diff options
Diffstat (limited to 'ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java')
| -rw-r--r-- | ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java | 3691 |
1 files changed, 713 insertions, 2978 deletions
diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java index efc707085..c39ae8cda 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java @@ -20,45 +20,36 @@ package org.openecomp.policy.pap.xacml.rest; -import java.io.BufferedWriter; import java.io.File; import java.io.FileInputStream; -import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.io.OutputStreamWriter; import java.io.UnsupportedEncodingException; -import java.io.Writer; import java.net.ConnectException; import java.net.HttpURLConnection; import java.net.InetAddress; import java.net.MalformedURLException; import java.net.SocketTimeoutException; -import java.net.URI; import java.net.URL; import java.net.URLDecoder; import java.net.UnknownHostException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.sql.Timestamp; import java.util.ArrayList; -import java.util.Calendar; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; -import java.util.Map; import java.util.Properties; import java.util.Set; import java.util.UUID; import java.util.concurrent.CopyOnWriteArrayList; -import javax.persistence.EntityManager; -import javax.persistence.Persistence; -import javax.persistence.Query; import javax.persistence.EntityManagerFactory; +import javax.persistence.Persistence; +import javax.persistence.PersistenceException; import javax.servlet.Servlet; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -67,133 +58,100 @@ import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; - -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; -import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.IOUtils; -import org.openecomp.policy.pap.xacml.rest.adapters.PolicyRestAdapter; -import org.openecomp.policy.pap.xacml.rest.components.ActionPolicy; +import org.openecomp.policy.common.ia.IntegrityAudit; +import org.openecomp.policy.common.im.AdministrativeStateException; +import org.openecomp.policy.common.im.ForwardProgressException; +import org.openecomp.policy.common.im.IntegrityMonitor; +import org.openecomp.policy.common.im.IntegrityMonitorProperties; +import org.openecomp.policy.common.im.StandbyStatusException; +import org.openecomp.policy.common.logging.ECOMPLoggingContext; +import org.openecomp.policy.common.logging.ECOMPLoggingUtils; +import org.openecomp.policy.common.logging.eelf.MessageCodes; +import org.openecomp.policy.common.logging.eelf.PolicyLogger; +import org.openecomp.policy.common.logging.flexlogger.FlexLogger; +import org.openecomp.policy.common.logging.flexlogger.Logger; import org.openecomp.policy.pap.xacml.rest.components.AutoPushPolicy; -import org.openecomp.policy.pap.xacml.rest.components.ClosedLoopPolicy; -import org.openecomp.policy.pap.xacml.rest.components.ConfigPolicy; -import org.openecomp.policy.pap.xacml.rest.components.CreateBrmsParamPolicy; -import org.openecomp.policy.pap.xacml.rest.components.CreateBrmsRawPolicy; -import org.openecomp.policy.pap.xacml.rest.components.CreateClosedLoopPerformanceMetrics; -import org.openecomp.policy.pap.xacml.rest.components.CreateNewMicroSerivceModel; -import org.openecomp.policy.pap.xacml.rest.components.DecisionPolicy; -import org.openecomp.policy.pap.xacml.rest.components.FirewallConfigPolicy; -import org.openecomp.policy.pap.xacml.rest.components.MicroServiceConfigPolicy; -import org.openecomp.policy.pap.xacml.rest.components.Policy; import org.openecomp.policy.pap.xacml.rest.components.PolicyDBDao; import org.openecomp.policy.pap.xacml.rest.components.PolicyDBDaoTransaction; -import org.openecomp.policy.pap.xacml.rest.model.RemoveGroupPolicy; -import org.openecomp.policy.pap.xacml.rest.util.JPAUtils; +import org.openecomp.policy.pap.xacml.rest.handler.APIRequestHandler; +import org.openecomp.policy.pap.xacml.rest.handler.PushPolicyHandler; +import org.openecomp.policy.pap.xacml.rest.handler.SavePolicyHandler; import org.openecomp.policy.pap.xacml.restAuth.CheckPDP; import org.openecomp.policy.rest.XACMLRest; import org.openecomp.policy.rest.XACMLRestProperties; -import org.openecomp.policy.rest.jpa.ActionPolicyDict; -import org.openecomp.policy.rest.jpa.BRMSParamTemplate; -import org.openecomp.policy.rest.jpa.MicroServiceModels; -import org.openecomp.policy.rest.jpa.PolicyEditorScopes; -import org.openecomp.policy.rest.jpa.PolicyScore; -import org.openecomp.policy.rest.jpa.PolicyVersion; -import org.openecomp.policy.rest.jpa.UserInfo; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -import javax.persistence.PersistenceException; - -import org.openecomp.policy.common.logging.ECOMPLoggingContext; -import org.openecomp.policy.common.logging.ECOMPLoggingUtils; -import org.openecomp.policy.common.logging.eelf.MessageCodes; -import org.openecomp.policy.common.logging.eelf.PolicyLogger; - +import org.openecomp.policy.utils.PolicyUtils; import org.openecomp.policy.xacml.api.XACMLErrorConstants; import org.openecomp.policy.xacml.api.pap.ECOMPPapEngineFactory; import org.openecomp.policy.xacml.api.pap.EcompPDP; import org.openecomp.policy.xacml.api.pap.EcompPDPGroup; import org.openecomp.policy.xacml.api.pap.PAPPolicyEngine; - -import com.att.research.xacml.api.pap.PAPException; -//import com.att.research.xacml.api.pap.PDP; -//import com.att.research.xacml.api.pap.PDPGroup; -import com.att.research.xacml.api.pap.PDPPolicy; -import com.att.research.xacml.api.pap.PDPStatus; import org.openecomp.policy.xacml.std.pap.StdPAPPolicy; import org.openecomp.policy.xacml.std.pap.StdPDP; import org.openecomp.policy.xacml.std.pap.StdPDPGroup; +import org.openecomp.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener; import org.openecomp.policy.xacml.std.pap.StdPDPPolicy; import org.openecomp.policy.xacml.std.pap.StdPDPStatus; -import org.openecomp.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener; -import org.openecomp.policy.xacml.util.XACMLPolicyScanner; +import com.att.research.xacml.api.pap.PAPException; +import com.att.research.xacml.api.pap.PDPPolicy; +import com.att.research.xacml.api.pap.PDPStatus; import com.att.research.xacml.util.FactoryException; import com.att.research.xacml.util.XACMLProperties; -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; -import com.google.common.base.Joiner; import com.google.common.base.Splitter; -import org.openecomp.policy.common.im.AdministrativeStateException; -import org.openecomp.policy.common.im.ForwardProgressException; - -//IntegrityMontitor -import org.openecomp.policy.common.im.IntegrityMonitor; -import org.openecomp.policy.common.im.IntegrityMonitorProperties; -import org.openecomp.policy.common.im.StandbyStatusException; -//IntegrityAudit -import org.openecomp.policy.common.ia.IntegrityAudit; -import org.openecomp.policy.common.logging.flexlogger.FlexLogger; -import org.openecomp.policy.common.logging.flexlogger.Logger; - /** * Servlet implementation class XacmlPapServlet - * - * */ @WebServlet( description = "Implements the XACML PAP RESTful API.", urlPatterns = { "/" }, loadOnStartup=1, initParams = { - @WebInitParam(name = "XACML_PROPERTIES_NAME", value = "xacml.pap.properties", description = "The location of the properties file holding configuration information.") + @WebInitParam(name = "XACML_PROPERTIES_NAME", value = "xacml.pap.properties", description = "The location of the properties file holding configuration information.") }) - public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeListener, Runnable { private static final long serialVersionUID = 1L; - private static final Logger logger = FlexLogger.getLogger(XACMLPapServlet.class); - - private static String CONFIG_HOME = getConfigHome(); - private static String ACTION_HOME = getActionHome(); - - // audit (transaction) logger + private static final Logger LOGGER = FlexLogger.getLogger(XACMLPapServlet.class); + // audit (transaction) LOGGER private static final Logger auditLogger = FlexLogger.getLogger("auditLogger"); - - private IntegrityMonitor im; - private IntegrityAudit ia; - + //Persistence Unit for JPA + private static final String PERSISTENCE_UNIT = "XACML-PAP-REST"; + private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU"; + // Client Headers. + private static final String ENVIRONMENT_HEADER = "Environment"; /* + * List of Admin Console URLs. + * Used to send notifications when configuration changes. * - * papEngine - This is our engine workhorse that manages the PDP Groups and Nodes. + * The CopyOnWriteArrayList *should* protect from concurrency errors. + * This list is seldom changed but often read, so the costs of this approach make sense. */ - private PAPPolicyEngine papEngine = null; + private static final CopyOnWriteArrayList<String> adminConsoleURLStringList = new CopyOnWriteArrayList<String>(); + + private static String CONFIG_HOME; + private static String ACTION_HOME; /* * This PAP instance's own URL. - * * Need this when creating URLs to send to the PDPs so they can GET the Policy files from this process. */ private static String papURL = null; - + // The heartbeat thread. + private static Heartbeat heartbeat = null; + private static Thread heartbeatThread = null; + //The entity manager factory for JPA access + private static EntityManagerFactory emf; + private static PolicyDBDao policyDBDao; + /* + * papEngine - This is our engine workhorse that manages the PDP Groups and Nodes. + */ + private static PAPPolicyEngine papEngine = null; /* * These are the parameters needed for DB access from the PAP */ + private static int papIntegrityAuditPeriodSeconds = -1; public static String papDbDriver = null; public static String papDbUrl = null; public static String papDbUser = null; @@ -212,142 +170,98 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList private static String papSiteName=null; private static String papNodeType=null; private static String papDependencyGroups = null; - private String storedRequestId = null; - private static int papIntegrityAuditPeriodSeconds = -1; private static String[] papDependencyGroupsFlatArray = null; - - //The entity manager factory for JPA access - private EntityManagerFactory emf; - - //Persistence Unit for JPA - private static final String PERSISTENCE_UNIT = "XACML-PAP-REST"; - private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU"; - - - /* - * List of Admin Console URLs. - * Used to send notifications when configuration changes. - * - * The CopyOnWriteArrayList *should* protect from concurrency errors. - * This list is seldom changed but often read, so the costs of this approach make sense. - */ - private static final CopyOnWriteArrayList<String> adminConsoleURLStringList = new CopyOnWriteArrayList<String>(); - - // Mike M 11/24 Client Headers. - private static final String ENVIRONMENT_HEADER = "Environment"; private static String environment = null; - + private static String pdpFile = null; + + private String storedRequestId = null; + private IntegrityMonitor im; + private IntegrityAudit ia; + + //MicroService Model Properties + public static String msEcompName; + public static String msPolicyName; /* * This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when * this servlet starts. Its configurable by the admin. */ private Thread initiateThread = null; - - /* - // The heartbeat thread. - */ - private static Heartbeat heartbeat = null; - private static Thread heartbeatThread = null; - private ECOMPLoggingContext baseLoggingContext = null; - - private PolicyDBDao policyDBDao; private AutoPushPolicy autoPushPolicy; + /** * @see HttpServlet#HttpServlet() */ public XACMLPapServlet() { super(); } - /* - * PDP FIle - */ - private static String pdpFile = null; - public static String getPDPFile(){ - return XACMLPapServlet.pdpFile; - } /** * @see Servlet#init(ServletConfig) */ public void init(ServletConfig config) throws ServletException { - - try { - // - // Logging stuff.... - // + // Logging baseLoggingContext = new ECOMPLoggingContext(); // fixed data that will be the same in all logging output goes here try { String hostname = InetAddress.getLocalHost().getCanonicalHostName(); baseLoggingContext.setServer(hostname); } catch (UnknownHostException e) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get hostname for logging"); + LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get hostname for logging"); } - - // // Initialize - // XACMLRest.xacmlInit(config); - // // Load the properties - // XACMLRest.loadXacmlProperties(null, null); - /* - * Retrieve the property values for db access and audits from the xacml.pap.properties + * Retrieve the property values */ - //Null string occurs when a property is not present - try{ - papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER); - if(papDbDriver == null){ - throw new PAPException("papDbDriver is null"); - } + CONFIG_HOME = getConfigHome(); + ACTION_HOME = getActionHome(); + papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER); + if(papDbDriver == null){ + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbDriver property entry"); + throw new PAPException("papDbDriver is null"); + } + papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL); + if(papDbUrl == null){ + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUrl property entry"); + throw new PAPException("papDbUrl is null"); + } + papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER); + if(papDbUser == null){ + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUser property entry"); + throw new PAPException("papDbUser is null"); + } + papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD); + if(papDbPassword == null){ + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry"); + throw new PAPException("papDbPassword is null"); + } + papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME); + if(papResourceName == null){ + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papResourceName property entry"); + throw new PAPException("papResourceName is null"); + } + papSiteName = XACMLProperties.getProperty(XACMLRestProperties.PAP_SITE_NAME); + if(papSiteName == null){ + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papSiteName property entry"); + throw new PAPException("papSiteName is null"); + } + papNodeType = XACMLProperties.getProperty(XACMLRestProperties.PAP_NODE_TYPE); + if(papNodeType == null){ + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papNodeType property entry"); + throw new PAPException("papNodeType is null"); } - catch(Exception e){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry"); - throw e; - } - try{ - papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL); - if(papDbUrl == null){ - throw new PAPException("papDbUrl is null"); - } - } catch(Exception e){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry"); - throw e; - } - try{ - papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER); - if(papDbUser == null){ - throw new PAPException("papDbUser is null"); - } - }catch(Exception e){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry"); - throw e; - } - try{ - papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD); - if(papDbPassword == null){ - throw new PAPException("papDbPassword is null"); - } - }catch(Exception e){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry"); - throw e; - } - environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL"); - //Integer will throw an exception of anything is missing or unrecognized papTransWait = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT)); papTransTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT)); papAuditTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_TIMEOUT)); - //Boolean will default to false if anything is missing or unrecognized papAuditFlag = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG)); papFileSystemAudit = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_FLAG)); - //PAP Auto Push autoPushFlag = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PUSH_FLAG)); // if Auto push then Load with properties. @@ -358,51 +272,21 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if(file.endsWith(".properties")){ autoPushPolicy = new AutoPushPolicy(file); }else{ - throw new Exception(); + throw new PAPException(); } }catch(Exception e){ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Missing property or not a proper property file check for: " + XACMLRestProperties.PROP_PAP_PUSH_FILE ); - logger.info("Overriding the autoPushFlag to False..."); + LOGGER.info("Overriding the autoPushFlag to False..."); autoPushFlag = false; } } - - try{ - papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME); - if(papResourceName == null){ - throw new PAPException("papResourceName is null"); - } - }catch(Exception e){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry"); - throw e; - } - - try{ - papSiteName = XACMLProperties.getProperty(XACMLRestProperties.PAP_SITE_NAME); - if(papSiteName == null){ - throw new PAPException("papSiteName is null"); - } - }catch(Exception e){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry"); - throw e; - } - try{ - papNodeType = XACMLProperties.getProperty(XACMLRestProperties.PAP_NODE_TYPE); - if(papNodeType == null){ - throw new PAPException("papNodeType is null"); - } - }catch(Exception e){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry"); - throw e; + papDependencyGroups = XACMLProperties.getProperty(XACMLRestProperties.PAP_DEPENDENCY_GROUPS); + if(papDependencyGroups == null){ + throw new PAPException("papDependencyGroups is null"); } try{ - papDependencyGroups = XACMLProperties.getProperty(XACMLRestProperties.PAP_DEPENDENCY_GROUPS); - if(papDependencyGroups == null){ - throw new PAPException("papDependencyGroups is null"); - } //Now we have flattened the array into a simple comma-separated list papDependencyGroupsFlatArray = papDependencyGroups.split("[;,]"); - //clean up the entries for (int i = 0 ; i < papDependencyGroupsFlatArray.length ; i ++){ papDependencyGroupsFlatArray[i] = papDependencyGroupsFlatArray[i].trim(); @@ -410,12 +294,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList try{ if(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS) != null){ papIntegrityAuditPeriodSeconds = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS).trim()); - }else{ - //nothing to do. The parameter is optional } }catch(Exception e){ String msg = "integrity_audit_period_seconds "; - logger.error("\n\nERROR: " + msg + "Bad property entry: " + e.getMessage() + "\n"); + LOGGER.error("\n\nERROR: " + msg + "Bad property entry: " + e.getMessage() + "\n"); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: " + msg +"Bad property entry"); throw e; } @@ -423,14 +305,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry"); throw e; } - //Integer will throw an exception of anything is missing or unrecognized fpMonitorInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FP_MONITOR_INTERVAL)); failedCounterThreshold = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FAILED_COUNTER_THRESHOLD)); testTransInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.TEST_TRANS_INTERVAL)); writeFpcInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.WRITE_FPC_INTERVAL)); - - logger.debug("\n\n\n**************************************" + LOGGER.debug("\n\n\n**************************************" + "\n**************************************" + "\n" + "\n papDbDriver = " + papDbDriver @@ -454,153 +334,91 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList + "\n papIntegrityAuditPeriodSeconds = " + papIntegrityAuditPeriodSeconds + "\n\n**************************************" + "\n**************************************"); - - // // Pull custom persistence settings - // - Properties properties; try { - properties = XACMLProperties.getProperties();//XACMLRestProperties.getProperties(); - logger.debug("\n\n\n**************************************" + properties = XACMLProperties.getProperties(); + LOGGER.debug("\n\n\n**************************************" + "\n**************************************" + "\n\n" + "properties = " + properties + "\n\n**************************************"); - } catch (IOException e) { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " Error loading properties with: " + "XACMLProperties.getProperties()"); throw new ServletException(e.getMessage(), e.getCause()); } - + //Micro Service Properties + msEcompName=properties.getProperty("xacml.policy.msEcompName"); + msPolicyName=properties.getProperty("xacml.policy.msPolicyName"); + // PDPId File location + XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE); + if (XACMLPapServlet.pdpFile == null) { + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " The PDP Id Authentication File Property is not valid: " + + XACMLRestProperties.PROP_PDP_IDFILE); + throw new PAPException("The PDP Id Authentication File Property :"+ XACMLRestProperties.PROP_PDP_IDFILE+ " is not Valid. "); + } // Create an IntegrityMonitor im = IntegrityMonitor.getInstance(papResourceName,properties); - // Create an IntegrityAudit ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties); ia.startAuditThread(); - - // // Create the entity manager factory - // emf = Persistence.createEntityManagerFactory(PERSISTENCE_UNIT, properties); - // - // Did it get created? - // if (emf == null) { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager factory with persistence unit: " + PERSISTENCE_UNIT); throw new ServletException("Unable to create Entity Manager Factory"); } - // // we are about to call the PDPs and give them their configuration. // To do that we need to have the URL of this PAP so we can construct the Policy file URLs - // XACMLPapServlet.papURL = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL); - /* - * Create the PolicyDBDao singleton - */ //Create the policyDBDao policyDBDao = PolicyDBDao.getPolicyDBDaoInstance(getEmf()); - boolean