot.version} + pom + import + + + + + + com.att.eelf + eelf-core + ${eelf.core.version} + + + ch.qos.logback + logback-core + ${logback.version} + + + ch.qos.logback + logback-classic + ${logback.version} + + + ch.qos.logback + logback-access + ${logback.version} + + + org.onap.aai.aai-common + aai-core + ${aai.core.version} + + + com.sun.jersey + jersey-core + + + org.codehaus.jackson + jackson-mapper-asl + + + org.eclipse.jetty + jetty-http + + + org.eclipse.jetty + jetty-server + + + org.springframework + spring-web + + + org.onap.aai + aai-schema-ingest + + + + + org.hamcrest + hamcrest-junit + ${hamcrest.junit.version} + + + junit + junit + ${junit.version} + test + + + com.google.guava + guava + ${google.guava.version} + + + com.fasterxml.jackson.jaxrs + jackson-jaxrs-json-provider + + + org.mockito + mockito-all + ${mockito.version} + test + + + javax.xml.bind + jaxb-api + ${jaxb.version} + + + com.sun.xml.bind + jaxb-impl + ${jaxb.version} + + + com.sun.xml.bind + jaxb-core + ${jaxb.version} + + + com.sun.xml.bind + jaxb-xjc + ${jaxb.version} + + + org.eclipse.persistence + eclipselink + ${eclipse.persistence.version} + + + org.eclipse.persistence + org.eclipse.persistence.moxy + ${eclipse.persistence.version} + compile + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-tomcat + + + + + org.springframework.boot + spring-boot-starter-jetty + + + org.springframework.boot + spring-boot-starter-jersey + + + org.springframework.boot + spring-boot-starter-aop + + + org.springframework.boot + spring-boot-test + test + + + + + + ${project.basedir}/src/main/swm + ${project.build.directory}/swm + false + + + ${project.basedir}/src/main/resources + + application.properties + dme2.properties + logback.xml + localhost-access-logback.xml + + ${project.build.directory}/swm/package/nix/dist_files/opt/app/${project.artifactId}/appconfig + false + + + ${project.basedir}/src/main/resources + + **/* + + true + + + ${project.basedir}/src/main/resources/etc/appprops/ + + aaiconfig.properties + + ${project.build.directory}/swm/package/nix/dist_files/opt/app/${project.artifactId}/appconfig + false + + + ${project.basedir}/src/main/resources/etc/auth/ + + aai-client-cert.p12 + tomcat_keystore + aai_policy.json + + ${project.build.directory}/swm/package/nix/dist_files/opt/app/${project.artifactId}/appconfig + true + + + ${project.basedir}/src/main/resources/ + + logback.xml + localhost-access-logback.xml + hbase-site.xml + + ${project.build.directory}/swm/package/nix/dist_files/opt/app/${project.artifactId}/appconfig + true + + + ${project.basedir}/src/main/docker + + **/* + + ${aai.build.directory} + true + + + ${project.build.directory}/ + + ${project.artifactId}-${project.version}.jar + + ${aai.build.directory}/lib/ + false + + + ${project.basedir}/../aai-schema/src/main/resources/ + + **/oxm/**/*.xml + **/dbedgerules/**/*.json + + ${project.basedir}/src/main/resources/schema + false + + + ${project.basedir}/../aai-queries/src/main/resources/schema + + **/query/**/*.json + + ${project.basedir}/src/main/resources/schema + false + + + ${project.basedir}/../aai-schema/src/main/resources/ + + **/oxm/**/*.xml + **/dbedgerules/**/*.json + + ${project.build.directory}/swm/package/nix/dist_files/opt/app/${project.artifactId}/appconfig/schema/ + false + + + ${project.basedir}/../aai-queries/src/main/resources/schema + + **/query/**/*.json + + ${project.build.directory}/swm/package/nix/dist_files/opt/app/${project.artifactId}/appconfig/schema/ + false + + + + + + org.codehaus.groovy.maven + gmaven-plugin + 1.0 + + + validate + + execute + + + + println project.properties['aai.project.version']; + def versionArray; + if (project.properties['aai.project.version'] != null) { + versionArray = project.properties['aai.project.version'].split('\\.'); + } + + project.properties["project.major.version"] = versionArray[0]; + project.properties["project.minor.version"] = versionArray[1]; + project.properties['project.docker.latesttag.version'] = versionArray[0] + '.' + versionArray[1] + '-STAGING-latest'; + println 'New Tag for docker:' + project.properties['project.docker.latesttag.version']; + + + + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + org.apache.maven.plugins + maven-clean-plugin + 2.4.1 + + + + ${project.basedir}/src/main/resources/schema + + **/* + + false + + + + + + org.codehaus.groovy.maven + gmaven-plugin + + + org.apache.maven.plugins + maven-dependency-plugin + 2.10 + + + org.apache.maven.plugins + maven-javadoc-plugin + ${javadoc.plugin.version} + + + maven-assembly-plugin + + + src/main/assembly/descriptor.xml + + + + + make-assembly + package + + single + + + + + + org.apache.maven.plugins + maven-surefire-plugin + 2.12.4 + + -noverify ${argLine} + alphabetical + + + + com.mycila + license-maven-plugin + + + org.codehaus.mojo + sonar-maven-plugin + 3.3 + + + org.jacoco + jacoco-maven-plugin + 0.7.9 + + true + + **/**/models/**/*.class + + + + + jacoco-initialize-unit-tests + + prepare-agent + + + ${project.build.directory}/coverage-reports/jacoco.exec + + + + + post-unit-test + test + + report + + + + ${project.build.directory}/coverage-reports/jacoco.exec + + ${project.reporting.outputDirectory}/jacoco + + + + default-check + + check + + + ${project.build.directory}/coverage-reports/jacoco.exec + + + + BUNDLE + + + LINE + COVEREDRATIO + ${jacoco.line.coverage.limit} + + + + + + + + + + org.apache.maven.plugins + maven-deploy-plugin + + + default-deploy + none + + + + + org.sonatype.plugins + nexus-staging-maven-plugin + 1.6.7 + true + + ${nexusproxy} + 176c31dfe190a + ecomp-staging + + + + org.springframework.boot + spring-boot-maven-plugin + ${spring.boot.version} + + ${start-class} + ZIP + + + + + repackage + + + + + + org.apache.maven.plugins + maven-clean-plugin + 2.4.1 + + + + ${project.basedir}/src/main/resources/schema + + **/* + + false + + + + + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 2.10.4 + + false + org.umlgraph.doclet.UmlGraphDoc + + org.umlgraph + umlgraph + 5.6 + + -views + true + + + + + diff --git a/aai-schema-service/src/main/assembly/descriptor.xml b/aai-schema-service/src/main/assembly/descriptor.xml new file mode 100644 index 0000000..2c33dd0 --- /dev/null +++ b/aai-schema-service/src/main/assembly/descriptor.xml @@ -0,0 +1,32 @@ + + build + false + + dir + + + + ${project.basedir}/src/main/resources + ./resources + + **/* + + + + ${project.basedir}/src/main/scripts + ./bin + + **/* + + + + ${project.build.directory} + ./lib + + ${project.artifactId}-${project.version}.jar + + + + diff --git a/aai-schema-service/src/main/docker/Dockerfile b/aai-schema-service/src/main/docker/Dockerfile new file mode 100644 index 0000000..53d272e --- /dev/null +++ b/aai-schema-service/src/main/docker/Dockerfile @@ -0,0 +1,24 @@ +FROM aaionap/aai-common:1.3.0 + + +# Add the proper files into the docker image from your build +WORKDIR /opt/app/aai-schema-service + +# Expose the ports for outside linux to use +# 8447 is the important one to be used +EXPOSE 8447 + + +HEALTHCHECK --interval=40s --timeout=10s --retries=3 CMD nc -z -v localhost 8452 || exit 1 + +ENTRYPOINT ["/bin/bash", "/opt/app/aai-schema-service/docker-entrypoint.sh"] + +RUN mkdir -p /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-SCHEMA-SERVICE + +VOLUME /opt/aai/logroot/AAI-SCHEMA-SERVICE +VOLUME /tmp +VOLUME /opt/tools + +COPY /maven/aai-schema-service/ . + +ENV AAI_BUILD_VERSION @aai.docker.version@ diff --git a/aai-schema-service/src/main/docker/aai.sh b/aai-schema-service/src/main/docker/aai.sh new file mode 100644 index 0000000..0549935 --- /dev/null +++ b/aai-schema-service/src/main/docker/aai.sh @@ -0,0 +1,44 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +PROJECT_HOME=/opt/app/aai-schema-service +export PROJECT_HOME + +JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 +export JAVA_HOME + +AAIENV=dev +export AAIENV + +PATH=/usr/lib/jvm/java-8-openjdk-amd64:$PATH + +PROJECT_OWNER=aaiadmin +PROJECT_GROUP=aaiadmin +PROJECT_UNIXHOMEROOT=/opt/aaihome +export PROJECT_OWNER PROJECT_GROUP PROJECT_UNIXHOMEROOT +umask 0022 + +export idns_api_url= +export idnscred= +export idnstenant= + + diff --git a/aai-schema-service/src/main/docker/docker-entrypoint.sh b/aai-schema-service/src/main/docker/docker-entrypoint.sh new file mode 100644 index 0000000..8723971 --- /dev/null +++ b/aai-schema-service/src/main/docker/docker-entrypoint.sh @@ -0,0 +1,138 @@ +### +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +APP_HOME=$(pwd); +RESOURCES_HOME=${APP_HOME}/resources/; + +export SERVER_PORT=${SERVER_PORT:-8452}; + +USER_ID=${LOCAL_USER_ID:-9001} +GROUP_ID=${LOCAL_GROUP_ID:-9001} + +if [ $(cat /etc/passwd | grep aaiadmin | wc -l) -eq 0 ]; then + + groupadd aaiadmin -g ${GROUP_ID} || { + echo "Unable to create the group id for ${GROUP_ID}"; + exit 1; + } + useradd --shell=/bin/bash -u ${USER_ID} -g ${GROUP_ID} -o -c "" -m aaiadmin || { + echo "Unable to create the user id for ${USER_ID}"; + exit 1; + } +fi; + +chown -R aaiadmin:aaiadmin /opt/app /opt/aai/logroot +find /opt/app/ -name "*.sh" -exec chmod +x {} + + +if [ -f ${APP_HOME}/aai.sh ]; then + + gosu aaiadmin ln -s bin scripts + gosu aaiadmin ln -s /opt/aai/logroot/AAI-SCHEMA-SERVICE logs + + mv ${APP_HOME}/aai.sh /etc/profile.d/aai.sh + chmod 755 /etc/profile.d/aai.sh + + scriptName=$1; + + if [ ! -z $scriptName ]; then + + if [ -f ${APP_HOME}/bin/${scriptName} ]; then + shift 1; + gosu aaiadmin ${APP_HOME}/bin/${scriptName} "$@" || { + echo "Failed to run the ${scriptName}"; + exit 1; + } + else + echo "Unable to find the script ${scriptName} in ${APP_HOME}/bin"; + exit 1; + fi; + + exit 0; + fi; + +fi; + +mkdir -p /opt/app/aai-schema-service/logs/gc +chown -R aaiadmin:aaiadmin /opt/app/aai-schema-service/logs/gc + +if [ -f ${APP_HOME}/resources/aai-schema-service-swm-vars.sh ]; then + source ${APP_HOME}/resources/aai-schema-service-swm-vars.sh; +fi; + +if [ ! -z "${HEAP_SIZE}" ]; then + MIN_HEAP_SIZE=${HEAP_SIZE}; + MAX_HEAP_SIZE=${HEAP_SIZE}; +fi; + +MIN_HEAP_SIZE=${MIN_HEAP_SIZE:-512m}; +MAX_HEAP_SIZE=${MAX_HEAP_SIZE:-1024m}; +MAX_PERM_SIZE=${MAX_PERM_SIZE:-512m}; +PERM_SIZE=${PERM_SIZE:-512m}; + +JAVA_CMD="exec gosu aaiadmin java"; + +JVM_OPTS="${PRE_JVM_ARGS} -Xloggc:/opt/app/aai-schema-service/logs/gc/aai_gc.log"; +JVM_OPTS="${JVM_OPTS} -XX:HeapDumpPath=/opt/app/aai-schema-service/logs/ajsc-jetty/heap-dump"; +JVM_OPTS="${JVM_OPTS} -Xms${MIN_HEAP_SIZE}"; +JVM_OPTS="${JVM_OPTS} -Xmx${MAX_HEAP_SIZE}"; + +JVM_OPTS="${JVM_OPTS} -XX:+PrintGCDetails"; +JVM_OPTS="${JVM_OPTS} -XX:+PrintGCTimeStamps"; +JVM_OPTS="${JVM_OPTS} -XX:MaxPermSize=${MAX_PERM_SIZE}"; +JVM_OPTS="${JVM_OPTS} -XX:PermSize=${PERM_SIZE}"; + +JVM_OPTS="${JVM_OPTS} -server"; +JVM_OPTS="${JVM_OPTS} -XX:NewSize=512m"; +JVM_OPTS="${JVM_OPTS} -XX:MaxNewSize=512m"; +JVM_OPTS="${JVM_OPTS} -XX:SurvivorRatio=8"; +JVM_OPTS="${JVM_OPTS} -XX:+DisableExplicitGC"; +JVM_OPTS="${JVM_OPTS} -verbose:gc"; +JVM_OPTS="${JVM_OPTS} -XX:+UseParNewGC"; +JVM_OPTS="${JVM_OPTS} -XX:+CMSParallelRemarkEnabled"; +JVM_OPTS="${JVM_OPTS} -XX:+CMSClassUnloadingEnabled"; +JVM_OPTS="${JVM_OPTS} -XX:+UseConcMarkSweepGC"; +JVM_OPTS="${JVM_OPTS} -XX:-UseBiasedLocking"; +JVM_OPTS="${JVM_OPTS} -XX:ParallelGCThreads=4"; +JVM_OPTS="${JVM_OPTS} -XX:LargePageSizeInBytes=128m"; +JVM_OPTS="${JVM_OPTS} -XX:+PrintGCDetails"; +JVM_OPTS="${JVM_OPTS} -XX:+PrintGCTimeStamps"; +JVM_OPTS="${JVM_OPTS} -Dsun.net.inetaddr.ttl=180"; +JVM_OPTS="${JVM_OPTS} -XX:+HeapDumpOnOutOfMemoryError"; +JVM_OPTS="${JVM_OPTS} ${POST_JVM_ARGS}"; +JAVA_OPTS="${PRE_JAVA_OPTS} -DAJSC_HOME=$APP_HOME"; +if [ -f ${INTROSCOPE_LIB}/Agent.jar ] && [ -f ${INTROSCOPE_AGENTPROFILE} ]; then + JAVA_OPTS="${JAVA_OPTS} -javaagent:${INTROSCOPE_LIB}/Agent.jar -noverify -Dcom.wily.introscope.agentProfile=${INTROSCOPE_AGENTPROFILE} -Dintroscope.agent.agentName=resources" +fi +JAVA_OPTS="${JAVA_OPTS} -Dserver.port=${SERVER_PORT}"; +JAVA_OPTS="${JAVA_OPTS} -DBUNDLECONFIG_DIR=./resources"; +JAVA_OPTS="${JAVA_OPTS} -Dserver.local.startpath=${RESOURCES_HOME}"; +JAVA_OPTS="${JAVA_OPTS} -DAAI_CHEF_ENV=${AAI_CHEF_ENV}"; +JAVA_OPTS="${JAVA_OPTS} -DSCLD_ENV=${SCLD_ENV}"; +JAVA_OPTS="${JAVA_OPTS} -DAFT_ENVIRONMENT=${AFT_ENVIRONMENT}"; +JAVA_OPTS="${JAVA_OPTS} -DlrmName=com.att.ajsc.aai-schema-service"; +JAVA_OPTS="${JAVA_OPTS} -DAAI_BUILD_VERSION=${AAI_BUILD_VERSION}"; +JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"; +JAVA_OPTS="${JAVA_OPTS} -Dlogback.configurationFile=./resources/logback.xml"; +JAVA_OPTS="${JAVA_OPTS} -Dloader.path=$APP_HOME/resources"; +JAVA_OPTS="${JAVA_OPTS} ${POST_JAVA_OPTS}"; + +JAVA_MAIN_JAR=$(ls lib/aai-schema-service*.jar); + +${JAVA_CMD} ${JVM_OPTS} ${JAVA_OPTS} -jar ${JAVA_MAIN_JAR}; diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/Profiles.