diff options
| author |   eronkeo <ronan.keogh@ericsson.com> | 2018-08-14 17:58:28 +0100 |
|---|---|---|
| committer | eronkeo <ronan.keogh@ericsson.com> | 2018-08-14 19:48:59 +0100 |
| commit | 85129f80a65aea102c07f695878a772ffa2dffc4 (patch) | |
| tree | 508511cf080d0221c8fbe0bc597622e781159ff0 | |
| parent | 1841cb5d8da7b21996f8faad9d24f858e6ce8a41 (diff) | |
remove the policy and security issue dependencies
Change-Id: If92573566a96ab85a7ee762b727740e2766ea6a0
Issue-ID: DMAAP-557
Signed-off-by: eronkeo <ronan.keogh@ericsson.com>
| -rwxr-xr-x | datarouter-node/pom.xml | 20 | ||||
| -rw-r--r-- | datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java | 57 | ||||
| -rwxr-xr-x | datarouter-prov/pom.xml | 20 | ||||
| -rw-r--r-- | datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java | 516 | ||||
| -rw-r--r-- | datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java | 17 | ||||
| -rwxr-xr-x | pom.xml | 6 |
6 files changed, 333 insertions, 303 deletions
diff --git a/datarouter-node/pom.xml b/datarouter-node/pom.xml index abd81afa..fb28724f 100755 --- a/datarouter-node/pom.xml +++ b/datarouter-node/pom.xml @@ -86,52 +86,52 @@ <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-server</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-continuation</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-util</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-deploy</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-servlet</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-servlets</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-http</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-security</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-websocket</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.websocket.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-io</artifactId> - <version>7.6.14.v20131031</version> + <version>${jetty.version}</version> </dependency> <dependency> <groupId>org.apache.commons</groupId> diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java index d7650030..b9cdb541 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java @@ -21,14 +21,12 @@ * * ******************************************************************************/ - package org.onap.dmaap.datarouter.node; +import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.servlet.*; import org.eclipse.jetty.util.ssl.*; import org.eclipse.jetty.server.*; -import org.eclipse.jetty.server.nio.*; -import org.eclipse.jetty.server.ssl.*; import org.apache.log4j.Logger; /** @@ -43,7 +41,7 @@ public class NodeMain { private static class wfconfig implements Runnable { private NodeConfigManager ncm; - public wfconfig(NodeConfigManager ncm) { + wfconfig(NodeConfigManager ncm) { this.ncm = ncm; } @@ -51,13 +49,14 @@ public class NodeMain { notify(); } - public synchronized void waitforconfig() { + synchronized void waitforconfig() { ncm.registerConfigTask(this); while (!ncm.isConfigured()) { logger.info("NODE0003 Waiting for Node Configuration"); try { wait(); } catch (Exception e) { + logger.debug("NodeMain: waitforconfig exception"); } } ncm.deregisterConfigTask(this); @@ -71,7 +70,7 @@ public class NodeMain { /** * Reset the retry timer for a subscription */ - public static void resetQueue(String subid, String ip) { + static void resetQueue(String subid, String ip) { d.resetQueue(ncm.getSpoolDir(subid, ip)); } @@ -91,25 +90,37 @@ public class NodeMain { d = new Delivery(ncm); LogManager lm = new LogManager(ncm); Server server = new Server(); - SelectChannelConnector http = new SelectChannelConnector(); + + // HTTP configuration + HttpConfiguration http_config = new HttpConfiguration(); + http_config.setIdleTimeout(2000); + http_config.setRequestHeaderSize(2048); + + ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config)); http.setPort(ncm.getHttpPort()); - http.setMaxIdleTime(2000); - http.setRequestHeaderSize(2048); - SslSelectChannelConnector https = new SslSelectChannelConnector(); + + // HTTPS configuration + SslContextFactory sslContextFactory = new SslContextFactory(); + sslContextFactory.setKeyStoreType(ncm.getKSType()); + sslContextFactory.setKeyStorePath(ncm.getKSFile()); + sslContextFactory.setKeyStorePassword(ncm.getKSPass()); + sslContextFactory.setKeyManagerPassword(ncm.getKPass()); + + HttpConfiguration