diff options
author | Determe, Sebastien (sd378r) <sd378r@intl.att.com> | 2018-03-27 10:25:41 +0200 |
---|---|---|
committer | Determe, Sebastien (sd378r) <sd378r@intl.att.com> | 2018-03-27 10:25:41 +0200 |
commit | 08b9492f3330e93d477a5a5a275ed44755e9f52a (patch) | |
tree | 9f335baacbc365fdfce7048b756c1db3f5e6fac4 /src/main | |
parent | 020f29ee84fe5d780108149aa9de04e86d308d03 (diff) |
Security Fix
Introduce a centralized ObjectMapper for Resteasy and Clamp code
so that the automatic Ser/deserialization of all classes is disabled.
Issue-ID: CLAMP-135
Change-Id: I1fb11c8fc8e7a53ef832774fa8c06af1c70d3dad
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
Diffstat (limited to 'src/main')
15 files changed, 197 insertions, 101 deletions
diff --git a/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java b/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java index 9226604a..f20668e5 100644 --- a/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java +++ b/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java @@ -152,6 +152,8 @@ public class DcaeDispatcherServices { * The deployment ID
* @param serviceTypeId
* Service type ID
+ * @param blueprintInput
+ * The value for each blueprint parameters in a flat JSON
* @return The status URL
*/
public String createNewDeployment(String deploymentId, String serviceTypeId) {
diff --git a/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java b/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java index d5015040..ffc9b8e2 100644 --- a/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java +++ b/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java @@ -26,7 +26,6 @@ package org.onap.clamp.clds.client; import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
@@ -47,6 +46,7 @@ import org.onap.clamp.clds.model.DcaeEvent; import org.onap.clamp.clds.model.dcae.DcaeInventoryResponse;
import org.onap.clamp.clds.model.properties.Global;
import org.onap.clamp.clds.model.properties.ModelProperties;
+import org.onap.clamp.clds.util.JacksonUtils;
import org.onap.clamp.clds.util.LoggingUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -182,7 +182,7 @@ public class DcaeInventoryServices { LoggingUtils.setResponseContext("0", "Get Dcae Information success", this.getClass().getName());
LoggingUtils.setTimeContext(startTime, new Date());
metricsLogger.info("getDcaeInformation complete: number services returned=" + numServices);
- return new ObjectMapper().readValue(dcaeInventoryResponse, DcaeInventoryResponse.class);
+ return JacksonUtils.getObjectMapperInstance().readValue(dcaeInventoryResponse, DcaeInventoryResponse.class);
}
/**
@@ -210,8 +210,7 @@ public class DcaeInventoryServices { LoggingUtils.setTargetContext("DCAE", "createDCAEServiceType");
String typeId = null;
try {
- ObjectMapper mapper = new ObjectMapper();
- ObjectNode dcaeServiceTypeRequest = mapper.createObjectNode();
+ ObjectNode dcaeServiceTypeRequest = JacksonUtils.getObjectMapperInstance().createObjectNode();
dcaeServiceTypeRequest.put("blueprintTemplate", blueprintTemplate);
dcaeServiceTypeRequest.put("owner", owner);
dcaeServiceTypeRequest.put("typeName", typeName);
diff --git a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java index fd7d096f..ce3c8baf 100644 --- a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java +++ b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java @@ -74,6 +74,7 @@ import org.onap.clamp.clds.model.sdc.SdcServiceDetail; import org.onap.clamp.clds.model.sdc.SdcServiceInfo;
import org.onap.clamp.clds.service.CldsService;
import org.onap.clamp.clds.util.CryptoUtils;
+import org.onap.clamp.clds.util.JacksonUtils;
import org.onap.clamp.clds.util.LoggingUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -284,13 +285,12 @@ public class SdcCatalogServices { * an empty list
*/
private List<SdcServiceInfo> getCldsSdcServicesListFromJson(String jsonStr) {
- ObjectMapper objectMapper = new ObjectMapper();
if (StringUtils.isBlank(jsonStr)) {
return new ArrayList<>();
}
try {
- return objectMapper.readValue(jsonStr,
- objectMapper.getTypeFactory().constructCollectionType(List.class, SdcServiceInfo.class));
+ return JacksonUtils.getObjectMapperInstance().readValue(jsonStr, JacksonUtils.getObjectMapperInstance()
+ .getTypeFactory().constructCollectionType(List.class, SdcServiceInfo.class));
} catch (IOException e) {
logger.error("Error when attempting to decode the JSON containing CldsSdcServiceInfo", e);
return new ArrayList<>();
@@ -306,13 +306,12 @@ public class SdcCatalogServices { * issues
*/
private List<SdcResourceBasicInfo> getAllSdcResourcesListFromJson(String jsonStr) {
- ObjectMapper objectMapper = new ObjectMapper();
if (StringUtils.isBlank(jsonStr)) {
return new ArrayList<>();
}
try {
- return objectMapper.readValue(jsonStr,
- objectMapper.getTypeFactory().constructCollectionType(List.class, SdcResourceBasicInfo.class));