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/Profiles.java new file mode 100644 index 0000000..863d6c8 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/Profiles.java @@ -0,0 +1,32 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice; + +public final class Profiles { + + public static final String ONE_WAY_SSL = "one-way-ssl"; + public static final String AAF_AUTHENTICATION = "aaf-auth"; + public static final String TWO_WAY_SSL = "two-way-ssl"; + public static final String DEV = "dev"; + public static final String AOP = "aop"; + + private Profiles() { + } +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java new file mode 100644 index 0000000..8f36ac5 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java @@ -0,0 +1,153 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.onap.aai.exceptions.AAIException; +import org.onap.aai.logging.LoggingContext; +import org.onap.aai.logging.LoggingContext.StatusCode; +import org.onap.aai.schemaservice.config.PropertyPasswordConfiguration; +import org.slf4j.MDC; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; +import org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration; +import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration; +import org.springframework.core.env.Environment; + +import javax.annotation.PostConstruct; +import javax.annotation.PreDestroy; +import java.util.Map; +import java.util.UUID; + +@SpringBootApplication +// Component Scan provides a way to look for spring beans +// It only searches beans in the following packages +// Any method annotated with @Bean annotation or any class +// with @Component, @Configuration, @Service will be picked up +@EnableAutoConfiguration(exclude = { + DataSourceAutoConfiguration.class, + DataSourceTransactionManagerAutoConfiguration.class, + HibernateJpaAutoConfiguration.class +}) +public class SchemaServiceApp { + + private static final EELFLogger logger = EELFManager.getInstance().getLogger(SchemaServiceApp.class.getName()); + + private static final String APP_NAME = "aai-schema-service"; + private static Map contextMap; + + @Autowired + private Environment env; + + public static void main(String[] args) throws AAIException { + + setDefaultProps(); + + LoggingContext.save(); + LoggingContext.component("init"); + LoggingContext.partnerName("NA"); + LoggingContext.targetEntity(APP_NAME); + LoggingContext.requestId(UUID.randomUUID().toString()); + LoggingContext.serviceName(APP_NAME); + LoggingContext.targetServiceName("contextInitialized"); + LoggingContext.statusCode(StatusCode.COMPLETE); + + + SpringApplication app = new SpringApplication(SchemaServiceApp.class); + app.setLogStartupInfo(false); + app.setRegisterShutdownHook(true); + app.addInitializers(new PropertyPasswordConfiguration()); + Environment env = app.run(args).getEnvironment(); + MDC.setContextMap(contextMap); + + logger.info( + "Application '{}' is running on {}!", + env.getProperty("spring.application.name"), + env.getProperty("server.port") + ); + + logger.info("SchemaService MicroService Started"); + + System.out.println("SchemaService Microservice Started"); + + LoggingContext.restoreIfPossible(); + } + + public static void setDefaultProps() { + + if (System.getProperty("file.separator") == null) { + System.setProperty("file.separator", "/"); + } + + String currentDirectory = System.getProperty("user.dir"); + + if (System.getProperty("AJSC_HOME") == null) { + System.setProperty("AJSC_HOME", "."); + } + + if (currentDirectory.contains(APP_NAME)) { + if (System.getProperty("BUNDLECONFIG_DIR") == null) { + System.setProperty("BUNDLECONFIG_DIR", "src/main/resources"); + } + } else { + if (System.getProperty("BUNDLECONFIG_DIR") == null) { + System.setProperty("BUNDLECONFIG_DIR", "aai-schema-service/src/main/resources"); + } + } + } + + @PostConstruct + private void init() throws AAIException { + System.setProperty("org.onap.aai.serverStarted", "false"); + setDefaultProps(); + + LoggingContext.save(); + LoggingContext.component("init"); + LoggingContext.partnerName("NA"); + LoggingContext.targetEntity(APP_NAME); + LoggingContext.requestId(UUID.randomUUID().toString()); + LoggingContext.serviceName(APP_NAME); + LoggingContext.targetServiceName("contextInitialized"); + LoggingContext.statusCode(StatusCode.COMPLETE); + + contextMap = MDC.getCopyOfContextMap(); + logger.info("SchemaService initialization started..."); + + // Setting this property to allow for encoded slash (/) in the path parameter + // This is only needed for tomcat keeping this as temporary + System.setProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "true"); + + + if (env.acceptsProfiles(Profiles.TWO_WAY_SSL) && env.acceptsProfiles(Profiles.ONE_WAY_SSL)) { + logger.warn("You have seriously misconfigured your application"); + } + + LoggingContext.restoreIfPossible(); + } + + @PreDestroy + public void cleanup() { + logger.info("SchemaService shutting down"); + } +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/ErrorHandler.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/ErrorHandler.java new file mode 100644 index 0000000..cb5416f --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/ErrorHandler.java @@ -0,0 +1,143 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.config; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.onap.aai.exceptions.AAIException; +import org.onap.aai.logging.ErrorLogHelper; +import org.onap.aai.logging.ErrorObject; +import org.onap.aai.logging.ErrorObjectNotFoundException; +import org.onap.aai.logging.LogFormatTools; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.core.annotation.Order; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.MediaType; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +/** + * Responsible for dealing with uri that doesn't start with basePath + * All of the other interceptors will handle any uri that starts with basePath + * So we need this to ensure that these cases are properly handled + */ +@Order(1) +@Component +public class ErrorHandler extends OncePerRequestFilter { + + private static final EELFLogger LOGGER = EELFManager.getInstance().getLogger(ErrorHandler.class); + private String basePath; + + public ErrorHandler(@Value("${schema.uri.base.path}") String basePath) { + this.basePath = basePath; + if (!basePath.endsWith("/")) { + this.basePath = basePath + "/"; + } + } + + @Override + protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException { + + String uri = httpServletRequest.getRequestURI(); + + if (uri != null && !(uri.startsWith(basePath))) { + + AAIException e = new AAIException("AAI_3012"); + ArrayList templateVars = new ArrayList<>(); + + List mediaTypeList = new ArrayList<>(); + + String acceptHeader = httpServletRequest.getHeader("Accept"); + if (acceptHeader == null) { + mediaTypeList.add(MediaType.APPLICATION_XML_TYPE); + } else { + mediaTypeList.add(MediaType.valueOf(acceptHeader)); + } + + String message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, e, templateVars); + + httpServletResponse.setStatus(400); + httpServletResponse.setContentType(mediaTypeList.get(0).toString()); + httpServletResponse.getWriter().print(message); + httpServletResponse.getWriter().close(); + return; + } + + try { + filterChain.doFilter(httpServletRequest, httpServletResponse); + } catch (ServletException ex) { + Throwable e = ex.getRootCause(); + if (e instanceof AAIException) { + List mediaTypeList = new ArrayList<>(); + String acceptHeader = httpServletRequest.getHeader("Accept"); + if (acceptHeader == null) { + mediaTypeList.add(MediaType.APPLICATION_XML_TYPE); + } else { + mediaTypeList.add(MediaType.valueOf(acceptHeader)); + } + + ArrayList templateVars = new ArrayList<>(); + AAIException aaiException = (AAIException) e; + String message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, aaiException, templateVars); + ErrorObject object = null; + try { + object = ErrorLogHelper.getErrorObject(aaiException.getCode()); + } catch (ErrorObjectNotFoundException e1) { + e1.printStackTrace(); + } + httpServletResponse.setStatus(object.getHTTPResponseCode().getStatusCode()); + httpServletResponse.setContentType(mediaTypeList.get(0).toString()); + httpServletResponse.getWriter().write(message); + httpServletResponse.getWriter().close(); + } else { + + List mediaTypeList = new ArrayList<>(); + String acceptHeader = httpServletRequest.getHeader("Accept"); + if (acceptHeader == null) { + mediaTypeList.add(MediaType.APPLICATION_XML_TYPE); + } else { + mediaTypeList.add(MediaType.valueOf(acceptHeader)); + } + ArrayList templateVars = new ArrayList<>(); + AAIException aaiException = new AAIException("AAI_4000", e); + LOGGER.error("Encountered an internal exception {}", LogFormatTools.getStackTop(e)); + String message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, aaiException, templateVars); + ErrorObject object = null; + try { + object = ErrorLogHelper.getErrorObject(aaiException.getCode()); + } catch (ErrorObjectNotFoundException e1) { + e1.printStackTrace(); + } + httpServletResponse.setStatus(object.getHTTPResponseCode().getStatusCode()); + httpServletResponse.setContentType(mediaTypeList.get(0).toString()); + httpServletResponse.getWriter().write(message); + httpServletResponse.getWriter().close(); + } + } + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/JettyPasswordDecoder.