From c2ca6ea5cb44103903e1409e8dd6db80167e61e8 Mon Sep 17 00:00:00 2001 From: liamfallon Date: Thu, 24 Oct 2019 21:33:45 -0400 Subject: CHeckstyle and JUnit for base package in ONAP-REST Added unit tests and fixed checkstyle and SONAR issues in the base package of ONAPE-REST There was a lot of knock-on automatic changes done by Eclipse when I renamed the class XACMLRestProperties to XacmlRestProperties so ignore the changes in all but the ONAP-REST package. I also didn't update the licenses on files on those classes because the changes were automatic. Issue-ID: POLICY-2131 Change-Id: I28823c844b5192f8d56de76a727996b13e7ea4a6 Signed-off-by: liamfallon --- .../main/java/org/onap/policy/rest/XACMLRest.java | 220 ---------- .../org/onap/policy/rest/XACMLRestProperties.java | 469 --------------------- .../onap/policy/rest/XacmlAdminAuthorization.java | 10 +- .../main/java/org/onap/policy/rest/XacmlRest.java | 242 +++++++++++ .../org/onap/policy/rest/XacmlRestProperties.java | 450 ++++++++++++++++++++ .../org/onap/policy/rest/util/MSModelUtils.java | 5 +- .../java/org/onap/policy/rest/XACMLRestTest.java | 111 ----- .../policy/rest/XacmlAdminAuthorizationTest.java | 38 ++ .../java/org/onap/policy/rest/XacmlRestTest.java | 304 +++++++++++++ 9 files changed, 1043 insertions(+), 806 deletions(-) delete mode 100644 ONAP-REST/src/main/java/org/onap/policy/rest/XACMLRest.java delete mode 100644 ONAP-REST/src/main/java/org/onap/policy/rest/XACMLRestProperties.java create mode 100644 ONAP-REST/src/main/java/org/onap/policy/rest/XacmlRest.java create mode 100644 ONAP-REST/src/main/java/org/onap/policy/rest/XacmlRestProperties.java delete mode 100644 ONAP-REST/src/test/java/org/onap/policy/rest/XACMLRestTest.java create mode 100644 ONAP-REST/src/test/java/org/onap/policy/rest/XacmlAdminAuthorizationTest.java create mode 100644 ONAP-REST/src/test/java/org/onap/policy/rest/XacmlRestTest.java (limited to 'ONAP-REST/src') diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/XACMLRest.java b/ONAP-REST/src/main/java/org/onap/policy/rest/XACMLRest.java deleted file mode 100644 index 7cced5667..000000000 --- a/ONAP-REST/src/main/java/org/onap/policy/rest/XACMLRest.java +++ /dev/null @@ -1,220 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP-REST - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.rest; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Map; -import java.util.Properties; -import java.util.Set; - -import javax.servlet.ServletConfig; -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.onap.policy.common.logging.eelf.MessageCodes; -import org.onap.policy.common.logging.eelf.PolicyLogger; - -import com.att.research.xacml.util.XACMLProperties; - - -/** - * This static class is used by both the PDP and PAP servlet's. It contains some common - * static functions and objects used by both the servlet's. - * - * - */ -public class XACMLRest { - private static final Log logger = LogFactory.getLog(XACMLRest.class); - private static Properties restProperties = new Properties(); - - private XACMLRest(){ - // Empty constructor - } - /** - * This must be called during servlet initialization. It sets up the xacml.?.properties - * file as a system property. If the System property is already set, then it does not - * do anything. This allows the developer to specify their own xacml.properties file to be - * used. They can 1) modify the default properties that comes with the project, or 2) change - * the WebInitParam annotation, or 3) specify an alternative path in the web.xml, or 4) set - * the Java System property to point to their xacml.properties file. - * - * The recommended way of overriding the default xacml.properties file is using a Java System - * property: - * - * -Dxacml.properties=/opt/app/xacml/etc/xacml.admin.properties - * - * This way one does not change any actual code or files in the project and can leave the - * defaults alone. - * - * @param config - The servlet config file passed from the javax servlet init() function - */ - public static void xacmlInit(ServletConfig config) { - // - // Get the XACML Properties File parameter first - // - String propFile = config.getInitParameter("XACML_PROPERTIES_NAME"); - if (propFile != null) { - // - // Look for system override - // - String xacmlPropertiesName = System.getProperty(XACMLProperties.XACML_PROPERTIES_NAME); - logger.info("\n\n" + xacmlPropertiesName + "\n" + XACMLProperties.XACML_PROPERTIES_NAME); - if (xacmlPropertiesName == null) { - // - // Set it to our servlet default - // - if (logger.isDebugEnabled()) { - logger.debug("Using Servlet Config Property for XACML_PROPERTIES_NAME:" + propFile); - } - System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, propFile); - } else { - if (logger.isDebugEnabled()) { - logger.debug("Using System Property for XACML_PROPERTIES_NAME:" + xacmlPropertiesName); - } - } - } - // - // Setup the remaining properties - // - Enumeration params = config.getInitParameterNames(); - while (params.hasMoreElements()) { - String param = params.nextElement(); - if (! "XACML_PROPERTIES_NAME".equals(param)) { - String value = config.getInitParameter(param); - PolicyLogger.info(param + "=" + config.getInitParameter(param)); - restProperties.setProperty(param, value); - } - } - } - - /** - * Reset's the XACMLProperties internal properties object so we start - * in a fresh environment. Then adds back in our Servlet init properties that were - * passed in the javax Servlet init() call. - * - * This function is primarily used when a new configuration is passed in and the - * PDP servlet needs to load a new PDP engine instance. - * - * @param pipProperties - PIP configuration properties - * @param policyProperties - Policy configuration properties - */ - public static void loadXacmlProperties(Properties policyProperties, Properties pipProperties) { - try { - // - // Start fresh - // - XACMLProperties.reloadProperties(); - // - // Now load our init properties - // - XACMLProperties.getProperties().putAll(XACMLRest.restProperties); - // - // Load our policy properties - // - if (policyProperties != null) { - XACMLProperties.getProperties().putAll(policyProperties); - } - // - // Load our pip config properties - // - if (pipProperties != null) { - XACMLProperties.getProperties().putAll(pipProperties); - } - } catch (IOException e) { - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "Failed to put init properties into Xacml properties"); - } - // - // Dump them - // - if (logger.isDebugEnabled()) { - try { - logger.debug(XACMLProperties.getProperties().toString()); - } catch (IOException e) { - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "Cannot dump properties"); - } - } - } - - /** - * Helper routine to dump the HTTP servlet request being serviced. Primarily for debugging. - * - * @param request - Servlet request (from a POST/GET/PUT/etc.) - */ - public static void dumpRequest(HttpServletRequest request) { - if (!logger.isDebugEnabled()) { - return; - } - - // special-case for receiving heartbeat - don't need to repeatedly output all of the information in multiple lines - if ("GET".equals(request.getMethod()) && "hb".equals(request.getParameter("type")) ) { - PolicyLogger.debug("GET type=hb : heartbeat received"); - return; - } - logger.debug(request.getMethod() + ":" + request.getRemoteAddr() + " " + request.getRemoteHost() + " " + request.getRemotePort()); - logger.debug(request.getLocalAddr() + " " + request.getLocalName() + " " + request.getLocalPort()); - Enumeration en = request.getHeaderNames(); - logger.debug("Headers:"); - while (en.hasMoreElements()) { - String element = en.nextElement(); - Enumeration values = request.getHeaders(element); - while (values.hasMoreElements()) { - String value = values.nextElement(); - logger.debug(element + ":" + value); - } - } - logger.debug("Attributes:"); - en = request.getAttributeNames(); - while (en.hasMoreElements()) { - String element = en.nextElement(); - logger.debug(element + ":" + request.getAttribute(element)); - } - logger.debug("ContextPath: " + request.getContextPath()); - if ("PUT".equals(request.getMethod()) || "POST".equals(request.getMethod())) { - // POST and PUT are allowed to have parameters in the content, but in our usage the parameters are always in the Query string. - // More importantly, there are cases where the POST and PUT content is NOT parameters (e.g. it might contain a Policy file). - // Unfortunately the request.getParameterMap method reads the content to see if there are any parameters, - // and once the content is read it cannot be read again. - // Thus for PUT and POST we must avoid reading the content here so that the main code can read it. - logger.debug("Query String:" + request.getQueryString()); - try { - if (request.getInputStream() == null) { - logger.debug("Content: No content inputStream"); - } else { - logger.debug("Content available: " + request.getInputStream().available()); - } - } catch (Exception e) { - logger.debug("Content: inputStream exception: " + e.getMessage() + "; (May not be relevant)" +e); - } - } else { - logger.debug("Parameters:"); - Map params = request.getParameterMap(); - Set keys = params.keySet(); - for (String key : keys) { - String[] values = params.get(key); - logger.debug(key + "(" + values.length + "): " + (values.length > 0 ? values[0] : "")); - } - } - logger.debug("Request URL:" + request.getRequestURL()); - } -} diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/XACMLRestProperties.java b/ONAP-REST/src/main/java/org/onap/policy/rest/XACMLRestProperties.java deleted file mode 100644 index f7f887cef..000000000 --- a/ONAP-REST/src/main/java/org/onap/policy/rest/XACMLRestProperties.java +++ /dev/null @@ -1,469 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP-REST - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.rest; - -import com.att.research.xacml.util.XACMLProperties; - -/** - * These are XACML Properties that are relevant to the RESTful API interface for - * the PDP, PAP and AC interfaces. - * - * - */ -public class XACMLRestProperties extends XACMLProperties { - /** - * A unique identifier for the PDP servlet instance. Usually set to the URL - * it is running as in the J2EE container. - * - * Eg. http://localhost:8080/pdp/ - */ - public static final String PROP_PDP_ID = "xacml.rest.pdp.id"; - /** - * A PDP servlet's configuration directory. Holds the pip and policy - * configuration data as well as the local policy cache. - * - * Eg: /opt/app/xacml/config - */ - public static final String PROP_PDP_CONFIG = "xacml.rest.pdp.config"; - // Resilience feature- - public static final String PROP_PDP_WEBAPPS = "xacml.rest.pdp.webapps"; - //Closed Loop JSON table - public static final String PROP_ADMIN_CLOSEDLOOP = "xacml.rest.admin.closedLoopJSON"; - /** - * Set this property to true or false if the PDP servlet should register - * itself upon startup with the PAP servlet. - */ - public static final String PROP_PDP_REGISTER = "xacml.rest.pdp.register"; - /** - * Number of seconds the PDP will sleep while retrying registration with the - * PAP. This value must be greater or equal to 5. - */ - public static final String PROP_PDP_REGISTER_SLEEP = "xacml.rest.pdp.register.sleep"; - /** - * Number of retry attempts at registration with the PAP. A value of -1 - * indicates infinite retries. - */ - public static final String PROP_PDP_REGISTER_RETRIES = "xacml.rest.pdp.register.retries"; - /** - * Max content length accepted for an incoming POST XML/JSON request. - * Default is 32767 bytes. - */ - public static final String PROP_PDP_MAX_CONTENT = "xacml.rest.pdp.maxcontent"; - /** - * Custom HTTP header used by PDP to send the value of the PROP_PDP_ID - */ - public static final String PROP_PDP_HTTP_HEADER_ID = "X-XACML-PDP-ID"; - /** - * Custom HHTP header used by PDP to send its heartbeat value. - */ - public static final String PROP_PDP_HTTP_HEADER_HB = "X-XACML-PDP-HB"; - /* - * Custom HTTP header used by PDP to send the value of the - * X-XACML-PDP-JMX-PORT - */ - public static final String PROP_PDP_HTTP_HEADER_JMX_PORT = "X-XACML-PDP-JMX-PORT"; - /** - * The URL of the PAP servlet. Used by PDP servlet's to communicate. Because - * administrators can set whatever context they want to run the PAP servlet, - * it isn't easy to determine a return URL for the PAP servlet. This is - * especially true upon initialization. - */ - public static final String PROP_PAP_URL = "xacml.rest.pap.url"; - /** - * A comma divided list of urls pointing to avaiable PAP