+ return JacksonUtils.getObjectMapperInstance().readValue(jsonStr, JacksonUtils.getObjectMapperInstance()
+ .getTypeFactory().constructCollectionType(List.class, SdcResourceBasicInfo.class));
} catch (IOException e) {
logger.error("Exception occurred when attempting to decode the list of CldsSdcResourceBasicInfo JSON", e);
return new ArrayList<>();
@@ -326,9 +325,8 @@ public class SdcCatalogServices { * @return
*/
public SdcServiceDetail decodeCldsSdcServiceDetailFromJson(String jsonStr) {
- ObjectMapper objectMapper = new ObjectMapper();
try {
- return objectMapper.readValue(jsonStr, SdcServiceDetail.class);
+ return JacksonUtils.getObjectMapperInstance().readValue(jsonStr, SdcServiceDetail.class);
} catch (IOException e) {
logger.error("Exception when attempting to decode the CldsSdcServiceDetail JSON", e);
return null;
@@ -470,12 +468,12 @@ public class SdcCatalogServices { String serviceUuid = getServiceUuidFromServiceInvariantId(invariantServiceUuid);
String serviceDetailUrl = url + "/" + serviceUuid + SDC_METADATA_URL_PREFIX;
String responseStr = getCldsServicesOrResourcesBasedOnURL(serviceDetailUrl);
- ObjectMapper objectMapper = new ObjectMapper();
CldsServiceData cldsServiceData = new CldsServiceData();
if (responseStr != null) {
SdcServiceDetail cldsSdcServiceDetail;
try {
- cldsSdcServiceDetail = objectMapper.readValue(responseStr, SdcServiceDetail.class);
+ cldsSdcServiceDetail = JacksonUtils.getObjectMapperInstance().readValue(responseStr,
+ SdcServiceDetail.class);
} catch (IOException e) {
logger.error("Exception when decoding the CldsServiceData JSON from SDC", e);
throw new SdcCommunicationException("Exception when decoding the CldsServiceData JSON from SDC", e);
@@ -568,11 +566,10 @@ public class SdcCatalogServices { }
}
- private List<CldsVfcData> getVfcDataListFromVfResponse(String vfResponse) throws GeneralSecurityException {
- ObjectMapper mapper = new ObjectMapper();
+ private List<CldsVfcData> getVfcDataListFromVfResponse(String vfResponse) {
ObjectNode vfResponseNode;
try {
- vfResponseNode = (ObjectNode) mapper.readTree(vfResponse);
+ vfResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfResponse);
} catch (IOException e) {
logger.error("Exception when decoding the JSON list of CldsVfcData", e);
return new ArrayList<>();
@@ -614,8 +611,7 @@ public class SdcCatalogServices { String vfcResourceUUIDUrl = catalogUrl + RESOURCE_URL_PREFIX + "/" + resourceUUID + SDC_METADATA_URL_PREFIX;
try {
String vfcResponse = getCldsServicesOrResourcesBasedOnURL(vfcResourceUUIDUrl);
- ObjectMapper mapper = new ObjectMapper();
- ObjectNode vfResponseNode = (ObjectNode) mapper.readTree(vfcResponse);
+ ObjectNode vfResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfcResponse);
ArrayNode vfcArrayNode = (ArrayNode) vfResponseNode.get("resources");
if (vfcArrayNode != null) {
for (JsonNode vfcjsonNode : vfcArrayNode) {
@@ -639,10 +635,9 @@ public class SdcCatalogServices { private List<CldsAlarmCondition> getAlarmCondtionsFromVfc(String vfcResponse) throws GeneralSecurityException {
List<CldsAlarmCondition> cldsAlarmConditionList = new ArrayList<>();
- ObjectMapper mapper = new ObjectMapper();
ObjectNode vfcResponseNode;
try {
- vfcResponseNode = (ObjectNode) mapper.readTree(vfcResponse);
+ vfcResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfcResponse);
} catch (IOException e) {
logger.error("Exception when decoding the JSON list of CldsAlarmCondition", e);
return cldsAlarmConditionList;
@@ -684,10 +679,9 @@ public class SdcCatalogServices { // Method to get the artifact for any particular VF
private List<CldsVfKPIData> getFieldPathFromVF(String vfResponse) throws GeneralSecurityException {
List<CldsVfKPIData> cldsVfKPIDataList = new ArrayList<>();
- ObjectMapper mapper = new ObjectMapper();
ObjectNode vfResponseNode;
try {
- vfResponseNode = (ObjectNode) mapper.readTree(vfResponse);
+ vfResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfResponse);
} catch (IOException e) {
logger.error("Exception when decoding the JSON list of CldsVfKPIData", e);
return cldsVfKPIDataList;
@@ -846,24 +840,23 @@ public class SdcCatalogServices { */
public String createPropertiesObjectByUUID(CldsServiceData cldsServiceData) throws IOException {
String totalPropsStr;
- ObjectMapper mapper = new ObjectMapper();
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode globalPropsJson = (ObjectNode) refProp.getJsonTemplate(CldsService.GLOBAL_PROPERTIES_KEY);
if (cldsServiceData != null && cldsServiceData.getServiceUUID() != null) {
// Objectnode to save all byservice, byvf , byvfc and byalarm nodes
ObjectNode byIdObjectNode = mapper.createObjectNode();
// To create vf ResourceUUID node with serviceInvariantUUID
- ObjectNode invariantUuidObjectNodeWithVf = createVfObjectNodeByServiceInvariantUuid(mapper,
- cldsServiceData);
+ ObjectNode invariantUuidObjectNodeWithVf = createVfObjectNodeByServiceInvariantUuid(cldsServiceData);