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/JettyPasswordDecoder.java new file mode 100644 index 0000000..1b48753 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/JettyPasswordDecoder.java @@ -0,0 +1,33 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.config; + +import org.eclipse.jetty.util.security.Password; + +public class JettyPasswordDecoder implements PasswordDecoder { + + @Override + public String decode(String input) { + if (input.startsWith("OBF:")) { + return Password.deobfuscate(input); + } + return Password.deobfuscate("OBF:" + input); + } +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PasswordDecoder.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PasswordDecoder.java new file mode 100644 index 0000000..f0ae940 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PasswordDecoder.java @@ -0,0 +1,25 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.config; + +public interface PasswordDecoder { + + String decode(String input); +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PropertyPasswordConfiguration.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PropertyPasswordConfiguration.java new file mode 100644 index 0000000..49cd1ed --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PropertyPasswordConfiguration.java @@ -0,0 +1,78 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.config; + +import org.springframework.context.ApplicationContextInitializer; +import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.EnumerablePropertySource; +import org.springframework.core.env.MapPropertySource; +import org.springframework.core.env.PropertySource; + +import java.util.LinkedHashMap; +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +public class PropertyPasswordConfiguration implements ApplicationContextInitializer { + + private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)"); + + private PasswordDecoder passwordDecoder = new JettyPasswordDecoder(); + + @Override + public void initialize(ConfigurableApplicationContext applicationContext) { + ConfigurableEnvironment environment = applicationContext.getEnvironment(); + for (PropertySource propertySource : environment.getPropertySources()) { + Map propertyOverrides = new LinkedHashMap<>(); + decodePasswords(propertySource, propertyOverrides); + if (!propertyOverrides.isEmpty()) { + PropertySource decodedProperties = new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides); + environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties); + } + } + } + + private void decodePasswords(PropertySource source, Map propertyOverrides) { + if (source instanceof EnumerablePropertySource) { + EnumerablePropertySource enumerablePropertySource = (EnumerablePropertySource) source; + for (String key : enumerablePropertySource.getPropertyNames()) { + Object rawValue = source.getProperty(key); + if (rawValue instanceof String) { + String decodedValue = decodePasswordsInString((String) rawValue); + propertyOverrides.put(key, decodedValue); + } + } + } + } + + private String decodePasswordsInString(String input) { + if (input == null) return null; + StringBuffer output = new StringBuffer(); + Matcher matcher = decodePasswordPattern.matcher(input); + while (matcher.find()) { + String replacement = passwordDecoder.decode(matcher.group(1)); + matcher.appendReplacement(output, replacement); + } + matcher.appendTail(output); + return output.toString(); + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/AAIContainerFilter.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/AAIContainerFilter.java new file mode 100644 index 0000000..e5588b6 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/AAIContainerFilter.java @@ -0,0 +1,41 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors; + +import org.onap.aai.util.FormatDate; + +import java.util.UUID; + +public abstract class AAIContainerFilter { + + protected String genDate() { + FormatDate fd = new FormatDate("YYMMdd-HH:mm:ss:SSS"); + return fd.getDateTime(); + } + + protected boolean isValidUUID(String transId) { + try { + UUID.fromString(transId); + } catch (IllegalArgumentException e) { + return false; + } + return true; + } +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/AAIHeaderProperties.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/AAIHeaderProperties.java new file mode 100644 index 0000000..8f08d3f --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/AAIHeaderProperties.java @@ -0,0 +1,34 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors; + +public final class AAIHeaderProperties { + + public static final String REQUEST_CONTEXT = "aai-request-context"; + public static final String HTTP_METHOD_OVERRIDE = "X-HTTP-Method-Override"; + public static final String TRANSACTION_ID = "X-TransactionId"; + public static final String FROM_APP_ID = "X-FromAppId"; + public static final String AAI_TX_ID = "X-AAI-TXID"; + public static final String AAI_REQUEST = "X-REQUEST"; + public static final String AAI_REQUEST_TS = "X-REQUEST-TS"; + + private AAIHeaderProperties() { + } +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/package-info.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/package-info.java new file mode 100644 index 0000000..6cf55f0 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/package-info.java @@ -0,0 +1,36 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +/** + * Interceptors package is subdivided to pre and post interceptors + * If you want to add an additional interceptor you would need to add + * the priority level to AAIRequestFilterPriority or AAIResponsePriority + * to give a value which indicates the order in which the interceptor + * will be triggered and also you will add that value like here + * + * 
+ *     
+ *         @Priority(AAIRequestFilterPriority.YOUR_PRIORITY)
+ *         public class YourInterceptor extends AAIContainerFilter implements ContainerRequestFilter {
+ *
+ *         }
+ *     
+ *
+ */ +package org.onap.aai.schemaservice.interceptors; diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/AAIResponseFilterPriority.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/AAIResponseFilterPriority.java new file mode 100644 index 0000000..fceadeb --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/AAIResponseFilterPriority.java @@ -0,0 +1,38 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.post; + +/** + * Response Filter order is done reverse sorted + * so in the following case the first response filter would be + * HEADER_MANIPULATION, RESPONSE_TRANS_LOGGING, RESET_LOGGING_CONTEXT, + * and INVALID_RESPONSE_STATUS + */ +public final class AAIResponseFilterPriority { + + public static final int INVALID_RESPONSE_STATUS = 1000; + public static final int RESET_LOGGING_CONTEXT = 2000; + public static final int RESPONSE_TRANS_LOGGING = 3000; + public static final int HEADER_MANIPULATION = 4000; + + private AAIResponseFilterPriority() { + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/InvalidResponseStatus.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/InvalidResponseStatus.java new file mode 100644 index 0000000..4fd3220 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/InvalidResponseStatus.java @@ -0,0 +1,65 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.post; + +import org.onap.aai.exceptions.AAIException; +import org.onap.aai.logging.ErrorLogHelper; +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; + +import javax.annotation.Priority; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerResponseContext; +import javax.ws.rs.container.ContainerResponseFilter; +import javax.ws.rs.core.MediaType; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +@Priority(AAIResponseFilterPriority.INVALID_RESPONSE_STATUS) +public class InvalidResponseStatus extends AAIContainerFilter implements ContainerResponseFilter { + + @Override + public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) + throws IOException { + + if (responseContext.getStatus() == 405) { + + responseContext.setStatus(400); + AAIException e = new AAIException("AAI_3012"); + ArrayList templateVars = new ArrayList<>(); + + List mediaTypeList = new ArrayList<>(); + + String contentType = responseContext.getHeaderString("Content-Type"); + + if (contentType == null) { + mediaTypeList.add(MediaType.APPLICATION_XML_TYPE); + } else { + mediaTypeList.add(MediaType.valueOf(contentType)); + } + + String message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, e, templateVars); + + responseContext.setEntity(message); + } + + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResetLoggingContext.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResetLoggingContext.java new file mode 100644 index 0000000..420ee78 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResetLoggingContext.java @@ -0,0 +1,96 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.post; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.onap.aai.logging.LoggingContext; +import org.onap.aai.logging.LoggingContext.StatusCode; +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.springframework.beans.factory.annotation.Autowired; + +import javax.annotation.Priority; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerResponseContext; +import javax.ws.rs.container.ContainerResponseFilter; +import javax.ws.rs.core.Response.Status; +import javax.ws.rs.core.Response.StatusType; +import java.io.IOException; + +@Priority(AAIResponseFilterPriority.RESET_LOGGING_CONTEXT) +public class ResetLoggingContext extends AAIContainerFilter implements ContainerResponseFilter { + + private static final EELFLogger LOGGER = EELFManager.getInstance().getLogger(ResetLoggingContext.class); + + @Autowired + private HttpServletRequest httpServletRequest; + + @Override + public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) + throws IOException { + + this.cleanLoggingContext(responseContext); + + } + + private void cleanLoggingContext(ContainerResponseContext responseContext) { + //String url = httpServletRequest.getRequestURL().toString(); + boolean success = true; + String uri = httpServletRequest.getRequestURI(); + String queryString = httpServletRequest.getQueryString(); + + if (queryString != null && !queryString.isEmpty()) { + uri = uri + "?" + queryString; + } + // For now, we use the the HTTP status code, + // This may change, once the requirements for response codes are defined + + int httpStatusCode = responseContext.getStatus(); + if (httpStatusCode < 100 || httpStatusCode > 599) { + httpStatusCode = Status.INTERNAL_SERVER_ERROR.getStatusCode(); + } + LoggingContext.responseCode(Integer.toString(httpStatusCode)); + + StatusType sType = responseContext.getStatusInfo(); + if (sType != null) { + Status.Family sFamily = sType.getFamily(); + if (!(Status.Family.SUCCESSFUL.equals(sFamily) || + (Status.NOT_FOUND.equals(Status.fromStatusCode(httpStatusCode))))) { + success = false; + } + } else { + if ((httpStatusCode < 200 || httpStatusCode > 299) && (!(Status.NOT_FOUND.equals(Status.fromStatusCode(httpStatusCode))))) { + success = false; + } + } + if (success) { + LoggingContext.statusCode(StatusCode.COMPLETE); + LOGGER.info(uri + " call succeeded"); + } else { + LoggingContext.statusCode(StatusCode.ERROR); + LOGGER.error(uri + " call failed with responseCode=" + httpStatusCode); + } + LoggingContext.clear(); + + + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResponseHeaderManipulation.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResponseHeaderManipulation.java new file mode 100644 index 0000000..6e3848c --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResponseHeaderManipulation.java @@ -0,0 +1,64 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.post; + +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.onap.aai.schemaservice.interceptors.AAIHeaderProperties; + +import javax.annotation.Priority; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerResponseContext; +import javax.ws.rs.container.ContainerResponseFilter; +import javax.ws.rs.core.MediaType; +import java.io.IOException; + +@Priority(AAIResponseFilterPriority.HEADER_MANIPULATION) +public class ResponseHeaderManipulation extends AAIContainerFilter implements ContainerResponseFilter { + + private static final String DEFAULT_XML_TYPE = MediaType.APPLICATION_XML; + + @Override + public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) + throws IOException { + + updateResponseHeaders(requestContext, responseContext); + + } + + private void updateResponseHeaders(ContainerRequestContext requestContext, + ContainerResponseContext responseContext) { + + responseContext.getHeaders().add(AAIHeaderProperties.AAI_TX_ID, requestContext.getProperty(AAIHeaderProperties.AAI_TX_ID)); + + String responseContentType = responseContext.getHeaderString("Content-Type"); + + if (responseContentType == null) { + String acceptType = requestContext.getHeaderString("Accept"); + + if (acceptType == null || "*/*".equals(acceptType)) { + responseContext.getHeaders().putSingle("Content-Type", DEFAULT_XML_TYPE); + } else { + responseContext.getHeaders().putSingle("Content-Type", acceptType); + } + } + + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResponseTransactionLogging.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResponseTransactionLogging.java new file mode 100644 index 0000000..cd6706d --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/ResponseTransactionLogging.java @@ -0,0 +1,124 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.post; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import com.google.gson.JsonObject; +import org.onap.aai.exceptions.AAIException; +import org.onap.aai.logging.ErrorLogHelper; +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.onap.aai.schemaservice.interceptors.AAIHeaderProperties; +import org.onap.aai.util.AAIConfig; +import org.springframework.beans.factory.annotation.Autowired; + +import javax.annotation.Priority; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.HttpMethod; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerResponseContext; +import javax.ws.rs.container.ContainerResponseFilter; +import java.io.IOException; +import java.util.Objects; +import java.util.Optional; + +@Priority(AAIResponseFilterPriority.RESPONSE_TRANS_LOGGING) +public class ResponseTransactionLogging extends AAIContainerFilter implements ContainerResponseFilter { + + private static final EELFLogger TRANSACTION_LOGGER = EELFManager.getInstance().getLogger(ResponseTransactionLogging.class); + + @Autowired + private HttpServletResponse httpServletResponse; + + @Override + public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) + throws IOException { + + this.transLogging(requestContext, responseContext); + + } + + private void transLogging(ContainerRequestContext requestContext, ContainerResponseContext responseContext) { + + String logValue; + String getValue; + + try { + logValue = AAIConfig.get("aai.transaction.logging"); + getValue = AAIConfig.get("aai.transaction.logging.get"); + } catch (AAIException e) { + return; + } + + String httpMethod = requestContext.getMethod(); + + if(Boolean.parseBoolean(logValue)){ + + if(!Boolean.parseBoolean(getValue) && HttpMethod.GET.equals(httpMethod)){ + return; + } + + String transId = requestContext.getHeaderString(AAIHeaderProperties.TRANSACTION_ID); + String fromAppId = requestContext.getHeaderString(AAIHeaderProperties.FROM_APP_ID); + String fullUri = requestContext.getUriInfo().getRequestUri().toString(); + String requestTs = (String) requestContext.getProperty(AAIHeaderProperties.AAI_REQUEST_TS); + + + String status = Integer.toString(responseContext.getStatus()); + + String request = (String) requestContext.getProperty(AAIHeaderProperties.AAI_REQUEST); + String response = this.getResponseString(responseContext); + + + JsonObject logEntry = new JsonObject(); + logEntry.addProperty("transactionId", transId); + logEntry.addProperty("status", status); + logEntry.addProperty("rqstDate", requestTs); + logEntry.addProperty("respDate", this.genDate()); + logEntry.addProperty("sourceId", fromAppId + ":" + transId); + logEntry.addProperty("resourceId", fullUri); + logEntry.addProperty("resourceType", httpMethod); + logEntry.addProperty("rqstBuf", Objects.toString(request, "")); + logEntry.addProperty("respBuf", Objects.toString(response, "")); + + try { + TRANSACTION_LOGGER.debug(logEntry.toString()); + } catch (Exception e) { + ErrorLogHelper.logError("AAI_4000", "Exception writing transaction log."); + } + } + } + + private String getResponseString(ContainerResponseContext responseContext) { + JsonObject response = new JsonObject(); + response.addProperty("ID", responseContext.getHeaderString(AAIHeaderProperties.AAI_TX_ID)); + response.addProperty("Content-Type", this.httpServletResponse.getContentType()); + response.addProperty("Response-Code", responseContext.getStatus()); + response.addProperty("Headers", responseContext.getHeaders().toString()); + Optional entityOptional = Optional.ofNullable(responseContext.getEntity()); + if (entityOptional.isPresent()) { + response.addProperty("Entity", entityOptional.get().toString()); + } else { + response.addProperty("Entity", ""); + } + return response.toString(); + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/AAIRequestFilterPriority.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/AAIRequestFilterPriority.java new file mode 100644 index 0000000..0ecc0cf --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/AAIRequestFilterPriority.java @@ -0,0 +1,34 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.pre; + +public final class AAIRequestFilterPriority { + + public static final int REQUEST_TRANS_LOGGING = 1000; + public static final int HEADER_VALIDATION = 2000; + public static final int SET_LOGGING_CONTEXT = 3000; + public static final int HTTP_HEADER = 4000; + public static final int AUTHORIZATION = 4500; + public static final int HEADER_MANIPULATION = 6000; + + private AAIRequestFilterPriority() { + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/HeaderValidation.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/HeaderValidation.java new file mode 100644 index 0000000..85cb6be --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/HeaderValidation.java @@ -0,0 +1,86 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.pre; + +import org.onap.aai.exceptions.AAIException; +import org.onap.aai.logging.ErrorLogHelper; +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.onap.aai.schemaservice.interceptors.AAIHeaderProperties; + +import javax.annotation.Priority; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.PreMatching; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Optional; +import java.util.UUID; + +@PreMatching +@Priority(AAIRequestFilterPriority.HEADER_VALIDATION) +public class HeaderValidation extends AAIContainerFilter implements ContainerRequestFilter { + + @Override + public void filter(ContainerRequestContext requestContext) throws IOException { + + Optional oResp; + + String transId = requestContext.getHeaderString(AAIHeaderProperties.TRANSACTION_ID); + String fromAppId = requestContext.getHeaderString(AAIHeaderProperties.FROM_APP_ID); + + List acceptHeaderValues = requestContext.getAcceptableMediaTypes(); + + oResp = this.validateHeaderValuePresence(fromAppId, "AAI_4009", acceptHeaderValues); + if (oResp.isPresent()) { + requestContext.abortWith(oResp.get()); + return; + } + oResp = this.validateHeaderValuePresence(transId, "AAI_4010", acceptHeaderValues); + if (oResp.isPresent()) { + requestContext.abortWith(oResp.get()); + return; + } + + if (!this.isValidUUID(transId)) { + transId = UUID.randomUUID().toString(); + requestContext.getHeaders().get(AAIHeaderProperties.TRANSACTION_ID).clear(); + requestContext.getHeaders().add(AAIHeaderProperties.TRANSACTION_ID, transId); + } + + } + + private Optional validateHeaderValuePresence(String value, String errorCode, + List acceptHeaderValues) { + Response response = null; + AAIException aaie; + if (value == null) { + aaie = new AAIException(errorCode); + return Optional.of(Response.status(aaie.getErrorObject().getHTTPResponseCode()) + .entity(ErrorLogHelper.getRESTAPIErrorResponse(acceptHeaderValues, aaie, new ArrayList<>())) + .build()); + } + + return Optional.ofNullable(response); + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/HttpHeaderInterceptor.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/HttpHeaderInterceptor.java new file mode 100644 index 0000000..26765e5 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/HttpHeaderInterceptor.java @@ -0,0 +1,50 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.pre; + +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.onap.aai.schemaservice.interceptors.AAIHeaderProperties; + +import javax.annotation.Priority; +import javax.ws.rs.HttpMethod; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.PreMatching; +import java.io.IOException; + +/** + * The Class HttpHeaderInterceptor + */ +@PreMatching +@Priority(AAIRequestFilterPriority.HTTP_HEADER) +public class HttpHeaderInterceptor extends AAIContainerFilter implements ContainerRequestFilter { + public static final String patchMethod = "PATCH"; + + @Override + public void filter(ContainerRequestContext containerRequestContext) throws IOException { + String overrideMethod = containerRequestContext.getHeaderString(AAIHeaderProperties.HTTP_METHOD_OVERRIDE); + String httpMethod = containerRequestContext.getMethod(); + + if (HttpMethod.POST.equalsIgnoreCase(httpMethod) && patchMethod.equalsIgnoreCase(overrideMethod)) { + containerRequestContext.setMethod(patchMethod); + } + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/OneWaySslAuthorization.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/OneWaySslAuthorization.java new file mode 100644 index 0000000..989e56a --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/OneWaySslAuthorization.java @@ -0,0 +1,82 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.pre; + +import org.onap.aai.exceptions.AAIException; +import org.onap.aai.logging.ErrorLogHelper; +import org.onap.aai.schemaservice.Profiles; +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.onap.aai.schemaservice.service.AuthorizationService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Profile; + +import javax.annotation.Priority; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.PreMatching; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Optional; + +@Profile(Profiles.ONE_WAY_SSL) +@PreMatching +@Priority(AAIRequestFilterPriority.AUTHORIZATION) +public class OneWaySslAuthorization extends AAIContainerFilter implements ContainerRequestFilter { + + @Autowired + private AuthorizationService authorizationService; + + @Override + public void filter(ContainerRequestContext containerRequestContext) throws IOException { + + if (containerRequestContext.getUriInfo().getRequestUri().getPath().matches("^.