performFileToDatabaseAudit = false; - if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){ - if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_FLAG))){ - //get an AuditTransaction to lock out all other transactions - PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction(); - policyDBDao.auditLocalFileSystem(); - //release the transaction lock - auditTrans.close(); - }else{ - performFileToDatabaseAudit = true; - } - } - - - - // // Load our PAP engine, first create a factory - // ECOMPPapEngineFactory factory = ECOMPPapEngineFactory.newInstance(XACMLProperties.getProperty(XACMLProperties.PROP_PAP_PAPENGINEFACTORY)); - // // The factory knows how to go about creating a PAP Engine - // - this.papEngine = (PAPPolicyEngine) factory.newEngine(); + XACMLPapServlet.papEngine = (PAPPolicyEngine) factory.newEngine(); PolicyDBDaoTransaction addNewGroup = null; try{ - if(((org.openecomp.policy.xacml.std.pap.StdEngine)papEngine).wasDefaultGroupJustAdded){ addNewGroup = policyDBDao.getNewTransaction(); EcompPDPGroup group = papEngine.getDefaultGroup(); addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(), "automaticallyAdded"); addNewGroup.commitTransaction(); - addNewGroup = policyDBDao.getNewTransaction(); + addNewGroup = policyDBDao.getNewTransaction(); addNewGroup.changeDefaultGroup(group, "automaticallyAdded"); - addNewGroup.commitTransaction(); + addNewGroup.commitTransaction(); } - } catch(Exception e){ PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " Error creating new default group in the database"); if(addNewGroup != null){ addNewGroup.rollbackTransaction(); } } - - policyDBDao.setPapEngine((PAPPolicyEngine) this.papEngine); - - - if(performFileToDatabaseAudit){ - //get an AuditTransaction to lock out all other transactions - PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction(); - policyDBDao.auditLocalDatabase((PAPPolicyEngine) this.papEngine); - //release the transaction lock - auditTrans.close(); - } - - // - // PDPId File location - // - XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE); - if (XACMLPapServlet.pdpFile == null) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + - " The PDP Id Authentication File Property is not valid: " - + XACMLRestProperties.PROP_PDP_IDFILE); - throw new PAPException("The PDP Id Authentication File Property :"+ XACMLRestProperties.PROP_PDP_IDFILE+ " is not Valid. "); - } - // - // Sanity check that a URL was defined somewhere, its essential. - // - // How to check that its valid? We can validate the form, but since we are in the init() method we - // are not fully loaded yet so we really couldn't ping ourself to see if the URL will work. One - // will have to look for errors in the PDP logs to determine if they are failing to initiate a - // request to this servlet. - // + policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine); + // Sanity check for URL. if (XACMLPapServlet.papURL == null) { - throw new PAPException("The property " + XACMLRestProperties.PROP_PAP_URL + " is not valid: " + XACMLPapServlet.papURL); } - // // Configurable - have the PAP servlet initiate sending the latest PDP policy/pip configuration // to all its known PDP nodes. - // - // Note: parseBoolean will return false if there is no property defined. This is fine for a default. - // if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_INITIATE_PDP_CONFIG))) { this.initiateThread = new Thread(this); this.initiateThread.start(); } - // - // After startup, the PAP does Heartbeats to each of the PDPs periodically - // - XACMLPapServlet.heartbeat = new Heartbeat((PAPPolicyEngine) this.papEngine); + // After startup, the PAP does Heartbeat's to each of the PDPs periodically + XACMLPapServlet.heartbeat = new Heartbeat((PAPPolicyEngine) XACMLPapServlet.papEngine); XACMLPapServlet.heartbeatThread = new Thread(XACMLPapServlet.heartbeat); XACMLPapServlet.heartbeatThread.start(); + } catch (FactoryException | PAPException e) { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine"); throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; error: "+e); } catch (Exception e) { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine - unexpected error"); - throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; unexpected error: "+e); } + throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; unexpected error: "+e); + } } /** @@ -609,13 +427,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList */ @Override public void run() { - // // send the current configuration to all the PDPs that we know about - // changed(); } - /** * @see Servlet#destroy() * @@ -623,13 +438,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList * For now we assume that we do care. */ public void destroy() { - // // Make sure our threads are destroyed - // if (XACMLPapServlet.heartbeatThread != null) { - // // stop the heartbeat - // try { if (XACMLPapServlet.heartbeat != null) { XACMLPapServlet.heartbeat.terminate(); @@ -651,7 +462,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } /** - * * Called by: * - PDP nodes to register themselves with the PAP, and * - Admin Console to make changes in the PDP Groups. @@ -660,9 +470,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ECOMPLoggingContext loggingContext = ECOMPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext); - loggingContext.transactionStarted(); - loggingContext.setServiceName("PAP.post"); // we may set a more specific value later + loggingContext.setServiceName("PAP.post"); if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){ UUID requestID = UUID.randomUUID(); loggingContext.setRequestID(requestID.toString()); @@ -670,139 +479,86 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else { PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)"); } - // dummy metric.log example posted below as proof of concept - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 1 of 2"); - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 2 of 2"); - // dummy metric.log example posted above as proof of concept PolicyDBDaoTransaction pdpTransaction = null; - - //This im.startTransaction() covers all Post transactions try { im.startTransaction(); } catch (AdministrativeStateException ae){ String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative" + " state of " + im.getStateManager().getAdminState() + "\n Exception Message: " + ae.getMessage(); - logger.info(message); + LOGGER.info(message); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; }catch (StandbyStatusException se) { - se.printStackTrace(); String message = "POST interface called for PAP " + papResourceName + " but it has a Standby Status" + " of " + im.getStateManager().getStandbyStatus() + "\n Exception Message: " + se.getMessage(); - logger.info(message); + LOGGER.info(message); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; } - try { - XACMLRest.dumpRequest(request); - // since getParameter reads the content string, explicitly get the content before doing that. // Simply getting the inputStream seems to protect it against being consumed by getParameter. request.getInputStream(); - - String groupId = request.getParameter("groupId"); String apiflag = request.getParameter("apiflag"); - - if (groupId != null) { + if(groupId != null) { // Is this from the Admin Console or API? - if(apiflag!=null) { - if (apiflag.equalsIgnoreCase("api")) { - // this is from the API so we need to check the client credentials before processing the request - if(authorizeRequest(request)){ - doACPost(request, response, groupId, loggingContext); - // Mike B - ended loggingContext transacton & added EELF 'Success' EELF Audit.log message - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Ended Successfully"); - im.endTransaction(); - return; - } else { - String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. "; - PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - - response.sendError(HttpServletResponse.SC_FORBIDDEN, message); - im.endTransaction(); - return; - } + if(apiflag!=null && apiflag.equalsIgnoreCase("api")) { + // this is from the API so we need to check the client credentials before processing the request + if(!authorizeRequest(request)){ + String message = "PEP not Authorized for making this Request!!"; + PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_FORBIDDEN, message); + im.endTransaction(); + return; } } - - // this is from the Admin Console, so handle separately doACPost(request, response, groupId, loggingContext); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); return; - } - - - // - // Request is from a PDP. - // It is coming up and asking for its config - // + // Request is from a PDP asking for its config. loggingContext.setServiceName("PDP:PAP.register"); - - - // // Get the PDP's ID - // String id = this.getPDPID(request); String jmxport = this.getPDPJMX(request); - //logger.info("doPost from: " + id); - logger.info("Request(doPost) from PDP coming up: " + id); - // + LOGGER.info("Request(doPost) from PDP coming up: " + id); // Get the PDP Object - // - EcompPDP pdp = this.papEngine.getPDP(id); - // + EcompPDP pdp = XACMLPapServlet.papEngine.getPDP(id); // Is it known? - // if (pdp == null) { - logger.info("Unknown PDP: " + id); - // PDP ID Check is performed Here. + LOGGER.info("Unknown PDP: " + id); + // Check PDP ID if(CheckPDP.validateID(id)){ pdpTransaction = policyDBDao.getNewTransaction(); try { - //this.papEngine.newPDP(id, this.papEngine.getDefaultGroup(), id, "Registered on first startup"); - pdpTransaction.addPdpToGroup(id, this.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister"); - this.papEngine.newPDP(id, this.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport)); + pdpTransaction.addPdpToGroup(id, XACMLPapServlet.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister"); + XACMLPapServlet.papEngine.newPDP(id, XACMLPapServlet.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport)); } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException e) { pdpTransaction.rollbackTransaction(); String message = "Failed to create new PDP for id: " + id; PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); im.endTransaction(); return; } // get the PDP we just created - pdp = this.papEngine.getPDP(id); + pdp = XACMLPapServlet.papEngine.getPDP(id); if (pdp == null) { if(pdpTransaction != null){ pdpTransaction.rollbackTransaction(); @@ -810,7 +566,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList String message = "Failed to create new PDP for id: " + id; PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); im.endTransaction(); @@ -825,35 +580,17 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - // get the PDP we just created - pdp = this.papEngine.getPDP(id); - if (pdp == null) { - if(pdpTransaction != null){ - pdpTransaction.rollbackTransaction(); - } - String message = "Failed to create new PDP for id: " + id; - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - im.endTransaction(); - return; - } try{ pdpTransaction.commitTransaction(); } catch(Exception e){ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database"); } } - if (jmxport != null && jmxport != ""){ ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport)); } - - // // Get the PDP's Group - // - EcompPDPGroup group = this.papEngine.getPDPGroup((EcompPDP) pdp); + EcompPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((EcompPDP) pdp); if (group == null) { PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " PDP not associated with any group, even the default"); loggingContext.transactionEnded(); @@ -862,67 +599,42 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - // // Determine what group the PDP node is in and get // its policy/pip properties. - // Properties policies = group.getPolicyProperties(); Properties pipconfig = group.getPipConfigProperties(); - // // Get the current policy/pip configuration that the PDP has - // Properties pdpProperties = new Properties(); pdpProperties.load(request.getInputStream()); - logger.info("PDP Current Properties: " + pdpProperties.toString()); - logger.info("Policies: " + (policies != null ? policies.toString() : "null")); - logger.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null")); - // + LOGGER.info("PDP Current Properties: " + pdpProperties.toString()); + LOGGER.info("Policies: " + (policies != null ? policies.toString() : "null")); + LOGGER.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null")); // Validate the node's properties - // boolean isCurrent = this.isPDPCurrent(policies, pipconfig, pdpProperties); - // // Send back current configuration - // if (isCurrent == false) { - // // Tell the PDP we are sending back the current policies/pip config - // - logger.info("PDP configuration NOT current."); + LOGGER.info("PDP configuration NOT current."); if (policies != null) { - // // Put URL's into the properties in case the PDP needs to // retrieve them. - // this.populatePolicyURL(request.getRequestURL(), policies); - // // Copy the properties to the output stream - // policies.store(response.getOutputStream(), ""); } if (pipconfig != null) { - // // Copy the properties to the output stream - // pipconfig.store(response.getOutputStream(), ""); } - // // We are good - and we are sending them information - // response.setStatus(HttpServletResponse.SC_OK); - setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH); } else { - // // Tell them they are good - // response.setStatus(HttpServletResponse.SC_NO_CONTENT); - setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE); - } - // // tell the AC that something changed - // notifyAC(); loggingContext.transactionEnded(); auditLogger.info("Success"); @@ -931,11 +643,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if(pdpTransaction != null){ pdpTransaction.rollbackTransaction(); } - logger.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e); + LOGGER.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(500, e.getMessage()); im.endTransaction(); return; @@ -952,7 +662,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ECOMPLoggingContext loggingContext = ECOMPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext); loggingContext.transactionStarted(); - loggingContext.setServiceName("PAP.get"); // we may set a more specific value later + loggingContext.setServiceName("PAP.get"); if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){ UUID requestID = UUID.randomUUID(); loggingContext.setRequestID(requestID.toString()); @@ -960,98 +670,17 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else { PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)"); } - // dummy metric.log example posted below as proof of concept - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 1 of 2"); - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 2 of 2"); - // dummy metric.log example posted above as proof of concept try { XACMLRest.dumpRequest(request); String pathInfo = request.getRequestURI(); - logger.info("path info: " + pathInfo); + LOGGER.info("path info: " + pathInfo); if (pathInfo != null){ //DO NOT do a im.startTransaction for the test request if (pathInfo.equals("/pap/test")) { - logger.info("Test request received"); - try { - im.evaluateSanity(); - //If we make it this far, all is well - String message = "GET:/pap/test called and PAP " + papResourceName + " is OK"; - logger.info(message); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.setStatus(HttpServletResponse.SC_OK); - return; - }catch (ForwardProgressException fpe){ - //No forward progress is being made - String message = "GET:/pap/test called and PAP " + papResourceName + " is not making forward progress." - + " Exception Message: " + fpe.getMessage(); - logger.info(message); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - return; - }catch (AdministrativeStateException ase){ - //Administrative State is locked - String message = "GET:/pap/test called and PAP " + papResourceName + " Administrative State is LOCKED " - + " Exception Message: " + ase.getMessage(); - logger.info(message); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - return; - }catch (StandbyStatusException sse){ - //Administrative State is locked - String message = "GET:/pap/test called and PAP " + papResourceName + " Standby Status is NOT PROVIDING SERVICE " - + " Exception Message: " + sse.getMessage(); - logger.info(message); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - return; - }catch (Exception e) { - //A subsystem is not making progress, is locked, standby or is not responding - String eMsg = e.getMessage(); - if(eMsg == null){ - eMsg = "No Exception Message"; - } - String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure." - + " Exception Message: " + eMsg; - logger.info(message); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - //Get the specific list of subsystems that failed - String ssFailureList = null; - for(String failedSS : papDependencyGroupsFlatArray){ - if(eMsg.contains(failedSS)){ - if(ssFailureList == null){ - ssFailureList = failedSS; - }else{ - ssFailureList = ssFailureList.concat(","+failedSS); - } - } - } - if(ssFailureList == null){ - ssFailureList = "UnknownSubSystem"; - } - response.addHeader("X-ECOMP-SubsystemFailure", ssFailureList); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - return; - } + testService(loggingContext, response); + return; } } - //This im.startTransaction() covers all other Get transactions try { im.startTransaction(); @@ -1059,76 +688,43 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative" + " state of " + im.getStateManager().getAdminState() + "\n Exception Message: " + ae.getMessage(); - logger.info(message); + LOGGER.info(message); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; }catch (StandbyStatusException se) { - se.printStackTrace(); String message = "GET interface called for PAP " + papResourceName + " but it has a Standby Status" + " of " + im.getStateManager().getStandbyStatus() + "\n Exception Message: " + se.getMessage(); - logger.info(message); + LOGGER.info(message); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; } - - // Request from the API to get the gitPath String apiflag = request.getParameter("apiflag"); if (apiflag!=null) { if(authorizeRequest(request)){ - - - // Request from the API to get the gitPath - if (apiflag.equalsIgnoreCase("gitPath")) { - getGitPath(request, response); - // Mike B - ended loggingContext transacton & added EELF 'Success' EELF Audit.log message - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Ended Successfully"); - im.endTransaction(); - return; - } - - // Request from the API to get the ActiveVersion from the PolicyVersion table - if (apiflag.equalsIgnoreCase("version")){ - getActiveVersion(request, response); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Ended Successfully"); - im.endTransaction(); - return; - } - - // Request from the API to get the URI from the gitpath - if (apiflag.equalsIgnoreCase("uri")){ - getSelectedURI(request, response); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Ended Successfully"); - im.endTransaction(); - return; - } - + APIRequestHandler apiRequestHandler = new APIRequestHandler(); + apiRequestHandler.doGet(request,response, apiflag); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Ended Successfully"); + im.endTransaction(); + return; } else { String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. "; PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_FORBIDDEN, message); im.endTransaction(); return; } - } - - // Is this from the Admin Console? String groupId = request.getParameter("groupId"); if (groupId != null) { @@ -1139,32 +735,20 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - - // // Get the PDP's ID - // String id = this.getPDPID(request); - logger.info("doGet from: " + id); - // + LOGGER.info("doGet from: " + id); // Get the PDP Object - // - EcompPDP pdp = this.papEngine.getPDP(id); - // + EcompPDP pdp = XACMLPapServlet.papEngine.getPDP(id); // Is it known? - // if (pdp == null) { - // // Check if request came from localhost - // if (request.getRemoteHost().equals("localhost") || request.getRemoteHost().equals("127.0.0.1") || request.getRemoteHost().equals(request.getLocalAddr())) { - // // Return status information - basically all the groups - // loggingContext.setServiceName("PAP.getGroups"); Set<EcompPDPGroup> groups = papEngine.getEcompPDPGroups(); - // convert response object to JSON and include in the response ObjectMapper mapper = new ObjectMapper(); mapper.writeValue(response.getOutputStream(), groups); @@ -1178,38 +762,29 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList String message = "Unknown PDP: " + id + " from " + request.getRemoteHost() + " us: " + request.getLocalAddr(); PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, message); im.endTransaction(); return; } - loggingContext.setServiceName("PAP.getPolicy"); - - // // Get the PDP's Group - // - EcompPDPGroup group = this.papEngine.getPDPGroup((EcompPDP) pdp); + EcompPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((EcompPDP) pdp); if (group == null) { String message = "No group associated with pdp " + pdp.getId(); - logger.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message); + LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, message); im.endTransaction(); return; } - // // Which policy do they want? - // String policyId = request.getParameter("id"); if (policyId == null) { String message = "Did not specify an id for the policy"; - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message); + LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_NOT_FOUND, message); im.endTransaction(); @@ -1218,30 +793,23 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PDPPolicy policy = group.getPolicy(policyId); if (policy == null) { String message = "Unknown policy: " + policyId; - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message); + LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_NOT_FOUND, message); im.endTransaction(); return; } - // - // Get its stream - // - logger.