From d80880b097d08f9ab9dda54355216890a4b345dc Mon Sep 17 00:00:00 2001 From: rb7147 Date: Wed, 26 Jul 2017 10:11:15 -0400 Subject: [POLICY-117] Resolve the Policy Critical issues Change-Id: Ice72d7fa40151bff5db42f5dd632f04a3853b094 Signed-off-by: rb7147 --- .../openecomp/policy/pdp/rest/XACMLPdpLoader.java | 12 +- .../policy/pdp/rest/XACMLPdpRegisterThread.java | 2 +- .../openecomp/policy/pdp/rest/XACMLPdpServlet.java | 284 ++++++++++++++------- .../services/CreateUpdatePolicyServiceImpl.java | 4 +- .../policy/pdp/rest/api/services/PAPServices.java | 8 +- .../policy/pdp/rest/config/PDPApiAuth.java | 283 ++++++++++---------- .../rest/notifications/NotificationController.java | 14 +- .../pdp/rest/notifications/NotificationServer.java | 10 +- 8 files changed, 357 insertions(+), 260 deletions(-) (limited to 'ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp') diff --git a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpLoader.java b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpLoader.java index 0766ac469..5288d30aa 100644 --- a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpLoader.java +++ b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpLoader.java @@ -116,7 +116,7 @@ public class XACMLPdpLoader { LOGGER.debug("Status: " + status); } } catch (ConcurrentModificationException e) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e.getMessage()); + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e.getMessage() + e); } catch (Exception e) { String error = "Failed to load Policy Cache properties file: " + e.getMessage(); @@ -256,7 +256,7 @@ public class XACMLPdpLoader { } catch (Exception e){ // This Happens if a any issue with the error policyFile. Lets remove it. try { - LOGGER.error("Corrupted policy file, deleting: " + location); + LOGGER.error("Corrupted policy file, deleting: " + location + e); Files.delete(Paths.get(location)); properties.remove(id + ".file"); rougeFile = true; @@ -290,6 +290,7 @@ public class XACMLPdpLoader { try{ urlConnection = url.openConnection(); } catch (IOException e){ + LOGGER.error("Exception Occured while opening connection" +e); papUrls.failed(); papUrls.getNext(); break; @@ -309,6 +310,7 @@ public class XACMLPdpLoader { outFile.toFile())) { IOUtils.copy(urlConnection.getInputStream(), fos); } catch(IOException e){ + LOGGER.error("Exception Occured while Copying input stream" +e); papUrls.failed(); papUrls.getNext(); break; @@ -321,7 +323,7 @@ public class XACMLPdpLoader { policy = DOMPolicyDef.load(fis); }catch(Exception e){ try { - LOGGER.error("Corrupted policy file, deleting: " + location); + LOGGER.error("Corrupted policy file, deleting: " + location +e); Files.delete(outFile); error = true; errorCount++; @@ -589,7 +591,7 @@ public class XACMLPdpLoader { Files.createFile(policyProperties); } catch (IOException e) { LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create policy properties file: " - + policyProperties.toAbsolutePath().toString()); + + policyProperties.toAbsolutePath().toString() +e); throw new PAPException( "Failed to create policy properties file: " + policyProperties.toAbsolutePath().toString()); @@ -612,7 +614,7 @@ public class XACMLPdpLoader { Files.createFile(pipConfigProperties); } catch (IOException e) { LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create pip properties file: " - + pipConfigProperties.toAbsolutePath().toString()); + + pipConfigProperties.toAbsolutePath().toString() +e); throw new PAPException("Failed to create pip properties file: " + pipConfigProperties.toAbsolutePath().toString()); } diff --git a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpRegisterThread.java b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpRegisterThread.java index e9b665823..6bc8a6461 100644 --- a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpRegisterThread.java +++ b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpRegisterThread.java @@ -261,7 +261,7 @@ public class XACMLPdpRegisterThread implements Runnable { try { is = connection.getInputStream(); } catch (Exception e1) { - // ignore this + LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed to get Input Stream: " + e1); } if (is != null) { is.close(); diff --git a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpServlet.java b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpServlet.java index 12dfbd23b..bad8e6638 100644 --- a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpServlet.java +++ b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/XACMLPdpServlet.java @@ -162,7 +162,7 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { this.pipConfigProperties = pips; } } - public static volatile BlockingQueue queue = null; + protected static volatile BlockingQueue queue = null; // For notification Delay. private static int notificationDelay = 0; public static int getNotificationDelay(){ @@ -277,7 +277,7 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { logger.info("Creating IntegrityMonitor"); im = IntegrityMonitor.getInstance(pdpResourceName, properties); } catch (Exception e) { - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "Failed to create IntegrityMonitor"); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "Failed