*/util/echo$")) { + return; + } + + String basicAuth = containerRequestContext.getHeaderString("Authorization"); + List acceptHeaderValues = containerRequestContext.getAcceptableMediaTypes(); + + if (basicAuth == null || !basicAuth.startsWith("Basic ")) { + Optional responseOptional = errorResponse("AAI_3300", acceptHeaderValues); + containerRequestContext.abortWith(responseOptional.get()); + return; + } + + basicAuth = basicAuth.substring(6); + + if (!authorizationService.checkIfUserAuthorized(basicAuth)) { + Optional responseOptional = errorResponse("AAI_3300", acceptHeaderValues); + containerRequestContext.abortWith(responseOptional.get()); + return; + } + + } + + private Optional errorResponse(String errorCode, List acceptHeaderValues) { + AAIException aaie = new AAIException(errorCode); + return Optional.of(Response.status(aaie.getErrorObject().getHTTPResponseCode()) + .entity(ErrorLogHelper.getRESTAPIErrorResponse(acceptHeaderValues, aaie, new ArrayList<>())) + .build()); + + } +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/RequestHeaderManipulation.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/RequestHeaderManipulation.java new file mode 100644 index 0000000..211350a --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/RequestHeaderManipulation.java @@ -0,0 +1,63 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.pre; + +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.onap.aai.schemaservice.interceptors.AAIHeaderProperties; + +import javax.annotation.Priority; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.PreMatching; +import javax.ws.rs.core.MultivaluedMap; +import java.util.Collections; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +@PreMatching +@Priority(AAIRequestFilterPriority.HEADER_MANIPULATION) +public class RequestHeaderManipulation extends AAIContainerFilter implements ContainerRequestFilter { + + public static final Pattern EXTRACT_VERSION_PATTERN = Pattern.compile("^(v[1-9][0-9]*).*$"); + + @Override + public void filter(ContainerRequestContext requestContext) { + + String uri = requestContext.getUriInfo().getPath(); + this.addRequestContext(uri, requestContext.getHeaders()); + + } + + private void addRequestContext(String uri, MultivaluedMap requestHeaders) { + + String rc = ""; + + Matcher match = EXTRACT_VERSION_PATTERN.matcher(uri); + if (match.find()) { + rc = match.group(1); + } + + if (requestHeaders.containsKey(AAIHeaderProperties.REQUEST_CONTEXT)) { + requestHeaders.remove(AAIHeaderProperties.REQUEST_CONTEXT); + } + requestHeaders.put(AAIHeaderProperties.REQUEST_CONTEXT, Collections.singletonList(rc)); + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/RequestTransactionLogging.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/RequestTransactionLogging.java new file mode 100644 index 0000000..4208649 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/RequestTransactionLogging.java @@ -0,0 +1,113 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.pre; + +import com.google.gson.JsonObject; +import org.glassfish.jersey.message.internal.ReaderWriter; +import org.glassfish.jersey.server.ContainerException; +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.onap.aai.schemaservice.interceptors.AAIHeaderProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.StringUtils; + +import javax.annotation.Priority; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.PreMatching; +import javax.ws.rs.core.MediaType; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.UUID; + +@PreMatching +@Priority(AAIRequestFilterPriority.REQUEST_TRANS_LOGGING) +public class RequestTransactionLogging extends AAIContainerFilter implements ContainerRequestFilter { + + private static final String DEFAULT_CONTENT_TYPE = MediaType.APPLICATION_JSON; + private static final String DEFAULT_RESPONSE_TYPE = MediaType.APPLICATION_XML; + private static final String CONTENT_TYPE = "Content-Type"; + private static final String ACCEPT = "Accept"; + private static final String TEXT_PLAIN = "text/plain"; + @Autowired + private HttpServletRequest httpServletRequest; + + @Override + public void filter(ContainerRequestContext requestContext) { + + String currentTimeStamp = genDate(); + String fullId = this.getAAITxIdToHeader(); + this.addToRequestContext(requestContext, AAIHeaderProperties.AAI_TX_ID, fullId); + this.addToRequestContext(requestContext, AAIHeaderProperties.AAI_REQUEST, this.getRequest(requestContext, fullId)); + this.addToRequestContext(requestContext, AAIHeaderProperties.AAI_REQUEST_TS, currentTimeStamp); + this.addDefaultContentType(requestContext); + } + + private void addToRequestContext(ContainerRequestContext requestContext, String name, String aaiTxIdToHeader) { + requestContext.setProperty(name, aaiTxIdToHeader); + } + + private void addDefaultContentType(ContainerRequestContext requestContext) { + + String contentType = requestContext.getHeaderString(CONTENT_TYPE); + String acceptType = requestContext.getHeaderString(ACCEPT); + + if (contentType == null || contentType.contains(TEXT_PLAIN)) { + requestContext.getHeaders().putSingle(CONTENT_TYPE, DEFAULT_CONTENT_TYPE); + } + + if (StringUtils.isEmpty(acceptType) || acceptType.contains(TEXT_PLAIN)) { + requestContext.getHeaders().putSingle(ACCEPT, DEFAULT_RESPONSE_TYPE); + } + } + + private String getAAITxIdToHeader() { + String txId = UUID.randomUUID().toString(); + return txId; + } + + private String getRequest(ContainerRequestContext requestContext, String fullId) { + + JsonObject request = new JsonObject(); + request.addProperty("ID", fullId); + request.addProperty("Http-Method", requestContext.getMethod()); + request.addProperty(CONTENT_TYPE, httpServletRequest.getContentType()); + request.addProperty("Headers", requestContext.getHeaders().toString()); + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + InputStream in = requestContext.getEntityStream(); + + try { + if (in.available() > 0) { + ReaderWriter.writeTo(in, out); + byte[] requestEntity = out.toByteArray(); + request.addProperty("Payload", new String(requestEntity, "UTF-8")); + requestContext.setEntityStream(new ByteArrayInputStream(requestEntity)); + } + } catch (IOException ex) { + throw new ContainerException(ex); + } + + return request.toString(); + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/SetLoggingContext.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/SetLoggingContext.java new file mode 100644 index 0000000..32802d1 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/SetLoggingContext.java @@ -0,0 +1,69 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.pre; + +import org.onap.aai.logging.LoggingContext; +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.onap.aai.schemaservice.interceptors.AAIHeaderProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.env.Environment; + +import javax.annotation.Priority; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.PreMatching; +import java.io.IOException; + +@PreMatching +@Priority(AAIRequestFilterPriority.SET_LOGGING_CONTEXT) +public class SetLoggingContext extends AAIContainerFilter implements ContainerRequestFilter { + + @Autowired + private Environment environment; + + @Autowired + private HttpServletRequest httpServletRequest; + + @Override + public void filter(ContainerRequestContext requestContext) throws IOException { + + String uri = httpServletRequest.getRequestURI(); + String queryString = httpServletRequest.getQueryString(); + + if (queryString != null && !queryString.isEmpty()) { + uri = uri + "?" + queryString; + } + + String httpMethod = requestContext.getMethod(); + String transId = requestContext.getHeaderString(AAIHeaderProperties.TRANSACTION_ID); + String fromAppId = requestContext.getHeaderString(AAIHeaderProperties.FROM_APP_ID); + + LoggingContext.init(); + LoggingContext.requestId(transId); + LoggingContext.partnerName(fromAppId); + LoggingContext.targetEntity(environment.getProperty("spring.application.name")); + LoggingContext.component(fromAppId); + LoggingContext.serviceName(httpMethod + " " + uri); + LoggingContext.targetServiceName(httpMethod + " " + uri); + LoggingContext.statusCode(LoggingContext.StatusCode.COMPLETE); + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/TwoWaySslAuthorization.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/TwoWaySslAuthorization.java new file mode 100644 index 0000000..4f69042 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/pre/TwoWaySslAuthorization.java @@ -0,0 +1,187 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.interceptors.pre; + +import org.onap.aai.auth.AAIAuthCore; +import org.onap.aai.exceptions.AAIException; +import org.onap.aai.logging.ErrorLogHelper; +import org.onap.aai.restcore.HttpMethod; +import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; +import org.onap.aai.schemaservice.interceptors.AAIHeaderProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Profile; + +import javax.annotation.Priority; +import javax.security.auth.x500.X500Principal; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.PreMatching; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.security.cert.X509Certificate; +import java.util.