urls. - * If one or more fail, the other servers in the list can - * handle the requests. - */ - public static final String PROP_PAP_URLS = "xacml.rest.pap.urls"; - public static final String PROP_PAP_FAILED_URLS = "xacml.rest.pap.failedUrls"; - public static final String PROP_PAP_SUCCEEDED_URLS = "xacml.rest.pap.succeededUrls"; - - /** - * Upon startup, have the PAP servlet send latest configuration information - * to all the PDP nodes it knows about. - */ - public static final String PROP_PAP_INITIATE_PDP_CONFIG = "xacml.rest.pap.initiate.pdp"; - /** - * The interval the PAP servlet uses to send heartbeat requests to the PDP - * nodes. - */ - public static final String PROP_PAP_HEARTBEAT_INTERVAL = "xacml.rest.pap.heartbeat.interval"; - /** - * Timeout value used by the PAP servlet when trying to check the heartbeat - * of a PDP node. - */ - public static final String PROP_PAP_HEARTBEAT_TIMEOUT = "xacml.rest.pap.heartbeat.timeout"; - /* - * This is the domain you can setup for your organization, it should be a URI. - * Eg. com:sample:foo - */ - public static final String PROP_PAP_DOMAIN = "xacml.rest.pap.domain"; - - /* - * Local path to where user workspaces exist. The user workspace contains temporary files, the - * user's clone of the GIT repository, anything specific to the user, etc. - */ - public static final String PROP_PAP_WORKSPACE = "xacml.rest.pap.workspace"; - - /* - * Local path to where the GIT repository exists. - * - * Eg. /opt/app/xacml/repository - */ - public static final String PROP_PAP_REPOSITORY = "xacml.rest.pap.repository"; - - /* - * Database driver property - */ - public static final String PROP_PAP_DB_DRIVER = "javax.persistence.jdbc.driver"; - - /* - * Database url - */ - public static final String PROP_PAP_DB_URL = "javax.persistence.jdbc.url"; - - /* - * Database user - */ - public static final String PROP_PAP_DB_USER = "javax.persistence.jdbc.user"; - - /* - * Database password - */ - public static final String PROP_PAP_DB_PASSWORD = "javax.persistence.jdbc.password"; - - /* - * Time in ms which a Policy DB transaction will wait to get the transaction lock object - */ - public static final String PROP_PAP_TRANS_WAIT = "xacml.rest.pap.transaction.waitms"; - - /* - * Policy DB transaction timeout in ms after it has obtained the transaction lock object - */ - public static final String PROP_PAP_TRANS_TIMEOUT = "xacml.rest.pap.transaction.timeoutms"; - - /* - * Policy Audit transaction timeout in ms after it has obtained the transaction lock object - */ - public static final String PROP_PAP_AUDIT_TIMEOUT = "xacml.rest.pap.audit.timeoutms"; - - /* - * Value determines direction of audit. Value=true will synch the file system to contents of the DB. - * Value=false will synch the DB to the contents of the file system. - */ - public static final String PROP_PAP_AUDIT_FLAG = "xacml.rest.pap.filesystem.audit"; - - /* - * Value for enable/disable of audit functionality - */ - public static final String PROP_PAP_RUN_AUDIT_FLAG = "xacml.rest.pap.run.audit.flag"; - - /* - * Controls how long the timeout will be when a pap sends a notification to another pap - */ - public static final String PROP_PAP_NOTIFY_TIMEOUT = "xacml.rest.pap.notify.timeoutms"; - /* - * Value for Enable/Disable of AutoPush Flag. - */ - public static final String PROP_PAP_PUSH_FLAG = "xacml.rest.pap.autopush.flag"; - - /* - * Properties file for the AutoPush Functionality. - */ - public static final String PROP_PAP_PUSH_FILE = "xacml.rest.pap.autopush.file"; - - /* - * Local path to where the GIT repository exists. - * - * Eg. /opt/app/xacml/repository - */ - public static final String PROP_ADMIN_REPOSITORY = "xacml.rest.admin.repository"; - /* - * Local path to where user workspaces exist. The user workspace contains - * temporary files, the user's clone of the GIT repository, anything - * specific to the user, etc. - */ - public static final String PROP_ADMIN_WORKSPACE = "xacml.rest.admin.workspace"; - /* - * This is the domain you can setup for your organization, it should be a - * URI. - * - * Eg. com:sample:foo - */ - public static final String PROP_ADMIN_DOMAIN = "xacml.rest.admin.domain"; - /** - * PROP_ADMIN_USER_NAME is simply a name for the logged in user. - * - * AC authentication is out the scope of the web application itself. It is - * up to the developer to setup authentication as they please in the J2EE - * container used to run the web application. Whatever authentication - * mechanism they use, they should then set the attribute into the - * HttpSession object. The Admin Console will be able to read that value - * (default to "guest") in. - * - * ((HttpServletRequest) - * request).getSession().setAttribute("xacml.rest.admin.user.name", - * "Homer"); - * - */ - public static final String PROP_ADMIN_USER_NAME = "xacml.rest.admin.user.name"; - /** - * - * PROP_ADMIN_USER_ID is an id for the logged in user. - * - * Eg. hs1234 - * - * @see #PROP_ADMIN_USER_NAME for more information. - */ - public static final String PROP_ADMIN_USER_ID = "xacml.rest.admin.user.id"; - /** - * - * PROP_ADMIN_USER_EMAIL is a user's email address. - * - * @see #PROP_ADMIN_USER_NAME for more information. - */ - public static final String PROP_ADMIN_USER_EMAIL = "xacml.rest.admin.user.email"; - /** - * Directory path containing sub-directories where the Subscriber servlet - * puts files sent through data feeds. - */ - public static final String PROP_SUBSCRIBER_INCOMING = "xacml.subscriber.incoming"; - /** - * The specific data feed name for the Subscriber servlet to register for. - */ - public static final String PROP_SUBSCRIBER_FEED = "xacml.subscriber.feed"; - /** - * Value for the log time frame that is to be stored in the database any - * logs after this time frame will be removed. - */ - public static final String PROP_LOG_TIMEFRAME = "xacml.log.timeframe"; - /** - * Value for the DB connections used to store the log files. - */ - public static final String PROP_LOG_DB_DRIVER = "xacml.log.db.driver"; - public static final String PROP_LOG_DB_URL = "xacml.log.db.url"; - public static final String PROP_LOG_DB_USER = "xacml.log.db.user"; - public static final String PROP_LOG_DB_PASSWORD = "xacml.log.db.password"; - /* - * Value for JMX port for the PDP - */ - public static final String PROP_PDP_JMX_PORT = "xacml.jmx.port"; - - /* - * Value for refresh rate - */ - public static final String PROP_REFRESH_RATE = "xacml.refresh.rate"; - - // added for Security between Policy Components. - // 6/26 - /* - * PROP_PAP_USERID is the PAP Unique User ID - */ - public static final String PROP_PAP_USERID = "xacml.rest.pap.userid"; - /* - * PROP_PAP_PASS is the PAP password - */ - public static final String PROP_PAP_PASS = "xacml.rest.pap.password"; - /* - * PROP_PAP_PASS is the PAP password - */ - public static final String PROP_CONFIG_URL = "xacml.rest.config.url"; - /* - * PROP_PDP_USERID is the PDP Unique User ID - */ - public static final String PROP_PDP_USERID = "xacml.rest.pdp.userid"; - /* - * PROP_PDP_PASS is the PDP password - */ - public static final String PROP_PDP_PASS = "xacml.rest.pdp.password"; - /* - * PROP_PDP_IDFILE is the PDP Authentication File - */ - public static final String PROP_PDP_IDFILE = "xacml.rest.pdp.idfile"; - /* - * PROP_PEP_IDFILE is the Client Authentication File - */ - public static final String PROP_PEP_IDFILE = "xacml.rest.pep.idfile"; - /* - * webapps Location of the PAP-REST server - */ - public static final String PROP_PAP_WEBAPPS= "xacml.rest.config.webapps"; - /* - * Value for Notification Option - */ - public static final String PROP_NOTIFICATION_TYPE = "NOTIFICATION_TYPE"; - /* - * Value for Notification DMaaP servers - */ - public static final String PROP_NOTIFICATION_SERVERS = "NOTIFICATION_SERVERS"; - /* - * Value for Notification Delay - */ - public static final String PROP_NOTIFICATION_DELAY= "NOTIFICATION_DELAY"; - /* - * Value for Notification Topic - */ - public static final String PROP_NOTIFICATION_TOPIC= "NOTIFICATION_TOPIC"; - /* - * Value for Notification Topic - */ - public static final String PROP_UEB_API_KEY= "UEB_API_KEY"; - /* - * Value for Notification Topic - */ - public static final String PROP_UEB_API_SECRET= "UEB_API_SECRET"; - /* - * Closedloop Fault Policy Template Version - */ - public static final String TemplateVersion_Fault= "xacml.rest.closedLoopFault"; - /* - * Closedloop PM Policy Template Version - */ - public static final String TemplateVersion_PM= "xacml.rest.closedLoopPM"; - /* - * Value for model properties file - */ - public static final String PROP_ADMIN_MICROSERVICE = "xacml.rest.admin.microServiceModel"; - /* - * MicroService Policy Template Version - */ - public static final String TemplateVersion_MS= "xacml.rest.microServices"; - /* - * Optimization Policy Template Version - */ - public static final String TemplateVersion_OOF= "xacml.rest.optimization"; - /* - * Firewall Policy Template Version - */ - public static final String TemplateVersion_FW= "xacml.rest.firewallPolicy"; - /* - * Size of SelectList for Users in MS - * - */ - public static final String PROP_USER_SELECTLIST_WINDOW_SIZE= "xacml.user.column.count"; - /* - * Audit function in pap admin to Update userinfo table to syncronize with Roles table - */ - public static final String PROP_ROLES_USERINFO_AUDIT= "xacml.audit.userInfo"; - /* - * test Environment LoginId - */ - public static final String PROP_TEST_ENVIRONMENT_LOGINID= "xacml.testEnvironment.loginId"; - /* - * Size of of the page length for sqlcontainer - * - */ - public static final String PROP_SQLCONTAINER_PAGE_LENGTH= "xacml.sqlcontainer.page.length"; - /* - * add values used to connect to restful api - * - */ - public static final String PROP_RESTFUL_INTERFACE= "xacm.restful.interface.file"; - /* - * add pattern to identify what values are designed as required - * - */ - public static final String PROP_XCORE_REQUIRED_PATTERN= "xacm.xcor.required.pattern"; - /* - * Time before a cache value is evicted - * - */ - public static final String PROP_CACHE_LIVE_TIME= "xacm.cache.live.time"; - /* - * Highest value allowed in priority - * - */ - public static final String PROP_PRIORITY_COUNT= "xacml.max.priority.count"; - /* - * The name of the PAP. Must be unique across the system - */ - public static final String PAP_RESOURCE_NAME="xacml.rest.pap.resource.name"; - /* - * The name of the site in which the PAP resides - */ - public static final String PAP_SITE_NAME="site_name"; - /* - * The node type of the PAP - really a no-op since it's value is pap - */ - public static final String PAP_NODE_TYPE="node_type"; - /* - * A list of the groups of resources/nodes on which the PAP is dependent. The members of a - * group are comma-separated and the groups are separated with semicolons. - */ - public static final String PAP_DEPENDENCY_GROUPS="dependency_groups"; - /* - * The (optional) period of time in seconds between executions of the integrity audit. - * Value < 0 : Audit does not run (default value if property is not present = -1) - * Value = 0 : Audit runs continuously - * Value > 0 : The period of time in seconds between execution of the audit on a particular node - */ - public static final String PAP_INTEGRITY_AUDIT_PERIOD_SECONDS = "integrity_audit_period_seconds"; - /* - * The name of the Admin. Must be unique across the system - */ - public static final String ADMIN_RESOURCE_NAME="xacml.rest.admin.resource.name"; - /* - * The name of the PDP. Must be unique across the system - */ - public static final String PDP_RESOURCE_NAME="xacml.rest.pdp.resource.name"; - /* - * Audit function in pap admin to Update userinfo table to syncronize with Roles table - */ - public static final String PROP_AUTOMATIC_POLICYPUSH= "xacml.automatic.push"; - /* - * Add Limit for Onap Portal Dashboard tab data - */ - public static final String PROP_ONAP_LOGLIMIT = "xacml.onap.dashboard.logTableLimit"; - public static final String PROP_ONAP_SYSTEMALERTLIMIT = "xacml.onap.dashboard.systemAlertTableLimit"; - /* - * Diff of the policies for the Firewall Feature. - */ - public static final String PROP_FW_GETURL = "FW_GETURL"; - public static final String PROP_FW_AUTHOURL = "FW_AUTHOURL"; - public static final String PROP_FW_PROXY = "FW_PROXY"; - public static final String PROP_FW_PORT = "FW_PORT"; - - /* - * The number of Risk Levels allowed - */ - public static final String ADMIN_RISK_LEVEL_COUNT="xacml.risk.level.count"; - /* - * The maxium Level displayed on the UI for Micro Services - */ - public static final String