to create IntegrityMonitor" +e); throw new ServletException(e); } @@ -415,7 +415,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + e); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } return; } // @@ -427,28 +431,36 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { // if (cache != null && request.getContentType().equals("text/x-java-properties")) { loggingContext.setServiceName("PDP.putConfig"); - if (request.getContentLength() > Integer.parseInt(XACMLProperties.getProperty("MAX_CONTENT_LENGTH", DEFAULT_MAX_CONTENT_LENGTH))) { - String message = "Content-Length larger than server will accept."; - logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message); + try{ + if (request.getContentLength() > Integer.parseInt(XACMLProperties.getProperty("MAX_CONTENT_LENGTH", DEFAULT_MAX_CONTENT_LENGTH))) { + String message = "Content-Length larger than server will accept."; + logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message); + loggingContext.transactionEnded(); + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + im.endTransaction(); + return; + } + this.doPutConfig(cache, request, response, loggingContext); loggingContext.transactionEnded(); - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + PolicyLogger.audit("Transaction ended"); + im.endTransaction(); - return; + }catch(Exception e){ + logger.error("Exception Occured while getting Max Content lenght"+e); } - this.doPutConfig(cache, request, response, loggingContext); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction ended"); - - im.endTransaction(); } else { String message = "Invalid cache: '" + cache + "' or content-type: '" + request.getContentType() + "'"; logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + message); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + try{ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } im.endTransaction(); return; } @@ -552,7 +564,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "Failed to process new configuration"); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } return; } @@ -613,29 +629,40 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { //No forward progress is being made String message = "GET:/pdp/test called and PDP " + pdpResourceName + " is not making forward progress." + " Exception Message: " + fpe.getMessage(); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message ); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + fpe); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - // PolicyLogger.audit(MessageCodes.ERROR_SYSTEM_ERROR, message ); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } return; }catch (AdministrativeStateException ase){ //Administrative State is locked String message = "GET:/pdp/test called and PDP " + pdpResourceName + " Administrative State is LOCKED " + " Exception Message: " + ase.getMessage(); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message ); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + ase); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } return; }catch (StandbyStatusException sse){ //Administrative State is locked String message = "GET:/pdp/test called and PDP " + pdpResourceName + " Standby Status is NOT PROVIDING SERVICE " + " Exception Message: " + sse.getMessage(); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message ); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + sse); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } return; } catch (Exception e) { //A subsystem is not making progress or is not responding @@ -661,9 +688,13 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { failedNodeList = "UnknownSubSystem"; } response.addHeader("X-ECOMP-SubsystemFailure", failedNodeList); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); + PolicyLogger.audit("Transaction Failed - See Error.log" + e); return; } } @@ -676,8 +707,12 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { String message = e.toString(); PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + PolicyLogger.audit("Transaction Failed - See Error.log" +e); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } return; } // @@ -708,7 +743,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "Failed to copy property file"); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(400, "Failed to copy Property file"); + try{ + response.sendError(400, "Failed to copy Property file"); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } } } else if ("hb".equals(type)) { @@ -720,7 +759,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { // convert response object to JSON and include in the response synchronized(pdpStatusLock) { ObjectMapper mapper = new ObjectMapper(); - mapper.writeValue(response.getOutputStream(), status); + try{ + mapper.writeValue(response.getOutputStream(), status); + }catch(Exception e1){ + logger.error("Exception occured while writing output stream" +e1); + } } response.setStatus(HttpServletResponse.SC_OK); loggingContext.transactionEnded(); @@ -732,7 +775,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "Invalid type value: " + type); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, "type not 'config' or 