byIdObjectNode.putPOJO("byService", invariantUuidObjectNodeWithVf);
// To create byVf and vfcResourceNode with vfResourceUUID
- ObjectNode vfcObjectNodeByVfUuid = createVfcObjectNodeByVfUuid(mapper, cldsServiceData.getCldsVfs());
+ ObjectNode vfcObjectNodeByVfUuid = createVfcObjectNodeByVfUuid(cldsServiceData.getCldsVfs());
byIdObjectNode.putPOJO("byVf", vfcObjectNodeByVfUuid);
// To create byKpi
ObjectNode kpiObjectNode = mapper.createObjectNode();
if (cldsServiceData.getCldsVfs() != null && !cldsServiceData.getCldsVfs().isEmpty()) {
for (CldsVfData currCldsVfData : cldsServiceData.getCldsVfs()) {
if (currCldsVfData != null) {
- createKpiObjectNodeByVfUuid(mapper, kpiObjectNode, currCldsVfData.getCldsKPIList());
+ createKpiObjectNodeByVfUuid(kpiObjectNode, currCldsVfData.getCldsKPIList());
}
}
}
@@ -873,8 +866,7 @@ public class SdcCatalogServices { if (cldsServiceData.getCldsVfs() != null && !cldsServiceData.getCldsVfs().isEmpty()) {
for (CldsVfData currCldsVfData : cldsServiceData.getCldsVfs()) {
if (currCldsVfData != null) {
- createAlarmCondObjectNodeByVfcUuid(mapper, vfcResourceUuidObjectNode,
- currCldsVfData.getCldsVfcs());
+ createAlarmCondObjectNodeByVfcUuid(vfcResourceUuidObjectNode, currCldsVfData.getCldsVfcs());
}
}
}
@@ -882,12 +874,12 @@ public class SdcCatalogServices { // To create byAlarmCondition with alarmConditionKey
List<CldsAlarmCondition> allAlarmConditions = getAllAlarmConditionsFromCldsServiceData(cldsServiceData,
"alarmCondition");
- ObjectNode alarmCondObjectNodeByAlarmKey = createAlarmCondObjectNodeByAlarmKey(mapper, allAlarmConditions);
+ ObjectNode alarmCondObjectNodeByAlarmKey = createAlarmCondObjectNodeByAlarmKey(allAlarmConditions);
byIdObjectNode.putPOJO("byAlarmCondition", alarmCondObjectNodeByAlarmKey);
// To create byAlertDescription with AlertDescription
List<CldsAlarmCondition> allAlertDescriptions = getAllAlarmConditionsFromCldsServiceData(cldsServiceData,
"alertDescription");
- ObjectNode alertDescObjectNodeByAlert = createAlarmCondObjectNodeByAlarmKey(mapper, allAlertDescriptions);
+ ObjectNode alertDescObjectNodeByAlert = createAlarmCondObjectNodeByAlarmKey(allAlertDescriptions);
byIdObjectNode.putPOJO("byAlertDescription", alertDescObjectNodeByAlert);
globalPropsJson.putPOJO("shared", byIdObjectNode);
logger.info("Global properties JSON created with SDC info:" + globalPropsJson);
@@ -963,8 +955,8 @@ public class SdcCatalogServices { return alarmCondList;
}
- private ObjectNode createAlarmCondObjectNodeByAlarmKey(ObjectMapper mapper,
- List<CldsAlarmCondition> cldsAlarmCondList) {
+ private ObjectNode createAlarmCondObjectNodeByAlarmKey(List<CldsAlarmCondition> cldsAlarmCondList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode alarmCondKeyNode = mapper.createObjectNode();
if (cldsAlarmCondList != null && !cldsAlarmCondList.isEmpty()) {
for (CldsAlarmCondition currCldsAlarmCondition : cldsAlarmCondList) {
@@ -984,7 +976,8 @@ public class SdcCatalogServices { return alarmCondKeyNode;
}
- private ObjectNode createVfObjectNodeByServiceInvariantUuid(ObjectMapper mapper, CldsServiceData cldsServiceData) {
+ private ObjectNode createVfObjectNodeByServiceInvariantUuid(CldsServiceData cldsServiceData) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode invariantUuidObjectNode = mapper.createObjectNode();
ObjectNode vfObjectNode = mapper.createObjectNode();
ObjectNode vfUuidNode = mapper.createObjectNode();
@@ -1003,8 +996,9 @@ public class SdcCatalogServices { return invariantUuidObjectNode;
}
- private void createKpiObjectNodeByVfUuid(ObjectMapper mapper, ObjectNode vfResourceUuidObjectNode,
+ private void createKpiObjectNodeByVfUuid(ObjectNode vfResourceUuidObjectNode,
List<CldsVfKPIData> cldsVfKpiDataList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
if (cldsVfKpiDataList != null && !cldsVfKpiDataList.isEmpty()) {
for (CldsVfKPIData currCldsVfKpiData : cldsVfKpiDataList) {
if (currCldsVfKpiData != null) {
@@ -1022,8 +1016,9 @@ public class SdcCatalogServices { }
}
- private void createAlarmCondObjectNodeByVfcUuid(ObjectMapper mapper, ObjectNode vfcResourceUuidObjectNode,
+ private void createAlarmCondObjectNodeByVfcUuid(ObjectNode vfcResourceUuidObjectNode,
List<CldsVfcData> cldsVfcDataList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode vfcObjectNode = mapper.createObjectNode();
ObjectNode alarmCondNode = mapper.createObjectNode();
ObjectNode alertDescNode = mapper.createObjectNode();
@@ -1063,7 +1058,8 @@ public class SdcCatalogServices { * @param cldsVfDataList
* @return
*/
- private ObjectNode createVfcObjectNodeByVfUuid(ObjectMapper mapper, List<CldsVfData> cldsVfDataList) {
+ private ObjectNode createVfcObjectNodeByVfUuid(List<CldsVfData> cldsVfDataList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode vfUuidObjectNode = mapper.createObjectNode();
if (cldsVfDataList != null && !cldsVfDataList.isEmpty()) {
for (CldsVfData currCldsVfData : cldsVfDataList) {