PROP_MODEL_LEVEL = "xacml.model.level"; - - /* - * Value for Incoming Notification tries - * - * */ - public static final String PROP_PAP_INCOMINGNOTIFICATION_TRIES = "xacml.rest.pap.incomingnotification.tries"; - - /* - * The encryption key - */ - public static final String PROP_AES_KEY = "org.onap.policy.encryption.aes.key"; - - - // Static class, hide constructor - private XACMLRestProperties() { - super(); - } -} diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java index 184d1ff60..10b3cbfb4 100644 --- a/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java +++ b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java @@ -3,13 +3,14 @@ * ONAP-REST * ================================================================================ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -32,9 +33,10 @@ public class XacmlAdminAuthorization { String userRole; - Role(String a) { - this.userRole = a; + Role(String userRole) { + this.userRole = userRole; } + @Override public String toString() { return this.userRole; diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlRest.java b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlRest.java new file mode 100644 index 000000000..011fb8868 --- /dev/null +++ b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlRest.java @@ -0,0 +1,242 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP-REST + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd. + * Modifications Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.rest; + +import com.att.research.xacml.util.XACMLProperties; + +import java.io.IOException; +import java.util.Enumeration; +import java.util.Map; +import java.util.Properties; +import java.util.Set; + +import javax.servlet.ServletConfig; +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.onap.policy.common.logging.eelf.MessageCodes; +import org.onap.policy.common.logging.eelf.PolicyLogger; + +/** + * This static class is used by both the PDP and PAP servlet's. It contains some common static functions and objects + * used by both the servlet's. + * + * + */ +public class XacmlRest { + private static final Log logger = LogFactory.getLog(XacmlRest.class); + private static Properties restProperties = new Properties(); + + private XacmlRest() { + // Empty constructor + } + + /** + * This must be called during servlet initialization. It sets up the xacml.?.properties file as a system property. + * If the System property is already set, then it does not do anything. This allows the developer to specify their + * own xacml.properties file to be used. They can 1) modify the default properties that comes with the project, or + * 2) change the WebInitParam annotation, or 3) specify an alternative path in the web.xml, or 4) set the Java + * System property to point to their xacml.properties file. + * + *

The recommended way of overriding the default xacml.properties file is using a Java System property: + * -Dxacml.properties=/opt/app/xacml/etc/xacml.admin.properties + * + *

This way one does not change any actual code or files in the project and can leave the defaults alone. + * + * @param config - The servlet config file passed from the javax servlet init() function + */ + public static void xacmlInit(ServletConfig config) { + // + // Get the XACML Properties File parameter first + // + String propFile = config.getInitParameter("XACML_PROPERTIES_NAME"); + if (propFile != null) { + // + // Look for system override + // + String xacmlPropertiesName = System.getProperty(XACMLProperties.XACML_PROPERTIES_NAME); + logger.info("\n\n" + xacmlPropertiesName + "\n" + XACMLProperties.XACML_PROPERTIES_NAME); + if (xacmlPropertiesName == null) { + // + // Set it to our servlet default + // + if (logger.isDebugEnabled()) { + logger.debug("Using Servlet Config Property for XACML_PROPERTIES_NAME:" + propFile); + } + System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, propFile); + } else { + if (logger.isDebugEnabled()) { + logger.debug("Using System Property for XACML_PROPERTIES_NAME:" + xacmlPropertiesName); + } + } + } + // + // Setup the remaining properties + // + Enumeration params = config.getInitParameterNames(); + while (params.hasMoreElements()) { + String param = params.nextElement(); + if (!"XACML_PROPERTIES_NAME".equals(param)) { + String value = config.getInitParameter(param); + PolicyLogger.info(param + "=" + config.getInitParameter(param)); + restProperties.setProperty(param, value); + } + } + } + + /** + * Reset's the XACMLProperties internal properties object so we start in a fresh environment. Then adds back in our + * Servlet init properties that were passed in the javax Servlet init() call. + * + *

This function is primarily used when a new configuration is passed in and the PDP servlet needs to load a new + * PDP engine instance. + * + * @param pipProperties - PIP configuration properties + * @param policyProperties - Policy configuration properties + */ + public static void loadXacmlProperties(Properties policyProperties, Properties pipProperties) { + try { + // + // Start fresh + // + XACMLProperties.reloadProperties(); + // + // Now load our init properties + // + XACMLProperties.getProperties().putAll(XacmlRest.restProperties); + // + // Load our policy properties + // + if (policyProperties != null) { + XACMLProperties.getProperties().putAll(policyProperties); + } + // + // Load our pip config properties + // + if (pipProperties != null) { + XACMLProperties.getProperties().putAll(pipProperties); + } + } catch (IOException e) { + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, + "Failed to put init properties into Xacml properties"); + } + // + // Dump them + // + if (logger.isDebugEnabled()) { + try { + logger.debug(XACMLProperties.getProperties().toString()); + } catch (IOException e) { + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "Cannot dump properties"); + } + } + } + + /** + * Helper routine to dump the HTTP servlet request being serviced. Primarily for debugging. + * + * @param request - Servlet request (from a POST/GET/PUT/etc.) + */ + public static void dumpRequest(HttpServletRequest request) { + if (!logger.isDebugEnabled()) { + return; + } + + // special-case for receiving heartbeat - don't need to repeatedly output all of the