'hb'"); + try{ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, "type not 'config' or 'hb'"); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } } if (returnHB) { synchronized(pdpStatusLock) { @@ -758,7 +805,7 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { ECOMPLoggingContext loggingContext = ECOMPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext); loggingContext.transactionStarted(); loggingContext.setServiceName("PDP.decide"); - if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){ + if ((loggingContext.getRequestID() == null) || ("".equals(loggingContext.getRequestID()))){ UUID requestID = UUID.randomUUID(); loggingContext.setRequestID(requestID.toString()); PolicyLogger.info("requestID not provided in call to XACMLPdpSrvlet (doPost) so we generated one"); @@ -781,7 +828,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + e); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } return; } // @@ -792,7 +843,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, "Request from PEP at " + request.getRequestURI() + " for service when PDP has No Root Policies loaded"); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE); + try{ + response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } im.endTransaction(); return; } @@ -810,30 +865,43 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "Must specify a Content-Type"); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, "no content-type given"); + try{ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, "no content-type given"); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } im.endTransaction(); return; } // // Limit the Content-Length to something reasonable // - if (request.getContentLength() > Integer.parseInt(XACMLProperties.getProperty("MAX_CONTENT_LENGTH", "32767"))) { - String message = "Content-Length larger than server will accept."; - logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message); - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); - im.endTransaction(); - return; + try{ + if (request.getContentLength() > Integer.parseInt(XACMLProperties.getProperty("MAX_CONTENT_LENGTH", "32767"))) { + String message = "Content-Length larger than server will accept."; + logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message); + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + im.endTransaction(); + return; + } + }catch(Exception e){ + logger.error("Exception occured while getting max content length"+e); } + if (request.getContentLength() <= 0) { String message = "Content-Length is negative"; logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message); PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + try{ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } im.endTransaction(); return; } @@ -847,7 +915,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { loggingContext.transactionEnded(); PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, message); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + try{ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } im.endTransaction(); return; } @@ -891,7 +963,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "Could not parse request"); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + try{ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } im.endTransaction(); return; } @@ -901,7 +977,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + try{ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } im.endTransaction(); return; } @@ -914,7 +994,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + try{ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } im.endTransaction(); return; } @@ -972,7 +1056,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } im.endTransaction(); return; } @@ -997,7 +1085,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { // if (pdpResponse == null) { requestLogger.info(lTimeStart + "=" + "{}"); - throw new PDPException("Failed to get response from PDP engine."); + try{ + throw new PDPException("Failed to get response from PDP engine."); + }catch(Exception e1){ + logger.error("Exception occured while throwing Exception" +e1); + } } // // Set our content-type @@ -1008,53 +1100,57 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { // return to our caller as well as dump to our loggers. // String outgoingResponseString = ""; - if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) { - // - // Get it as a String. This is not very efficient but we need to log our - // results for auditing. - // - outgoingResponseString = JSONResponse.toString(pdpResponse, logger.isDebugEnabled()); - if (logger.isDebugEnabled()) { - logger.debug(outgoingResponseString); + try{ + if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) { // - // Get rid of whitespace + // Get it as a String. This is not very efficient but we need to log our + // results for auditing. // - outgoingResponseString = JSONResponse.toString(pdpResponse, false); - } - } else if ( contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType()) || - contentType.getMimeType().equalsIgnoreCase("application/xacml+xml")) { - // - // Get it as a String. This is not very efficient but we need to log our - // results