diff --git a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java index e34b7e90..c76607af 100644 --- a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java +++ b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java @@ -47,6 +47,7 @@ import org.onap.clamp.clds.model.properties.ModelProperties; import org.onap.clamp.clds.model.properties.Tca; import org.onap.clamp.clds.model.sdc.SdcResource; import org.onap.clamp.clds.model.sdc.SdcServiceDetail; +import org.onap.clamp.clds.util.JacksonUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -95,7 +96,7 @@ public class SdcRequests { * @return SDC Locations request in the JSON Format */ public String formatSdcLocationsReq(ModelProperties prop, String artifactName) { - ObjectMapper objectMapper = new ObjectMapper(); + ObjectMapper objectMapper = JacksonUtils.getObjectMapperInstance(); Global global = prop.getGlobal(); List<String> locationsList = global.getLocation(); ArrayNode locationsArrayNode = objectMapper.createArrayNode(); @@ -203,9 +204,8 @@ public class SdcRequests { * In case of issues with the Json parser */ protected String getYamlvalue(String jsonGlobal) throws IOException { - ObjectMapper objectMapper = new ObjectMapper(); String yamlFileValue = ""; - ObjectNode root = objectMapper.readValue(jsonGlobal, ObjectNode.class); + ObjectNode root = JacksonUtils.getObjectMapperInstance().readValue(jsonGlobal, ObjectNode.class); Iterator<Entry<String, JsonNode>> entryItr = root.fields(); while (entryItr.hasNext()) { Entry<String, JsonNode> entry = entryItr.next(); diff --git a/src/main/java/org/onap/clamp/clds/config/ClampProperties.java b/src/main/java/org/onap/clamp/clds/config/ClampProperties.java index 66f35acc..1c1bd7f2 100644 --- a/src/main/java/org/onap/clamp/clds/config/ClampProperties.java +++ b/src/main/java/org/onap/clamp/clds/config/ClampProperties.java @@ -24,13 +24,13 @@ package org.onap.clamp.clds.config; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; import java.net.URL; import java.nio.charset.StandardCharsets; import org.apache.commons.io.IOUtils; +import org.onap.clamp.clds.util.JacksonUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.core.env.Environment; @@ -88,9 +88,10 @@ public class ClampProperties { * In case of issues with the JSON parser */ public JsonNode getJsonTemplate(String key) throws IOException { - ObjectMapper objectMapper = new ObjectMapper(); String fileReference = getStringValue(key); - return (fileReference != null) ? objectMapper.readValue(getFileContentFromPath(fileReference), JsonNode.class) + return (fileReference != null) + ? JacksonUtils.getObjectMapperInstance().readValue(getFileContentFromPath(fileReference), + JsonNode.class) : null; } @@ -108,9 +109,10 @@ public class ClampProperties { * In case of issues with the JSON parser */ public JsonNode getJsonTemplate(String key1, String key2) throws IOException { - ObjectMapper objectMapper = new ObjectMapper(); String fileReference = getStringValue(key1, key2); - return (fileReference != null) ? objectMapper.readValue(getFileContentFromPath(fileReference), JsonNode.class) + return (fileReference != null) + ? JacksonUtils.getObjectMapperInstance().readValue(getFileContentFromPath(fileReference), + JsonNode.class) : null; } diff --git a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java index bb1b9d13..28f9e946 100644 --- a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java +++ b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP CLAMP * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,8 +23,6 @@ package org.onap.clamp.clds.config; -import com.fasterxml.jackson.databind.ObjectMapper; - import java.io.IOException; import java.io.InputStream; import java.nio.charset.StandardCharsets; @@ -32,6 +30,7 @@ import java.nio.charset.StandardCharsets; import org.apache.commons.io.IOUtils; import org.onap.clamp.clds.exception.CldsUsersException; import org.onap.clamp.clds.service.CldsUser; +import org.onap.clamp.clds.util.JacksonUtils; public class CldsUserJsonDecoder { @@ -56,7 +55,7 @@ public class CldsUserJsonDecoder { try { // the ObjectMapper readValue method closes the stream no need to do // it - return new ObjectMapper().readValue(cldsUsersString, CldsUser[].class); + return JacksonUtils.getObjectMapperInstance().readValue(cldsUsersString, CldsUser[].class); } catch (IOException e) { throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e); } diff --git a/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java b/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java index a78e895f..9274f829 100644 --- a/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java @@ -24,12 +24,13 @@ package org.onap.clamp.clds.config.sdc; import com.fasterxml.jackson.core.type.TypeReference; -import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; import java.io.InputStream; import java.util.List; +import