information in multiple + // lines + if ("GET".equals(request.getMethod()) && "hb".equals(request.getParameter("type"))) { + PolicyLogger.debug("GET type=hb : heartbeat received"); + return; + } + + dumpRequestHeadersAttributesContextPath(request); + + dumpRequestBody(request); + } + + /** + * Dump the headers, attributes, and context path of the request. + * + * @param request the request to dump + */ + private static void dumpRequestHeadersAttributesContextPath(HttpServletRequest request) { + logger.debug(request.getMethod() + ":" + request.getRemoteAddr() + " " + request.getRemoteHost() + " " + + request.getRemotePort()); + logger.debug(request.getLocalAddr() + " " + request.getLocalName() + " " + request.getLocalPort()); + Enumeration en = request.getHeaderNames(); + logger.debug("Headers:"); + while (en.hasMoreElements()) { + String element = en.nextElement(); + Enumeration values = request.getHeaders(element); + while (values.hasMoreElements()) { + String value = values.nextElement(); + logger.debug(element + ":" + value); + } + } + logger.debug("Attributes:"); + en = request.getAttributeNames(); + while (en.hasMoreElements()) { + String element = en.nextElement(); + logger.debug(element + ":" + request.getAttribute(element)); + } + logger.debug("ContextPath: " + request.getContextPath()); + } + + + /** + * Dump the body of the request. + * + * @param request the request to act on + */ + private static void dumpRequestBody(HttpServletRequest request) { + if ("PUT".equals(request.getMethod()) || "POST".equals(request.getMethod())) { + // POST and PUT are allowed to have parameters in the content, but in our usage the parameters are always in + // the Query string. + // More importantly, there are cases where the POST and PUT content is NOT parameters (e.g. it might contain + // a Policy file). + // Unfortunately the request.getParameterMap method reads the content to see if there are any parameters, + // and once the content is read it cannot be read again. + // Thus for PUT and POST we must avoid reading the content here so that the main code can read it. + logger.debug("Query String:" + request.getQueryString()); + try { + if (request.getInputStream() == null) { + logger.debug("Content: No content inputStream"); + } else { + logger.debug("Content available: " + request.getInputStream().available()); + } + } catch (Exception e) { + logger.debug("Content: inputStream exception: " + e.getMessage() + "; (May not be relevant)" + e); + } + } else { + logger.debug("Parameters:"); + Map params = request.getParameterMap(); + Set keys = params.keySet(); + for (String key : keys) { + String[] values = params.get(key); + logger.debug(key + "(" + values.length + "): " + (values.length > 0 ? values[0] : "")); + } + } + logger.debug("Request URL:" + request.getRequestURL()); + } +} diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlRestProperties.java b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlRestProperties.java new file mode 100644 index 000000000..f75f80c7c --- /dev/null +++ b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlRestProperties.java @@ -0,0 +1,450 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP-REST + * ================================================================================ + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.rest; + +import com.att.research.xacml.util.XACMLProperties; + +/** + * These are XACML Properties that are relevant to the RESTful API interface for the PDP, PAP and AC interfaces. + * + * + */ +public class XacmlRestProperties extends XACMLProperties { + /** + * A unique identifier for the PDP servlet instance. Usually set to the URL it is running as in the J2EE container. + * + *

Eg. http://localhost:8080/pdp/ + */ + public static final String PROP_PDP_ID = "xacml.rest.pdp.id"; + /** + * A PDP servlet's configuration directory. Holds the pip and policy configuration data as well as the local policy + * cache. + * + *

Eg: /opt/app/xacml/config + */ + public static final String PROP_PDP_CONFIG = "xacml.rest.pdp.config"; + // Resilience feature- + public static final String PROP_PDP_WEBAPPS = "xacml.rest.pdp.webapps"; + // Closed Loop JSON table + public static final String PROP_ADMIN_CLOSEDLOOP = "xacml.rest.admin.closedLoopJSON"; + /** + * Set this property to true or false if the PDP servlet should register itself upon startup with the PAP servlet. + */ + public static final String PROP_PDP_REGISTER = "xacml.rest.pdp.register"; + /** + * Number of seconds the PDP will sleep while retrying registration with the PAP. This value must be greater or + * equal to 5. + */ + public static final String PROP_PDP_REGISTER_SLEEP = "xacml.rest.pdp.register.sleep"; + /** + * Number of retry attempts at registration with the PAP. A value of -1 indicates infinite retries. + */ + public static final String PROP_PDP_REGISTER_RETRIES = "xacml.rest.pdp.register.retries"; + /** + * Max content length accepted for an incoming POST XML/JSON request. Default is 32767 bytes. + */ + public static final String PROP_PDP_MAX_CONTENT = "xacml.rest.pdp.maxcontent"; + + /** + * Custom HTTP header used by PDP to send the value of the PROP_PDP_ID. + */ + public static final String PROP_PDP_HTTP_HEADER_ID = "X-XACML-PDP-ID"; + /** + * Custom HHTP header used by PDP to send its heartbeat value. + */ + public static final String PROP_PDP_HTTP_HEADER_HB = "X-XACML-PDP-HB"; + /* + * Custom HTTP header used by PDP to send the value of the X-XACML-PDP-JMX-PORT + */ + public static final String PROP_PDP_HTTP_HEADER_JMX_PORT = "X-XACML-PDP-JMX-PORT"; + /** + * The URL of the PAP servlet. Used by PDP servlet's to communicate. Because administrators can set whatever context + * they want to run the PAP servlet, it isn't easy to determine a return URL for the PAP servlet. This is especially + * true upon initialization. + */ + public static final String PROP_PAP_URL = "xacml.rest.pap.url"; + /** + * A comma divided list of urls pointing to avaiable PAP urls. If one or more fail, the other servers in the list + * can handle the requests. + */ + public static final String PROP_PAP_URLS = "xacml.rest.pap.urls"; + public static final String PROP_PAP_FAILED_URLS = "xacml.rest.pap.failedUrls"; + public static final