for auditing. - // - outgoingResponseString = DOMResponse.toString(pdpResponse, logger.isDebugEnabled()); - if (logger.isDebugEnabled()) { - logger.debug(outgoingResponseString); + outgoingResponseString = JSONResponse.toString(pdpResponse, logger.isDebugEnabled()); + if (logger.isDebugEnabled()) { + logger.debug(outgoingResponseString); + // + // Get rid of whitespace + // + outgoingResponseString = JSONResponse.toString(pdpResponse, false); + } + } else if ( contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType()) || + contentType.getMimeType().equalsIgnoreCase("application/xacml+xml")) { // - // Get rid of whitespace + // Get it as a String. This is not very efficient but we need to log our + // results for auditing. // - outgoingResponseString = DOMResponse.toString(pdpResponse, false); + outgoingResponseString = DOMResponse.toString(pdpResponse, logger.isDebugEnabled()); + if (logger.isDebugEnabled()) { + logger.debug(outgoingResponseString); + // + // Get rid of whitespace + // + outgoingResponseString = DOMResponse.toString(pdpResponse, false); + } + } + // adding the jmx values for NA, Permit and Deny + // + if (outgoingResponseString.contains("NotApplicable") || outgoingResponseString.contains("Decision not a Permit")){ + monitor.pdpEvaluationNA(); } - } - // adding the jmx values for NA, Permit and Deny - // - if (outgoingResponseString.contains("NotApplicable") || outgoingResponseString.contains("Decision not a Permit")){ - monitor.pdpEvaluationNA(); - } - if (outgoingResponseString.contains("Permit") && !outgoingResponseString.contains("Decision not a Permit")){ - monitor.pdpEvaluationPermit(); - } + if (outgoingResponseString.contains("Permit") && !outgoingResponseString.contains("Decision not a Permit")){ + monitor.pdpEvaluationPermit(); + } - if (outgoingResponseString.contains("Deny")){ - monitor.pdpEvaluationDeny(); + if (outgoingResponseString.contains("Deny")){ + monitor.pdpEvaluationDeny(); + } + // + // lTimeStart is used as an ID within the requestLogger to match up + // request's with responses. + // + requestLogger.info(lTimeStart + "=" + outgoingResponseString); + response.getWriter().print(outgoingResponseString); + }catch(Exception e){ + logger.error("Exception Occured"+e ); } - // - // lTimeStart is used as an ID within the requestLogger to match up - // request's with responses. - // - requestLogger.info(lTimeStart + "=" + outgoingResponseString); - response.getWriter().print(outgoingResponseString); } catch (Exception e) { String message = "Exception executing request: " + e; @@ -1062,7 +1158,11 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + try{ + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + }catch(Exception e1){ + logger.error("Exception occured while sending error in response" +e1); + } return; } @@ -1159,7 +1259,7 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { Class createUpdateclass = Class.forName(createUpdateResourceName); createUpdatePolicyConstructor = createUpdateclass.getConstructor(PolicyParameters.class, String.class, boolean.class); }catch(Exception e){ - PolicyLogger.error(MessageCodes.MISS_PROPERTY_ERROR, "createUpdatePolicy.impl.className", "xacml.pdp.init"); + PolicyLogger.error(MessageCodes.MISS_PROPERTY_ERROR, "createUpdatePolicy.impl.className", "xacml.pdp.init" +e); throw new ServletException("Could not find the Class name : " +createUpdateResourceName + "\n" +e.getMessage()); } } diff --git a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/api/services/CreateUpdatePolicyServiceImpl.java b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/api/services/CreateUpdatePolicyServiceImpl.java index 6112c42ce..cf2171137 100644 --- a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/api/services/CreateUpdatePolicyServiceImpl.java +++ b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/api/services/CreateUpdatePolicyServiceImpl.java @@ -222,9 +222,9 @@ public class CreateUpdatePolicyServiceImpl implements CreateUpdatePolicyService return false; } if (policyParameters.getPolicyName().contains(".")) { - policyName = policyParameters.getPolicyName().substring(policyParameters.getPolicyName().lastIndexOf(".") + 1, + policyName = policyParameters.getPolicyName().substring(policyParameters.getPolicyName().lastIndexOf('.') + 1, policyParameters.getPolicyName().length()); - policyScope = policyParameters.getPolicyName().substring(0,policyParameters.getPolicyName().lastIndexOf(".")); + policyScope = policyParameters.getPolicyName().substring(0,policyParameters.getPolicyName().lastIndexOf('.')); LOGGER.info("Name is " + policyName + " scope is " + policyScope); } else { message = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; diff --git a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/api/services/PAPServices.java b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/api/services/PAPServices.java index 66a557056..aea058d37 100644 --- a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/api/services/PAPServices.java +++ b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/api/services/PAPServices.java @@ -230,7 +230,7 @@ public class PAPServices { try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"PAPs