org.onap.clamp.clds.util.JacksonUtils; + /** * This class is used to decode the configuration found in * application.properties, this is related to the blueprint mapping @@ -65,6 +66,6 @@ public class BlueprintParserMappingConfiguration { public static List<BlueprintParserMappingConfiguration> createFromJson(InputStream json) throws IOException { TypeReference<List<BlueprintParserMappingConfiguration>> mapType = new TypeReference<List<BlueprintParserMappingConfiguration>>() { }; - return new ObjectMapper().readValue(json, mapType); + return JacksonUtils.getObjectMapperInstance().readValue(json, mapType); } } diff --git a/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java b/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java index f5c658cf..fdc00745 100644 --- a/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java @@ -26,7 +26,6 @@ package org.onap.clamp.clds.config.sdc; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; import java.util.HashMap; @@ -35,6 +34,7 @@ import java.util.Map; import javax.annotation.PostConstruct; import org.onap.clamp.clds.exception.sdc.controller.SdcParametersException; +import org.onap.clamp.clds.util.JacksonUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.ApplicationContext; @@ -65,7 +65,7 @@ public class SdcControllersConfiguration { public void loadConfiguration() throws IOException { Resource resource = appContext.getResource(sdcControllerFile); // Try to load json tree - jsonRootNode = new ObjectMapper().readValue(resource.getInputStream(), JsonNode.class); + jsonRootNode = JacksonUtils.getObjectMapperInstance().readValue(resource.getInputStream(), JsonNode.class); } public SdcSingleControllerConfiguration getSdcSingleControllerConfiguration(String controllerName) { diff --git a/src/main/java/org/onap/clamp/clds/model/CldsModel.java b/src/main/java/org/onap/clamp/clds/model/CldsModel.java index 34876bbc..a2c8f72f 100644 --- a/src/main/java/org/onap/clamp/clds/model/CldsModel.java +++ b/src/main/java/org/onap/clamp/clds/model/CldsModel.java @@ -26,7 +26,6 @@ package org.onap.clamp.clds.model; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; import java.util.ArrayList; @@ -37,6 +36,7 @@ import javax.ws.rs.BadRequestException; import javax.ws.rs.NotFoundException; import org.onap.clamp.clds.dao.CldsDao; +import org.onap.clamp.clds.util.JacksonUtils; /** * Represent a CLDS Model. @@ -239,7 +239,7 @@ public class CldsModel { boolean result = false; try { if (propText != null) { - JsonNode modelJson = new ObjectMapper().readTree(propText); + JsonNode modelJson = JacksonUtils.getObjectMapperInstance().readTree(propText); JsonNode simpleModelJson = modelJson.get("simpleModel"); if (simpleModelJson != null && simpleModelJson.asBoolean()) { result = true; diff --git a/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java b/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java index 2b86b3fd..89883c45 100644 --- a/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java +++ b/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java @@ -26,7 +26,6 @@ package org.onap.clamp.clds.model.properties; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; @@ -40,6 +39,7 @@ import java.util.Map.Entry; import org.onap.clamp.clds.exception.ModelBpmnException; import org.onap.clamp.clds.service.CldsService; +import org.onap.clamp.clds.util.JacksonUtils; /** * Parse Model BPMN properties. @@ -47,15 +47,15 @@ import org.onap.clamp.clds.service.CldsService; * Example json: {"policy" :[{"id":"Policy_0oxeocn", "from":"StartEvent_1"}]} */ public class ModelBpmn { - protected static final EELFLogger logger = EELFManager.getInstance() - .getLogger(CldsService.class); - protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger(); + + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsService.class); + protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger(); // for each type, an array of entries private final Map<String, List<ModelBpmnEntry>> entriesByType = new HashMap<>(); // for each id, an array of entries - private final Map<String, List<ModelBpmnEntry>> entriesById = new HashMap<>(); + private final Map<String, List<ModelBpmnEntry>> entriesById = new HashMap<>(); // List of all elementIds - private List<String> bpmnElementIds; + private List<String> bpmnElementIds; /** * Create ModelBpmn and populate maps from json @@ -66,8 +66,7 @@ public class ModelBpmn { public static ModelBpmn create(String modelBpmnPropText) { try { ModelBpmn modelBpmn = new ModelBpmn(); - ObjectMapper objectMapper = new ObjectMapper(); - ObjectNode root = objectMapper.readValue(modelBpmnPropText, ObjectNode.class); + ObjectNode root = JacksonUtils.getObjectMapperInstance().readValue(modelBpmnPropText, ObjectNode.class); // iterate over each entry like: // "Policy":[{"id":"Policy","from":"StartEvent_1"}] Iterator<Entry<String, JsonNode>> entryItr = root.fields(); diff --git a/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java