diff options
author | Jorge Hernandez <jh1730@att.com> | 2017-09-21 17:49:29 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2017-09-21 17:49:29 +0000 |
commit | f5431672cc07c00f3d4e0a8a0a28d3edffb7d37e (patch) | |
tree | ffb53c5a396aad9399f007fcb854e6c2993772bf /controlloop/common | |
parent | 1c48a72e93e79f270089bdbe5b0b9f733539ab23 (diff) | |
parent | fa9ed5f98a4eed3d82a440b719dd1db184260e94 (diff) |
Merge "Implement restful call to xacml pdp guard"
Diffstat (limited to 'controlloop/common')
3 files changed, 105 insertions, 56 deletions
diff --git a/controlloop/common/guard/pom.xml b/controlloop/common/guard/pom.xml index e0283589a..0fe442e43 100644 --- a/controlloop/common/guard/pom.xml +++ b/controlloop/common/guard/pom.xml @@ -48,5 +48,11 @@ <version>2.7.0</version> <scope>provided</scope> </dependency> + <dependency> + <groupId>org.onap.policy.drools-pdp</groupId> + <artifactId>policy-management</artifactId> + <version>1.1.0-SNAPSHOT</version> + <scope>provided</scope> + </dependency> </dependencies> </project> diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java index 6b311bf45..8ea4ec1b3 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java @@ -20,22 +20,21 @@ package org.onap.policy.guard; -import com.att.research.xacml.api.DataTypeException; -import com.att.research.xacml.api.pdp.PDPEngine; -import com.att.research.xacml.std.annotations.RequestParser; - import java.util.UUID; import org.drools.core.WorkingMemory; +import org.onap.policy.drools.system.PolicyEngine; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.att.research.xacml.api.DataTypeException; +import com.att.research.xacml.std.annotations.RequestParser; + public class CallGuardTask implements Runnable { private static final Logger logger = LoggerFactory.getLogger(CallGuardTask.class); WorkingMemory workingMemory; - PDPEngine embeddedPdpEngine; String restfulPdpUrl; String clname; String actor; @@ -43,10 +42,9 @@ public class CallGuardTask implements Runnable { String target; String requestId; - public CallGuardTask(PDPEngine engine, String url, WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) { + public CallGuardTask(String guardUrl, WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) { - embeddedPdpEngine = engine; - restfulPdpUrl = url; + restfulPdpUrl = guardUrl; workingMemory = wm; clname = cl; actor = act; @@ -71,13 +69,30 @@ public class CallGuardTask implements Runnable { logger.debug("{}", request); logger.debug("********** XACML REQUEST END ********\n"); - com.att.research.xacml.api.Response xacmlResponse = PolicyGuardXacmlHelper.callPDP(embeddedPdpEngine, "", request, false); + String guardUrl = PolicyEngine.manager.getEnvironmentProperty("guard.url"); + String guardDecision = null; + // + // Check if guard url property exists + // + if(guardUrl != null){ + guardDecision = PolicyGuardXacmlHelper.callPDP(guardUrl, xacmlReq); + } + logger.debug("\n********** XACML RESPONSE START ********"); - logger.debug("{}", xacmlResponse); + logger.debug("{}", guardDecision); logger.debug("********** XACML RESPONSE END ********\n"); - - PolicyGuardResponse guardResponse = PolicyGuardXacmlHelper.ParseXacmlPdpResponse(xacmlResponse); + + // + // Check if the restful call was unsuccessful or property doesn't exist + // + if(guardDecision == null){ + logger.error("********** XACML FAILED TO CONNECT ********"); + guardDecision = "Indeterminate"; + } + + PolicyGuardResponse guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe); + // //Create an artificial Guard response in case we didn't get a clear Permit or Deny diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java index 5ecb44162..72c498d0e 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java @@ -20,8 +20,10 @@ package org.onap.policy.guard; +import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.InputStream; +import java.io.InputStreamReader; import java.io.OutputStream; import java.net.HttpURLConnection; import java.net.URL; @@ -30,6 +32,7 @@ import java.util.UUID; import org.apache.commons.io.IOUtils; import org.apache.http.entity.ContentType; +import org.json.JSONObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -37,45 +40,40 @@ import com.att.research.xacml.api.Attribute; import com.att.research.xacml.api.AttributeCategory; import com.att.research.xacml.api.AttributeValue; import com.att.research.xacml.api.Result; -import com.att.research.xacml.api.pdp.PDPEngine; -import com.att.research.xacml.api.pdp.PDPException; -import com.att.research.xacml.std.dom.DOMResponse; -import com.att.research.xacml.std.json.JSONRequest; -import com.att.research.xacml.std.json.JSONResponse; public class PolicyGuardXacmlHelper { private static final Logger logger = LoggerFactory.getLogger(PolicyGuardXacmlHelper.class); - public static com.att.research.xacml.api.Response callPDP(PDPEngine xacmlEmbeddedPdpEngine, String