https_config = new HttpConfiguration(http_config); + https_config.setRequestHeaderSize(8192); + + ServerConnector https = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(https_config)); https.setPort(ncm.getHttpsPort()); - https.setMaxIdleTime(30000); - https.setRequestHeaderSize(8192); - SslContextFactory cf = https.getSslContextFactory(); - - /**Skip SSLv3 Fixes*/ - cf.addExcludeProtocols("SSLv3"); - logger.info("Excluded protocols node-" + cf.getExcludeProtocols()); - /**End of SSLv3 Fixes*/ - - cf.setKeyStoreType(ncm.getKSType()); - cf.setKeyStorePath(ncm.getKSFile()); - cf.setKeyStorePassword(ncm.getKSPass()); - cf.setKeyManagerPassword(ncm.getKPass()); + https.setIdleTimeout(500000); + https.setAcceptQueueSize(2); + + /* Skip SSLv3 Fixes */ + sslContextFactory.addExcludeProtocols("SSLv3"); + logger.info("Excluded protocols node-" + sslContextFactory.getExcludeProtocols()); + /* End of SSLv3 Fixes */ + server.setConnectors(new Connector[]{http, https}); ServletContextHandler ctxt = new ServletContextHandler(0); ctxt.setContextPath("/"); diff --git a/datarouter-prov/pom.xml b/datarouter-prov/pom.xml index 269e015d..0f1030d4 100755 --- a/datarouter-prov/pom.xml +++ b/datarouter-prov/pom.xml @@ -82,52 +82,52 @@ <dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-continuation</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-deploy</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlets</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-security</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-websocket</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.websocket.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-io</artifactId>
- <version>7.6.14.v20131031</version>
+ <version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java index abcd76cd..60496e56 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java @@ -1,249 +1,267 @@ -/*******************************************************************************
- * ============LICENSE_START==================================================
- * * org.onap.dmaap
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-
-
-package org.onap.dmaap.datarouter.provisioning;
-
-import java.security.Security;
-import java.util.Properties;
-import java.util.Timer;
-
-import org.apache.log4j.Logger;
-import org.eclipse.jetty.server.Connector;
-import org.eclipse.jetty.server.Handler;
-import org.eclipse.jetty.server.NCSARequestLog;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.handler.ContextHandlerCollection;
-import org.eclipse.jetty.server.handler.DefaultHandler;
-import org.eclipse.jetty.server.handler.HandlerCollection;
-import org.eclipse.jetty.server.handler.RequestLogHandler;
-import org.eclipse.jetty.server.nio.SelectChannelConnector;
-import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
-import org.eclipse.jetty.servlet.FilterHolder;
-import org.eclipse.jetty.servlet.FilterMapping;
-import org.eclipse.jetty.servlet.ServletContextHandler;
-import org.eclipse.jetty.servlet.ServletHolder;
-import org.eclipse.jetty.util.ssl.SslContextFactory;
-import org.eclipse.jetty.util.thread.QueuedThreadPool;
-import org.onap.dmaap.datarouter.provisioning.utils.DB;
-import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader;
-import org.onap.dmaap.datarouter.provisioning.utils.PurgeLogDirTask;
-import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter;
-
-/**
- * <p>
- * A main class which may be used to start the provisioning server with an "embedded" Jetty server.
- * Configuration is done via the properties file <i>provserver.properties</i>, which should be in the CLASSPATH.
- * The provisioning server may also be packaged with a web.xml and started as a traditional webapp.
- * </p>
- * <p>
- * Most of the work of the provisioning server is carried out within the eight servlets (configured below)
- * that are used to handle each of the eight types of requests the server may receive.
- * In addition, there are background threads started to perform other tasks:
- * </p>
- * <ul>
- * <li>One background Thread runs the {@link LogfileLoader} in order to process incoming logfiles.