*; +import java.util.stream.Collectors; + +@PreMatching +@Priority(AAIRequestFilterPriority.AUTHORIZATION) +@Profile("two-way-ssl") +public class TwoWaySslAuthorization extends AAIContainerFilter implements ContainerRequestFilter { + + private static final String PATCH = "PATCH"; + + @Autowired + private HttpServletRequest httpServletRequest; + + @Autowired + private AAIAuthCore aaiAuthCore; + + @Override + public void filter(ContainerRequestContext requestContext) { + + Optional oResp; + + String uri = requestContext.getUriInfo().getAbsolutePath().getPath(); + String httpMethod = getHttpMethod(requestContext); + + List acceptHeaderValues = requestContext.getAcceptableMediaTypes(); + + Optional authUser = getUser(this.httpServletRequest); + + if (authUser.isPresent()) { + oResp = this.authorize(uri, httpMethod, acceptHeaderValues, authUser.get(), + this.getHaProxyUser(this.httpServletRequest), getCertIssuer(this.httpServletRequest)); + if (oResp.isPresent()) { + requestContext.abortWith(oResp.get()); + return; + } + } else { + AAIException aaie = new AAIException("AAI_9107"); + requestContext + .abortWith(Response + .status(aaie.getErrorObject().getHTTPResponseCode()).entity(ErrorLogHelper + .getRESTAPIErrorResponseWithLogging(acceptHeaderValues, aaie, new ArrayList<>())) + .build()); + } + + } + + private String getCertIssuer(HttpServletRequest hsr) { + String issuer = hsr.getHeader("X-AAI-SSL-Issuer"); + if (issuer != null && !issuer.isEmpty()) { + // the haproxy header replaces the ', ' with '/' and reverses on the '/' need to undo that. + List broken = Arrays.asList(issuer.split("/")); + broken = broken.stream().filter(s -> !s.isEmpty()).collect(Collectors.toList()); + Collections.reverse(broken); + issuer = String.join(", ", broken); + } else { + if (hsr.getAttribute("javax.servlet.request.cipher_suite") != null) { + X509Certificate[] certChain = (X509Certificate[]) hsr.getAttribute("javax.servlet.request.X509Certificate"); + if (certChain != null && certChain.length > 0) { + X509Certificate clientCert = certChain[0]; + issuer = clientCert.getIssuerX500Principal().getName(); + } + } + } + return issuer; + } + + private String getHttpMethod(ContainerRequestContext requestContext) { + String httpMethod = requestContext.getMethod(); + if (javax.ws.rs.HttpMethod.POST.equalsIgnoreCase(httpMethod) + && PATCH.equals(requestContext.getHeaderString(AAIHeaderProperties.HTTP_METHOD_OVERRIDE))) { + httpMethod = HttpMethod.MERGE_PATCH.toString(); + } + if (httpMethod.equalsIgnoreCase(HttpMethod.MERGE_PATCH.toString()) || PATCH.equalsIgnoreCase(httpMethod)) { + httpMethod = HttpMethod.PUT.toString(); + } + return httpMethod; + } + + private Optional getUser(HttpServletRequest hsr) { + String authUser = null; + if (hsr.getAttribute("javax.servlet.request.cipher_suite") != null) { + X509Certificate[] certChain = (X509Certificate[]) hsr.getAttribute("javax.servlet.request.X509Certificate"); + + /* + * If the certificate is null or the certificate chain length is zero Then + * retrieve the authorization in the request header Authorization Check that it + * is not null and that it starts with Basic and then strip the basic portion to + * get the base64 credentials Check if this is contained in the AAIBasicAuth + * Singleton class If it is, retrieve the username associated with that + * credentials and set to authUser Otherwise, get the principal from certificate + * and use that authUser + */ + + if (certChain == null || certChain.length == 0) { + + String authorization = hsr.getHeader("Authorization"); + + if (authorization != null && authorization.startsWith("Basic ")) { + authUser = authorization.substring(6); + } + + } else { + X509Certificate clientCert = certChain[0]; + X500Principal subjectDN = clientCert.getSubjectX500Principal(); + authUser = subjectDN.toString().toLowerCase(); + } + } + + return Optional.ofNullable(authUser); + } + + private String getHaProxyUser(HttpServletRequest hsr) { + String haProxyUser; + if (Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-CN")) + || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-OU")) + || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-O")) + || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-L")) + || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-ST")) + || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-C"))) { + haProxyUser = ""; + } else { + haProxyUser = String.format("CN=%s, OU=%s, O=\"%s\", L=%s, ST=%s, C=%s", + Objects.toString(hsr.getHeader("X-AAI-SSL-Client-CN"), ""), + Objects.toString(hsr.getHeader("X-AAI-SSL-Client-OU"), ""), + Objects.toString(hsr.getHeader("X-AAI-SSL-Client-O"), ""), + Objects.toString(hsr.getHeader("X-AAI-SSL-Client-L"), ""), + Objects.toString(hsr.getHeader("X-AAI-SSL-Client-ST"), ""), + Objects.toString(hsr.getHeader("X-AAI-SSL-Client-C"), "")).toLowerCase(); + } + return haProxyUser; + } + + private Optional authorize(String uri, String httpMethod, List acceptHeaderValues, + String authUser, String haProxyUser, String issuer) { + Response response = null; + try { + if (!aaiAuthCore.authorize(authUser, uri, httpMethod, haProxyUser, issuer)) { + throw new AAIException("AAI_9101", "Request on " + httpMethod + " " + uri + " status is not OK"); + } + } catch (AAIException e) { + response = Response.status(e.getErrorObject().getHTTPResponseCode()) + .entity(ErrorLogHelper.getRESTAPIErrorResponseWithLogging(acceptHeaderValues, e, new ArrayList<>())) + .build(); + } + return Optional.ofNullable(response); + } + +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/logging/LocalHostAccessLog.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/logging/LocalHostAccessLog.java new file mode 100644 index 0000000..4da1122 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/logging/LocalHostAccessLog.java @@ -0,0 +1,68 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.logging; + +import ch.qos.logback.access.jetty.RequestLogImpl; +import org.eclipse.jetty.server.handler.HandlerCollection; +import org.eclipse.jetty.server.handler.RequestLogHandler; +import org.eclipse.jetty.util.thread.QueuedThreadPool; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory; +import org.springframework.boot.context.embedded.jetty.JettyEmbeddedServletContainerFactory; +import org.springframework.boot.context.embedded.jetty.JettyServerCustomizer; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.util.Arrays; + +@Configuration +public class LocalHostAccessLog { + + @Bean + public EmbeddedServletContainerFactory jettyConfigBean( + @Value("${jetty.threadPool.maxThreads:200}") final String maxThreads, + @Value("${jetty.threadPool.minThreads:8}") final String minThreads + ) { + + JettyEmbeddedServletContainerFactory jef = new JettyEmbeddedServletContainerFactory(); + jef.addServerCustomizers((JettyServerCustomizer) server -> { + + HandlerCollection handlers = new HandlerCollection(); + + Arrays.stream(server.getHandlers()).forEach(handlers::addHandler); + + RequestLogHandler requestLogHandler = new RequestLogHandler(); + requestLogHandler.setServer(server); + + RequestLogImpl requestLogImpl = new RequestLogImpl(); + requestLogImpl.setResource("/localhost-access-logback.xml"); + requestLogImpl.start(); + + requestLogHandler.setRequestLog(requestLogImpl); + handlers.addHandler(requestLogHandler); + server.setHandler(handlers); + + final QueuedThreadPool threadPool = server.getBean(QueuedThreadPool.class); + threadPool.setMaxThreads(Integer.valueOf(maxThreads)); + threadPool.setMinThreads(Integer.valueOf(minThreads)); + }); + return jef; + } +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/service/AuthorizationService.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/service/AuthorizationService.java new file mode 100644 index 0000000..1a83aa5 --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/service/AuthorizationService.java @@ -0,0 +1,109 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.service; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.eclipse.jetty.util.security.Password; +import org.onap.aai.schemaservice.Profiles; +import org.onap.aai.util.AAIConstants; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Service; + +import javax.annotation.PostConstruct; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.Base64; +import java.util.HashMap; +import java.util.Map; +import java.util.stream.Stream; + +@Profile(Profiles.ONE_WAY_SSL) +@Service +public class AuthorizationService { + + private static final EELFLogger logger = EELFManager.getInstance().getLogger(AuthorizationService.class); + + private final Map authorizedUsers = new HashMap<>(); + + private static final Base64.Encoder ENCODER = Base64.getEncoder(); + + @PostConstruct + public void init(){ + + String basicAuthFile = getBasicAuthFilePath(); + + try(Stream stream = Files.lines(Paths.get(basicAuthFile))){ + stream.filter(line -> !line.startsWith("#")).forEach(str -> { + byte [] bytes = null; + + String usernamePassword = null; + String accessType = null; + + try { + String [] userAccessType = str.split(","); + + if(userAccessType == null || userAccessType.length != 2){ + throw new RuntimeException("Please check the realm.properties file as it is not conforming to the basic auth"); + } + + usernamePassword = userAccessType[0]; + accessType = userAccessType[1]; + + String[] usernamePasswordArray = usernamePassword.split(":"); + + if(usernamePasswordArray == null || usernamePasswordArray.length != 3){ + throw new RuntimeException("Not a valid entry for the realm.properties entry: " + usernamePassword); + } + + String username = usernamePasswordArray[0]; + String password = null; + + if(str.contains("OBF:")){ + password = usernamePasswordArray[1] + ":" + usernamePasswordArray[2]; + password = Password.deobfuscate(password); + } + + bytes = ENCODER.encode((username + ":" + password).getBytes("UTF-8")); + + authorizedUsers.put(new String(bytes), accessType); + + } catch (UnsupportedEncodingException e) + { + logger.error("Unable to support the encoding of the file" + basicAuthFile); + } + + authorizedUsers.put(new String(ENCODER.encode(bytes)), accessType); + }); + } catch (IOException e) { + logger.error("IO Exception occurred during the reading of realm.properties", e); + } + } + + public boolean checkIfUserAuthorized(String authorization){ + return authorizedUsers.containsKey(authorization) && "admin".equals(authorizedUsers.get(authorization)); + } + + public String getBasicAuthFilePath(){ + return AAIConstants.AAI_HOME_ETC_AUTH + AAIConstants.AAI_FILESEP + "realm.properties"; + } +} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/web/JerseyConfiguration.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/web/JerseyConfiguration.java new file mode 100644 index 0000000..fa2327a --- /dev/null +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/web/JerseyConfiguration.java @@ -0,0 +1,122 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.schemaservice.web; + +import org.glassfish.jersey.server.ResourceConfig; +import org.reflections.Reflections; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Profile; +import org.springframework.core.env.Environment; +import org.springframework.stereotype.Component; + +import javax.annotation.Priority; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.ContainerResponseFilter; +import java.util.List; +import java.util.Set; +import java.util.logging.Logger; +import java.util.stream.Collectors; + +@Component +public class JerseyConfiguration extends ResourceConfig { + + private static final Logger log = Logger.getLogger(JerseyConfiguration.class.getName()); + + private Environment env; + + @Autowired + public JerseyConfiguration(Environment env) { + + this.env = env; + + //Request Filters + registerFiltersForRequests(); + // Response Filters + registerFiltersForResponses(); + + } + + public void registerFiltersForRequests() { + + // Find all the classes within the interceptors package + Reflections reflections = new Reflections("org.onap.aai.schemaservice.interceptors"); + // Filter them based on the clazz that was passed in + Set> filters = reflections.getSubTypesOf(ContainerRequestFilter.class); + + + // Check to ensure that each of the filter has the @Priority annotation and if not throw exception + for (Class filterClass : filters) { + if (filterClass.getAnnotation(Priority.class) == null) { + throw new RuntimeException("Container filter " + filterClass.getName() + " does not have @Priority annotation"); + } + } + + // Turn the set back into a list + List> filtersList = filters + .stream() + .filter(f -> { + if (f.isAnnotationPresent(Profile.class) + && !env.acceptsProfiles(f.getAnnotation(Profile.class).value())) { + return