diff options
Diffstat (limited to 'Subscriber/src/SubscriberServlet.java')
-rw-r--r-- | Subscriber/src/SubscriberServlet.java | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/Subscriber/src/SubscriberServlet.java b/Subscriber/src/SubscriberServlet.java new file mode 100644 index 00000000..1af62a63 --- /dev/null +++ b/Subscriber/src/SubscriberServlet.java @@ -0,0 +1,149 @@ +/******************************************************************************* + * ============LICENSE_START================================================== + * * org.onap.dmaap + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URLEncoder; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.codec.binary.Base64; +import org.apache.log4j.Logger; + +/** + * Example stand alone subscriber servlet with Authorization header checking + */ +public class SubscriberServlet extends HttpServlet { + private static Logger logger = Logger.getLogger("com.att.datarouter.pubsub.ssasubscribe.SubscriberServlet"); + private String Login = "LOGIN"; + private String Password = "PASSWORD"; + private String OutputDirectory = "/root/sub/received"; + + private String auth; + + private static String gp(ServletConfig config, String param, String deflt) { + param = config.getInitParameter(param); + if (param == null || param.length() == 0) { + param = deflt; + } + return(param); + } + /** + * Configure this subscriberservlet. Configuration parameters from config.getInitParameter() are: + * <ul> + * <li>Login - The login expected in the Authorization header (default "LOGIN"). + * <li>Password - The password expected in the Authorization header (default "PASSWORD"). + * <li>OutputDirectory - The directory where files are placed (default "received"). + * </ul> + */ + public void init(ServletConfig config) throws ServletException { + Login = gp(config, "Login", Login); + Password = gp(config, "Password", Password); + OutputDirectory = gp(config, "OutputDirectory", OutputDirectory); + (new File(OutputDirectory)).mkdirs(); + auth = "Basic " + Base64.encodeBase64String((Login + ":" + Password).getBytes()); + } + /** + * Invoke common(req, resp, false). + */ + protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + common(req, resp, false); + } + /** + * Invoke common(req, resp, true). + */ + protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + common(req, resp, true); + } + /** + * Process a PUT or DELETE request. + * <ol> + * <li>Verify that the request contains an Authorization header + * or else UNAUTHORIZED. + * <li>Verify that the Authorization header matches the configured + * Login and Password or else FORBIDDEN. + * <li>If the request is PUT, store the message body as a file + * in the configured OutputDirectory directory protecting against + * evil characters in the received FileID. The file is created + * initially with its name prefixed with a ".", and once it is complete, it is + * renamed to remove the leading "." character. + * <li>If the request is DELETE, instead delete the file (if it exists) from the configured OutputDirectory directory. + * <li>Respond with NO_CONTENT. + * </ol> + */ + protected void common(HttpServletRequest req, HttpServletResponse resp, boolean isdelete) throws ServletException, IOException { + String ah = req.getHeader("Authorization"); + if (ah == null) { + logger.info("Rejecting request with no Authorization header from " + req.getRemoteAddr() + ": " + req.getPathInfo()); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); + return; + } + if (!auth.equals(ah)) { + logger.info("Rejecting request with incorrect Authorization header from " + req.getRemoteAddr() + ": " + req.getPathInfo()); + resp.sendError(HttpServletResponse.SC_FORBIDDEN); + return; + } + String fileid = req.getPathInfo(); + fileid = fileid.substring(fileid.lastIndexOf('/') + 1); + String qs = req.getQueryString(); + if (qs != null) { + fileid = fileid + "?" + qs; + } + String publishid = req.getHeader("X-ATT-DR-PUBLISH-ID"); + String filename = URLEncoder.encode(fileid, "UTF-8").replaceAll("^\\.", "%2E").replaceAll("\\*", "%2A"); + String finalname = OutputDirectory + "/" + filename; + String tmpname = OutputDirectory + "/." + filename; + try { + if (isdelete) { + (new File(finalname)).delete(); + logger.info("Received delete for file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname); + } else { + InputStream is = req.getInputStream(); + OutputStream os = new FileOutputStream(tmpname); + byte[] buf = new byte[65536]; + int i; + while ((i = is.read(buf)) > 0) { + os.write(buf, 0, i); + } + is.close(); + os.close(); + (new File(tmpname)).renameTo(new File(finalname)); + logger.info("Received file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname); + resp.setStatus(HttpServletResponse.SC_NO_CONTENT); + logger.info("Received file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname); + } + resp.setStatus(HttpServletResponse.SC_NO_CONTENT); + } catch (IOException ioe) { + (new File(tmpname)).delete(); + logger.info("Failure to save file " + finalname + " from " + req.getRemoteAddr() + ": " + req.getPathInfo(), ioe); + throw ioe; + } + } +} |