- * This Thread is created as a side effect of the first successful POST to the /internal/logs/ servlet.</li>
- * <li>One background Thread runs the {@link SynchronizerTask} which is used to periodically
- * synchronize the database between active and standby servers.</li>
- * <li>One background Thread runs the {@link Poker} which is used to notify the nodes whenever
- * provisioning data changes.</li>
- * <li>One task is run once a day to run {@link PurgeLogDirTask} which purges older logs from the
- * /opt/app/datartr/logs directory.</li>
- * </ul>
- * <p>
- * The provisioning server is stopped by issuing a GET to the URL http://127.0.0.1/internal/halt
- * using <i>curl</i> or some other such tool.
- * </p>
- *
- * @author Robert Eby
- * @version $Id: Main.java,v 1.12 2014/03/12 19:45:41 eby Exp $
- */
-public class Main {
- /**
- * The truststore to use if none is specified
- */
- public static final String DEFAULT_TRUSTSTORE = "/opt/java/jdk/jdk180/jre/lib/security/cacerts";
- public static final String KEYSTORE_TYPE_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.type";
- public static final String KEYSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.path";
- public static final String KEYSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.password";
- public static final String TRUSTSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.path";
- public static final String TRUSTSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.password";
-
- /**
- * The one and only {@link Server} instance in this JVM
- */
- private static Server server;
-
- /**
- * Starts the Data Router Provisioning server.
- *
- * @param args not used
- * @throws Exception if Jetty has a problem starting
- */
- public static void main(String[] args) throws Exception {
- Security.setProperty("networkaddress.cache.ttl", "4");
- Logger logger = Logger.getLogger("org.onap.dmaap.datarouter.provisioning.internal");
-
- // Check DB is accessible and contains the expected tables
- if (!checkDatabase(logger))
- System.exit(1);
-
- logger.info("PROV0000 **** AT&T Data Router Provisioning Server starting....");
-
- // Get properties
- Properties p = (new DB()).getProperties();
- int http_port = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080"));
- int https_port = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.https.port", "8443"));
-
- // HTTP connector
- SelectChannelConnector http = new SelectChannelConnector();
- http.setPort(http_port);
- http.setMaxIdleTime(300000);
- http.setRequestHeaderSize(2048);
- http.setAcceptors(2);
- http.setConfidentialPort(https_port);
- http.setLowResourcesConnections(20000);
-
- // HTTPS connector
- SslSelectChannelConnector https = new SslSelectChannelConnector();
- https.setPort(https_port);
- https.setMaxIdleTime(30000);
- https.setRequestHeaderSize(8192);
- https.setAcceptors(2);
-
- // SSL stuff
- SslContextFactory cf = https.getSslContextFactory();
-
- /**Skip SSLv3 Fixes*/
- cf.addExcludeProtocols("SSLv3");
- logger.info("Excluded protocols prov-" + cf.getExcludeProtocols());
- /**End of SSLv3 Fixes*/
-
- cf.setKeyStoreType(p.getProperty(KEYSTORE_TYPE_PROPERTY, "jks"));
- cf.setKeyStorePath(p.getProperty(KEYSTORE_PATH_PROPERTY));
- cf.setKeyStorePassword(p.getProperty(KEYSTORE_PASSWORD_PROPERTY));
- cf.setKeyManagerPassword(p.getProperty("org.onap.dmaap.datarouter.provserver.keymanager.password"));