List is empty."); } catch (Exception e) { - LOGGER.error(e.getMessage()); + LOGGER.error(e.getMessage() + e); } }else { int papsCount = 0; @@ -319,7 +319,7 @@ public class PAPServices { try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP ", e); } catch (Exception e1) { - LOGGER.error(e1.getMessage()); + LOGGER.error(e1.getMessage() + e1); } } @@ -328,7 +328,7 @@ public class PAPServices { try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP "); } catch (Exception e) { - LOGGER.error(e.getMessage()); + LOGGER.error(e.getMessage() + e); } } } @@ -390,7 +390,7 @@ public class PAPServices { scanner.close(); } catch (IOException e1) { - LOGGER.error(e1.getMessage()); + LOGGER.error(e1.getMessage() + e1); } response = "Transaction ID: " + requestID + " --Dictionary Items Retrieved " + json; } else if ("getMetrics".equals(operation)) { diff --git a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/config/PDPApiAuth.java b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/config/PDPApiAuth.java index c4573cc0d..5c3dcad60 100644 --- a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/config/PDPApiAuth.java +++ b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/config/PDPApiAuth.java @@ -22,7 +22,6 @@ package org.openecomp.policy.pdp.rest.config; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; -import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.util.ArrayList; @@ -35,7 +34,8 @@ import java.util.StringTokenizer; import org.openecomp.policy.api.PolicyEngineException; import org.openecomp.policy.common.logging.eelf.MessageCodes; -import org.openecomp.policy.common.logging.eelf.PolicyLogger; +import org.openecomp.policy.common.logging.flexlogger.FlexLogger; +import org.openecomp.policy.common.logging.flexlogger.Logger; import org.openecomp.policy.rest.XACMLRestProperties; import org.openecomp.policy.utils.AAFPolicyClient; import org.openecomp.policy.utils.AAFPolicyException; @@ -45,144 +45,145 @@ import org.openecomp.policy.xacml.api.XACMLErrorConstants; import com.att.research.xacml.util.XACMLProperties; public class PDPApiAuth { - private static String environment = null; - private static Path clientPath = null; - private static Map> clientMap = null; - private static Long oldModified = null; - private static AAFPolicyClient aafClient = null; - - private PDPApiAuth(){ - // Private Constructor - } - - /* - * Set Property by reading the properties File. - */ - public static void setProperty() { - environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL"); - String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE); - if(clientFile!=null){ - clientPath = Paths.get(clientFile); - } - try { - aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties()); - } catch (AAFPolicyException | IOException e) { - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly."); - } - } - - /* - * Return Environment value of the PDP servlet. - */ - public static String getEnvironment() { - if(environment==null){ - setProperty(); - } - return environment; - } + private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class); - /* - * Security check for authentication and authorizations. - */ - public static boolean checkPermissions(String clientEncoding, String requestID, - String resource) { - try{ - String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding); - if(userNamePass==null || userNamePass.length==0){ - String usernameAndPassword = null; - byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding); - usernameAndPassword = new String(decodedBytes, "UTF-8"); - StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); - String username = tokenizer.nextToken(); - String password = tokenizer.nextToken(); - userNamePass= new String[]{username, password}; - } - PolicyLogger.info("User " + userNamePass[0] + " is Accessing Policy Engine API."); - Boolean result = false; - // Check Backward Compatibility. - try{ - result = clientAuth(userNamePass); - }catch(Exception e){ - PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS, e, ""); - } - if(!result){ - try{ - String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace"); - String aafResource = XACMLProperties.getProperty("policy.aaf.resource"); - if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){ - userNamePass[0] = userNamePass[0] + "@" + aafPolicyNameSpace; - } - if(aafResource != null){ - resource = aafResource + resource; - } - PolicyLogger.info("Contacting AAF in : " + environment); - result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], resource, environment, ".*"); - }catch (NullPointerException e){ - result = false; - } - } - return result; - }catch(Exception e){ - PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS, e, ""); - return false; - } - } + private static String environment = null; + private static Path clientPath = null; + private static Map> clientMap = null; + private static Long oldModified = null; + private static AAFPolicyClient aafClient = null; - private static Boolean clientAuth(String[] userNamePass) throws Exception{ - if(clientPath==null){ - setProperty(); - } - if (Files.notExists(clientPath)) { - return false; - }else if(clientPath.toString().endsWith(".properties")) { - try { - readProps(clientPath); - if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { - return true; - } - }catch(PolicyEngineException e){ - return false; - } - } - return false; - } - - private static Map> readProps(Path clientPath) throws PolicyEngineException{ - if(oldModified!