b/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java index f9b1c25a..cc6f02de 100644 --- a/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java +++ b/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java @@ -26,7 +26,6 @@ package org.onap.clamp.clds.model.properties; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; import java.lang.reflect.InvocationTargetException; @@ -41,6 +40,7 @@ import org.onap.clamp.clds.exception.ModelBpmnException; import org.onap.clamp.clds.model.CldsEvent; import org.onap.clamp.clds.model.CldsModel; import org.onap.clamp.clds.service.CldsService; +import org.onap.clamp.clds.util.JacksonUtils; /** * Parse model properties. @@ -96,7 +96,7 @@ public class ModelProperties { this.actionCd = actionCd; this.testOnly = isATest; modelBpmn = ModelBpmn.create(modelBpmnText); - modelJson = new ObjectMapper().readTree(modelPropText); + modelJson = JacksonUtils.getObjectMapperInstance().readTree(modelPropText); instantiateMissingModelElements(); } catch (IOException e) { throw new ModelBpmnException("Exception occurred when trying to decode the BPMN Properties JSON", e); @@ -141,8 +141,7 @@ public class ModelProperties { public static String getVf(CldsModel model) { List<String> vfs = null; try { - ObjectMapper mapper = new ObjectMapper(); - JsonNode modelJson = mapper.readTree(model.getPropText()); + JsonNode modelJson = JacksonUtils.getObjectMapperInstance().readTree(model.getPropText()); Global global = new Global(modelJson); vfs = global.getResourceVf(); } catch (IOException e) { diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java index c23d2ec8..e828f844 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsService.java +++ b/src/main/java/org/onap/clamp/clds/service/CldsService.java @@ -85,6 +85,7 @@ import org.onap.clamp.clds.model.sdc.SdcResource; import org.onap.clamp.clds.model.sdc.SdcServiceDetail; import org.onap.clamp.clds.model.sdc.SdcServiceInfo; import org.onap.clamp.clds.transform.XslTransformer; +import org.onap.clamp.clds.util.JacksonUtils; import org.onap.clamp.clds.util.LoggingUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; @@ -426,7 +427,8 @@ public class CldsService extends SecureServiceBase { if (template != null) { model.setTemplateId(template.getId()); model.setDocText(template.getPropText()); - // This is to provide the Bpmn XML when Template part in UI is + // This is to provide the Bpmn XML when Template part in UI + // is // disabled model.setBpmnText(template.getBpmnText()); } @@ -441,7 +443,8 @@ public class CldsService extends SecureServiceBase { String controlName = model.getControlName(); String bpmnJson = cldsBpmnTransformer.doXslTransformToString(bpmn); logger.info("PUT bpmnJson={}", bpmnJson); - // Flag indicates whether it is triggered by Validation Test button from + // Flag indicates whether it is triggered by Validation Test button + // from // UI boolean isTest = false; if (test != null && test.equalsIgnoreCase("true")) { @@ -466,8 +469,8 @@ public class CldsService extends SecureServiceBase { logger.info("modelProp - " + prop); logger.info("docText - " + docText); try { - String result = camelProxy.submit(actionCd, prop, bpmnJson, modelName, controlName, docText, isTest, userId, - isInsertTestEvent); + String result = camelProxy.submit(actionCd, prop, bpmnJson, modelName, controlName, docText, isTest, + userId, isInsertTestEvent); logger.info("Starting Camel flow on request, result is: ", result); } catch (SdcCommunicationException | PolicyClientException | BadRequestException e) { errorCase = true; @@ -478,7 +481,8 @@ public class CldsService extends SecureServiceBase { if (!isTest && (actionCd.equalsIgnoreCase(CldsEvent.ACTION_SUBMIT) || actionCd.equalsIgnoreCase(CldsEvent.ACTION_RESUBMIT) || actionCd.equalsIgnoreCase(CldsEvent.ACTION_SUBMITDCAE))) { - // To verify inventory status and modify model status to distribute + // To verify inventory status and modify model status to + // distribute dcaeInventoryServices.setEventInventory(retrievedModel, getUserId()); retrievedModel.save(cldsDao, getUserId()); } @@ -490,7 +494,6 @@ public class CldsService extends SecureServiceBase { errorCase = true; logger.error("Exception occured during putModelAndProcessAction", e); } - if (errorCase) { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(retrievedModel).build(); } @@ -675,7 +678,7 @@ public class CldsService extends SecureServiceBase { if (StringUtils.isBlank(responseStr)) { return ""; } - ObjectMapper objectMapper = new ObjectMapper(); + ObjectMapper objectMapper = JacksonUtils.getObjectMapperInstance(); List<SdcServiceInfo> rawList = objectMapper.readValue(responseStr, objectMapper.getTypeFactory().constructCollectionType(List.class, SdcServiceInfo.class)); ObjectNode invariantIdServiceNode = objectMapper.createObjectNode(); @@ -695,26 +698,26 @@ public class CldsService extends SecureServiceBase { } private String createPropertiesObjectByUUID(String cldsResponseStr) throws IOException { - ObjectMapper mapper = new ObjectMapper(); + ObjectMapper mapper = JacksonUtils.getObjectMapperInstance(); SdcServiceDetail cldsSdcServiceDetail = mapper.readValue(cldsResponseStr, SdcServiceDetail.class); ObjectNode globalPropsJson = (ObjectNode) refProp.getJsonTemplate(GLOBAL_PROPERTIES_KEY); if (cldsSdcServiceDetail != null && cldsSdcServiceDetail.getUuid() != null) { /** * to create json with vf, alarm and locations */ - ObjectNode serviceObjectNode = createEmptyVfAlarmObject(mapper); + ObjectNode serviceObjectNode = createEmptyVfAlarmObject(); ObjectNode vfObjectNode = mapper.createObjectNode(); /** * to create json with vf and vfresourceId */ - createVfObjectNode(vfObjectNode, mapper, cldsSdcServiceDetail.getResources()); + createVfObjectNode(vfObjectNode, cldsSdcServiceDetail.getResources()); serviceObjectNode.putPOJO(cldsSdcServiceDetail.getInvariantUUID(), vfObjectNode); ObjectNode byServiceBasicObjetNode = mapper.createObjectNode(); byServiceBasicObjetNode.putPOJO("byService", serviceObjectNode); /** * to create json with VFC Node */ - ObjectNode emptyvfcobjectNode = createByVFCObjectNode(mapper, cldsSdcServiceDetail.getResources()); + ObjectNode emptyvfcobjectNode = createByVFCObjectNode(cldsSdcServiceDetail.getResources()); byServiceBasicObjetNode.putPOJO("byVf", emptyvfcobjectNode); globalPropsJson.putPOJO("shared", byServiceBasicObjetNode); logger.info("valuie of objNode: {}", globalPropsJson); @@ -722,7 +725,8 @@ public class CldsService extends SecureServiceBase { return globalPropsJson.toString(); } - private ObjectNode createEmptyVfAlarmObject(ObjectMapper mapper) { + private ObjectNode createEmptyVfAlarmObject() { + ObjectMapper mapper = JacksonUtils.getObjectMapperInstance(); ObjectNode emptyObjectNode = mapper.createObjectNode(); emptyObjectNode.put("", ""); ObjectNode vfObjectNode = mapper.createObjectNode(); @@ -734,8 +738,8 @@ public class CldsService extends SecureServiceBase { return emptyServiceObjectNode; } - private void createVfObjectNode(ObjectNode vfObjectNode2, ObjectMapper mapper, - List<SdcResource> rawCldsSdcResourceList) { + private void createVfObjectNode(ObjectNode vfObjectNode2, List<SdcResource> rawCldsSdcResourceList) { + ObjectMapper mapper = JacksonUtils.getObjectMapperInstance(); ObjectNode vfNode = mapper.createObjectNode(); vfNode.put("", ""); // To remove repeated resource instance name from @@ -782,7 +786,8 @@ public class CldsService extends SecureServiceBase { vfObjectNode2.putPOJO("alarmCondition", alarmStringJsonNode); } - private ObjectNode createByVFCObjectNode(ObjectMapper mapper, List<SdcResource> cldsSdcResourceList) { + private ObjectNode createByVFCObjectNode(List<SdcResource> cldsSdcResourceList) { + ObjectMapper mapper = JacksonUtils.getObjectMapperInstance(); ObjectNode emptyObjectNode = mapper.createObjectNode(); ObjectNode emptyvfcobjectNode = mapper.createObjectNode(); ObjectNode vfCObjectNode = mapper.createObjectNode(); @@ -804,8 +809,7 @@ public class CldsService extends SecureServiceBase { @Path("/deploy/{modelName}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - public Response deployModel(@PathParam("modelName") String modelName, - CldsModel model) { + public Response deployModel(@PathParam("modelName") String modelName, CldsModel model) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: Deploy model", getPrincipalName()); Boolean errorCase = false; @@ -861,7 +865,6 @@ public class CldsService extends SecureServiceBase { errorCase = true; logger.error("Exception occured during deployModel", e); } - if (errorCase) { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(model).build(); } @@ -872,11 +875,9 @@ public class CldsService extends SecureServiceBase { @Path("/undeploy/{modelName}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - public Response unDeployModel(@PathParam("modelName") String modelName, - CldsModel model) { + public Response unDeployModel(@PathParam("modelName") String modelName, CldsModel model) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: Undeploy model", getPrincipalName()); - Boolean errorCase = false; try { String operationStatusUndeployUrl = dcaeDispatcherServices.deleteExistingDeployment(model.getDeploymentId(), @@ -916,7 +917,6 @@ public class CldsService extends SecureServiceBase { errorCase = true; logger.error("Exception occured during unDeployModel", e); } - if (errorCase) { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(model).build(); } @@ -924,15 +924,13 @@ public class CldsService extends SecureServiceBase { } private void checkForDuplicateServiceVf(String modelName, String modelPropText) throws IOException { - JsonNode modelJson = new ObjectMapper().readTree(modelPropText); - JsonNode globalNode = modelJson.get("global"); + JsonNode globalNode = JacksonUtils.getObjectMapperInstance().readTree(modelPropText).get("global"); String service = AbstractModelElement.getValueByName(globalNode, "service"); List<String> resourceVf = AbstractModelElement.getValuesByName(globalNode, "vf"); if (service != null && resourceVf != null && !resourceVf.isEmpty()) { List<CldsModelProp> cldsModelPropList = cldsDao.getDeployedModelProperties(); for (CldsModelProp cldsModelProp : cldsModelPropList) { - JsonNode currentJson = new ObjectMapper().readTree(cldsModelProp.getPropText()); - JsonNode currentNode = currentJson.get("global"); + JsonNode currentNode = JacksonUtils.getObjectMapperInstance().readTree(cldsModelProp.getPropText()).get("global"); String currentService = AbstractModelElement.getValueByName(currentNode, "service"); List<String> currentVf = AbstractModelElement.getValuesByName(currentNode, "vf"); if (currentVf != null && !currentVf.isEmpty()) { diff --git a/src/main/java/org/onap/clamp/clds/service/JacksonObjectMapperProvider.java b/src/main/java/org/onap/clamp/clds/service/JacksonObjectMapperProvider.java new file mode 100644 index 00000000..87f82731 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/service/JacksonObjectMapperProvider.java @@ -0,0 +1,51 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.service; + +import com.fasterxml.jackson.databind.ObjectMapper; + +import javax.ws.rs.ext.ContextResolver; + +import org.onap.clamp.clds.util.JacksonUtils; + +/** + * This class is to restrcit the class type that can be de-serialized. + */ +public class JacksonObjectMapperProvider implements ContextResolver<ObjectMapper> { + + private final ObjectMapper defaultObjectMapper; + + public JacksonObjectMapperProvider() { + defaultObjectMapper = createDefaultMapper(); + } + + @Override + public ObjectMapper getContext(Class<?> type) { + return defaultObjectMapper; + } + + private static ObjectMapper createDefaultMapper() { + return JacksonUtils.getObjectMapperInstance(); + } +} diff --git a/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java b/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java index 702e0649..d3c212c2 100644 --- a/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java +++ b/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java @@ -32,6 +32,7 @@ import java.util.Optional; import java.util.Set; import java.util.function.Function; import java.util.stream.Collectors; + import javax.ws.rs.ApplicationPath; import javax.ws.rs.core.Application; @@ -45,7 +46,6 @@ import org.springframework.stereotype.Component; public class JaxrsApplication extends Application { private static final EELFLogger logger = EELFManager.getInstance().getLogger(JaxrsApplication.class); - private Function<BeanDefinition, Optional<Class<?>>> beanDefinitionToClass = b -> { try { return Optional.of(Class.forName(b.getBeanClassName())); @@ -58,6 +58,7 @@ public class JaxrsApplication extends Application { @Override public Set<Class<?>> getClasses() { Set<Class<?>> resources = new HashSet<>(); + resources.add(JacksonObjectMapperProvider.class); resources.add(io.swagger.v3.jaxrs2.integration.resources.OpenApiResource.class); resources.addAll(scan()); return resources; @@ -66,11 +67,7 @@ public class JaxrsApplication extends Application { private List<Class<?>> scan() { ClassPathScanningCandidateComponentProvider scanner = new ClassPathScanningCandidateComponentProvider(false); scanner.addIncludeFilter(new AnnotationTypeFilter(javax.ws.rs.Path.class)); - return scanner.findCandidateComponents("org.onap.clamp.clds").stream() - .map(beanDefinitionToClass) - .filter(Optional::isPresent) - .map(Optional::get) - .collect(Collectors.toList()); + return scanner.findCandidateComponents("org.onap.clamp.clds").stream().map(beanDefinitionToClass) + .filter(Optional::isPresent).map(Optional::get).collect(Collectors.toList()); } - }
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/util/JacksonUtils.java b/src/main/java/org/onap/clamp/clds/util/JacksonUtils.java new file mode 100644 index 00000000..9d743f2a --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/util/JacksonUtils.java @@ -0,0 +1,53 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.util; + +import com.fasterxml.jackson.databind.ObjectMapper; + +/** + * This class is used to access the jackson with restricted type access. + */ +public class JacksonUtils { + + private static ObjectMapper objectMapper; + + private JacksonUtils() { + } + + /** + * Call this method to retrieve a secure ObjectMapper. + * + * @return an ObjectMapper instance (same for clamp) + */ + public static synchronized ObjectMapper getObjectMapperInstance() { + if (objectMapper == null) { + objectMapper = new ObjectMapper(); + // This is to disable the security hole that could be opened for + // json deserialization, if needed do this + // objectMapper.enableDefaultTyping(DefaultTyping.NON_FINAL); + objectMapper.disableDefaultTyping(); + } + return objectMapper; + } +} |