- String ts = p.getProperty(TRUSTSTORE_PATH_PROPERTY);
- if (ts != null && ts.length() > 0) {
- System.out.println("@@ TS -> " + ts);
- cf.setTrustStore(ts);
- cf.setTrustStorePassword(p.getProperty(TRUSTSTORE_PASSWORD_PROPERTY));
- } else {
- cf.setTrustStore(DEFAULT_TRUSTSTORE);
- cf.setTrustStorePassword("changeit");
- }
- cf.setTrustStore("/opt/app/datartr/self_signed/cacerts.jks");
- cf.setTrustStorePassword("changeit");
- cf.setWantClientAuth(true);
-
- // Servlet and Filter configuration
- ServletContextHandler ctxt = new ServletContextHandler(0);
- ctxt.setContextPath("/");
- ctxt.addServlet(new ServletHolder(new FeedServlet()), "/feed/*");
- ctxt.addServlet(new ServletHolder(new FeedLogServlet()), "/feedlog/*");
- ctxt.addServlet(new ServletHolder(new PublishServlet()), "/publish/*");
- ctxt.addServlet(new ServletHolder(new SubscribeServlet()), "/subscribe/*");
- ctxt.addServlet(new ServletHolder(new StatisticsServlet()), "/statistics/*");
- ctxt.addServlet(new ServletHolder(new SubLogServlet()), "/sublog/*");
- ctxt.addServlet(new ServletHolder(new GroupServlet()), "/group/*"); //Provision groups - Rally US708115 -1610
- ctxt.addServlet(new ServletHolder(new SubscriptionServlet()), "/subs/*");
- ctxt.addServlet(new ServletHolder(new InternalServlet()), "/internal/*");
- ctxt.addServlet(new ServletHolder(new RouteServlet()), "/internal/route/*");
- ctxt.addServlet(new ServletHolder(new DRFeedsServlet()), "/");
- ctxt.addFilter(new FilterHolder(new ThrottleFilter()), "/publish/*", FilterMapping.REQUEST);
-
- ContextHandlerCollection contexts = new ContextHandlerCollection();
- contexts.addHandler(ctxt);
-
- // Request log configuration
- NCSARequestLog nrl = new NCSARequestLog();
- nrl.setFilename(p.getProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir") + "/request.log.yyyy_mm_dd");
- nrl.setFilenameDateFormat("yyyyMMdd");
- nrl.setRetainDays(90);
- nrl.setAppend(true);
- nrl.setExtended(false);
- nrl.setLogCookies(false);
- nrl.setLogTimeZone("GMT");
-
- RequestLogHandler reqlog = new RequestLogHandler();
- reqlog.setRequestLog(nrl);
-
- // Server's Handler collection
- HandlerCollection hc = new HandlerCollection();
- hc.setHandlers(new Handler[]{contexts, new DefaultHandler()});
- hc.addHandler(reqlog);
-
- // Server's thread pool
- QueuedThreadPool pool = new QueuedThreadPool();
- pool.setMinThreads(10);
- pool.setMaxThreads(200);
- pool.setDetailedDump(false);
-
- // Daemon to clean up the log directory on a daily basis
- Timer rolex = new Timer();
- rolex.scheduleAtFixedRate(new PurgeLogDirTask(), 0, 86400000L); // run once per day
-
- // Start LogfileLoader
- LogfileLoader.getLoader();
-
- // The server itself
- server = new Server();
- server.setThreadPool(pool);
- server.setConnectors(new Connector[]{http, https});
- server.setHandler(hc);
- server.setStopAtShutdown(true);
- server.setSendServerVersion(true);
- server.setSendDateHeader(true);
- server.setGracefulShutdown(5000); // allow 5 seconds for servlets to wrap up
- server.setDumpAfterStart(false);
- server.setDumpBeforeStop(false);
-
- server.start();
- server.join();
- logger.info("PROV0001 **** AT&T Data Router Provisioning Server halted.");
- }
-
- private static boolean checkDatabase(Logger logger) {
- DB db = new DB();
- return db.runRetroFits();
- }
-
- /**
- * Stop the Jetty server.