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n " - + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString() ); - try (InputStream is = policy.getStream(); OutputStream os = response.getOutputStream()) { - // + LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n " + + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString()); + try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) { // Send the policy back - // IOUtils.copy(is, os); - response.setStatus(HttpServletResponse.SC_OK); loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); - } catch (PAPException e) { + } catch (IOException e) { String message = "Failed to open policy id " + policyId; PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); loggingContext.transactionEnded(); @@ -1251,7 +819,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } catch (PAPException e) { PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(500, e.getMessage()); im.endTransaction(); @@ -1261,394 +828,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Ended"); im.endTransaction(); } - - - /** - * Requests from the PolicyEngine API to update the PDP Group with pushed policy - * - * @param request - * @param response - * @param groupId - * @param loggingContext - * @throws ServletException - * @throws IOException - */ - private void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ECOMPLoggingContext loggingContext) throws IOException { - PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction(); - try { - - - // for PUT operations the group may or may not need to exist before the operation can be done - StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId); - - // get the request content into a String - String json = null; - - // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) - java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); - scanner.useDelimiter("\\A"); - json = scanner.hasNext() ? scanner.next() : ""; - scanner.close(); - logger.info("JSON request from PolicyEngine API: " + json); - - // convert Object sent as JSON into local object - ObjectMapper mapper = new ObjectMapper(); - - Object objectFromJSON = mapper.readValue(json, StdPDPPolicy.class); - - StdPDPPolicy policy = (StdPDPPolicy) objectFromJSON; - - Set<PDPPolicy> policies = new HashSet<PDPPolicy>(); - - if(policy!=null){ - policies.add(policy); - } - - //Get the current policies from the Group and Add the new one - Set<PDPPolicy> currentPoliciesInGroup = new HashSet<PDPPolicy>(); - currentPoliciesInGroup = group.getPolicies(); - - //If the selected policy is in the group we must remove it because the name is default - Iterator<PDPPolicy> policyIterator = policies.iterator(); - logger.debug("policyIterator....." + policies); - while (policyIterator.hasNext()) { - PDPPolicy selPolicy = policyIterator.next(); - for (PDPPolicy existingPolicy : currentPoliciesInGroup) { - if (existingPolicy.getId().equals(selPolicy.getId())) { - group.removePolicyFromGroup(existingPolicy); - logger.debug("Removing policy: " + existingPolicy); - break; - } - } - } - - if(currentPoliciesInGroup!=null){ - policies.addAll(currentPoliciesInGroup); - } - group.setPolicies(policies); - - // Assume that this is an update of an existing PDP Group - loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup"); - - try{ - acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut"); - } catch(Exception e){ - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: " - +"group="+group.getId()); - throw new PAPException(e.getMessage()); - } - - papEngine.updateGroup(group); - response.setStatus(HttpServletResponse.SC_NO_CONTENT); - response.addHeader("operation", "push"); - response.addHeader("policyId", policy.getId()); - response.addHeader("groupId", groupId); - if (logger.isDebugEnabled()) { - logger.debug("Group '" + group.getId() + "' updated"); - } - - acPutTransaction.commitTransaction(); - - notifyAC(); - - // Group changed, which might include changing the policies - groupChanged(group); - loggingContext.transactionEnded(); - auditLogger.info("Success"); - PolicyLogger.audit("Transaction Ended Successfully"); - return; - } catch (PAPException e) { - acPutTransaction.rollbackTransaction(); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception"); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - - String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP."; - response.sendError(500, e.getMessage()); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.addHeader("error","addGroupError"); - response.addHeader("message", message); - return; - } - - } - - private void getActiveVersion(HttpServletRequest request, HttpServletResponse response) { - //Setup EntityManager to communicate with the PolicyVersion table of the DB - EntityManager em = null; - em = (EntityManager) emf.createEntityManager(); - - if (em==null){ - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager with persistence unit: " + PERSISTENCE_UNIT); - try { - throw new Exception("Unable to create Entity Manager Factory"); - } catch (Exception e) { - e.printStackTrace(); - } - } - - String policyScope = request.getParameter("policyScope"); - String filePrefix = request.getParameter("filePrefix"); - String policyName = request.getParameter("policyName"); - - String pvName = policyScope + File.separator + filePrefix + policyName; - int activeVersion = 0; - - - //Get the Active Version to use in the ID - em.getTransaction().begin(); - Query query = em.createQuery("Select p from PolicyVersion p where p.policyName=:pname"); - query.setParameter("pname", pvName); - - @SuppressWarnings("rawtypes") - List result = query.getResultList(); - PolicyVersion versionEntity = null; - if (!result.isEmpty()) { - versionEntity = (PolicyVersion) result.get(0); - em.persist(versionEntity); - activeVersion = versionEntity.getActiveVersion(); - em.getTransaction().commit(); - } else { - logger.debug("No PolicyVersion using policyName found"); - } - - //clean up connection - em.close(); - if (String.valueOf(activeVersion)!=null || !String.valueOf(activeVersion).equalsIgnoreCase("")) { - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("version", String.valueOf(activeVersion)); - } else { - response.setStatus(HttpServletResponse.SC_NOT_FOUND); - } - - - } - - private void getSelectedURI(HttpServletRequest request, - HttpServletResponse response) { - - String gitPath = request.getParameter("gitPath"); - - File file = new File(gitPath); - - logger.debug("The fileItem is : " + file.toString()); - - URI selectedURI = file.toURI(); - - String uri = selectedURI.toString(); - - if (!uri.equalsIgnoreCase("")) { - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("selectedURI", uri); - } else { - response.setStatus(HttpServletResponse.SC_NOT_FOUND); - } - } - - /* - * getGitPath() method to get the gitPath using data from the JSON string - * when deleting policies using doAPIDelete() - */ - private File getPolicyFile(String policyName){ - - Path workspacePath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WORKSPACE), "admin"); - Path repositoryPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_REPOSITORY)); - Path gitPath = Paths.get(workspacePath.toString(), repositoryPath.getFileName().toString()); - - //getting the fullpath of the gitPath and convert to string - String fullGitPath = gitPath.toAbsolutePath().toString(); - String finalGitPath = null; - - //creating the parentPath directory for the Admin Console use - if(fullGitPath.contains("\\")){ - finalGitPath = fullGitPath.replace("ECOMP-PAP-REST", "ecomp-sdk-app"); - }else{ - finalGitPath = fullGitPath.replace("pap", "console"); - } - - finalGitPath += File.separator + policyName; - - File file = new File(finalGitPath); - - return file; - - } - - /* - * getGitPath() method to get the gitPath using data from the http request - * and send back in response when pushing policies - */ - private void getGitPath(HttpServletRequest request, - HttpServletResponse response) { - - String policyScope = request.getParameter("policyScope"); - String filePrefix = request.getParameter("filePrefix"); - String policyName = request.getParameter("policyName"); - String activeVersion = request.getParameter("activeVersion"); - - Path workspacePath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WORKSPACE), "admin"); - Path repositoryPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_REPOSITORY)); - Path gitPath = Paths.get(workspacePath.toString(), repositoryPath.getFileName().toString()); - - //getting the fullpath of the gitPath and convert to string - String fullGitPath = gitPath.toAbsolutePath().toString(); - String finalGitPath = null; - - //creating the parentPath directory for the Admin Console use - if(fullGitPath.contains("\\")){ - finalGitPath = fullGitPath.replace("ECOMP-PAP-REST", "ecomp-sdk-app"); - }else{ - finalGitPath = fullGitPath.replace("pap", "console"); - } - - finalGitPath += File.separator + policyScope + File.separator + filePrefix + policyName + "." + activeVersion + ".xml"; - File file = new File(finalGitPath); - URI uri = file.toURI(); - - // - // Extract XACML policy information - // - Boolean isValid = false; - String policyId = null; - String description = null; - String version = null; - - URL url; - try { - url = uri.toURL(); - Object rootElement = XACMLPolicyScanner.readPolicy(url.openStream()); - if (rootElement == null || - ( - ! (rootElement instanceof PolicySetType) && - ! (rootElement instanceof PolicyType) - ) ) { - logger.warn("No root policy element in URI: " + uri.toString() + " : " + rootElement); - isValid = false; - } else { - if (rootElement instanceof PolicySetType) { - policyId = ((PolicySetType)rootElement).getPolicySetId(); - description = ((PolicySetType)rootElement).getDescription(); - isValid = true; - version = ((PolicySetType)rootElement).getVersion(); - } else if (rootElement instanceof PolicyType) { - policyId = ((PolicyType)rootElement).getPolicyId(); - description = ((PolicyType)rootElement).getDescription(); - version = ((PolicyType)rootElement).getVersion(); - isValid = true; - } else { - PolicyLogger.error("Unknown root element: " + rootElement.getClass().getCanonicalName()); - } - } - } catch (Exception e) { - logger.error("Exception Occured While Extracting Policy Information"); - } - - if (!finalGitPath.equalsIgnoreCase("") || policyId!=null || description!=null || version!=null || isValid!=null) { - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("gitPath", finalGitPath); - response.addHeader("policyId", policyId); - response.addHeader("description", description); - response.addHeader("version", version); - response.addHeader("isValid", isValid.toString()); - } else { - response.setStatus(HttpServletResponse.SC_NOT_FOUND); - } - - } - - /** - * Given a version string consisting of integers with dots between them, convert it into an array of ints. - * - * @param version - * @return - * @throws NumberFormatException - */ - public static int[] versionStringToArray(String version) throws NumberFormatException { - if (version == null || version.length() == 0) { - return new int[0]; - } - String[] stringArray = version.split("\\."); - int[] resultArray = new int[stringArray.length]; - for (int i = 0; i < stringArray.length; i++) { - resultArray[i] = Integer.parseInt(stringArray[i]); - } - return resultArray; - } - - protected String getPDPID(HttpServletRequest request) { - String pdpURL = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_ID); - if (pdpURL == null || pdpURL.isEmpty()) { - // - // Should send back its port for identification - // - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header"); - pdpURL = ""; - } - return pdpURL; - } - - protected String getPDPJMX(HttpServletRequest request) { - String pdpJMMX = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_JMX_PORT); - if (pdpJMMX == null || pdpJMMX.isEmpty()) { - // - // Should send back its port for identification - // - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header for JMX Port so the value of 0 is assigned"); - return null; - } - return pdpJMMX; - } - private boolean isPDPCurrent(Properties policies, Properties pipconfig, Properties pdpProperties) { - String localRootPolicies = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES); - String localReferencedPolicies = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES); - if (localRootPolicies == null || localReferencedPolicies == null) { - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing property on PAP server: RootPolicies="+localRootPolicies+" ReferencedPolicies="+localReferencedPolicies); - return false; - } - // - // Compare the policies and pipconfig properties to the pdpProperties - // - try { - // - // the policy properties includes only xacml.rootPolicies and - // xacml.referencedPolicies without any .url entries - // - Properties pdpPolicies = XACMLProperties.getPolicyProperties(pdpProperties, false); - Properties pdpPipConfig = XACMLProperties.getPipProperties(pdpProperties); - if (localRootPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_ROOTPOLICIES)) && - localReferencedPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)) && - pdpPipConfig.equals(pipconfig)) { - // - // The PDP is current - // - return true; - } - } catch (Exception e) { - // we get here if the PDP did not include either xacml.rootPolicies or xacml.pip.engines, - // or if there are policies that do not have a corresponding ".url" property. - // Either of these cases means that the PDP is not up-to-date, so just drop-through to return false. - PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPapServlet", " PDP Error"); - } - return false; - } - - private void populatePolicyURL(StringBuffer urlPath, Properties policies) { - String lists[] = new String[2]; - lists[0] = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES); - lists[1] = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES); - for (String list : lists) { - if (list != null && list.isEmpty() == false) { - for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(list)) { - String url = urlPath + "?id=" + id; - logger.info("Policy URL for " + id + ": " + url); - policies.setProperty(id + ".url", url); - } - } - } - } - - + /** * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response) */ @@ -1656,7 +836,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList ECOMPLoggingContext loggingContext = ECOMPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext); storedRequestId = loggingContext.getRequestID(); loggingContext.transactionStarted(); - loggingContext.setServiceName("PAP.put"); // we may set a more specific value later + loggingContext.setServiceName("PAP.put"); if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){ UUID requestID = UUID.randomUUID(); loggingContext.setRequestID(requestID.toString()); @@ -1664,52 +844,32 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else { PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)"); } - // dummy metric.log example posted below as proof of concept - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 1 of 2"); - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 2 of 2"); - //This im.startTransaction() covers all Put transactions try { im.startTransaction(); } catch (AdministrativeStateException ae){ String message = "PUT interface called for PAP " + papResourceName + " but it has an Administrative" + " state of " + im.getStateManager().getAdminState() + "\n Exception Message: " + ae.getMessage(); - logger.info(message); + LOGGER.info(message); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; }catch (StandbyStatusException se) { - se.printStackTrace(); String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status" + " of " + im.getStateManager().getStandbyStatus() + "\n Exception Message: " + se.getMessage(); - logger.info(message); + LOGGER.info(message); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; } - XACMLRest.dumpRequest(request); - - // - // since getParameter reads the content string, explicitly get the content before doing that. - // Simply getting the inputStream seems to protect it against being consumed by getParameter. - // - request.getInputStream(); - //need to check if request is from the API or Admin console String apiflag = request.getParameter("apiflag"); - //This would occur if a PolicyDBDao notification was received String policyDBDaoRequestUrl = request.getParameter("policydbdaourl"); if(policyDBDaoRequestUrl != null){ @@ -1731,19 +891,18 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - //This would occur if we received a notification of a policy creation or update String policyToCreateUpdate = request.getParameter("policyToCreateUpdate"); if(policyToCreateUpdate != null){ - if(logger.isDebugEnabled()){ - logger.debug("\nXACMLPapServlet.doPut() - before decoding" + if(LOGGER.isDebugEnabled()){ + LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding" + "\npolicyToCreateUpdate = " + policyToCreateUpdate); } //decode it try{ policyToCreateUpdate = URLDecoder.decode(policyToCreateUpdate, "UTF-8"); - if(logger.isDebugEnabled()){ - logger.debug("\nXACMLPapServlet.doPut() - after decoding" + if(LOGGER.isDebugEnabled()){ + LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding" + "\npolicyToCreateUpdate = " + policyToCreateUpdate); } } catch(UnsupportedEncodingException e){ @@ -1756,7 +915,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - //send it to PolicyDBDao PolicyDBDaoTransaction createUpdateTransaction = policyDBDao.getNewTransaction(); try{ @@ -1773,13 +931,13 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList createUpdateTransaction.commitTransaction(); // Before sending Ok. Lets call AutoPush. if(autoPushFlag){ - Set<StdPDPGroup> changedGroups = autoPushPolicy.checkGroupsToPush(policyToCreateUpdate, this.papEngine); + Set<StdPDPGroup> changedGroups = autoPushPolicy.checkGroupsToPush(policyToCreateUpdate, XACMLPapServlet.papEngine); if(!changedGroups.isEmpty()){ for(StdPDPGroup group: changedGroups){ try{ papEngine.updateGroup(group); - if (logger.isDebugEnabled()) { - logger.debug("Group '" + group.getId() + "' updated"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Group '" + group.getId() + "' updated"); } notifyAC(); // Group changed, which might include changing the policies @@ -1796,21 +954,19 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - /* - * Request for Micro Service Import + * Request for ImportService */ - String microServiceCreation = request.getParameter("importService"); - if (microServiceCreation != null) { - if(authorizeRequest(request)){ - if (microServiceCreation.contains("MICROSERVICE")){ - doImportMicroServicePut(request, response); - im.endTransaction(); - return; - } + String importService = request.getParameter("importService"); + if (importService != null) { + if(authorizeRequest(request)){ + APIRequestHandler apiRequestHandler = new APIRequestHandler(); + apiRequestHandler.doPut(request, response, importService); + im.endTransaction(); + return; } else { String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. "; - logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + message ); + LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + message ); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_FORBIDDEN, message); @@ -1821,16 +977,16 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList String oldPolicyName = request.getParameter("oldPolicyName"); String newPolicyName = request.getParameter("newPolicyName"); if(oldPolicyName != null && newPolicyName != null){ - if(logger.isDebugEnabled()){ - logger.debug("\nXACMLPapServlet.doPut() - before decoding" + if(LOGGER.isDebugEnabled()){ + LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding" + "\npolicyToCreateUpdate = " + " "); } //decode it try{ oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8"); newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8"); - if(logger.isDebugEnabled()){ - logger.debug("\nXACMLPapServlet.doPut() - after decoding" + if(LOGGER.isDebugEnabled()){ + LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding" + "\npolicyToCreateUpdate = " + " "); } } catch(UnsupportedEncodingException e){ @@ -1863,22 +1019,18 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - - // // See if this is Admin Console registering itself with us // String acURLString = request.getParameter("adminConsoleURL"); if (acURLString != null) { loggingContext.setServiceName("AC:PAP.register"); - // // remember this Admin Console for future updates - // if ( ! adminConsoleURLStringList.contains(acURLString)) { adminConsoleURLStringList.add(acURLString); } - if (logger.isDebugEnabled()) { - logger.debug("Admin Console registering with URL: " + acURLString); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Admin Console registering with URL: " + acURLString); } response.setStatus(HttpServletResponse.SC_NO_CONTENT); loggingContext.transactionEnded(); @@ -1887,15 +1039,22 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - /* * This is to update the PDP Group with the policy/policies being pushed - * Part of a 2 step process to push policie to the PDP that can now be done + * Part of a 2 step process to push policies to the PDP that can now be done * From both the Admin Console and the PolicyEngine API */ String groupId = request.getParameter("groupId"); if (groupId != null) { if(apiflag!