=null){ - Long newModified = clientPath.toFile().lastModified(); - if (newModified == oldModified) { - return clientMap; - } - } - InputStream in; - Properties clientProp = new Properties(); - try { - in = new FileInputStream(clientPath.toFile()); - clientProp.load(in); - } catch (IOException e) { - PolicyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e); - throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e); - } - // Read the Properties and Load the Clients and their scopes. - clientMap = new HashMap<>(); - // - for (Object propKey : clientProp.keySet()) { - String clientID = (String)propKey; - String clientValue = clientProp.getProperty(clientID); - if (clientValue != null) { - if (clientValue.contains(",")) { - ArrayList clientValues = new ArrayList(Arrays.asList(clientValue.split("\\s*,\\s*"))); - if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){ - clientMap.put(clientID, clientValues); - } - } - } - } - if (clientMap.isEmpty()) { - PolicyLogger.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); - throw new PolicyEngineException("Empty Client file"); - } - oldModified = clientPath.toFile().lastModified(); - return clientMap; - } -} + private PDPApiAuth(){ + // Private Constructor + } + + /* + * Set Property by reading the properties File. + */ + public static void setProperty() { + environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL"); + String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE); + if(clientFile!=null){ + clientPath = Paths.get(clientFile); + } + try { + aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties()); + } catch (AAFPolicyException | IOException e) { + LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly."); + } + } + + /* + * Return Environment value of the PDP servlet. + */ + public static String getEnvironment() { + if(environment==null){ + setProperty(); + } + return environment; + } + + /* + * Security check for authentication and authorizations. + */ + public static boolean checkPermissions(String clientEncoding, String requestID, + String resource) { + try{ + String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding); + if(userNamePass==null || userNamePass.length==0){ + String usernameAndPassword = null; + byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding); + usernameAndPassword = new String(decodedBytes, "UTF-8"); + StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); + String username = tokenizer.nextToken(); + String password = tokenizer.nextToken(); + userNamePass= new String[]{username, password}; + } + LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API."); + Boolean result = false; + // Check Backward Compatibility. + try{ + result = clientAuth(userNamePass); + }catch(Exception e){ + LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); + } + if(!result){ + String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace"); + String aafResource = XACMLProperties.getProperty("policy.aaf.resource"); + if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){ + userNamePass[0] = userNamePass[0] + "@" + aafPolicyNameSpace; + }else{ + LOGGER.info("No AAF NameSpace specified in properties"); + } + if(aafResource != null){ + resource = aafResource + resource; + }else{ + LOGGER.info("No AAF Resource specified in properties"); + } + LOGGER.info("Contacting AAF in : " + environment); + result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], resource, environment, ".*"); + } + return result; + }catch(Exception e){ + LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); + return false; + } + } + + private static Boolean clientAuth(String[] userNamePass){ + if(clientPath==null){ + setProperty(); + } + if (!clientPath.toFile().exists()) { + return false; + }else if(clientPath.toString().endsWith(".properties")) { + try { + readProps(clientPath); + if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { + return true; + } + }catch(PolicyEngineException e){ + LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); + return false; + } + } + return false; + } + + private static Map> readProps(Path clientPath) throws PolicyEngineException{ + if(oldModified!