- */
- public static void shutdown() {
- new Thread() {
- @Override
- public void run() {
- try {
- server.stop();
- Thread.sleep(5000L);
- System.exit(0);
- } catch (Exception e) {
- // ignore
- }
- }
- }.start();
- }
-}
+/******************************************************************************* + * ============LICENSE_START================================================== + * * org.onap.dmaap + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ + + +package org.onap.dmaap.datarouter.provisioning; + +import java.security.*; +import java.util.*; + +import org.apache.log4j.Logger; +import org.eclipse.jetty.http.HttpVersion; +import org.eclipse.jetty.server.Connector; +import org.eclipse.jetty.server.Handler; +import org.eclipse.jetty.server.HttpConfiguration; +import org.eclipse.jetty.server.HttpConnectionFactory; +import org.eclipse.jetty.server.NCSARequestLog; +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.ServerConnector; +import org.eclipse.jetty.server.handler.ContextHandlerCollection; +import org.eclipse.jetty.server.handler.DefaultHandler; +import org.eclipse.jetty.server.handler.HandlerCollection; +import org.eclipse.jetty.server.handler.RequestLogHandler; +import org.eclipse.jetty.server.SslConnectionFactory; +import org.eclipse.jetty.util.ssl.SslContextFactory; +import org.eclipse.jetty.servlet.FilterHolder; +import org.eclipse.jetty.servlet.ServletContextHandler; +import org.eclipse.jetty.servlet.ServletHolder; +import org.eclipse.jetty.util.thread.QueuedThreadPool; +import org.onap.dmaap.datarouter.provisioning.utils.DB; +import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader; +import org.onap.dmaap.datarouter.provisioning.utils.PurgeLogDirTask; +import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter; + +import javax.servlet.DispatcherType; + +/** + * <p> + * A main class which may be used to start the provisioning server with an "embedded" Jetty server. + * Configuration is done via the properties file <i>provserver.properties</i>, which should be in the CLASSPATH. + * The provisioning server may also be packaged with a web.xml and started as a traditional webapp. + * </p> + * <p> + * Most of the work of the provisioning server is carried out within the eight servlets (configured below) + * that are used to handle each of the eight types of requests the server may receive. + * In addition, there are background threads started to perform other tasks: + * </p> + * <ul> + * <li>One background Thread runs the {@link LogfileLoader} in order to process incoming logfiles. + * This Thread is created as a side effect of the first successful POST to the /internal/logs/ servlet.</li> + * <li>One background Thread runs the {@link SynchronizerTask} which is used to periodically + * synchronize the database between active and standby servers.</li> + * <li>One background Thread runs the {@link Poker} which is used to notify the nodes whenever + * provisioning data changes.</li> + * <li>One task is run once a day to run {@link PurgeLogDirTask} which purges older logs from the + * /opt/app/datartr/logs directory.</li> + * </ul> + * <p> + * The provisioning server is stopped by issuing a GET to the URL http://127.0.0.1/internal/halt + * using <i>curl</i> or some other such tool. + * </p> + * + * @author Robert Eby + * @version $Id: Main.java,v 1.12 2014/03/12 19:45:41 eby Exp $ + */ +public class Main { + /** + * The truststore to use if none is specified + */ + public static final String DEFAULT_TRUSTSTORE = "/opt/java/jdk/jdk180/jre/lib/security/cacerts"; + public static final String KEYSTORE_TYPE_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.type"; + public static final String KEYSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.path"; + public static final String KEYSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.password"; + public static final String TRUSTSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.path"; + public static final String TRUSTSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.password"; + + /** + * The one and only {@link Server} instance in this JVM + */ + private static Server server; + + /** + * Starts the Data Router Provisioning server. + * + * @param args not used + * @throws Exception if Jetty has a problem starting + */ + public static void main(String[] args) throws Exception { + Security.setProperty("networkaddress.cache.ttl", "4"); + Logger logger = Logger.getLogger("org.onap.dmaap.datarouter.provisioning.internal"); + + // Check