=null){ + if(!authorizeRequest(request)){ + String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. "; + PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_FORBIDDEN, message); + return; + } if(apiflag.equalsIgnoreCase("addPolicyToGroup")){ updateGroupsFromAPI(request, response, groupId, loggingContext); loggingContext.transactionEnded(); @@ -1904,61 +1063,47 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } } - // // this is from the Admin Console, so handle separately - // doACPut(request, response, groupId, loggingContext); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); return; } - // // Request is for policy validation and creation // if (apiflag != null && apiflag.equalsIgnoreCase("admin")){ - /* - * this request is from the Admin Console - */ + // this request is from the Admin Console + SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance(); + savePolicyHandler.doPolicyAPIPut(request, response); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); - doACPolicyPut(request, response); im.endTransaction(); return; - } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) { - /* - * this request is from the Policy Creation API - */ - // Authenticating the Request here. + // this request is from the Policy Creation API if(authorizeRequest(request)){ + APIRequestHandler apiRequestHandler = new APIRequestHandler(); + apiRequestHandler.doPut(request, response, request.getHeader("ClientScope")); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); - doPolicyAPIPut(request, response); im.endTransaction(); return; } else { - String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. "; + String message = "PEP not Authorized for making this Request!!"; PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_FORBIDDEN, message); im.endTransaction(); return; } - } - - - // // We do not expect anything from anywhere else. // This method is here in case we ever need to support other operations. - // - logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag"); + LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag"); loggingContext.transactionEnded(); @@ -1972,7 +1117,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ECOMPLoggingContext loggingContext = ECOMPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext); loggingContext.transactionStarted(); - loggingContext.setServiceName("PAP.delete"); // we may set a more specific value later + loggingContext.setServiceName("PAP.delete"); if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){ UUID requestID = UUID.randomUUID(); loggingContext.setRequestID(requestID.toString()); @@ -1980,972 +1125,237 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else { PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)"); } - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 1 of 2"); - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 2 of 2"); - - //This im.startTransaction() covers all Delete transactions try { im.startTransaction(); } catch (AdministrativeStateException ae){ String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative" + " state of " + im.getStateManager().getAdminState() + "\n Exception Message: " + ae.getMessage(); - logger.info(message); + LOGGER.info(message); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; }catch (StandbyStatusException se) { - se.printStackTrace(); String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status" + " of " + im.getStateManager().getStandbyStatus() + "\n Exception Message: " + se.getMessage(); - logger.info(message); + LOGGER.info(message); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; } - XACMLRest.dumpRequest(request); - String groupId = request.getParameter("groupId"); String apiflag = request.getParameter("apiflag"); - if (groupId != null) { // Is this from the Admin Console or API? if(apiflag!=null) { - if (apiflag.equalsIgnoreCase("deletePapApi")) { - // this is from the API so we need to check the client credentials before processing the request - if(authorizeRequest(request)){ - doAPIDeleteFromPAP(request, response, loggingContext); - return; - } else { - String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. "; - PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_FORBIDDEN, message); - return; - } - } else if (apiflag.equalsIgnoreCase("deletePdpApi")) { - if(authorizeRequest(request)){ - doAPIDeleteFromPDP(request, response, loggingContext); - return; - } else { - String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. "; - PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_FORBIDDEN, message); - return; - } + if(!authorizeRequest(request)){ + String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. "; + PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_FORBIDDEN, message); + return; + } + APIRequestHandler apiRequestHandler = new APIRequestHandler(); + try { + apiRequestHandler.doDelete(request, response, loggingContext, apiflag); + } catch (Exception e) { + e.printStackTrace(); + } + if(apiRequestHandler.getNewGroup()!=null){ + groupChanged(apiRequestHandler.getNewGroup()); } + return; } - // this is from the Admin Console, so handle separately doACDelete(request, response, groupId, loggingContext); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); return; - } - // - // We do not expect anything from anywhere else. - // This method is here in case we ever need to support other operations. - // + //Catch anything that fell through PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId"); - - //Catch anything that fell through im.endTransaction(); - } - // - // Admin Console request handling - // - /** - * Requests from the Admin Console to GET info about the Groups and PDPs - * - * @param request - * @param response - * @param groupId - * @param loggingContext - * @throws ServletException - * @throws IOException - */ - private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ECOMPLoggingContext loggingContext) throws ServletException, IOException { + private boolean isPDPCurrent(Properties policies, Properties pipconfig, Properties pdpProperties) { + String localRootPolicies = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES); + String localReferencedPolicies = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES); + if (localRootPolicies == null || localReferencedPolicies == null) { + LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing property on PAP server: RootPolicies="+localRootPolicies+" ReferencedPolicies="+localReferencedPolicies); + return false; + } + // Compare the policies and pipconfig properties to the pdpProperties try { - String parameterDefault = request.getParameter("default"); - String pdpId = request.getParameter("pdpId"); - String pdpGroup = request.getParameter("getPDPGroup"); - if ("".equals(groupId)) { - // request IS from AC but does not identify a group by name - if (parameterDefault != null) { - // Request is for the Default group (whatever its id) - loggingContext.setServiceName("AC:PAP.getDefaultGroup"); - - EcompPDPGroup group = papEngine.getDefaultGroup(); - - // convert response object to JSON and include in the response - ObjectMapper mapper = new ObjectMapper(); - mapper.writeValue(response.getOutputStream(), group); - - if (logger.isDebugEnabled()) { - logger.debug("GET Default group req from '" + request.getRequestURL() + "'"); - } - response.setStatus(HttpServletResponse.SC_OK); - response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); - loggingContext.transactionEnded(); - auditLogger.info("Success"); - PolicyLogger.audit("Transaction Ended Successfully"); - return; - - } else if (pdpId != null) { - // Request is related to a PDP - if (pdpGroup == null) { - // Request is for the PDP itself - // Request is for the (unspecified) group containing a given PDP - loggingContext.setServiceName("AC:PAP.getPDP"); - EcompPDP pdp = papEngine.getPDP(pdpId); - - // convert response object to JSON and include in the response - ObjectMapper mapper = new ObjectMapper(); - mapper.writeValue(response.getOutputStream(), pdp); - - if (logger.isDebugEnabled()) { - logger.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'"); - } - response.setStatus(HttpServletResponse.SC_OK); - response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); - loggingContext.transactionEnded(); - auditLogger.info("Success"); - PolicyLogger.audit("Transaction Ended Successfully"); - return; - - } else { - // Request is for the group containing a given PDP - loggingContext.setServiceName("AC:PAP.getGroupForPDP"); - EcompPDP pdp = papEngine.getPDP(pdpId); - EcompPDPGroup group = papEngine.getPDPGroup((EcompPDP) pdp); - - // convert response object to JSON and include in the response - ObjectMapper mapper = new ObjectMapper(); - mapper.writeValue(response.getOutputStream(), group); - - if (logger.isDebugEnabled()) { - logger.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'"); - } - response.setStatus(HttpServletResponse.SC_OK); - response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); - loggingContext.transactionEnded(); - auditLogger.info("Success"); - PolicyLogger.audit("Transaction Ended Successfully"); - return; - } - - } else { - // request is for top-level properties about all groups - loggingContext.setServiceName("AC:PAP.getAllGroups"); - Set<EcompPDPGroup> groups = papEngine.getEcompPDPGroups(); - - // convert response object to JSON and include in the response - ObjectMapper mapper = new ObjectMapper(); - mapper.writeValue(response.getOutputStream(), groups); - - if (logger.isDebugEnabled()) { - logger.debug("GET All groups req"); - } - response.setStatus(HttpServletResponse.SC_OK); - response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); - loggingContext.transactionEnded(); - auditLogger.info("Success"); - PolicyLogger.audit("Transaction Ended Successfully"); - return; - } - } - - // for all other GET operations the group must exist before the operation can be done - EcompPDPGroup group = papEngine.getGroup(groupId); - if (group == null) { - String message = "Unknown groupId '" + groupId + "'"; - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_NOT_FOUND, message); - return; + // the policy properties includes only xacml.rootPolicies and + // xacml.referencedPolicies without any .url entries + Properties pdpPolicies = XACMLProperties.getPolicyProperties(pdpProperties, false); + Properties pdpPipConfig = XACMLProperties.getPipProperties(pdpProperties); + if (localRootPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_ROOTPOLICIES)) && + localReferencedPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)) && + pdpPipConfig.equals(pipconfig)) { + // The PDP is current + return true; } + } catch (Exception e) { + // we get here if the PDP did not include either xacml.rootPolicies or xacml.pip.engines, + // or if there are policies that do not have a corresponding ".url" property. + // Either of these cases means that the PDP is not up-to-date, so just drop-through to return false. + PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPapServlet", " PDP Error"); + } + return false; + } - - // Figure out which request this is based on the parameters - String policyId = request.getParameter("policyId"); - - if (policyId != null) { - // retrieve a policy - loggingContext.setServiceName("AC:PAP.getPolicy"); - // - // convert response object to JSON and include in the response - // - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented"); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - - response.sendError(HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented"); - - } else { - // No other parameters, so return the identified Group - loggingContext.setServiceName("AC:PAP.getGroup"); - - // convert response object to JSON and include in the response - ObjectMapper mapper = new ObjectMapper(); - mapper.writeValue(response.getOutputStream(), group); - - if (logger.isDebugEnabled()) { - logger.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'"); + private void populatePolicyURL(StringBuffer urlPath, Properties policies) { + String lists[] = new String[2]; + lists[0] = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES); + lists[1] = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES); + for (String list : lists) { + if (list != null && list.isEmpty() == false) { + for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(list)) { + String url = urlPath + "?id=" + id; + LOGGER.info("Policy URL for " + id + ": " + url); + policies.setProperty(id + ".url", url); } - response.setStatus(HttpServletResponse.SC_OK); - response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); - loggingContext.transactionEnded(); - auditLogger.info("Success"); - PolicyLogger.audit("Transaction Ended Successfully"); - return; } - - // - // Currently there are no other GET calls from the AC. - // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP. - // Other GETs that could be called: - // Specific Group (groupId=<groupId>) - // A Policy (groupId=<groupId> policyId=<policyId>) - // A PDP (groupId=<groupId> pdpId=<pdpId>) - - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED "); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - - response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED"); - } catch (PAPException e) { - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception"); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(500, e.getMessage()); - return; } + } + protected String getPDPID(HttpServletRequest request) { + String pdpURL = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_ID); + if (pdpURL == null || pdpURL.isEmpty()) { + // Should send back its port for identification + LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header"); + pdpURL = ""; + } + return pdpURL; } + protected String getPDPJMX(HttpServletRequest request) { + String pdpJMMX = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_JMX_PORT); + if (pdpJMMX == null || pdpJMMX.isEmpty()) { + // Should send back its port for identification + LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header for JMX Port so the value of 0 is assigned"); + return null; + } + return pdpJMMX; + } + /** - * Requests from the Admin Console for validating and creating policies + * Requests from the PolicyEngine API to update the PDP Group with pushed policy * * @param request * @param response * @param groupId - * @throws JsonMappingException - * @throws JsonParseException + * @param loggingContext * @throws ServletException * @throws IOException */ - private void doACPolicyPut(HttpServletRequest request, - HttpServletResponse response) throws JsonParseException, JsonMappingException, IOException { - - String operation = request.getParameter("operation"); - String policyType = request.getParameter("policyType"); - String apiflag = request.getParameter("apiflag"); - - if ( policyType != null ) { - PolicyRestAdapter policyAdapter = new PolicyRestAdapter(); - Policy newPolicy = null; - // get the request content into a String - String json = null; - // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) - java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); - scanner.useDelimiter("\\A"); - json = scanner.hasNext() ? scanner.next() : ""; - scanner.close(); - logger.info("JSON request from AC: " + json); - // convert Object sent as JSON into local object - ObjectMapper mapper = new ObjectMapper(); - Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class); - - StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON; - - //Set policyAdapter values including parentPath (Common to all policy types) - //Set values for policy adapter - try { - if (operation.equalsIgnoreCase("validate")) { - policyAdapter.setPolicyName(policy.getPolicyName()); - policyAdapter.setConfigType(policy.getConfigType()); - policyAdapter.setConfigBodyData(policy.getConfigBodyData()); - } else { - policyAdapter = setDataToPolicyAdapter(policy, policyType, apiflag); - } - } catch (Exception e1) { - logger.error("Exception occured While Setting Values for Policy Adapter"+e1); - } - // Calling Component class per policy type - if (policyType.equalsIgnoreCase("Config")) { - String configPolicyType = policy.getConfigPolicyType(); - if (configPolicyType != null && configPolicyType.equalsIgnoreCase("Firewall Config")) { - newPolicy = new FirewallConfigPolicy(policyAdapter); - } - else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("BRMS_Raw")) { - newPolicy = new CreateBrmsRawPolicy(policyAdapter); - }else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("BRMS_Param")) { - policyAdapter.setBrmsParamBody(policy.getDrlRuleAndUIParams()); - newPolicy = new CreateBrmsParamPolicy(policyAdapter); - } - else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("Base")) { - newPolicy = new ConfigPolicy(policyAdapter); - }else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("ClosedLoop_Fault")) { - newPolicy = new ClosedLoopPolicy(policyAdapter); - }else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("ClosedLoop_PM")) { - newPolicy = new CreateClosedLoopPerformanceMetrics(policyAdapter); - }else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("DCAE Micro Service")) { - newPolicy = new MicroServiceConfigPolicy(policyAdapter); - } - - } else if (policyType.equalsIgnoreCase("Action")) { - newPolicy = new ActionPolicy(policyAdapter); - } else if (policyType.equalsIgnoreCase("Decision")) { - newPolicy = new DecisionPolicy(policyAdapter); - } - - // Validation - if (operation != null && operation.equalsIgnoreCase("validate")) { - - // validate the body data if applicable and return a response to the PAP-ADMIN (Config Base only) - if (newPolicy.validateConfigForm()) { - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("isValidData", "true"); - } else { - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("isValidData", "false"); - } - - } - - // Create or Update Policy - if (operation != null && (operation.equalsIgnoreCase("create") || operation.equalsIgnoreCase("update"))) { - - // create the policy and return a response to the PAP-ADMIN - PolicyDBDaoTransaction policyDBDaoTransaction = policyDBDao.getNewTransaction(); - try { - Map<String, String> successMap; - newPolicy.prepareToSave(); - policyDBDaoTransaction.createPolicy(newPolicy, "doACPolicyPut"); - successMap = newPolicy.savePolicies(); - if (successMap.containsKey("success")) { - policyDBDaoTransaction.commitTransaction(); - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("successMapKey", "success"); - response.addHeader("finalPolicyPath", policyAdapter.getFinalPolicyPath()); - } else { - policyDBDaoTransaction.rollbackTransaction(); - response.setStatus(HttpServletResponse.SC_OK); - } - } catch (Exception e) { - policyDBDaoTransaction.rollbackTransaction(); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Could not save policy "); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - } - } - - } - - } - - private void doPolicyAPIPut(HttpServletRequest request, - HttpServletResponse response) throws IOException, ServletException { - String operation = request.getParameter("operation"); - String policyType = request.getParameter("policyType"); - String apiflag = request.getParameter("apiflag"); - - - if ( policyType != null ) { - PolicyRestAdapter policyAdapter = new PolicyRestAdapter(); - Policy newPolicy = null; - - // get the request content into a String + public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ECOMPLoggingContext loggingContext) throws IOException { + PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction(); + try { + // for PUT operations the group may or may not need to exist before the operation can be done + StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId); + // get the request input stream content into a String String json = null; - - // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); scanner.useDelimiter("\\A"); json = scanner.hasNext() ? scanner.next() : ""; scanner.close(); - logger.info("JSON request from API: " + json); - + PolicyLogger.info("JSON request from PolicyEngine API: " + json); // convert Object sent as JSON into local object - ObjectMapper mapper = new ObjectMapper(); - - Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class); - - StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON; - - //Set policyAdapter values including parentPath (Common to all policy types) - try { - policyAdapter = setDataToPolicyAdapter(policy, policyType, apiflag); - } catch (Exception e1) { - logger.error(XACMLErrorConstants.ERROR_UNKNOWN + - "Could not set data to policy adapter ",e1); + StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class); + Set<PDPPolicy> policies = new HashSet<PDPPolicy>(); + if(policy!=null){ + policies.add(policy); } - - // Calling Component class per policy type - if (policyType.equalsIgnoreCase("Config")) { - String configPolicyType = policy.getConfigPolicyType(); - if (configPolicyType != null && configPolicyType.equalsIgnoreCase("Firewall Config")) { - - newPolicy = new FirewallConfigPolicy(policyAdapter); - - } - else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("BRMS_Raw")) { - - newPolicy = new CreateBrmsRawPolicy(policyAdapter); - - }else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("BRMS_Param")) { - - policyAdapter.setBrmsParamBody(policy.getDrlRuleAndUIParams()); - //check for valid actionAttributes - //Setup EntityManager to communicate with the PolicyVersion table of the DB - EntityManager em = null; - em = (EntityManager) emf.createEntityManager(); - - Map<String,String> ruleAndUIValue=policyAdapter.getBrmsParamBody(); - String modelName= ruleAndUIValue.get("templateName"); - logger.info("Template name from API is: "+modelName); - - Query getModel = em.createNamedQuery("BRMSParamTemplate.findAll"); - List<?