=null){ + Long newModified = clientPath.toFile().lastModified(); + if (newModified == oldModified) { + return clientMap; + } + } + InputStream in; + Properties clientProp = new Properties(); + try { + in = new FileInputStream(clientPath.toFile()); + clientProp.load(in); + } catch (IOException e) { + LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e); + throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e); + } + // Read the Properties and Load the Clients and their scopes. + clientMap = new HashMap<>(); + // + for (Object propKey : clientProp.keySet()) { + String clientID = (String)propKey; + String clientValue = clientProp.getProperty(clientID); + if (clientValue != null && clientValue.contains(",")) { + ArrayList clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*"))); + if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){ + clientMap.put(clientID, clientValues); + } + } + } + if (clientMap.isEmpty()) { + LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); + throw new PolicyEngineException("Empty Client file"); + } + oldModified = clientPath.toFile().lastModified(); + return clientMap; + } +} \ No newline at end of file diff --git a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/notifications/NotificationController.java b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/notifications/NotificationController.java index 214151d16..57678461d 100644 --- a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/notifications/NotificationController.java +++ b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/notifications/NotificationController.java @@ -22,12 +22,10 @@ package org.openecomp.policy.pdp.rest.notifications; import java.io.File; import java.io.FileFilter; -import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; import java.nio.file.Files; @@ -172,7 +170,7 @@ public class NotificationController { NotificationServer.setUpdate(notificationJSON); ManualNotificationUpdateThread.setUpdate(notificationJSON); } catch (JsonProcessingException e) { - LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e.getMessage()); + LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e.getMessage() +e); } } } @@ -182,7 +180,7 @@ public class NotificationController { try { NotificationServer.sendNotification(notificationJSON, propNotificationType, pdpURL); } catch (Exception e) { - LOGGER.info(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error in sending the Event Notification: "+ e.getMessage()); + LOGGER.info(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error in sending the Event Notification: "+ e.getMessage() + e); } notificationFlag = false; } @@ -321,7 +319,7 @@ public class NotificationController { try { json = om.writeValueAsString(record); } catch (JsonProcessingException e) { - LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e.getMessage()); + LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e.getMessage() + e); } LOGGER.info(json); return json; @@ -408,11 +406,7 @@ public class NotificationController { IOUtils.copy(is, os); break; } - } catch (MalformedURLException e) { - LOGGER.error(e + e.getMessage()); - } catch(FileNotFoundException e){ - LOGGER.error(e + e.getMessage()); - } catch (IOException e) { + } catch (Exception e) { LOGGER.error(e + e.getMessage()); } papUrls.getNext(); diff --git a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/notifications/NotificationServer.java b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/notifications/NotificationServer.java index 55ab760af..9bd2e1f20 100644 --- a/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/notifications/NotificationServer.java +++ b/ECOMP-PDP-REST/src/main/java/org/openecomp/policy/pdp/rest/notifications/NotificationServer.java @@ -95,7 +95,7 @@ public class NotificationServer { session.getBasicRemote().sendText(update); session.close(); } catch (IOException e) { - LOGGER.info(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error in sending the Event Notification: "+ e.getMessage()); + LOGGER.info(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error in sending the Event Notification: "+ e.getMessage() + e); LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error sending Message update"); } } @@ -142,13 +142,13 @@ public class NotificationServer { } catch (MalformedURLException e1) { LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error creating the UEB publisher" + e1.getMessage()); } catch (GeneralSecurityException e1) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error creating the UEB publisher" + e1.getMessage()); + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error creating the UEB publisher" + e1.getMessage() +e1); } if(pub != null){ try { pub.send( "MyPartitionKey", notification ); } catch (IOException e) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error sending notification update" + e.getMessage()); + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error sending notification update" + e.getMessage() + e); } // close the publisher. The batching publisher does not send events // immediately, so you MUST use close to send any remaining messages. @@ -203,7 +203,7 @@ public class NotificationServer { publisher.close(); } catch (Exception e) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error sending notification update" + e.getMessage()); + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error sending notification update" + e.getMessage() + e); } } @@ -211,7 +211,7 @@ public class NotificationServer { try { session.getBasicRemote().sendText(notification); } catch (IOException e) { - LOGGER.info(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error in sending the Event Notification: "+ e.getMessage()); + LOGGER.info(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error in sending the Event Notification: "+ e.getMessage() + e); } } NotificationService.sendNotification(notification); -- cgit 1.2.3-korg