DB is accessible and contains the expected tables + if (!checkDatabase(logger)) + System.exit(1); + + logger.info("PROV0000 **** AT&T Data Router Provisioning Server starting...."); + + // Get properties + Properties p = (new DB()).getProperties(); + int http_port = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080")); + int https_port = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.https.port", "8443")); + + // HTTP connector + HttpConfiguration http_config = new HttpConfiguration(); + http_config.setSecureScheme("https"); + http_config.setSecurePort(https_port); + http_config.setOutputBufferSize(32768); + http_config.setRequestHeaderSize(2048); + http_config.setIdleTimeout(300000); + http_config.setSendServerVersion(true); + http_config.setSendDateHeader(false); + + ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config)); + http.setPort(http_port); + http.setAcceptQueueSize(2); + + // HTTPS config + HttpConfiguration https_config = new HttpConfiguration(http_config); + https_config.setRequestHeaderSize(8192); + + // HTTPS connector + SslContextFactory sslContextFactory = new SslContextFactory(); + sslContextFactory.setKeyStorePath(p.getProperty(KEYSTORE_PATH_PROPERTY)); + sslContextFactory.setKeyStorePassword(p.getProperty(KEYSTORE_PASSWORD_PROPERTY)); + sslContextFactory.setKeyManagerPassword(p.getProperty("org.onap.dmaap.datarouter.provserver.keymanager.password")); + + ServerConnector https = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(https_config)); + https.setPort(https_port); + https.setIdleTimeout(30000); + https.setAcceptQueueSize(2); + + // SSL stuff + /* Skip SSLv3 Fixes */ + sslContextFactory.addExcludeProtocols("SSLv3"); + logger.info("Excluded protocols prov-" + sslContextFactory.getExcludeProtocols()); + /* End of SSLv3 Fixes */ + + sslContextFactory.setKeyStoreType(p.getProperty(KEYSTORE_TYPE_PROPERTY, "jks")); + sslContextFactory.setKeyStorePath(p.getProperty(KEYSTORE_PATH_PROPERTY)); + sslContextFactory.setKeyStorePassword(p.getProperty(KEYSTORE_PASSWORD_PROPERTY)); + sslContextFactory.setKeyManagerPassword(p.getProperty("org.onap.dmaap.datarouter.provserver.keymanager.password")); + String ts = p.getProperty(TRUSTSTORE_PATH_PROPERTY); + if (ts != null && ts.length() > 0) { + System.out.println("@@ TS -> " + ts); + sslContextFactory.setTrustStorePath(ts); + sslContextFactory.setTrustStorePassword(p.getProperty(TRUSTSTORE_PASSWORD_PROPERTY)); + } else { + sslContextFactory.setTrustStorePath(DEFAULT_TRUSTSTORE); + sslContextFactory.setTrustStorePassword("changeit"); + } + sslContextFactory.setTrustStorePath("/opt/app/datartr/self_signed/cacerts.jks"); + sslContextFactory.setTrustStorePassword("changeit"); + sslContextFactory.setWantClientAuth(true); + + // Servlet and Filter configuration + ServletContextHandler ctxt = new ServletContextHandler(0); + ctxt.setContextPath("/"); + ctxt.addServlet(new ServletHolder(new FeedServlet()), "/feed/*"); + ctxt.addServlet(new ServletHolder(new FeedLogServlet()), "/feedlog/*"); + ctxt.addServlet(new ServletHolder(new PublishServlet()), "/publish/*"); + ctxt.addServlet(new ServletHolder(new SubscribeServlet()), "/subscribe/*"); + ctxt.addServlet(new ServletHolder(new StatisticsServlet()), "/statistics/*"); + ctxt.addServlet(new ServletHolder(new SubLogServlet()), "/sublog/*"); + ctxt.addServlet(new ServletHolder(new GroupServlet()), "/group/*"); //Provision groups - Rally US708115 -1610 + ctxt.addServlet(new ServletHolder(new SubscriptionServlet()), "/subs/*"); + ctxt.addServlet(new ServletHolder(new InternalServlet()), "/internal/*"); + ctxt.addServlet(new ServletHolder(new RouteServlet()), "/internal/route/*"); + ctxt.addServlet(new ServletHolder(new DRFeedsServlet()), "/"); + ctxt.addFilter(new FilterHolder(new ThrottleFilter()), "/publish/*", EnumSet.of(DispatcherType.REQUEST)); + + ContextHandlerCollection contexts = new ContextHandlerCollection(); + contexts.addHandler(ctxt); + + // Request log configuration + NCSARequestLog nrl = new NCSARequestLog(); + nrl.setFilename(p.getProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir") + "/request.log.yyyy_mm_dd"); + nrl.setFilenameDateFormat("yyyyMMdd"); + nrl.setRetainDays(90); + nrl.setAppend(true); + nrl.setExtended(false); + nrl.setLogCookies(false); + nrl.setLogTimeZone("GMT"); + + RequestLogHandler reqlog = new RequestLogHandler(); + reqlog.setRequestLog(nrl); + + // Server's Handler collection + HandlerCollection hc = new