false; + } + return true; + }) + .collect(Collectors.toList()); + + // Sort them by their priority levels value + filtersList.sort((c1, c2) -> Integer.valueOf(c1.getAnnotation(Priority.class).value()).compareTo(c2.getAnnotation(Priority.class).value())); + + // Then register this to the jersey application + filtersList.forEach(this::register); + } + + public void registerFiltersForResponses() { + + // Find all the classes within the interceptors package + Reflections reflections = new Reflections("org.onap.aai.schemaservice.interceptors"); + // Filter them based on the clazz that was passed in + Set> filters = reflections.getSubTypesOf(ContainerResponseFilter.class); + + + // Check to ensure that each of the filter has the @Priority annotation and if not throw exception + for (Class filterClass : filters) { + if (filterClass.getAnnotation(Priority.class) == null) { + throw new RuntimeException("Container filter " + filterClass.getName() + " does not have @Priority annotation"); + } + } + + // Turn the set back into a list + List> filtersList = filters.stream() + .filter(f -> { + if (f.isAnnotationPresent(Profile.class) + && !env.acceptsProfiles(f.getAnnotation(Profile.class).value())) { + return false; + } + return true; + }) + .collect(Collectors.toList()); + + // Sort them by their priority levels value + filtersList.sort((c1, c2) -> Integer.valueOf(c1.getAnnotation(Priority.class).value()).compareTo(c2.getAnnotation(Priority.class).value())); + + // Then register this to the jersey application + filtersList.forEach(this::register); + } +} diff --git a/aai-schema-service/src/main/resources/application.properties b/aai-schema-service/src/main/resources/application.properties new file mode 100644 index 0000000..e639504 --- /dev/null +++ b/aai-schema-service/src/main/resources/application.properties @@ -0,0 +1,65 @@ +# The following info parameters are being referenced by ajsc6 [4/1969]info.build.artifact=@project.artifactId@ +info.build.name=@project.name@ +info.build.description=@project.description@ +info.build.version=@project.version@ + +spring.application.name=Schema Service Microservice +spring.jersey.type=filter + +server.contextPath=${schema.uri.base.path} +spring.autoconfigure.exclude=\ + org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ + org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + + +# Add Jetty Selector and Acceptor Properties here +#The max number of active threads in this pool +jetty.threadPool.maxThreads=500 +#The minimum number of threads always kept alive +jetty.threadPool.minThreads=10 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 + +# If you get an application startup failure that the port is already taken +# If thats not it, please check if the key-store file path makes sense +server.local.startpath=aai-schema-service/src/main/resources/ +server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties + +server.port=8452 +# Server SSL Related Attributes +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore +server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) +server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore +server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +# Schema related attributes for the oxm and edges +# Any additional schema related attributes should start with prefix schema +schema.configuration.location=N/A +schema.source.name=onap +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ +schema.query.location=${server.local.startpath}/schema/${schema.source.name}/query/ + +schema.ingest.file=${server.local.startpath}/application.properties + +# Schema Version Related Attributes + +schema.uri.base.path=/aai/schema-service +# Lists all of the versions in the schema +schema.version.list=v10,v11,v12,v13,v14,v15 +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start=v10 +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start=v10 +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start=v11 +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start=v12 +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start=v12 +# Specifies the version that the application should default to +schema.version.api.default=v15 diff --git a/aai-schema-service/src/main/resources/etc/appprops/aaiconfig.properties b/aai-schema-service/src/main/resources/etc/appprops/aaiconfig.properties new file mode 100644 index 0000000..c0a1ae6 --- /dev/null +++ b/aai-schema-service/src/main/resources/etc/appprops/aaiconfig.properties @@ -0,0 +1,21 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017-18 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +aai.transaction.logging=true + diff --git a/aai-schema-service/src/main/resources/etc/appprops/error.properties b/aai-schema-service/src/main/resources/etc/appprops/error.properties new file mode 100644 index 0000000..c695774 --- /dev/null +++ b/aai-schema-service/src/main/resources/etc/appprops/error.properties @@ -0,0 +1,182 @@ +# Adding comment trying to trigger a build +#------------------------------------------------------------------------------- ---------- +#Key=Disposition:Category:Severity:Error Code:HTTP ResponseCode:RESTError Code:Error Message +#------------------------------------------------------------------------------- ---------- +# testing code, please don't change unless error utility source code changes +AAI_TESTING=5:2:WARN:0000:400:0001:Error code for testing + +# General success +AAI_0000=0:0:INFO:0000:200:0000:Success + +# health check success +AAI_0001=0:0:INFO:0001:200:0001:Success X-FromAppId=%1 X-TransactionId=%2 +AAI_0002=0:0:INFO:0002:200:0001:Successful health check + +# Success with additional info +AAI_0003=0:3:INFO:0003:202:0003:Success with additional info performing %1 on %2. Added %3 with key %4 +AAI_0004=0:3:INFO:0004:202:0003:Added prerequisite object to db + +#--- aairest: 3000-3299 +# svc errors +AAI_3000=5:2:INFO:3000:400:3000:Invalid input performing %1 on %2 +AAI_3001=5:6:INFO:3001:404:3001:Resource not found for %1 using id %2 +AAI_3002=5:1:WARN:3002:400:3002:Error writing output performing %1 on %2 +AAI_3003=5:1:WARN:3003:400:3003:Failed to make edge to missing target node of type %3 with keys %4 performing %1 on %2 +AAI_3005=5:6:WARN:3005:404:3001:Node cannot be directly accessed for read, must be accessed via ancestor(s) +AAI_3006=5:6:WARN:3006:404:3001:Node cannot be directly accessed for write, must be accessed via ancestor(s) +AAI_3007=5:6:INFO:3007:410:3007:This version (%1) of the API is retired, please migrate to %2 +AAI_3008=5:6:WARN:3008:400:3008:URI is not encoded in UTF-8 +AAI_3009=5:6:WARN:3009:400:3002:Malformed URL +AAI_3010=5:6:WARN:3010:400:3002:Cannot write via this URL +AAI_3011=5:6:WARN:3011:400:3000:Unknown XML namespace used in payload +AAI_3012=5:6:WARN:3012:400:3012:Unrecognized AAI function +AAI_3013=5:6:WARN:3013:400:3013:Query payload missing required parameters %1 +AAI_3014=5:6:WARN:3014:400:3014:Query payload is invalid %1 +AAI_3015=5:6:INFO:3015:410:3015:The %1 capability is retired, please contact the A&AI SE team to identify a replacement query +AAI_3016=5:6:INFO:3007:400:3016:Request uri is not valid, please check the version %1 +AAI_3017=5:6:INFO:3007:400:3016:Request uri is not valid, please check the uri %1 +AAI_3018=5:6:INFO:3018:400:3018:Request schema version %1 is not valid, please check the schema version + +AAI_3050=5:1:WARN:3002:400:3002:Invalid request, missing or empty query parameter version +AAI_3051=5:1:WARN:3002:400:3002:Invalid request, version parameter %1 passed is not conforming to the following pattern v[1-9][0-9]* + +# pol errors +AAI_3100=5:1:WARN:3100:400:3100:Unsupported operation %1 +AAI_3101=5:1:WARN:3101:403:3101:Attempt by client %1 to execute API %2 +AAI_3102=5:1:WARN:3102:400:3102:Error parsing input performing %1 on %2 +AAI_3300=5:1:WARN:3300:403:3300:Unauthorized +AAI_3301=5:1:WARN:3301:401:3301:Stale credentials +AAI_3302=5:1:WARN:3302:401:3301:Not authenticated +AAI_3303=5:1:WARN:3303:403:3300:Too many objects would be returned by this request, please refine your request and retry + +#--- aaigen: 4000-4099 +AAI_4000=5:4:ERROR:4000:500:3002:Internal Error +AAI_4001=5:4:FATAL:4001:500:3002:Configuration file not found +AAI_4002=5:4:FATAL:4002:500:3002:Error reading Configuration file +AAI_4003=5:4:ERROR:4003:500:3002:Error writing to log file +AAI_4004=5:4:FATAL:4004:500:3002:Error reading/parsing the error properties file +AAI_4005=5:4:FATAL:4005:500:3002:Missing or invalid configuration parameter +AAI_4006=5:4:FATAL:4006:500:3002:Unexpected error in service +AAI_4007=5:4:WARN:4007:500:3102:Input parsing error +AAI_4008=5:4:ERROR:4008:500:3002:Output parsing error +AAI_4009=4:0:WARN:4009:400:3000:Invalid X-FromAppId in header +AAI_4010=4:0:WARN:4010:400:3000:Invalid X-TransactionId in header +AAI_4011=5:4:ERROR:4011:500:3002:Missing data for REST error response +AAI_4014=4:0:WARN:4014:400:3000:Invalid Accept header +AAI_4015=4:0:WARN:4015:400:3000:You must provide at least one indexed property +AAI_4016=4:0:WARN:4016:400:3000:The depth parameter must be a number or the string "all" +AAI_4017=5:2:INFO:4017:400:3000:Could not set property +AAI_4018=5:2:WARN:4018:400:3000:Unable to convert the string to integer +#--- aaidbmap: 5102-5199 +AAI_5102=5:4:FATAL:5102:500:3002:Graph database is null after open +AAI_5105=5:4:ERROR:5105:500:3002:Unexpected error reading/updating database +AAI_5106=5:4:WARN:5106:404:3001:Node not found +AAI_5107=5:2:WARN:5107:400:3000:Required information missing +AAI_5108=5:2:WARN:5108:200:0:Unexpected information in request being ignored + +#--- aaidbgen: 6101-6199 +AAI_6101=5:4:ERROR:6101:500:3002:null JanusGraph object passed +AAI_6102=5:4:WARN:6102:400:3000:Passed-in property is not valid for this nodeType +AAI_6103=5:4:WARN:6103:400:3000:Required Node-property not found in input data +AAI_6104=5:4:WARN:6104:400:3000:Required Node-property was passed with no data +AAI_6105=5:4:WARN:6105:400:3000:Node-Key-Property not defined in DbMaps +AAI_6106=5:4:WARN:6106:400:3000:Passed-in property is not valid for this edgeType +AAI_6107=5:4:WARN:6107:400:3000:Required Edge-property not found in input data +AAI_6108=5:4:WARN:6108:400:3000:Required Edge-property was passed with no data +AAI_6109=5:4:WARN:6109:400:3000:Bad dependent Node value +AAI_6110=5:4:ERROR:6110:400:3100:Node cannot be deleted +AAI_6111=5:4:WARN:6111:400:3000:JSON processing error +AAI_6112=5:4:ERROR:6112:400:3000:More than one node found by getUniqueNode() +AAI_6114=5:4:INFO:6114:404:3001:Node Not Found +AAI_6115=5:4:ERROR:6115:400:3000:Unrecognized NodeType +AAI_6116=5:4:ERROR:6116:400:3000:Unrecognized Property +AAI_6117=5:4:ERROR:6117:400:3000:Uniqueness constraint violated +AAI_6118=5:4:WARN:6118:400:3000:Required Field not passed. +AAI_6120=5:4:WARN:6120:400:3000:Bad Parameter Passed +AAI_6121=5:4:ERROR:6121:400:3000:Problem with internal AAI reference data +AAI_6122=5:4:ERROR:6122:400:3000:Data Set not complete in DB for this request +AAI_6123=5:4:ERROR:6123:500:3000:Bad Data found by DataGrooming Tool - Investigate +AAI_6124=5:4:ERROR:6124:500:3000:File read/write error +AAI_6125=5:4:WARN:6125:500:3000:Problem Pulling Data Set +AAI_6126=5:4:ERROR:6126:400:3000:Edge cannot be deleted +AAI_6127=5:4:INFO:6127:404:3001:Edge Not Found +AAI_6128=5:4:INFO:6128:500:3000:Unexpected error +AAI_6129=5:4:INFO:6129:404:3003:Error making edge to target node +AAI_6130=5:4:WARN:6130:412:3000:Precondition Required +AAI_6131=5:4:WARN:6131:412:3000:Precondition Failed +AAI_6132=5:4:WARN:6132:400:3000:Bad Model Definition +AAI_6133=5:4:WARN:6133:400:3000:Bad Named Query Definition +AAI_6134=5:4:ERROR:6134:500:6134:Could not persist transaction to storage back end. Exhausted retry amount +AAI_6135=5:4:WARN:6135:412:3000:Resource version specified on create +AAI_6136=5:4:ERROR:6136:400:3000:Object cannot hold multiple items +AAI_6137=5:4:ERROR:6137:400:3000:Cannot perform writes on multiple vertices +AAI_6138=5:4:ERROR:6138:400:3000:Cannot delete multiple vertices +AAI_6139=5:4:ERROR:6139:404:3000:Attempted to add edge to vertex that does not exist +AAI_6140=5:4:ERROR:6140:400:3000:Edge multiplicity violated +AAI_6141=5:4:WARN:6141:400:3000:Please Refine Query +AAI_6142=5:4:INFO:6142:400:3000:Retrying transaction +AAI_6143=5:4:INFO:6143:400:3000:Ghost vertex found +AAI_6144=5:4:WARN:6144:400:3000:Cycle found in graph +AAI_6145=5:4:ERROR:6145:400:3000:Cannot create a nested/containment edge via relationship +AAI_6146=5:4:ERROR:6146:400:3000:Ambiguous identity map found, use a URI instead +AAI_6147=5:4:ERROR:6147:400:3000:Payload Limit Reached, reduce payload + +#--- aaicsvp: 7101-7199 +AAI_7101=5:4:ERROR:7101:500:3002:Unexpected error in CSV file processing +AAI_7102=5:4:ERROR:7102:500:3002:Error in cleanup temporary directory +#AAI_7103=4:2:ERROR:7103:500:3002:Unsupported user +AAI_7104=5:4:ERROR:7104:500:3002:Failed to create directory +AAI_7105=5:4:ERROR:7105:500:3002:Temporary directory exists +AAI_7106=5:4:ERROR:7106:500:3002:Cannot delete +AAI_7107=5:4:ERROR:7107:500:3002:Input file does not exist +AAI_7108=5:4:ERROR:7108:500:3002:Output file does not exist +AAI_7109=5:4:ERROR:7109:500:3002:Error closing file +AAI_7110=5:4:ERROR:7110:500:3002:Error loading/reading properties file +AAI_7111=5:4:ERROR:7111:500:3002:Error executing shell script +AAI_7112=5:4:ERROR:7112:500:3002:Error creating output file +AAI_7113=5:4:ERROR:7113:500:3002:Trailer record error +AAI_7114=5:4:ERROR:7114:500:3002:Input file error +AAI_7115=5:4:ERROR:7115:500:3002:Unexpected error +AAI_7116=5:4:ERROR:7116:500:3002:Request error +AAI_7117=5:4:ERROR:7117:500:3002:Error in get http client object +AAI_7118=5:4:ERROR:7118:500:3002:Script Error +AAI_7119=5:4:ERROR:7119:500:3002:Unknown host + +#--- aaisdnc: 7201-7299 +AAI_7202=5:4:ERROR:7202:500:3002:Error getting connection to odl +#AAI_7206=5:4:ERROR:7206:500:3002:Invalid data returned from ODL + +#--- NotificationEvent, using UEB space +AAI_7350=5:4:ERROR:7305:500:3002:Notification event creation failed + +#--- aairestctlr: 7401-7499 +AAI_7401=5:4:ERROR:7401:500:3002:Error connecting to AAI REST API +AAI_7402=5:4:ERROR:7402:500:3002:Unexpected error +AAI_7403=5:4:WARN:7403:400:3001:Request error +AAI_7404=5:4:INFO:7404:404:3001:Node not found +AAI_7405=5:4:WARN:7405:200:0:UUID not formatted correctly, generating UUID +AAI_7406=5:4:ERROR:7406:400:7406:Request Timed Out + +#--- aaicsiovals: 7501-7599 +#AAI_7501=5:4:WARN:7501:500:3002:Error getting connection to CSI-OVALS +AAI_7502=5:4:WARN:7502:500:3002:Bad parameter when trying to build request for CSI-OVALS +AAI_7503=5:4:WARN:7503:500:3002:Error returned by CSI-OVALS + +#--- aaiauth: 9101-9199 +AAI_9101=5:0:WARN:9101:403:3300:User is not authorized to perform function +#AAI_9102=5:0:WARN:9102:401:3301:Refresh credentials from source +#AAI_9103=5:0:WARN:9103:403:3300:User not found +#AAI_9104=5:0:WARN:9104:401:3302:Authentication error +#AAI_9105=5:0:WARN:9105:403:3300:Authorization error +#AAI_9106=5:0:WARN:9106:403:3300:Invalid AppId +#AAI_9107=5:0:WARN:9107:403:3300:No Username in Request +AAI_9107=5:0:WARN:9107:403:3300:SSL is not provided in request, please contact admin +AAI_9108=5:0:WARN:9107:403:3300:Basic auth credentials is not provided in the request + +#--- aaiinstar: 9201-9299 +#AAI_9201=5:4:ERROR:9201:500:3002:Unable to send notification +AAI_9202=5:4:ERROR:9202:500:3002:Unable to start a thread +#--- GRM DME2: 9501-9599 +AAI_9501=5:4:WARN:9501:500:3002:Unable to register with GRM retrying +AAI_9502=5:4:ERROR:9502:500:3002:Unable to register with GRM after exhausting all retries +AAI_9503=5:4:WARN:9503:500:3002:Unable to successfully unpublish with GRM, recommend manual cleanup but not necessary diff --git a/aai-schema-service/src/main/resources/etc/auth/aai_keystore b/aai-schema-service/src/main/resources/etc/auth/aai_keystore new file mode 100644 index 0000000..16d93a7 Binary files /dev/null and b/aai-schema-service/src/main/resources/etc/auth/aai_keystore differ diff --git a/aai-schema-service/src/main/resources/etc/auth/realm.properties b/aai-schema-service/src/main/resources/etc/auth/realm.properties new file mode 100644 index 0000000..f0e0172 --- /dev/null +++ b/aai-schema-service/src/main/resources/etc/auth/realm.properties @@ -0,0 +1,13 @@ +# format : username: password[,rolename ...] +# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... +AAI:OBF:1gfr1ev31gg7,admin +MSO:OBF:1jzx1lz31k01,admin +SDNC:OBF:1itr1i0l1i151isv,admin +DCAE:OBF:1g8u1f9d1f991g8w,admin +POLICY:OBF:1mk61i171ima1im41i0j1mko,admin +ASDC:OBF:1f991j0u1j001f9d,admin +VID:OBF:1jm91i0v1jl9,admin +APPC:OBF:1f991ksf1ksf1f9d,admin +ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin +AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin +OOF:OBF:1img1ke71ily,admin diff --git a/aai-schema-service/src/main/resources/localhost-access-logback.xml b/aai-schema-service/src/main/resources/localhost-access-logback.xml new file mode 100644 index 0000000..6415410 --- /dev/null +++ b/aai-schema-service/src/main/resources/localhost-access-logback.xml @@ -0,0 +1,62 @@ + + + + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} + + + + %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D + + + + + + diff --git a/aai-schema-service/src/main/resources/logback.xml b/aai-schema-service/src/main/resources/logback.xml new file mode 100644 index 0000000..6c518d5 --- /dev/null +++ b/aai-schema-service/src/main/resources/logback.xml @@ -0,0 +1,269 @@ + + + + + + + + + + + + + + + + + + + + + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + + + + + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + + + + 1000 + true + + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + + ${eelfMetricLogPattern} + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + + ${eelfLogPattern} + + + + + 1000 + true + + + + + + WARN + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + + ${eelfErrorLogPattern} + + + + + 1000 + true + + + + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${eelfAuditLogPattern} + + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${eelfTransLogPattern} + + + + + 1000 + true + + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${eelfLogPattern} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/aai-schema-service/src/test/resources/application-test.properties b/aai-schema-service/src/test/resources/application-test.properties new file mode 100644 index 0000000..2b3bd58 --- /dev/null +++ b/aai-schema-service/src/test/resources/application-test.properties @@ -0,0 +1,53 @@ +spring.application.name=aai-schema-service +spring.jersey.type=filter + +server.contextPath=${schema.uri.base.path} + +spring.autoconfigure.exclude=\ + org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ + org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration +#The max number of active threads in this pool +jetty.threadPool.maxThreads=200 +#The minimum number of threads always kept alive +jetty.threadPool.minThreads=8 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 +# If you get an application startup failure that the port is already taken +# If thats not it, please check if the key-store file path makes sense +server.local.startpath=aai-schema-service/src/main/resources/ +server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties + +server.port=8452 +# Server SSL Related Attributes +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore +server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) +server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore +server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +# Schema related attributes for the oxm and edges +# Any additional schema related attributes should start with prefix schema +schema.configuration.location=N/A +schema.source.name=onap +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ +schema.ingest.file=${server.local.startpath}/application.properties +# Schema Version Related Attributes +schema.uri.base.path=/aai/schema-service +# Lists all of the versions in the schema +schema.version.list=v10,v11,v12,v13,v14,v15 +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start=v10 +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start=v10 +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start=v11 +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start=v12 +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start=v12 +# Specifies the version that the application should default to +schema.version.api.default=v15 diff --git a/aai-schema-service/src/test/resources/logback.xml b/aai-schema-service/src/test/resources/logback.xml new file mode 100644 index 0000000..2dd8021 --- /dev/null +++ b/aai-schema-service/src/test/resources/logback.xml @@ -0,0 +1,392 @@ + + + + + + + + + + + + + + + + + + + + + + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + + + + + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + + + + 1000 + true + + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + + ${eelfMetricLogPattern} + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + + ${eelfLogPattern} + + + + + 1000 + true + + + + + + WARN + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + + ${eelfErrorLogPattern} + + + + + 1000 + true + + + + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${eelfAuditLogPattern} + + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${eelfTransLogPattern} + + + + + 1000 + true + + + + + + WARN + + ${logDirectory}/dmaapAAIEventConsumer/error.log + + ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + + + + ${eelfLogPattern} + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/debug.log + + ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + + + + ${eelfLogPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + + + + ${eelfMetricLogPattern} + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${eelfLogPattern} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.log + + + ${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip + + 1 + 9 + + + 5MB + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + + ${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.log + + + ${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip + + 1 + 9 + + + 5MB + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit 1.2.3-korg