restfulPdpUrl, com.att.research.xacml.api.Request request, boolean isREST) { + public static String callPDP(String restfulPdpUrl, PolicyGuardXacmlRequestAttributes xacmlReq) { // // Send it to the PDP // - com.att.research.xacml.api.Response response = null; - if (isREST) { - try { - String jsonString = JSONRequest.toString((com.att.research.xacml.api.Request) request, false); - // - // Call RESTful PDP - // - response = (com.att.research.xacml.api.Response) callRESTfulPDP(new ByteArrayInputStream(jsonString.getBytes()), new URL(restfulPdpUrl/*"https://localhost:8443/pdp/"*/)); - } catch (Exception e) { - logger.error("Error in sending RESTful request: ", e); - } - } else if(xacmlEmbeddedPdpEngine != null){ +// com.att.research.xacml.api.Response response = null; + String response = null; + + JSONObject attributes = new JSONObject(); + attributes.put("actor", xacmlReq.getActor_id()); + attributes.put("recipe", xacmlReq.getOperation_id()); + attributes.put("target", xacmlReq.getTarget_id()); + if (xacmlReq.getClname_id() != null){ + attributes.put("clname", xacmlReq.getClname_id()); + } + JSONObject jsonReq = new JSONObject(); + jsonReq.put("decisionAttributes", attributes); + jsonReq.put("onapName", "PDPD"); + + try { // - // Embedded call to PDP + // Call RESTful PDP // - long lTimeStart = System.currentTimeMillis(); - try { - response = (com.att.research.xacml.api.Response) xacmlEmbeddedPdpEngine.decide((com.att.research.xacml.api.Request) request); - } catch (PDPException e) { - logger.error(e.getMessage(), e); - } - long lTimeEnd = System.currentTimeMillis(); - logger.debug("Elapsed Time: {} ms", (lTimeEnd - lTimeStart)); + response = callRESTfulPDP(new ByteArrayInputStream(jsonReq.toString().getBytes()), new URL(restfulPdpUrl/*"https://localhost:8443/pdp/"*/)); + } catch (Exception e) { + logger.error("Error in sending RESTful request: ", e); } + + return response; } @@ -84,10 +82,12 @@ public class PolicyGuardXacmlHelper { * This makes an HTTP POST call to a running PDP RESTful servlet to get a decision. * * @param file - * @return + * @return response from guard which contains "Permit" or "Deny" */ - private static com.att.research.xacml.api.Response callRESTfulPDP(InputStream is, URL restURL) { - com.att.research.xacml.api.Response response = null; + private static String callRESTfulPDP(InputStream is, URL restURL) { +// com.att.research.xacml.api.Response response = null; + String response = null; + String rawDecision = null; HttpURLConnection connection = null; try { @@ -130,28 +130,59 @@ public class PolicyGuardXacmlHelper { contentType = ContentType.parse(connection.getContentType()); if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) { - response = (com.att.research.xacml.api.Response) JSONResponse.load(connection.getInputStream()); - } else if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType()) || - contentType.getMimeType().equalsIgnoreCase("application/xacml+xml") ) { - response = (com.att.research.xacml.api.Response) DOMResponse.load(connection.getInputStream()); + InputStream iStream = connection.getInputStream(); + int contentLength = connection.getContentLength(); + + // if content length is -1, respose is chunked, and + // TCP connection will be dropped at the end + byte[] buf = + new byte[contentLength < 0 ? 1024 : contentLength]; + int offset = 0; + for ( ; ; ) + { + if (offset == contentLength) + { + // all expected bytes have been read + response = new String(buf); + break; + } + int size = iStream.read(buf, offset, + buf.length - offset); + if (size < 0) + { + if (contentLength > 0) + { + logger.error("partial input stream"); + } + else + { + // chunked response -- + // dropped connection is expected + response = new String(buf, 0, offset); + } + break; + } + offset += size; + } } else { - logger.error("{}: unknown content-type: ", contentType); + logger.error("unknown content-type: " + contentType); } } catch (Exception e) { - String message = "Parsing Content-Type: " + connection.getContentType() + ", error=" + e.getMessage(); - logger.error("{}: callRESTfulPDP threw: ", message, e); + String message = "Parsing Content-Type: " + connection.getContentType(); + logger.error(message, e); } } else { - logger.error("unknown content-type: {} {}", connection.getResponseCode(), connection.getResponseMessage() ); + logger.error(connection.getResponseCode() + " " + connection.getResponseMessage()); } } catch (Exception e) { - - logger.error("callRESTfulPDP threw: ", e); + logger.error("Exception in 'PolicyGuardXacmlHelper.callRESTfulPDP'", e); } + + rawDecision = new JSONObject(response).getString("decision"); - return response; + return rawDecision; } @@ -191,9 +222,6 @@ public class PolicyGuardXacmlHelper { } - - - return new PolicyGuardResponse(decision_from_xacml_response, req_id_from_xacml_response, operation_from_xacml_response); } |