> modelList = getModel.getResultList(); - Boolean isValidService = false; - for (Object id : modelList) { - BRMSParamTemplate value = (BRMSParamTemplate)id; - logger.info("Template value from dictionary is: "+value); - if (modelName.equals(value.getRuleName())) { - isValidService = true; - break; - } - } - - em.close(); - - if (isValidService) { - newPolicy = new CreateBrmsParamPolicy(policyAdapter); - } else { - logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Template. The template name, " - + modelName - + " was not found in the dictionary."); - response.addHeader("error", "missingTemplate"); - response.addHeader("modelName", modelName); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - return; - } - } - else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("Base")) { - - newPolicy = new ConfigPolicy(policyAdapter); - - }else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("ClosedLoop_Fault")) { - - newPolicy = new ClosedLoopPolicy(policyAdapter); - - }else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("ClosedLoop_PM")) { - - newPolicy = new CreateClosedLoopPerformanceMetrics(policyAdapter); - - }else if (configPolicyType != null && configPolicyType.equalsIgnoreCase("DCAE Micro Service")) { - - //check for valid actionAttributes - //Setup EntityManager to communicate with the PolicyVersion table of the DB - EntityManager em = null; - em = (EntityManager) emf.createEntityManager(); - - String modelName = policy.getServiceType(); - String modelVersion = policy.getVersion(); - - Query getModel = em.createNamedQuery("MicroServiceModels.findAll"); - List<?> modelList = getModel.getResultList(); - Boolean isValidService = false; - for (Object id : modelList) { - MicroServiceModels value = (MicroServiceModels)id; - if (modelName.equals(value.getModelName()) && modelVersion.equals(value.getVersion())) { - isValidService = true; - break; - } - } - - em.close(); - - if (isValidService) { - newPolicy = new MicroServiceConfigPolicy(policyAdapter); - } else { - logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Service or Version. The Service Model, " - + modelName + " of version " + modelVersion - + " was not found in the dictionary."); - response.addHeader("error", "serviceModelDB"); - response.addHeader("modelName", modelName); - response.addHeader("modelVersion", modelVersion); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - return; - } - - } - - } else if (policyType.equalsIgnoreCase("Action")) { - - //check for valid actionAttributes - //Setup EntityManager to communicate with the PolicyVersion table of the DB - EntityManager em = null; - em = (EntityManager) emf.createEntityManager(); - - String attributeName = policy.getActionAttribute(); - - Query getActionAttributes = em.createNamedQuery("ActionPolicyDict.findAll"); - List<?> actionAttributesList = getActionAttributes.getResultList(); - Boolean isAttribute = false; - for (Object id : actionAttributesList) { - ActionPolicyDict value = (ActionPolicyDict)id; - if (attributeName.equals(value.getAttributeName())) { - isAttribute = true; + //Get the current policies from the Group and Add the new one + Set<PDPPolicy> currentPoliciesInGroup = new HashSet<PDPPolicy>(); + currentPoliciesInGroup = group.getPolicies(); + //If the selected policy is in the group we must remove it because the name is default + Iterator<PDPPolicy> policyIterator = policies.iterator(); + LOGGER.debug("policyIterator....." + policies); + while (policyIterator.hasNext()) { + PDPPolicy selPolicy = policyIterator.next(); + for (PDPPolicy existingPolicy : currentPoliciesInGroup) { + if (existingPolicy.getId().equals(selPolicy.getId())) { + group.removePolicyFromGroup(existingPolicy); + LOGGER.debug("Removing policy: " + existingPolicy); break; } } - - em.close(); - - if (isAttribute) { - newPolicy = new ActionPolicy(policyAdapter); - } else { - logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Could not fine " + attributeName + " in the ActionPolicyDict table."); - response.addHeader("error", "actionPolicyDB"); - response.addHeader("actionAttribute", attributeName); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - return; - } - - } else if (policyType.equalsIgnoreCase("Decision")) { - - newPolicy = new DecisionPolicy(policyAdapter); - } - - // Create or Update Policy - if (operation != null && (operation.equalsIgnoreCase("create") || operation.equalsIgnoreCase("update"))) { - - // create the policy and return a response to the PAP-ADMIN - if (newPolicy.validateConfigForm()) { - PolicyDBDaoTransaction policyDBDaoTransaction = policyDBDao.getNewTransaction(); - try { - - // added check for existing policy when new policy is created to - // unique API error for "policy already exists" - Boolean isNewPolicy = newPolicy.prepareToSave(); - if(isNewPolicy){ - policyDBDaoTransaction.createPolicy(newPolicy, "doPolicyAPIPut"); - } - Map<String, String> successMap = newPolicy.savePolicies(); - if (successMap.containsKey("success")) { - - EntityManager apiEm = null; - apiEm = (EntityManager) emf.createEntityManager(); - // - // Did it get created? - // - if (apiEm == null) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager with persistence unit: " + PERSISTENCE_UNIT); - ServletException e = new ServletException("Unable to create Entity Manager Factory"); - e.printStackTrace(); - throw e; - } - - String finalPath = policyAdapter.getFinalPolicyPath(); - // - //Check the database entry if a scope is available in PolicyEditorScope table or not. - //If not exists create a new entry. - // - String dirName = finalPath.toString().substring(finalPath.toString().indexOf("repository")+11, finalPath.toString().lastIndexOf(File.separator)); - apiEm.getTransaction().begin(); - Query query = apiEm.createQuery("Select p from PolicyEditorScopes p where p.scopeName=:sname"); - query.setParameter("sname", dirName); - - @SuppressWarnings("rawtypes") - List result = query.getResultList(); - if(result.isEmpty()){ - PolicyEditorScopes scopeEntity = new PolicyEditorScopes(); - scopeEntity.setScopeName(dirName); - UserInfo user = new UserInfo(); - user.setUserLoginId("API"); - user.setUserName("API"); - scopeEntity.setUserCreatedBy(user); - scopeEntity.setUserModifiedBy(user); - try{ - apiEm.persist(scopeEntity); - apiEm.getTransaction().commit(); - }catch(Exception e){ - PolicyLogger.error("Exception Occured while inserting a new Entry to PolicyEditorScopes table"+e); - apiEm.getTransaction().rollback(); - }finally{ - apiEm.close(); - } - }else{ - PolicyLogger.info("Scope Already Exists in PolicyEditorScopes table, Hence Closing the Transaction"); - apiEm.close(); - } - - policyDBDaoTransaction.commitTransaction(); - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("successMapKey", "success"); - response.addHeader("policyName", policyAdapter.getPolicyName()); - - if (operation.equalsIgnoreCase("update")) { - response.addHeader("operation", "update"); - } else { - response.addHeader("operation", "create"); - } - } else if (successMap.containsKey("EXISTS")) { - policyDBDaoTransaction.rollbackTransaction(); - response.setStatus(HttpServletResponse.SC_CONFLICT); - response.addHeader("error", "policyExists"); - response.addHeader("policyName", policyAdapter.getPolicyName()); - } else if (successMap.containsKey("fwdberror")) { - policyDBDaoTransaction.rollbackTransaction(); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - response.addHeader("error", "FWDBError"); - response.addHeader("policyName", policyAdapter.getPolicyName()); - }else { - policyDBDaoTransaction.rollbackTransaction(); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.addHeader("error", "error"); - } - } catch (Exception e) { - policyDBDaoTransaction.rollbackTransaction(); - String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + - "Could not save policy " + e; - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Could not save policy"); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - response.addHeader("error", "savePolicy"); - response.addHeader("message", message); - } + //Update the PDP Group after removing old version of policy + Set<PDPPolicy> updatedPoliciesInGroup = new HashSet<PDPPolicy>(); + updatedPoliciesInGroup = group.getPolicies(); + //need to remove the policy with default name from group + for (PDPPolicy updatedPolicy : currentPoliciesInGroup) { + if (updatedPolicy.getName().equalsIgnoreCase("default")) { + group.removePolicyFromGroup(updatedPolicy); + break; } } - } - } - - private PolicyRestAdapter setDataToPolicyAdapter(StdPAPPolicy policy, String policyType, String apiflag) throws Exception { - PolicyRestAdapter policyAdapter = new PolicyRestAdapter(); - int highestVersion = 0; - - if (policy.getHighestVersion()!=null) { - highestVersion = policy.getHighestVersion(); - } - - EntityManager apiEm = null; - apiEm = (EntityManager) emf.createEntityManager(); - - // - // Did it get created? - // - if (apiEm == null) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + - " Error creating entity manager with persistence unit: " - + PERSISTENCE_UNIT); - throw new ServletException("Unable to create Entity Manager Factory"); - } - - Path workspacePath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WORKSPACE), "admin"); - Path repositoryPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_REPOSITORY)); - Path gitPath = Paths.get(workspacePath.toString(), repositoryPath.getFileName().toString()); - - /* - * Getting and Setting the parent path for Admin Console use when reading the policy files - */ - //domain chosen by the client to store the policy action files - String domain = policy.getDomainDir(); - - //adding the domain to the gitPath - Path path; - String gitPathString = gitPath.toString(); - - if (gitPathString.contains("\\")) { - path = Paths.get(gitPath + "\\" + policy.getDomainDir()); - } else { - path = Paths.get(gitPath + "/" + policy.getDomainDir()); - - } - logger.debug("path is: " + path.toString()); - - //getting the fullpath of the gitPath and convert to string - String policyDir = path.toAbsolutePath().toString(); - String parentPath = null; - - //creating the parentPath directory for the Admin Console use - File file; - if(policyDir.contains("\\")) - { - parentPath = policyDir.replace("ECOMP-PAP-REST", "ecomp-sdk-app"); - file = new File(parentPath); - } - else - { - parentPath = policyDir.replace("pap", "console"); - file = new File(parentPath); - - } - - //Get the policy file from the git repository - String filePrefix = null; - if (policyType.equalsIgnoreCase("Config")) { - if (policy.getConfigPolicyType().equalsIgnoreCase("Firewall Config")) { - filePrefix = "Config_FW_"; - }else if (policy.getConfigPolicyType().equalsIgnoreCase("ClosedLoop_Fault")) { - filePrefix = "Config_Fault_"; - }else if (policy.getConfigPolicyType().equalsIgnoreCase("ClosedLoop_PM")) { - filePrefix = "Config_PM_"; - }else if (policy.getConfigPolicyType().equalsIgnoreCase("DCAE Micro Service")) { - filePrefix = "Config_MS_"; - } else if (policy.getConfigPolicyType().equalsIgnoreCase("BRMS_Raw")) { - filePrefix = "Config_BRMS_Raw_"; - } else if (policy.getConfigPolicyType().equalsIgnoreCase("BRMS_Param")) { - filePrefix = "Config_BRMS_Param_"; - } - else { - filePrefix = "Config_"; - } - } else if (policyType.equalsIgnoreCase("Action")) { - filePrefix = "Action_"; - } else if (policyType.equalsIgnoreCase("Decision")) { - filePrefix = "Decision_"; - } - - - String pvName = domain + File.separator + filePrefix + policy.getPolicyName(); - - //create the directory if it does not exist - Boolean fileDir=true; - if (!file.exists()){ - fileDir = new File(parentPath).mkdirs(); - } - - //set the parent path in the policy adapter - if (!fileDir){ - logger.debug("Unable to create the policy directory"); - } - - logger.debug("ParentPath is: " + parentPath.toString()); - policyAdapter.setParentPath(parentPath.toString()); - policyAdapter.setApiflag(apiflag); - - if (policy.isEditPolicy()) { - - if(apiflag.equalsIgnoreCase("api")) { - - //Get the Highest Version to Update - apiEm.getTransaction().begin(); - Query query = apiEm.createQuery("Select p from PolicyVersion p where p.policyName=:pname"); - query.setParameter("pname", pvName); - - @SuppressWarnings("rawtypes") - List result = query.getResultList(); - PolicyVersion versionEntity = null; - if (!result.isEmpty()) { - versionEntity = (PolicyVersion) result.get(0); - apiEm.persist(versionEntity); - highestVersion = versionEntity.getHigherVersion(); - int activeVersion = versionEntity.getActiveVersion(); - - Calendar calendar = Calendar.getInstance(); - Timestamp modifyDate = new Timestamp(calendar.getTime().getTime()); - - //update table with highestVersion - try{ - versionEntity.setHigherVersion(highestVersion+1); - versionEntity.setActiveVersion(activeVersion+1); - versionEntity.setCreatedBy("API"); - versionEntity.setModifiedBy("API"); - versionEntity.setModifiedDate(modifyDate); - - apiEm.getTransaction().commit(); - - }catch(Exception e){ - apiEm.getTransaction().rollback(); - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR"); - } finally { - apiEm.close(); - } - } else { - logger.debug("\nNo PolicyVersion using policyName found"); - } - + if(updatedPoliciesInGroup!=null){ + policies.addAll(updatedPoliciesInGroup); } - - File policyFile = null; - if(policy.getOldPolicyFileName() != null && policy.getOldPolicyFileName().endsWith("Draft.1")) { - policyFile = new File(parentPath.toString() + File.separator + policy.getOldPolicyFileName() + ".xml"); - } else { - policyFile = new File(parentPath.toString() + File.separator + filePrefix + policy.getPolicyName() +"."+(highestVersion)+ ".xml"); + group.setPolicies(policies); + // Assume that this is an update of an existing PDP Group + loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup"); + try{ + acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut"); + } catch(Exception e){ + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: " + +"group="+group.getId()); + throw new PAPException(e.getMessage()); } - - if (policyFile.exists()) { - DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); - DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); - Document doc = dBuilder.parse(policyFile); - - doc.getDocumentElement().normalize(); - - String version = doc.getDocumentElement().getAttribute("Version"); - - NodeList rList = doc.getElementsByTagName("Rule"); - Node rNode = rList.item(0); - Element rElement = (Element) rNode; - - String ruleID = null; - if (rNode!=null){ - ruleID = rElement.getAttribute("RuleId"); - } else { - ruleID = newRuleID(); - } - - policyAdapter.setPolicyID(newPolicyID()); - policyAdapter.setRuleID(ruleID); - policyAdapter.setVersion(version); - - } else { - PolicyLogger.error(MessageCodes.ERROR_UNKNOWN + " The policy file at the path " + policyFile + " does not exist."); + papEngine.updateGroup(group); + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + response.addHeader("operation", "push"); + response.addHeader("policyId", policy.getId()); + response.addHeader("groupId", groupId); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Group '" + group.getId() + "' updated"); } + acPutTransaction.commitTransaction(); + notifyAC(); + // Group changed, which might include changing the policies + groupChanged(group); + loggingContext.transactionEnded(); + auditLogger.info("Success"); - } else { - - highestVersion = 1; - if (apiflag.equalsIgnoreCase("api")) { - Calendar calendar = Calendar.getInstance(); - Timestamp createdDate = new Timestamp(calendar.getTime().getTime()); - - apiEm.getTransaction().begin(); - Query query = apiEm.createQuery("Select p from PolicyVersion p where p.policyName=:pname"); - query.setParameter("pname", pvName); - - @SuppressWarnings("rawtypes") - List result = query.getResultList(); - - if (result.isEmpty()) { - - try{ - PolicyVersion versionEntity = new PolicyVersion(); - apiEm.persist(versionEntity); - versionEntity.setPolicyName(pvName); - versionEntity.setHigherVersion(highestVersion); - versionEntity.setActiveVersion(highestVersion); - versionEntity.setCreatedBy("API"); - versionEntity.setModifiedBy("API"); - versionEntity.setCreatedDate(createdDate); - versionEntity.setModifiedDate(createdDate); - - apiEm.getTransaction().commit(); - - }catch(Exception e){ - apiEm.getTransaction().rollback(); - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR"); - } finally { - apiEm.close(); - } + if ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param"))) { + PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance(); + if (pushPolicyHandler.preSafetyCheck(policy, CONFIG_HOME)) { + LOGGER.debug("Precheck Successful."); } } - policyAdapter.setPolicyID(newPolicyID()); - policyAdapter.setRuleID(newRuleID()); - + PolicyLogger.audit("Transaction Ended Successfully"); + return; + } catch (PAPException e) { + acPutTransaction.rollbackTransaction(); + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP."; + response.sendError(500, e.getMessage()); + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error","addGroupError"); + response.addHeader("message", message); + return; } - - /* - * set policy adapter values for Building JSON object containing policy data - */ - //Common among policy types - policyAdapter.setPolicyName(policy.getPolicyName()); - policyAdapter.setPolicyDescription(policy.getPolicyDescription()); - policyAdapter.setEcompName(policy.getEcompName()); //Config Base and Decision Policies - policyAdapter.setHighestVersion(highestVersion); - policyAdapter.setRuleCombiningAlgId("urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides"); - policyAdapter.setUserGitPath(gitPath.toString()); - policyAdapter.setPolicyType(policyType); - policyAdapter.setDynamicFieldConfigAttributes(policy.getDynamicFieldConfigAttributes()); - policyAdapter.setEditPolicy(policy.isEditPolicy()); - policyAdapter.setEntityManagerFactory(getEmf()); - - - //Config Specific - policyAdapter.setConfigName(policy.getConfigName()); //Base and Firewall - policyAdapter.setConfigBodyData(policy.getConfigBodyData()); //Base - policyAdapter.setConfigType(policy.getConfigType()); //Base - policyAdapter.setJsonBody(policy.getJsonBody()); //Firewall, ClosedLoop, and GoC - policyAdapter.setConfigPolicyType(policy.getConfigPolicyType()); - policyAdapter.setDraft(policy.isDraft()); //ClosedLoop_Fault - policyAdapter.setServiceType(policy.getServiceType()); //ClosedLoop_PM - policyAdapter.setUuid(policy.getUuid()); //Micro Service - policyAdapter.setLocation(policy.getMsLocation()); //Micro Service - policyAdapter.setPriority(policy.getPriority()); //Micro Service - policyAdapter.setPolicyScope(policy.getDomainDir()); - policyAdapter.setRiskType(policy.getRiskType()); //Safe Policy Attributes - policyAdapter.setRiskLevel(policy.getRiskLevel());//Safe Policy Attributes - policyAdapter.setGuard(policy.getGuard());//Safe Policy Attributes - policyAdapter.setTtlDate(policy.getTTLDate());//Safe Policy Attributes - - //Action Policy Specific - policyAdapter.setActionAttribute(policy.getActionAttribute()); //comboDictValue - policyAdapter.setActionPerformer(policy.getActionPerformer()); - policyAdapter.setDynamicRuleAlgorithmLabels(policy.getDynamicRuleAlgorithmLabels()); - policyAdapter.setDynamicRuleAlgorithmCombo(policy.getDynamicRuleAlgorithmCombo()); - policyAdapter.setDynamicRuleAlgorithmField1(policy.getDynamicRuleAlgorithmField1()); - policyAdapter.setDynamicRuleAlgorithmField2(policy.getDynamicRuleAlgorithmField2()); - - //Decision Policy Specific - policyAdapter.setDynamicSettingsMap(policy.getDynamicSettingsMap()); - policyAdapter.setProviderComboBox(policy.getProviderComboBox()); - - return policyAdapter; } - public String newPolicyID() { - return Joiner.on(':').skipNulls().join((XACMLPapServlet.getDomain().startsWith("urn") ? null : "urn"), - XACMLPapServlet.getDomain().replaceAll("[/\\\\.]", ":"), - "xacml", "policy", "id", UUID.randomUUID()); - } - - public String newRuleID() { - return Joiner.on(':').skipNulls().join((XACMLPapServlet.getDomain().startsWith("urn") ? null : "urn"), - XACMLPapServlet.getDomain().replaceAll("[/\\\\.]", ":"), - "xacml", "rule", "id", UUID.randomUUID()); - } - - public static String getDomain() { - return XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DOMAIN, "urn"); - } - - /** * Requests from the Admin Console for operations not on single specific objects * @@ -2958,16 +1368,13 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList */ private void doACPost(HttpServletRequest request, HttpServletResponse response, String groupId, ECOMPLoggingContext loggingContext) throws ServletException, IOException { PolicyDBDaoTransaction doACPostTransaction = null; - try { String groupName = request.getParameter("groupName"); String groupDescription = request.getParameter("groupDescription"); String apiflag = request.getParameter("apiflag"); - if (groupName != null && groupDescription != null) { // Args: group=<groupId> groupName=<name> groupDescription=<description> <= create a new group loggingContext.setServiceName("AC:PAP.createGroup"); - String unescapedName = URLDecoder.decode(groupName, "UTF-8"); String unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8"); PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction(); @@ -2979,14 +1386,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList newGroupTransaction.rollbackTransaction(); PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group"); loggingContext.transactionEnded(); - + PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(500, "Unable to create new group '" + groupId + "'"); return; } response.setStatus(HttpServletResponse.SC_NO_CONTENT); - if (logger.isDebugEnabled()) { - logger.debug("New Group '" + groupId + "' created"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("New Group '" + groupId + "' created"); } // tell the Admin Consoles there is a change notifyAC(); @@ -2997,14 +1404,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Ended Successfully"); return; } - // for all remaining POST operations the group must exist before the operation can be done EcompPDPGroup group = papEngine.getGroup(groupId); if (group == null) { String message = "Unknown groupId '" + groupId + "'"; PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); if (apiflag!