HandlerCollection(); + hc.setHandlers(new Handler[]{contexts, new DefaultHandler()}); + hc.addHandler(reqlog); + + // Server's thread pool + QueuedThreadPool queuedThreadPool = new QueuedThreadPool(); + queuedThreadPool.setMinThreads(10); + queuedThreadPool.setMaxThreads(200); + queuedThreadPool.setDetailedDump(false); + + // Daemon to clean up the log directory on a daily basis + Timer rolex = new Timer(); + rolex.scheduleAtFixedRate(new PurgeLogDirTask(), 0, 86400000L); // run once per day + + // Start LogfileLoader + LogfileLoader.getLoader(); + + // The server itself + server = new Server(queuedThreadPool); + + ServerConnector serverConnector = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(https_config)); + serverConnector.setPort(https_port); + serverConnector.setIdleTimeout(500000); + + server.setConnectors(new Connector[]{http, https}); + server.setHandler(hc); + server.setStopAtShutdown(true); + server.setStopTimeout(5000); + + server.setDumpAfterStart(false); + server.setDumpBeforeStop(false); + + server.start(); + server.join(); + logger.info("PROV0001 **** AT&T Data Router Provisioning Server halted."); + } + + private static boolean checkDatabase(Logger logger) { + DB db = new DB(); + return db.runRetroFits(); + } + + /** + * Stop the Jetty server. + */ + static void shutdown() { + new Thread(() -> { + try { + server.stop(); + Thread.sleep(5000L); + System.exit(0); + } catch (Exception e) { + // ignore + } + }); + } +} diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java index 7f8d7a8c..897c1ea2 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java @@ -46,8 +46,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger;
import org.eclipse.jetty.continuation.Continuation;
import org.eclipse.jetty.continuation.ContinuationSupport;
-import org.eclipse.jetty.server.AbstractHttpConnection;
-import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.*;
import org.onap.dmaap.datarouter.provisioning.beans.Parameters;
/**
@@ -174,15 +173,15 @@ public class ThrottleFilter extends TimerTask implements Filter { public void dropFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
- int rate = getRequestRate((HttpServletRequest) request);
+ int rate = getRequestRate(request);
if (rate >= n_requests) {
// drop request - only works under Jetty
- String m = String.format("Dropping connection: %s %d bad connections in %d minutes", getConnectionId((HttpServletRequest) request), rate, m_minutes);
+ String m = String.format("Dropping connection: %s %d bad connections in %d minutes", getConnectionId(request), rate, m_minutes);
logger.info(m);
Request base_request = (request instanceof Request)
? (Request) request
- : AbstractHttpConnection.getCurrentConnection().getRequest();
- base_request.getConnection().getEndPoint().close();
+ : HttpConnection.getCurrentConnection().getHttpChannel().getRequest();
+ base_request.getHttpChannel().getEndPoint().close();
} else {
chain.doFilter(request, response);
}
@@ -191,11 +190,11 @@ public class ThrottleFilter extends TimerTask implements Filter { public void throttleFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
// throttle request
- String id = getConnectionId((HttpServletRequest) request);
- int rate = getRequestRate((HttpServletRequest) request);
+ String id = getConnectionId(request);
+ int rate = getRequestRate(request);
Object results = request.getAttribute(THROTTLE_MARKER);
if (rate >= n_requests && results == null) {
- String m = String.format("Throttling connection: %s %d bad connections in %d minutes", getConnectionId((HttpServletRequest) request), rate, m_minutes);
+ String m = String.format("Throttling connection: %s %d bad connections in %d minutes", getConnectionId(request), rate, m_minutes);
logger.info(m);
Continuation continuation = ContinuationSupport.getContinuation(request);
continuation.suspend();
@@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -45,6 +45,8 @@ <sonar.jacoco.itReportPath>${project.build.directory}/coverage-reports/jacoco-it.exec</sonar.jacoco.itReportPath> <sonar.jacoco.reportMissing.force.zero>true</sonar.jacoco.reportMissing.force.zero> <sonar.projectVersion>${project.version}</sonar.projectVersion> + <jetty.version>9.4.11.v20180605</jetty.version> + <jetty.websocket.version>8.2.0.v20160908</jetty.websocket.version> <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath> <releaseNexusPath>/content/repositories/releases/</releaseNexusPath> <stagingNexusPath>/content/repositories/staging/</stagingNexusPath> |