=null){ response.addHeader("error", "unknownGroupId"); @@ -3016,7 +1421,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } return; } - // determine the operation needed based on the parameters in the request if (request.getParameter("policyId") != null) { // Args: group=<groupId> policy=<policyId> <= copy file @@ -3026,11 +1430,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else { loggingContext.setServiceName("AC:PAP.postPolicy"); } - String policyId = request.getParameter("policyId"); PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction(); try { InputStream is = null; + File temp= null; if (apiflag != null){ // get the request content into a String if the request is from API String json = null; @@ -3039,33 +1443,38 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList scanner.useDelimiter("\\A"); json = scanner.hasNext() ? scanner.next() : ""; scanner.close(); - logger.info("JSON request from API: " + json); - + LOGGER.info("JSON request from API: " + json); // convert Object sent as JSON into local object ObjectMapper mapper = new ObjectMapper(); - Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class); - StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON; - - is = new FileInputStream(new File(policy.getLocation())); + temp = new File(policy.getLocation()); + is = new FileInputStream(temp); } else { is = request.getInputStream(); - } - addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost"); - ((StdPDPGroup) group).copyPolicyToFile(policyId, is); + if (apiflag != null){ + ((StdPDPGroup) group).copyPolicyToFile(policyId,"API", is); + } else { + String name = null; + if (policyId.endsWith(".xml")) { + name = policyId.replace(".xml", ""); + name = name.substring(0, name.lastIndexOf(".")); + } + ((StdPDPGroup) group).copyPolicyToFile(policyId, name, is); + } + if(is!=null && temp!=null){ + is.close(); + temp.delete(); + } addPolicyToGroupTransaction.commitTransaction(); - } catch (Exception e) { addPolicyToGroupTransaction.rollbackTransaction(); String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e; PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - if (apiflag!=null){ response.addHeader("error", "policyCopyError"); response.addHeader("message", message); @@ -3075,26 +1484,22 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } return; } - // policy file copied ok and the Group was updated on the PDP response.setStatus(HttpServletResponse.SC_NO_CONTENT); response.addHeader("operation", "push"); response.addHeader("policyId", policyId); response.addHeader("groupId", groupId); - if (logger.isDebugEnabled()) { - logger.debug("policy '" + policyId + "' copied to directory for group '" + groupId + "'"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("policy '" + policyId + "' copied to directory for group '" + groupId + "'"); } - loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); return; - } else if (request.getParameter("default") != null) { // Args: group=<groupId> default=true <= make default // change the current default group to be the one identified in the request. loggingContext.setServiceName("AC:PAP.setDefaultGroup"); - // // This is a POST operation rather than a PUT "update group" because of the side-effect that the current default group is also changed. // It should never be the case that multiple groups are currently marked as the default, but protect against that anyway. PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction(); @@ -3106,15 +1511,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList setDefaultGroupTransaction.rollbackTransaction(); PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group"); loggingContext.transactionEnded(); - + PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(500, "Unable to set group '" + groupId + "' to default"); return; } - response.setStatus(HttpServletResponse.SC_NO_CONTENT); - if (logger.isDebugEnabled()) { - logger.debug("Group '" + groupId + "' set to be default"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Group '" + groupId + "' set to be default"); } // Notify the Admin Consoles that something changed // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that @@ -3125,15 +1529,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); return; - } else if (request.getParameter("pdpId") != null) { doACPostTransaction = policyDBDao.getNewTransaction(); // Args: group=<groupId> pdpId=<pdpId> <= move PDP to group loggingContext.setServiceName("AC:PAP.movePDP"); - String pdpId = request.getParameter("pdpId"); EcompPDP pdp = papEngine.getPDP(pdpId); - EcompPDPGroup originalGroup = papEngine.getPDPGroup((EcompPDP) pdp); try{ doACPostTransaction.movePdp(pdp, group, "XACMLPapServlet.doACPost"); @@ -3144,16 +1545,13 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList throw new PAPException(e.getMessage()); } papEngine.movePDP((EcompPDP) pdp, group); - response.setStatus(HttpServletResponse.SC_NO_CONTENT); - if (logger.isDebugEnabled()) { - logger.debug("PDP '" + pdp.getId() +"' moved to group '" + group.getId() + "' set to be default"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("PDP '" + pdp.getId() +"' moved to group '" + group.getId() + "' set to be default"); } - // update the status of both the original group and the new one ((StdPDPGroup)originalGroup).resetStatus(); ((StdPDPGroup)group).resetStatus(); - // Notify the Admin Consoles that something changed // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that notifyAC(); @@ -3164,8 +1562,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); return; - - } } catch (PAPException e) { if(doACPostTransaction != null){ @@ -3173,7 +1569,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(500, e.getMessage()); return; @@ -3181,6 +1576,154 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } /** + * Requests from the Admin Console to GET info about the Groups and PDPs + * + * @param request + * @param response + * @param groupId + * @param loggingContext + * @throws ServletException + * @throws IOException + */ + private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ECOMPLoggingContext loggingContext) throws ServletException, IOException { + try { + String parameterDefault = request.getParameter("default"); + String pdpId = request.getParameter("pdpId"); + String pdpGroup = request.getParameter("getPDPGroup"); + if ("".equals(groupId)) { + // request IS from AC but does not identify a group by name + if (parameterDefault != null) { + // Request is for the Default group (whatever its id) + loggingContext.setServiceName("AC:PAP.getDefaultGroup"); + EcompPDPGroup group = papEngine.getDefaultGroup(); + // convert response object to JSON and include in the response + ObjectMapper mapper = new ObjectMapper(); + mapper.writeValue(response.getOutputStream(), group); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'"); + } + response.setStatus(HttpServletResponse.SC_OK); + response.setHeader("content-type", "application/json"); + response.getOutputStream().close(); + loggingContext.transactionEnded(); + auditLogger.info("Success"); + PolicyLogger.audit("Transaction Ended Successfully"); + return; + } else if (pdpId != null) { + // Request is related to a PDP + if (pdpGroup == null) { + // Request is for the (unspecified) group containing a given PDP + loggingContext.setServiceName("AC:PAP.getPDP"); + EcompPDP pdp = papEngine.getPDP(pdpId); + // convert response object to JSON and include in the response + ObjectMapper mapper = new ObjectMapper(); + mapper.writeValue(response.getOutputStream(), pdp); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'"); + } + response.setStatus(HttpServletResponse.SC_OK); + response.setHeader("content-type", "application/json"); + response.getOutputStream().close(); + loggingContext.transactionEnded(); + auditLogger.info("Success"); + PolicyLogger.audit("Transaction Ended Successfully"); + return; + } else { + // Request is for the group containing a given PDP + loggingContext.setServiceName("AC:PAP.getGroupForPDP"); + EcompPDP pdp = papEngine.getPDP(pdpId); + EcompPDPGroup group = papEngine.getPDPGroup((EcompPDP) pdp); + // convert response object to JSON and include in the response + ObjectMapper mapper = new ObjectMapper(); + mapper.writeValue(response.getOutputStream(), group); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'"); + } + response.setStatus(HttpServletResponse.SC_OK); + response.setHeader("content-type", "application/json"); + response.getOutputStream().close(); + loggingContext.transactionEnded(); + auditLogger.info("Success"); + PolicyLogger.audit("Transaction Ended Successfully"); + return; + } + } else { + // request is for top-level properties about all groups + loggingContext.setServiceName("AC:PAP.getAllGroups"); + Set<EcompPDPGroup> groups = papEngine.getEcompPDPGroups(); + // convert response object to JSON and include in the response + ObjectMapper mapper = new ObjectMapper(); + mapper.writeValue(response.getOutputStream(), groups); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("GET All groups req"); + } + response.setStatus(HttpServletResponse.SC_OK); + response.setHeader("content-type", "application/json"); + response.getOutputStream().close(); + loggingContext.transactionEnded(); + auditLogger.info("Success"); + PolicyLogger.audit("Transaction Ended Successfully"); + return; + } + } + // for all other GET operations the group must exist before the operation can be done + EcompPDPGroup group = papEngine.getGroup(groupId); + if (group == null) { + String message = "Unknown groupId '" + groupId + "'"; + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); + loggingContext.transactionEnded(); + + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_NOT_FOUND, message); + return; + } + // Figure out which request this is based on the parameters + String policyId = request.getParameter("policyId"); + if (policyId != null) { + // retrieve a policy + loggingContext.setServiceName("AC:PAP.getPolicy"); + // convert response object to JSON and include in the response + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented"); + } else { + // No other parameters, so return the identified Group + loggingContext.setServiceName("AC:PAP.getGroup"); + // convert response object to JSON and include in the response + ObjectMapper mapper = new ObjectMapper(); + mapper.writeValue(response.getOutputStream(), group); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'"); + } + response.setStatus(HttpServletResponse.SC_OK); + response.setHeader("content-type", "application/json"); + response.getOutputStream().close(); + loggingContext.transactionEnded(); + auditLogger.info("Success"); + PolicyLogger.audit("Transaction Ended Successfully"); + return; + } + // Currently there are no other GET calls from the AC. + // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP. + // Other GETs that could be called: + // Specific Group (groupId=<groupId>) + // A Policy (groupId=<groupId> policyId=<policyId>) + // A PDP (groupId=<groupId> pdpId=<pdpId>) + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED "); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED"); + } catch (PAPException e) { + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(500, e.getMessage()); + return; + } + } + + /** * Requests from the Admin Console to create new items or update existing ones * * @param request @@ -3193,19 +1736,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ECOMPLoggingContext loggingContext) throws ServletException, IOException { PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction(); try { - - // for PUT operations the group may or may not need to exist before the operation can be done EcompPDPGroup group = papEngine.getGroup(groupId); - // determine the operation needed based on the parameters in the request - // for remaining operations the group must exist before the operation can be done if (group == null) { String message = "Unknown groupId '" + groupId + "'"; PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_NOT_FOUND, message); return; @@ -3222,14 +1760,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } else if (request.getParameter("pdpId") != null) { // ARGS: group=<groupId> pdpId=<pdpId/URL> <= create a new PDP or Update an Existing one - String pdpId = request.getParameter("pdpId"); if (papEngine.getPDP(pdpId) == null) { loggingContext.setServiceName("AC:PAP.createPDP"); } else { loggingContext.setServiceName("AC:PAP.updatePDP"); } - // get the request content into a String String json = null; // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) @@ -3237,13 +1773,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList scanner.useDelimiter("\\A"); json = scanner.hasNext() ? scanner.next() : ""; scanner.close(); - logger.info("JSON request from AC: " + json); - + LOGGER.info("JSON request from AC: " + json); // convert Object sent as JSON into local object ObjectMapper mapper = new ObjectMapper(); - Object objectFromJSON = mapper.readValue(json, StdPDP.class); - if (pdpId == null || objectFromJSON == null || ! (objectFromJSON instanceof StdPDP) || @@ -3251,12 +1784,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList ! ((StdPDP)objectFromJSON).getId().equals(pdpId)) { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(500, "Bad input, pdpid="+pdpId+" object="+objectFromJSON); } StdPDP pdp = (StdPDP) objectFromJSON; - if (papEngine.getPDP(pdpId) == null) { // this is a request to create a new PDP object try{ @@ -3278,15 +1809,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // this is a request to update the pdp papEngine.updatePDP(pdp); } - response.setStatus(HttpServletResponse.SC_NO_CONTENT); - if (logger.isDebugEnabled()) { - logger.debug("PDP '" + pdpId + "' created/updated"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("PDP '" + pdpId + "' created/updated"); } - // adjust the group's state including the new PDP ((StdPDPGroup)group).resetStatus(); - // tell the Admin Consoles there is a change notifyAC(); // this might affect the PDP, so notify it of the change @@ -3301,7 +1829,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList loggingContext.setServiceName("AC:PAP.putPIP"); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED"); return; @@ -3309,7 +1836,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // Assume that this is an update of an existing PDP Group // ARGS: group=<groupId> <= Update an Existing Group loggingContext.setServiceName("AC:PAP.updateGroup"); - // get the request content into a String String json = null; // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) @@ -3317,28 +1843,21 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList scanner.useDelimiter("\\A"); json = scanner.hasNext() ? scanner.next() : ""; scanner.close(); - logger.info("JSON request from AC: " + json); - + LOGGER.info("JSON request from AC: " + json); // convert Object sent as JSON into local object ObjectMapper mapper = new ObjectMapper(); - Object objectFromJSON = mapper.readValue(json, StdPDPGroup.class); - - if (objectFromJSON == null || - ! (objectFromJSON instanceof StdPDPGroup) || + if (objectFromJSON == null || ! (objectFromJSON instanceof StdPDPGroup) || ! ((StdPDPGroup)objectFromJSON).getId().equals(group.getId())) { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(500, "Bad input, id="+group.getId() +" object="+objectFromJSON); } - // The Path on the PAP side is not carried on the RESTful interface with the AC // (because it is local to the PAP) // so we need to fill that in before submitting the group for update ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory()); - try{ acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut"); } catch(Exception e){ @@ -3346,19 +1865,24 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList +"group="+group.getId()); throw new PAPException(e.getMessage()); } - papEngine.updateGroup((StdPDPGroup)objectFromJSON); - + + PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance(); + EcompPDPGroup updatedGroup = (StdPDPGroup)objectFromJSON; + if (pushPolicyHandler.preSafetyCheck(updatedGroup, CONFIG_HOME)) { + LOGGER.debug("Precheck Successful."); + } + + papEngine.updateGroup((StdPDPGroup)objectFromJSON); response.setStatus(HttpServletResponse.SC_NO_CONTENT); - if (logger.isDebugEnabled()) { - logger.debug("Group '" + group.getId() + "' updated"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Group '" + group.getId() + "' updated"); } acPutTransaction.commitTransaction(); // tell the Admin Consoles there is a change notifyAC(); // Group changed, which might include changing the policies groupChanged(group); - loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -3368,13 +1892,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList acPutTransaction.rollbackTransaction(); PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(500, e.getMessage()); return; } } - + /** * Requests from the Admin Console to delete/remove items * @@ -3386,8 +1909,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList * @throws IOException */ private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ECOMPLoggingContext loggingContext) throws ServletException, IOException { - - //This is temporary code to allow deletes to propagate to the database since delete is not implemented + //This code is to allow deletes to propagate to the database since delete is not implemented String isDeleteNotify = request.getParameter("isDeleteNotify"); if(isDeleteNotify != null){ String policyToDelete = request.getParameter("policyToDelete"); @@ -3420,21 +1942,16 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList String message = "Unknown groupId '" + groupId + "'"; PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'"); return; } - - // determine the operation needed based on the parameters in the request if (request.getParameter("policy") != null) { // group=<groupId> policy=<policyId> [delete=<true|false>] <= delete policy file from group loggingContext.setServiceName("AC:PAP.deletePolicy"); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED"); - //DATABASE so can policies not be deleted? or doesn't matter maybe as long as this gets called loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED"); return; @@ -3442,20 +1959,16 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // ARGS: group=<groupId> pdpId=<pdpId> <= delete PDP String pdpId = request.getParameter("pdpId"); EcompPDP pdp = papEngine.getPDP(pdpId); - try{ removePdpOrGroupTransaction.removePdpFromGroup(pdp.getId(),"XACMLPapServlet.doACDelete"); } catch(Exception e){ throw new PAPException(); } papEngine.removePDP((EcompPDP) pdp); - // adjust the status of the group, which may have changed when we removed this PDP ((StdPDPGroup)group).resetStatus(); - response.setStatus(HttpServletResponse.SC_NO_CONTENT); notifyAC(); - // update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests) pdpChanged(pdp); removePdpOrGroupTransaction.commitTransaction(); @@ -3465,11 +1978,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } else if (request.getParameter("pipId") != null) { // group=<groupId> pipId=<pipEngineId> <= delete PIP config for given engine - loggingContext.setServiceName("AC:PAP.deletePIPConfig"); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED"); return; @@ -3480,21 +1991,17 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if (moveToGroupId != null) { moveToGroup = papEngine.getGroup(moveToGroupId); } - // get list of PDPs in the group being deleted so we can notify them that they got changed Set<EcompPDP> movedPDPs = new HashSet<EcompPDP>(); movedPDPs.addAll(group.getEcompPdps()); - // do the move/remove try{ removePdpOrGroupTransaction.deleteGroup(group, moveToGroup,"XACMLPapServlet.doACDelete"); } catch(Exception e){ PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception"); - e.printStackTrace(); throw new PAPException(e.getMessage()); } papEngine.removeGroup(group, moveToGroup); - response.setStatus(HttpServletResponse.SC_NO_CONTENT); notifyAC(); // notify any PDPs in the removed set that their config may have changed @@ -3507,738 +2014,19 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Ended Successfully"); return; } - } catch (PAPException e) { removePdpOrGroupTransaction.rollbackTransaction(); PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC DELETE exception"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Exception in request processing"); response.sendError(500, e.getMessage()); return; } } - - + /** - * Requests from the API to delete/remove items + * Heartbeat thread - periodically check on PDPs' status * - * @param request - * @param response - * @param groupId - * @param loggingContext - * @throws ServletException - * @throws IOException - */ - private void doAPIDeleteFromPAP(HttpServletRequest request, HttpServletResponse response, ECOMPLoggingContext loggingContext) throws ServletException, IOException { - - // get the request content into a String - String json = null; - - // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) - java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); - scanner.useDelimiter("\\A"); - json = scanner.hasNext() ? scanner.next() : ""; - scanner.close(); - logger.info("JSON request from API: " + json); - - // convert Object sent as JSON into local object - ObjectMapper mapper = new ObjectMapper(); - - Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class); - - StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON; - - String policyName = policy.getPolicyName(); - String fileSeparator = File.separator; - policyName = policyName.replaceFirst("\\.", "\\"+fileSeparator); - - File file = getPolicyFile(policyName); - String domain = getParentPathSubScopeDir(file); - Boolean policyFileDeleted = false; - Boolean configFileDeleted = false; - Boolean policyVersionScoreDeleted = false; - - if (policy.getDeleteCondition().equalsIgnoreCase("All Versions")){ - - //check for extension in policyName - String removexmlExtension = null; - String removeVersion = null; - if (policyName.contains("xml")) { - removexmlExtension = file.toString().substring(0, file.toString().lastIndexOf(".")); - removeVersion = removexmlExtension.substring(0, removexmlExtension.lastIndexOf(".")); - } else { - removeVersion = file.toString(); - } - - File dirXML = new File(file.getParent()); - File[] listofXMLFiles = dirXML.listFiles(); - - for (File files : listofXMLFiles) { - //delete the xml files from the Repository - if (files.isFile() && files.toString().contains(removeVersion)) { - JPAUtils jpaUtils = null; - try { - jpaUtils = JPAUtils.getJPAUtilsInstance(emf); - } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " Could not create JPAUtils instance on the PAP"); - e.printStackTrace(); - response.addHeader("error", "jpautils"); - response.addHeader("operation", "delete"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return; - } - - if (jpaUtils.dbLockdownIgnoreErrors()) { - logger.warn("Policies are locked down"); - response.addHeader("operation", "delete"); - response.addHeader("lockdown", "true"); - response.setStatus(HttpServletResponse.SC_ACCEPTED); - return; - } - - //Propagates delete to the database - Boolean deletedFromDB = notifyDBofDelete(files.toString()); - - if (deletedFromDB) { - logger.info("Policy deleted from the database. Continuing with file delete"); - } else { - PolicyLogger.error("Failed to delete Policy from database. Aborting file delete"); - response.addHeader("error", "deleteDB"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return; - } - - if (files.delete()) { - if (logger.isDebugEnabled()) { - logger.debug("Deleted file: " + files.toString()); - } - policyFileDeleted = true; - } else { - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + - "Cannot delete the policy file in specified location: " + files.getAbsolutePath()); - response.addHeader("error", "deleteFile"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR ); - return; - } - - // Get tomcat home directory for deleting config data - logger.info("print the path:" +domain); - String path = domain.replace('\\', '.'); - if(path.contains("/")){ - path = path.replace('/', '.'); - logger.info("print the path:" +path); - } - String fileName = FilenameUtils.removeExtension(file.getName()); - String removeVersionInFileName = fileName.substring(0, fileName.lastIndexOf(".")); - String fileLocation = null; - - if(CONFIG_HOME == null){ - CONFIG_HOME = getConfigHome(); - } - if(ACTION_HOME == null){ - ACTION_HOME = getActionHome(); - } - - - if (fileName != null && fileName.contains("Config_")) { - fileLocation = CONFIG_HOME; - } else if (fileName != null && fileName.contains("Action_")) { - fileLocation = ACTION_HOME; - } - - if (logger.isDebugEnabled()) { - logger.debug("Attempting to rename file from the location: "+ fileLocation); - } - - if(!files.toString().contains("Decision_")){ - // Get the file from the saved location - File dir = new File(fileLocation); - File[] listOfFiles = dir.listFiles(); - - for (File file1 : listOfFiles) { - if (file1.isFile() && file1.getName().contains( path + removeVersionInFileName)) { - try { - if (file1.delete()) { - if (logger.isDebugEnabled()) { - logger.debug("Deleted file: " + file1.toString()); - } - configFileDeleted = true; - } else { - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + - "Cannot delete the configuration or action body file in specified location: " + file1.getAbsolutePath()); - response.addHeader("error", "deleteConfig"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR ); - return; - } - } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " Failed to Delete file"); - } - } - configFileDeleted = true; - } - } else { - configFileDeleted = true; - } - - //Delete the Policy from Database Policy Version table - if (policyFileDeleted && configFileDeleted) { - String removeExtension = domain + removeVersionInFileName; - EntityManager em = (EntityManager) emf.createEntityManager(); - - Query getPolicyVersion = em.createQuery("Select p from PolicyVersion p where p.policyName=:pname"); - Query getPolicyScore = em.createQuery("Select p from PolicyScore p where p.PolicyName=:pname"); - getPolicyVersion.setParameter("pname", removeExtension); - getPolicyScore.setParameter("pname", removeExtension); - - @SuppressWarnings("rawtypes") - List pvResult = getPolicyVersion.getResultList(); - @SuppressWarnings("rawtypes") - List psResult = getPolicyScore.getResultList(); - - - try{ - em.getTransaction().begin(); - if (!pvResult.isEmpty()) { - for (Object id : pvResult) { - PolicyVersion versionEntity = (PolicyVersion)id; - em.remove(versionEntity); - } - } else { - logger.debug("No PolicyVersion record found in database."); - } - - if (!psResult.isEmpty()) { - for (Object id : psResult) { - PolicyScore scoreEntity = (PolicyScore)id; - em.remove(scoreEntity); - } - } else { - PolicyLogger.error("No PolicyScore record found in database."); - } - em.getTransaction().commit(); - policyVersionScoreDeleted = true; - }catch(Exception e){ - em.getTransaction().rollback(); - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR"); - response.addHeader("error", "deleteDB"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return; - } finally { - em.close(); - } - } - } - } - //If Specific version is requested for delete - } else if (policy.getDeleteCondition().equalsIgnoreCase("Current Version")) { - String policyScoreName = domain + file.getName().toString(); - String policyVersionName = policyScoreName.substring(0, policyScoreName.indexOf(".")); - String versionExtension = policyScoreName.substring(policyScoreName.indexOf(".")+1); - String removexmlExtension = file.toString().substring(0, file.toString().lastIndexOf(".")); - String getVersion = removexmlExtension.substring(removexmlExtension.indexOf(".")+1); - String removeVersion = removexmlExtension.substring(0, removexmlExtension.lastIndexOf(".")); - - - JPAUtils jpaUtils = null; - try { - jpaUtils = JPAUtils.getJPAUtilsInstance(emf); - } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " Could not create JPAUtils instance on the PAP"); - e.printStackTrace(); - response.addHeader("error", "jpautils"); - response.addHeader("operation", "delete"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return; - } - - if (jpaUtils.dbLockdownIgnoreErrors()) { - logger.warn("Policies are locked down"); - response.addHeader("lockdown", "true"); - response.addHeader("operation", "delete"); - response.setStatus(HttpServletResponse.SC_ACCEPTED); - return; - } - - //Propagates delete to the database - Boolean deletedFromDB = notifyDBofDelete(file.toString()); - - if (deletedFromDB) { - logger.info("Policy deleted from the database. Continuing with file delete"); - } else { - PolicyLogger.error("Failed to delete Policy from database. Aborting file delete"); - response.addHeader("error", "deleteDB"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return; - } - - if (file.delete()) { - if (logger.isDebugEnabled()) { - logger.debug("Deleted file: " + file.toString()); - } - policyFileDeleted = true; - } else { - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + - "Cannot delete the policy file in specified location: " + file.getAbsolutePath()); - response.addHeader("error", "deleteFile"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR ); - return; - } - - // Get tomcat home directory for deleting config data - logger.info("print the path:" +domain); - String path = domain.replace('\\', '.'); - if(path.contains("/")){ - path = path.replace('/', '.'); - logger.info("print the path:" +path); - } - String fileName = FilenameUtils.removeExtension(file.getName()); - String removeVersionInFileName = fileName.substring(0, fileName.lastIndexOf(".")); - String fileLocation = null; - - if(CONFIG_HOME == null){ - CONFIG_HOME = getConfigHome(); - } - if(ACTION_HOME == null){ - ACTION_HOME = getActionHome(); - } - - - if (fileName != null && fileName.contains("Config_")) { - fileLocation = CONFIG_HOME; - } else if (fileName != null && fileName.contains("Action_")) { - fileLocation = ACTION_HOME; - } - - if (logger.isDebugEnabled()) { - logger.debug("Attempting to rename file from the location: "+ fileLocation); - } - - if(!file.toString().contains("Decision_")){ - // Get the file from the saved location - File dir = new File(fileLocation); - File[] listOfFiles = dir.listFiles(); - - for (File file1 : listOfFiles) { - if (file1.isFile() && file1.getName().contains( path + fileName)) { - try { - if (file1.delete()) { - if (logger.isDebugEnabled()) { - logger.debug("Deleted file: " + file1.toString()); - } - configFileDeleted = true; - } else { - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + - "Cannot delete the configuration or action body file in specified location: " + file1.getAbsolutePath()); - response.addHeader("error", "deleteConfig"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR ); - return; - } - } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " Failed to Delete file"); - } - } - configFileDeleted = true; - } - } else { - configFileDeleted = true; - } - - //Delete the Policy from Database and set Active Version based on the deleted file. - int highestVersion = 0; - if (policyFileDeleted && configFileDeleted) { - String removeExtension = domain + removeVersionInFileName; - EntityManager em = (EntityManager) emf.createEntityManager(); - - Query getPolicyVersion = em.createQuery("Select p from PolicyVersion p where p.policyName=:pname"); - Query getPolicyScore = em.createQuery("Select p from PolicyScore p where p.PolicyName=:pname"); - getPolicyVersion.setParameter("pname", removeExtension); - getPolicyScore.setParameter("pname", removeExtension); - - @SuppressWarnings("rawtypes") - List pvResult = getPolicyVersion.getResultList(); - @SuppressWarnings("rawtypes") - List psResult = getPolicyScore.getResultList(); - - - try{ - em.getTransaction().begin(); - if (!pvResult.isEmpty()) { - PolicyVersion versionEntity = null; - for (Object id : pvResult) { - versionEntity = (PolicyVersion)id; - if(versionEntity.getPolicyName().equals(removeExtension)){ - highestVersion = versionEntity.getHigherVersion(); - em.remove(versionEntity); - } - } - - int i = 0; - int version = Integer.parseInt(getVersion); - - if(version == highestVersion) { - for(i = highestVersion; i>=1; i--){ - highestVersion = highestVersion - 1; - String dirXML = removeVersion + "." + highestVersion + ".xml"; - File filenew = new File(dirXML); - - if(filenew.exists()){ - break; - } - - } - } - - versionEntity.setPolicyName(removeExtension); - versionEntity.setHigherVersion(highestVersion); - versionEntity.setActiveVersion(highestVersion); - versionEntity.setModifiedBy("API"); - - em.persist(versionEntity); - - } else { - logger.debug("No PolicyVersion record found in database."); - } - - if (!psResult.isEmpty()) { - for (Object id : psResult) { - PolicyScore scoreEntity = (PolicyScore)id; - if(scoreEntity.getPolicyName().equals(policyVersionName) && scoreEntity.getVersionExtension().equals(versionExtension)){ - em.remove(scoreEntity); - } - } - } else { - PolicyLogger.error("No PolicyScore record found in database."); - } - em.getTransaction().commit(); - policyVersionScoreDeleted = true; - }catch(Exception e){ - em.getTransaction().rollback(); - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR"); - response.addHeader("error", "deleteDB"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return; - } finally { - em.close(); - } - } - } - - if (policyFileDeleted && configFileDeleted && policyVersionScoreDeleted) { - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("successMapKey", "success"); - response.addHeader("operation", "delete"); - return; - } else { - PolicyLogger.error(MessageCodes.ERROR_UNKNOWN + "Failed to delete the policy for an unknown reason. Check the file system and other logs for further information."); - - response.addHeader("error", "unknown"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR ); - return; - } - - } - - private void doImportMicroServicePut(HttpServletRequest request, HttpServletResponse response) { - String importServiceCreation = request.getParameter("importService");; - String fileName = request.getParameter("fileName"); - String version = request.getParameter("version"); - String serviceName = request.getParameter("serviceName"); - CreateNewMicroSerivceModel newMS = null; - - String randomID = UUID.randomUUID().toString(); - - if ( importServiceCreation != null || fileName != null) { - File extracDir = new File("ExtractDir"); - if (!extracDir.exists()){ - extracDir.mkdirs(); - } - if (fileName.contains(".xmi")){ - // get the request content into a String - String xmi = null; - - // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) - java.util.Scanner scanner; - try { - scanner = new java.util.Scanner(request.getInputStream()); - scanner.useDelimiter("\\A"); - xmi = scanner.hasNext() ? scanner.next() : ""; - scanner.close(); - } catch (IOException e1) { - logger.error("Error in reading in file from API call"); - return; - } - - logger.info("XML request from API for import new Service"); - - //Might need to seperate by , for more than one file. - - try (Writer writer = new BufferedWriter(new OutputStreamWriter( - new FileOutputStream("ExtractDir" + File.separator + randomID+".xmi"), "utf-8"))) { - writer.write(xmi); - } catch (IOException e) { - logger.error("Error in reading in file from API call"); - return; - } - }else{ - try { - InputStream inputStream = request.getInputStream() ; - - FileOutputStream outputStream = new FileOutputStream("ExtractDir" + File.separator + randomID+".zip"); - byte[] buffer = new byte[4096]; - int bytesRead = -1 ; - while ((bytesRead = inputStream.read(buffer)) != -1) { - outputStream.write(buffer, 0, bytesRead) ; - } - - outputStream.close() ; - inputStream.close() ; - - } catch (IOException e) { - logger.error("Error in reading in Zip File from API call"); - return; - } - } - - newMS = new CreateNewMicroSerivceModel(fileName, serviceName, "API IMPORT", version, randomID); - Map<String, String> successMap = newMS.addValuesToNewModel(); - if (successMap.containsKey("success")) { - successMap.clear(); - successMap = newMS.saveImportService(); - } - - - // create the policy and return a response to the PAP-ADMIN - if (successMap.containsKey("success")) { - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("successMapKey", "success"); - response.addHeader("operation", "import"); - response.addHeader("service", serviceName); - } else if (successMap.containsKey("DBError")) { - if (successMap.get("DBError").contains("EXISTS")){ - response.setStatus(HttpServletResponse.SC_CONFLICT); - response.addHeader("service", serviceName); - response.addHeader("error", "modelExistsDB"); - }else{ - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.addHeader("error", "importDB"); - } - response.addHeader("operation", "import"); - response.addHeader("service", serviceName); - }else if (successMap.get("error").contains("MISSING")){ - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.addHeader("error", "missing"); - response.addHeader("operation", "import"); - response.addHeader("service", serviceName); - } - } - } - - private void doAPIDeleteFromPDP(HttpServletRequest request, HttpServletResponse response, ECOMPLoggingContext loggingContext) throws ServletException, IOException { - - String policyName = request.getParameter("policyName"); - String groupId = request.getParameter("groupId"); - String responseString = null; - - // for PUT operations the group may or may not need to exist before the operation can be done - EcompPDPGroup group = null; - try { - group = papEngine.getGroup(groupId); - } catch (PAPException e) { - logger.error("Exception occured While PUT operation is performing for PDP Group"+e); - } - - if (group == null) { - String message = "Unknown groupId '" + groupId + "'"; - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.addHeader("error", "UnknownGroup"); - response.sendError(HttpServletResponse.SC_NOT_FOUND, message); - return; - } else { - - loggingContext.setServiceName("API:PAP.deletPolicyFromPDPGroup"); - - if (policyName.contains("xml")) { - logger.debug("The full file name including the extension was provided for policyName.. continue."); - } else { - String message = XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid policyName... " - + "policyName must be the full name of the file to be deleted including version and extension"; - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Invalid policyName... " - + "policyName must be the full name of the file to be deleted including version and extension"); - response.addHeader("error", "invalidPolicyName"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); - return; - } - RemoveGroupPolicy removePolicy = new RemoveGroupPolicy((StdPDPGroup) group); - - PDPPolicy policy = group.getPolicy(policyName); - - if (policy != null) { - removePolicy.prepareToRemove(policy); - EcompPDPGroup updatedGroup = removePolicy.getUpdatedObject(); - responseString = deletePolicyFromPDPGroup(updatedGroup, loggingContext); - } else { - String message = XACMLErrorConstants.ERROR_DATA_ISSUE + "Policy does not exist on the PDP."; - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Policy does not exist on the PDP."); - response.addHeader("error", "noPolicyExist"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); - return; - } - } - - if (responseString.equals("success")) { - logger.info("Policy successfully deleted!"); - PolicyLogger.audit("Policy successfully deleted!"); - response.setStatus(HttpServletResponse.SC_OK); - response.addHeader("successMapKey", "success"); - response.addHeader("operation", "delete"); - return; - } else if (responseString.equals("No Group")) { - String message = XACMLErrorConstants.ERROR_DATA_ISSUE + "Group update had bad input."; - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input."); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.addHeader("error", "groupUpdate"); - response.addHeader("message", message); - return; - } else if (responseString.equals("DB Error")) { - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.addHeader("error", "deleteDB"); - return; - } else { - PolicyLogger.error(MessageCodes.ERROR_UNKNOWN + " Failed to delete the policy for an unknown reason. Check the file system and other logs for further information."); - response.addHeader("error", "unknown"); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR ); - return; - } - - } - - protected String getParentPathSubScopeDir(File file) { - String domain1 = null; - - Path workspacePath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WORKSPACE), "admin"); - Path repositoryPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_REPOSITORY)); - Path gitPath = Paths.get(workspacePath.toString(), repositoryPath.getFileName().toString()); - - String policyDir = file.getAbsolutePath(); - int startIndex = policyDir.indexOf(gitPath.toString()) + gitPath.toString().length() + 1; - policyDir = policyDir.substring(startIndex, policyDir.length()); - if(policyDir.contains("Config_")){ - domain1 = policyDir.substring(0,policyDir.indexOf("Config_")); - }else if(policyDir.contains("Action_")){ - domain1 = policyDir.substring(0,policyDir.indexOf("Action_")); - }else{ - domain1 = policyDir.substring(0,policyDir.indexOf("Decision_")); - } - logger.info("print the main domain value"+policyDir); - - return domain1; - } - - /* - * method to delete the policy from the database and return notification when using API - */ - private Boolean notifyDBofDelete (String policyToDelete) { - //String policyToDelete = request.getParameter("policyToDelete"); - try{ - policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8"); - } catch(UnsupportedEncodingException e){ - PolicyLogger.error("Unsupported URL encoding of policyToDelete (UTF-8)"); - return false; - } - PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction(); - try{ - deleteTransaction.deletePolicy(policyToDelete); - } catch(Exception e){ - deleteTransaction.rollbackTransaction(); - return false; - } - deleteTransaction.commitTransaction(); - return true; - } - - private String deletePolicyFromPDPGroup (EcompPDPGroup group, ECOMPLoggingContext loggingContext){ - PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction(); - - String response = null; - loggingContext.setServiceName("API:PAP.updateGroup"); - - EcompPDPGroup existingGroup = null; - try { - existingGroup = papEngine.getGroup(group.getId()); - } catch (PAPException e1) { - logger.error("Exception occured While Deleting Policy From PDP Group"+e1); - } - - if (group == null || - ! (group instanceof StdPDPGroup) || - ! (group.getId().equals(existingGroup.getId()))) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + existingGroup.getId() + " objectFromJSON="+group); - loggingContext.transactionEnded(); - - PolicyLogger.audit("Transaction Failed - See Error.log"); - - response = "No Group"; - return response; - } - - // The Path on the PAP side is not carried on the RESTful interface with the AC - // (because it is local to the PAP) - // so we need to fill that in before submitting the group for update - ((StdPDPGroup)group).setDirectory(((StdPDPGroup)existingGroup).getDirectory()); - - try{ - acPutTransaction.updateGroup(group, "XACMLPapServlet.doAPIDelete"); - } catch(Exception e){ - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: " - +"group="+existingGroup.getId()); - response = "DB Error"; - return response; - } - - try { - papEngine.updateGroup(group); - } catch (PAPException e) { - logger.error("Exception occured While Updating PDP Groups"+e); - response = "error in updateGroup method"; - } - - if (logger.isDebugEnabled()) { - logger.debug("Group '" + group.getId() + "' updated"); - } - - acPutTransaction.commitTransaction(); - - // Group changed, which might include changing the policies - try { - groupChanged(existingGroup); - } catch (Exception e) { - logger.error("Exception occured in Group Change Method"+e); - response = "error in groupChanged method"; - } - - if (response==null){ - response = "success"; - PolicyLogger.audit("Policy successfully deleted!"); - PolicyLogger.audit("Transaction Ended Successfully"); - } - - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Ended"); - return response; - } - - - // - // Heartbeat thread - periodically check on PDPs' status - // - - /** * Heartbeat with all known PDPs. * * Implementation note: @@ -4258,8 +2046,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList * If there are a lot of non-responsive PDPs and the timeout is large-ish (the default is 20 seconds) * it could take a long time to cycle through all of the PDPs. * That means that this may not notice a PDP being down in a predictable time. - * - * */ private class Heartbeat implements Runnable { private PAPPolicyEngine papEngine; @@ -4278,16 +2064,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } public Heartbeat(PAPPolicyEngine papEngine2) { - this.papEngine = papEngine2; + papEngine = papEngine2; this.heartbeatInterval = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_INTERVAL, "10000")); this.heartbeatTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_TIMEOUT, "10000")); } @Override public void run() { - // // Set ourselves as running - // synchronized(this) { this.isRunning = true; } @@ -4296,7 +2080,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList while (this.isRunning()) { // Wait the given time Thread.sleep(heartbeatInterval); - // get the list of PDPs (may have changed since last time) pdps.clear(); synchronized(papEngine) { @@ -4310,22 +2093,17 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat unable to read PDPs from PAPEngine"); } } - // // Check for shutdown - // if (this.isRunning() == false) { - logger.info("isRunning is false, getting out of loop."); + LOGGER.info("isRunning is false, getting out of loop."); break; } - // try to get the summary status from each PDP boolean changeSeen = false; for (EcompPDP pdp : pdps) { - // // Check for shutdown - // if (this.isRunning() == false) { - logger.info("isRunning is false, getting out of loop."); + LOGGER.info("isRunning is false, getting out of loop."); break; } // the id of the PDP is its url (though we add a query parameter) @@ -4345,35 +2123,26 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList continue; } } - // Do a GET with type HeartBeat String newStatus = ""; - HttpURLConnection connection = null; try { - - // // Open up the connection - // connection = (HttpURLConnection)pdpURL.openConnection(); - // // Setup our method and headers - // connection.setRequestMethod("GET"); connection.setConnectTimeout(heartbeatTimeout); - // Added for Authentication + // Authentication String encoding = CheckPDP.getEncoding(pdp.getId()); if(encoding !=null){ connection.setRequestProperty("Authorization", "Basic " + encoding); } - // // Do the connect - // connection.connect(); if (connection.getResponseCode() == 204) { newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB); - if (logger.isDebugEnabled()) { - logger.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'"); } } else { // anything else is an unexpected result @@ -4396,10 +2165,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // cleanup the connection connection.disconnect(); } - if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) { - if (logger.isDebugEnabled()) { - logger.debug("previous status='" + pdp.getStatus().getStatus()+"' new Status='" + newStatus + "'"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("previous status='" + pdp.getStatus().getStatus()+"' new Status='" + newStatus + "'"); } try { setPDPSummaryStatus(pdp, newStatus); @@ -4408,21 +2176,16 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } changeSeen = true; } - } - // // Check for shutdown - // if (this.isRunning() == false) { - logger.info("isRunning is false, getting out of loop."); + LOGGER.info("isRunning is false, getting out of loop."); break; } - // if any of the PDPs changed state, tell the ACs to update if (changeSeen) { notifyAC(); } - } } catch (InterruptedException e) { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat interrupted. Shutting down"); @@ -4431,13 +2194,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } - - // - // HELPER to change Group status when PDP status is changed - // - // (Must NOT be called from a method that is synchronized on the papEngine or it may deadlock) - // - + /* + * HELPER to change Group status when PDP status is changed + * (Must NOT be called from a method that is synchronized on the papEngine or it may deadlock) + */ private void setPDPSummaryStatus(EcompPDP pdp, PDPStatus.Status newStatus) throws PAPException { setPDPSummaryStatus(pdp, newStatus.toString()); } @@ -4447,7 +2207,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList StdPDPStatus status = new StdPDPStatus(); status.setStatus(PDPStatus.Status.valueOf(newStatus)); ((StdPDP)pdp).setStatus(status); - // now adjust the group StdPDPGroup group = (StdPDPGroup)papEngine.getPDPGroup((EcompPDP) pdp); // if the PDP was just deleted it may transiently exist but not be in a group @@ -4457,12 +2216,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } - - // - // Callback methods telling this servlet to notify PDPs of changes made by the PAP StdEngine - // in the PDP group directories - // - + /* + * Callback methods telling this servlet to notify PDPs of changes made by the PAP StdEngine + * in the PDP group directories + */ @Override public void changed() { // all PDPs in all groups need to be updated/sync'd @@ -4491,10 +2248,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // kick off a thread to do an event notification for each PDP. // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc) // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out. - // begin - Fix to maintain requestId - including storedRequestId in UpdatePDPThread to be used later when calling PDP - // Thread t = new Thread(new UpdatePDPThread(pdp)); Thread t = new Thread(new UpdatePDPThread(pdp, storedRequestId)); - // end - Fix to maintain requestId if(CheckPDP.validateID(pdp.getId())){ t.start(); } @@ -4502,21 +2256,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList private class UpdatePDPThread implements Runnable { private EcompPDP pdp; - // begin - Fix to maintain requestId - define requestId under class to be used later when calling PDP private String requestId; - // end - Fix to maintain requestId - - // remember which PDP to notify - public UpdatePDPThread(EcompPDP pdp) { - this.pdp = pdp; - } - // begin - Fix to maintain requestId - clone UpdatePDPThread method with different method signature so to include requestId to be used later when calling PDP public UpdatePDPThread(EcompPDP pdp, String storedRequestId) { this.pdp = pdp; requestId = storedRequestId; } - // end - Fix to maintain requestId public void run() { // send the current configuration to one PDP @@ -4525,11 +2270,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList ECOMPLoggingContext loggingContext = new ECOMPLoggingContext(baseLoggingContext); try { loggingContext.setServiceName("PAP:PDP.putConfig"); - // get a new transaction (request) ID and update the logging context. - // begin - Fix to maintain requestId - replace unconditioned generation of new requestID so it won't be used later when calling PDP // If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP - // UUID requestID = UUID.randomUUID(); - // loggingContext.setRequestID(requestID.toString()); if ((requestId == null) || (requestId == "")) { UUID requestID = UUID.randomUUID(); loggingContext.setRequestID(requestID.toString()); @@ -4538,62 +2279,29 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList loggingContext.setRequestID(requestId); PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (UpdatePDPThread): " + loggingContext.getRequestID()); } - // end - Fix to maintain requestId loggingContext.transactionStarted(); - // dummy metric.log example posted below as proof of concept - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 1 of 2"); - loggingContext.metricStarted(); - loggingContext.metricEnded(); - PolicyLogger.metrics("Metric example posted here - 2 of 2"); - // dummy metric.log example posted above as proof of concept - - // // the Id of the PDP is its URL - // - if (logger.isDebugEnabled()) { - logger.debug("creating url for id '" + pdp.getId() + "'"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("creating url for id '" + pdp.getId() + "'"); } //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other? //TODO (need to change "cache=", implying getting some input saying which to change) URL url = new URL(pdp.getId() + "?cache=all"); - - // // Open up the connection - // connection = (HttpURLConnection)url.openConnection(); - // // Setup our method and headers - // connection.setRequestMethod("PUT"); - // Added for Authentication + // Authentication String encoding = CheckPDP.getEncoding(pdp.getId()); if(encoding !=null){ connection.setRequestProperty("Authorization", "Basic " + encoding); } connection.setRequestProperty("Content-Type", "text/x-java-properties"); - // begin - Fix to maintain requestId - post requestID from loggingContext in PDP request header for call to PDP, then reinit storedRequestId to null - // connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString()); connection.setRequestProperty("X-ECOMP-RequestID", loggingContext.getRequestID()); storedRequestId = null; - // end - Fix to maintain requestId - // - // Adding this in. It seems the HttpUrlConnection class does NOT - // properly forward our headers for POST re-direction. It does so - // for a GET re-direction. - // - // So we need to handle this ourselves. - // - //TODO - is this needed for a PUT? seems better to leave in for now? - // connection.setInstanceFollowRedirects(false); - // - // PLD - MUST be able to handle re-directs. - // connection.setInstanceFollowRedirects(true); connection.setDoOutput(true); try (OutputStream os = connection.getOutputStream()) { - EcompPDPGroup group = papEngine.getPDPGroup((EcompPDP) pdp); // if the PDP was just deleted, there is no group, but we want to send an update anyway if (group == null) { @@ -4602,11 +2310,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList policyProperties.put(XACMLProperties.PROP_ROOTPOLICIES, ""); policyProperties.put(XACMLProperties.PROP_REFERENCEDPOLICIES, ""); policyProperties.store(os, ""); - Properties pipProps = new Properties(); pipProps.setProperty(XACMLProperties.PROP_PIP_ENGINES, ""); pipProps.store(os, ""); - } else { // send properties from the current group group.getPolicyProperties().store(os, ""); @@ -4617,35 +2323,31 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList policyLocations.store(os, ""); group.getPipConfigProperties().store(os, ""); } - } catch (Exception e) { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId()); // Since this is a server-side error, it probably does not reflect a problem on the client, // so do not change the PDP status. return; } - // // Do the connect - // connection.connect(); if (connection.getResponseCode() == 204) { - logger.info("Success. We are configured correctly."); + LOGGER.info("Success. We are configured correctly."); loggingContext.transactionEnded(); auditLogger.info("Success. PDP is configured correctly."); PolicyLogger.audit("Transaction Success. PDP is configured correctly."); setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE); } else if (connection.getResponseCode() == 200) { - logger.info("Success. PDP needs to update its configuration."); + LOGGER.info("Success. PDP needs to update its configuration."); loggingContext.transactionEnded(); auditLogger.info("Success. PDP needs to update its configuration."); PolicyLogger.audit("Transaction Success. PDP is configured correctly."); setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH); } else { - logger.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage()); + LOGGER.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage()); loggingContext.transactionEnded(); auditLogger.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage()); PolicyLogger.audit("Transaction Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage()); - setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN); } } catch (Exception e) { @@ -4656,24 +2358,20 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN); } catch (PAPException e1) { PolicyLogger.audit("Transaction Failed: Unable to set status of PDP " + pdp.getId() + " to UNKNOWN: " + e); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to set status of PDP '" + pdp.getId() + "' to UNKNOWN"); } } finally { // cleanup the connection connection.disconnect(); - // tell the AC to update it's status info notifyAC(); } - } } - // - // RESTful Interface from PAP to ACs notifying them of changes - // - + /* + * RESTful Interface from PAP to ACs notifying them of changes + */ private void notifyAC() { // kick off a thread to do one event notification for all registered ACs // This needs to be on a separate thread so that ACs can make calls back to PAP to get the updated Group data @@ -4683,68 +2381,47 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } private class NotifyACThread implements Runnable { - public void run() { List<String> disconnectedACs = new ArrayList<String>(); - // There should be no Concurrent exception here because the list is a CopyOnWriteArrayList. // The "for each" loop uses the collection's iterator under the covers, so it should be correct. for (String acURL : adminConsoleURLStringList) { HttpURLConnection connection = null; try { - acURL += "?PAPNotification=true"; - //TODO - Currently we just tell AC that "Something changed" without being specific. Do we want to tell it which group/pdp changed? //TODO - If so, put correct parameters into the Query string here acURL += "&objectType=all" + "&action=update"; - - if (logger.isDebugEnabled()) { - logger.debug("creating url for id '" + acURL + "'"); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("creating url for id '" + acURL + "'"); } //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other? //TODO (need to change "cache=", implying getting some input saying which to change) - URL url = new URL(acURL ); - - // // Open up the connection - // connection = (HttpURLConnection)url.openConnection(); - // // Setup our method and headers - // connection.setRequestMethod("PUT"); connection.setRequestProperty("Content-Type", "text/x-java-properties"); - // // Adding this in. It seems the HttpUrlConnection class does NOT // properly forward our headers for POST re-direction. It does so // for a GET re-direction. - // // So we need to handle this ourselves. - // //TODO - is this needed for a PUT? seems better to leave in for now? connection.setInstanceFollowRedirects(false); - // // Do not include any data in the PUT because this is just a // notification to the AC. // The AC will use GETs back to the PAP to get what it needs // to fill in the screens. - // - - // // Do the connect - // connection.connect(); if (connection.getResponseCode() == 204) { - logger.info("Success. We updated correctly."); + LOGGER.info("Success. We updated correctly."); } else { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage()); + LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage()); } } catch (Exception e) { - //TODO:EELF Cleanup - Remove logger - //logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to sync config AC '" + acURL + "': " + e, e); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config AC '" + acURL + "'"); disconnectedACs.add(acURL); } finally { @@ -4752,75 +2429,110 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList connection.disconnect(); } } - // remove any ACs that are no longer connected if (disconnectedACs.size() > 0) { adminConsoleURLStringList.removeAll(disconnectedACs); } - } } - /* - * Added by Mike M in 1602 release for Authorizing the PEP Requests for Granularity. - */ - private boolean authorizeRequest(HttpServletRequest request) { - if(request instanceof HttpServletRequest) { - - // Get the client Credentials from the Request header. - String clientCredentials = request.getHeader(ENVIRONMENT_HEADER); - - // Check if the Client is Authorized. - if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){ - return true; - }else{ - return false; - } - } else { - return false; - } - } - - public static String getConfigHome(){ + private void testService(ECOMPLoggingContext loggingContext, HttpServletResponse response) throws IOException{ + LOGGER.info("Test request received"); try { - loadWebapps(); - } catch (Exception e) { - return null; + im.evaluateSanity(); + //If we make it this far, all is well + String message = "GET:/pap/test called and PAP " + papResourceName + " is OK"; + LOGGER.info(message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.setStatus(HttpServletResponse.SC_OK); + return; + }catch (ForwardProgressException fpe){ + //No forward progress is being made + String message = "GET:/pap/test called and PAP " + papResourceName + " is not making forward progress." + + " Exception Message: " + fpe.getMessage(); + LOGGER.info(message); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; + }catch (AdministrativeStateException ase){ + //Administrative State is locked + String message = "GET:/pap/test called and PAP " + papResourceName + " Administrative State is LOCKED " + + " Exception Message: " + ase.getMessage(); + LOGGER.info(message); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; + }catch (StandbyStatusException sse){ + //Administrative State is locked + String message = "GET:/pap/test called and PAP " + papResourceName + " Standby Status is NOT PROVIDING SERVICE " + + " Exception Message: " + sse.getMessage(); + LOGGER.info(message); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; + }catch (Exception e) { + //A subsystem is not making progress, is locked, standby or is not responding + String eMsg = e.getMessage(); + if(eMsg == null){ + eMsg = "No Exception Message"; + } + String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure." + + " Exception Message: " + eMsg; + LOGGER.info(message); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + //Get the specific list of subsystems that failed + String ssFailureList = null; + for(String failedSS : papDependencyGroupsFlatArray){ + if(eMsg.contains(failedSS)){ + if(ssFailureList == null){ + ssFailureList = failedSS; + }else{ + ssFailureList = ssFailureList.concat(","+failedSS); + } + } + } + if(ssFailureList == null){ + ssFailureList = "UnknownSubSystem"; + } + response.addHeader("X-ECOMP-SubsystemFailure", ssFailureList); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; } - return CONFIG_HOME; } - public static String getActionHome(){ - try { - loadWebapps(); - } catch (Exception e) { - return null; + /* + * Authorizing the PEP Requests. + */ + private boolean authorizeRequest(HttpServletRequest request) { + String clientCredentials = request.getHeader(ENVIRONMENT_HEADER); + // Check if the Client is Authorized. + if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){ + return true; + }else{ + return false; } - return ACTION_HOME; } - private static void loadWebapps() throws Exception{ + private static void loadWebapps() throws PAPException{ if(ACTION_HOME == null || CONFIG_HOME == null){ Path webappsPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS)); //Sanity Check if (webappsPath == null) { PolicyLogger.error("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS); - throw new Exception("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS); - } - Path webappsPathConfig; - Path webappsPathAction; - if(webappsPath.toString().contains("\\")) - { - webappsPathConfig = Paths.get(webappsPath.toString()+"\\Config"); - webappsPathAction = Paths.get(webappsPath.toString()+"\\Action"); + throw new PAPException("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS); } - else - { - webappsPathConfig = Paths.get(webappsPath.toString()+"/Config"); - webappsPathAction = Paths.get(webappsPath.toString()+"/Action"); - } - if (Files.notExists(webappsPathConfig)) - { + Path webappsPathConfig = Paths.get(webappsPath.toString()+File.separator+"Config"); + Path webappsPathAction = Paths.get(webappsPath.toString()+File.separator+"Action"); + if (Files.notExists(webappsPathConfig)) { try { Files.createDirectories(webappsPathConfig); } catch (IOException e) { @@ -4828,12 +2540,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList + webappsPathConfig.toAbsolutePath().toString()); } } - if (Files.notExists(webappsPathAction)) - { + if (Files.notExists(webappsPathAction)) { try { Files.createDirectories(webappsPathAction); } catch (IOException e) { - logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create config directory: " + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create config directory: " + webappsPathAction.toAbsolutePath().toString(), e); } } @@ -4842,17 +2553,41 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } - /** - * @return the emf - */ - public EntityManagerFactory getEmf() { - return emf; + public static String getConfigHome(){ + try { + loadWebapps(); + } catch (PAPException e) { + return null; + } + return CONFIG_HOME; } - public IntegrityMonitor getIm() { - return im; + + public static String getActionHome(){ + try { + loadWebapps(); + } catch (PAPException e) { + return null; + } + return ACTION_HOME; } - public IntegrityAudit getIa() { - return ia; + public static EntityManagerFactory getEmf() { + return emf; + } + + public static String getPDPFile(){ + return XACMLPapServlet.pdpFile; + } + + public static String getPersistenceUnit(){ + return PERSISTENCE_UNIT; + } + + public static PAPPolicyEngine getPAPEngine(){ + return papEngine; + } + + public static PolicyDBDaoTransaction getDbDaoTransaction(){ + return policyDBDao.getNewTransaction(); } } |