String PROP_PAP_SUCCEEDED_URLS = "xacml.rest.pap.succeededUrls"; + + /** + * Upon startup, have the PAP servlet send latest configuration information to all the PDP nodes it knows about. + */ + public static final String PROP_PAP_INITIATE_PDP_CONFIG = "xacml.rest.pap.initiate.pdp"; + /** + * The interval the PAP servlet uses to send heartbeat requests to the PDP nodes. + */ + public static final String PROP_PAP_HEARTBEAT_INTERVAL = "xacml.rest.pap.heartbeat.interval"; + /** + * Timeout value used by the PAP servlet when trying to check the heartbeat of a PDP node. + */ + public static final String PROP_PAP_HEARTBEAT_TIMEOUT = "xacml.rest.pap.heartbeat.timeout"; + /* + * This is the domain you can setup for your organization, it should be a URI. Eg. com:sample:foo + */ + public static final String PROP_PAP_DOMAIN = "xacml.rest.pap.domain"; + + /* + * Local path to where user workspaces exist. The user workspace contains temporary files, the user's clone of the + * GIT repository, anything specific to the user, etc. + */ + public static final String PROP_PAP_WORKSPACE = "xacml.rest.pap.workspace"; + + /* + * Local path to where the GIT repository exists. + * + * Eg. /opt/app/xacml/repository + */ + public static final String PROP_PAP_REPOSITORY = "xacml.rest.pap.repository"; + + /* + * Database driver property + */ + public static final String PROP_PAP_DB_DRIVER = "javax.persistence.jdbc.driver"; + + /* + * Database url + */ + public static final String PROP_PAP_DB_URL = "javax.persistence.jdbc.url"; + + /* + * Database user + */ + public static final String PROP_PAP_DB_USER = "javax.persistence.jdbc.user"; + + /* + * Database password + */ + public static final String PROP_PAP_DB_PASSWORD = "javax.persistence.jdbc.password"; + + /* + * Time in ms which a Policy DB transaction will wait to get the transaction lock object + */ + public static final String PROP_PAP_TRANS_WAIT = "xacml.rest.pap.transaction.waitms"; + + /* + * Policy DB transaction timeout in ms after it has obtained the transaction lock object + */ + public static final String PROP_PAP_TRANS_TIMEOUT = "xacml.rest.pap.transaction.timeoutms"; + + /* + * Policy Audit transaction timeout in ms after it has obtained the transaction lock object + */ + public static final String PROP_PAP_AUDIT_TIMEOUT = "xacml.rest.pap.audit.timeoutms"; + + /* + * Value determines direction of audit. Value=true will synch the file system to contents of the DB. Value=false + * will synch the DB to the contents of the file system. + */ + public static final String PROP_PAP_AUDIT_FLAG = "xacml.rest.pap.filesystem.audit"; + + /* + * Value for enable/disable of audit functionality + */ + public static final String PROP_PAP_RUN_AUDIT_FLAG = "xacml.rest.pap.run.audit.flag"; + + /* + * Controls how long the timeout will be when a pap sends a notification to another pap + */ + public static final String PROP_PAP_NOTIFY_TIMEOUT = "xacml.rest.pap.notify.timeoutms"; + /* + * Value for Enable/Disable of AutoPush Flag. + */ + public static final String PROP_PAP_PUSH_FLAG = "xacml.rest.pap.autopush.flag"; + + /* + * Properties file for the AutoPush Functionality. + */ + public static final String PROP_PAP_PUSH_FILE = "xacml.rest.pap.autopush.file"; + + /* + * Local path to where the GIT repository exists. + * + * Eg. /opt/app/xacml/repository + */ + public static final String PROP_ADMIN_REPOSITORY = "xacml.rest.admin.repository"; + /* + * Local path to where user workspaces exist. The user workspace contains temporary files, the user's clone of the + * GIT repository, anything specific to the user, etc. + */ + public static final String PROP_ADMIN_WORKSPACE = "xacml.rest.admin.workspace"; + /* + * This is the domain you can setup for your organization, it should be a URI. + * + * Eg. com:sample:foo + */ + public static final String PROP_ADMIN_DOMAIN = "xacml.rest.admin.domain"; + /** + * PROP_ADMIN_USER_NAME is simply a name for the logged in user. + * + *

AC authentication is out the scope of the web application itself. It is up to the developer to setup + * authentication as they please in the J2EE container used to run the web application. Whatever authentication + * mechanism they use, they should then set the attribute into the HttpSession object. The Admin Console will be + * able to read that value (default to "guest") in. + * + *

((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer"); + * + */ + public static final String PROP_ADMIN_USER_NAME = "xacml.rest.admin.user.name"; + + /** + * PROP_ADMIN_USER_ID is an id for the logged in user. + * + *

Eg. hs1234 + * + *

@see #PROP_ADMIN_USER_NAME for more information. + */ + + public static final String PROP_ADMIN_USER_ID = "xacml.rest.admin.user.id"; + /** + * PROP_ADMIN_USER_EMAIL is a user's email address. + * + * @see #PROP_ADMIN_USER_NAME for more information. + */ + public static final String PROP_ADMIN_USER_EMAIL = "xacml.rest.admin.user.email"; + /** + * Directory path containing sub-directories where the Subscriber servlet puts files sent through data feeds. + */ + public static final String PROP_SUBSCRIBER_INCOMING = "xacml.subscriber.incoming"; + /** + * The specific data feed name for the Subscriber servlet to register for. + */ + public static final String PROP_SUBSCRIBER_FEED = "xacml.subscriber.feed"; + /** + * Value for the log time frame that is to be stored in the database any logs after this time frame will be removed. + */ + public static final String PROP_LOG_TIMEFRAME = "xacml.log.timeframe"; + /** + * Value for the DB connections used to store the log files. + */ + public static final String PROP_LOG_DB_DRIVER = "xacml.log.db.driver"; + public static final String PROP_LOG_DB_URL = "xacml.log.db.url"; + public static final String PROP_LOG_DB_USER = "xacml.log.db.user"; + public static final String PROP_LOG_DB_PASSWORD = "xacml.log.db.password"; + /* + * Value for JMX port for the PDP + */ + public static final String PROP_PDP_JMX_PORT = "xacml.jmx.port"; + + /* + * Value for refresh rate + */ + public static final String PROP_REFRESH_RATE = "xacml.refresh.rate"; + + // added for Security between Policy Components. + // 6/26 + /* + * PROP_PAP_USERID is the PAP Unique User ID + */ + public static final String PROP_PAP_USERID = "xacml.rest.pap.userid"; + /* + * PROP_PAP_PASS is the PAP password + */ + public static final String PROP_PAP_PASS = "xacml.rest.pap.password"; + /* + * PROP_PAP_PASS is the PAP password + */ + public static final String PROP_CONFIG_URL = "xacml.rest.config.url"; + /* + * PROP_PDP_USERID is the PDP Unique User ID + */ + public static final String PROP_PDP_USERID = "xacml.rest.pdp.userid"; + /* + * PROP_PDP_PASS is the PDP password + */ + public static final String PROP_PDP_PASS = "xacml.rest.pdp.password"; + /* + * PROP_PDP_IDFILE is the PDP Authentication File + */ + public static final String PROP_PDP_IDFILE = "xacml.rest.pdp.idfile"; + /* + * PROP_PEP_IDFILE is the Client Authentication File + */ + public static final String PROP_PEP_IDFILE = "xacml.rest.pep.idfile"; + /* + * webapps Location of the PAP-REST server + */ + public static final String PROP_PAP_WEBAPPS = "xacml.rest.config.webapps"; + /* + * Value for Notification Option + */ + public static final String PROP_NOTIFICATION_TYPE = "NOTIFICATION_TYPE"; + /* + * Value for Notification DMaaP servers + */ + public static final String PROP_NOTIFICATION_SERVERS = "NOTIFICATION_SERVERS"; + /* + * Value for Notification Delay + */ + public static final String PROP_NOTIFICATION_DELAY = "NOTIFICATION_DELAY"; + /* + * Value for Notification Topic + */ + public static final String PROP_NOTIFICATION_TOPIC = "NOTIFICATION_TOPIC"; + /* + * Value for Notification Topic + */ + public static final String PROP_UEB_API_KEY = "UEB_API_KEY"; + /* + * Value for Notification Topic + */ + public static final String PROP_UEB_API_SECRET = "UEB_API_SECRET"; + /* + * Closedloop Fault Policy Template Version + */ + public static final String TEMPLATE_VERSION_FAULT = "xacml.rest.closedLoopFault"; + /* + * Closedloop PM Policy Template Version + */ + public static final String TEMPLATE_VERSION_PM = "xacml.rest.closedLoopPM"; + /* + * Value for model properties file + */ + public static final String PROP_ADMIN_MICROSERVICE = "xacml.rest.admin.microServiceModel"; + /* + * MicroService Policy Template Version + */ + public static final String TEMPLATE_VERSION_MS = "xacml.rest.microServices"; + /* + * Optimization Policy Template Version + */ + public static final String TEMPLATE_VERSION_OOF = "xacml.rest.optimization"; + /* + * Firewall Policy Template Version + */ + public static final String TEMPLATE_VERSION_FW = "xacml.rest.firewallPolicy"; + /* + * Size of SelectList for Users in MS + * + */ + public static final String PROP_USER_SELECTLIST_WINDOW_SIZE = "xacml.user.column.count"; + /* + * Audit function in pap admin to Update userinfo table to syncronize with Roles table + */ + public static final String PROP_ROLES_USERINFO_AUDIT = "xacml.audit.userInfo"; + /* + * test Environment LoginId + */ + public static final String PROP_TEST_ENVIRONMENT_LOGINID = "xacml.testEnvironment.loginId"; + /* + * Size of of the page length for sqlcontainer + * + */ + public static final String PROP_SQLCONTAINER_PAGE_LENGTH = "xacml.sqlcontainer.page.length"; + /* + * add values used to connect to restful api + * + */ + public static final String PROP_RESTFUL_INTERFACE = "xacm.restful.interface.file"; + /* + * add pattern to identify what values are designed as required + * + */ + public static final String PROP_XCORE_REQUIRED_PATTERN = "xacm.xcor.required.pattern"; + /* + * Time before a cache value is evicted + * + */ + public static final String PROP_CACHE_LIVE_TIME = "xacm.cache.live.time"; + /* + * Highest value allowed in priority + * + */ + public static final String PROP_PRIORITY_COUNT = "xacml.max.priority.count"; + /* + * The name of the PAP. Must be unique across the system + */ + public static final String PAP_RESOURCE_NAME = "xacml.rest.pap.resource.name"; + /* + * The name of the site in which the PAP resides + */ + public static final String PAP_SITE_NAME = "site_name"; + /* + * The node type of the PAP - really a no-op since it's value is pap + */ + public static final String PAP_NODE_TYPE = "node_type"; + /* + * A list of the groups of resources/nodes on which the PAP is dependent. The members of a group are comma-separated + * and the groups are separated with semicolons. + */ + public static final String PAP_DEPENDENCY_GROUPS = "dependency_groups"; + /* + * The (optional) period of time in seconds between executions of the integrity audit. Value < 0 : Audit does not + * run (default value if property is not present = -1) Value = 0 : Audit runs continuously Value > 0 : The period of + * time in seconds between execution of the audit on a particular node + */ + public static final String PAP_INTEGRITY_AUDIT_PERIOD_SECONDS = "integrity_audit_period_seconds"; + /* + * The name of the Admin. Must be unique across the system + */ + public static final String ADMIN_RESOURCE_NAME = "xacml.rest.admin.resource.name"; + /* + * The name of the PDP. Must be unique across the system + */ + public static final String PDP_RESOURCE_NAME = "xacml.rest.pdp.resource.name"; + /* + * Audit function in pap admin to Update userinfo table to syncronize with Roles table + */ + public static final String PROP_AUTOMATIC_POLICYPUSH = "xacml.automatic.push"; + /* + * Add Limit for Onap Portal Dashboard tab data + */ + public static final String PROP_ONAP_LOGLIMIT = "xacml.onap.dashboard.logTableLimit"; + public static final String PROP_ONAP_SYSTEMALERTLIMIT = "xacml.onap.dashboard.systemAlertTableLimit"; + /* + * Diff of the policies for the Firewall Feature. + */ + public static final String PROP_FW_GETURL = "FW_GETURL"; + public static final String PROP_FW_AUTHOURL = "FW_AUTHOURL"; + public static final String PROP_FW_PROXY = "FW_PROXY"; + public static final String PROP_FW_PORT = "FW_PORT"; + + /* + * The number of Risk Levels allowed + */ + public static final String ADMIN_RISK_LEVEL_COUNT = "xacml.risk.level.count"; + /* + * The maxium Level displayed on the UI for Micro Services + */ + public static final String PROP_MODEL_LEVEL = "xacml.model.level"; + + /* + * Value for Incoming Notification tries + * + */ + public static final String PROP_PAP_INCOMINGNOTIFICATION_TRIES = "xacml.rest.pap.incomingnotification.tries"; + + /* + * The encryption key + */ + public static final String PROP_AES_KEY = "org.onap.policy.encryption.aes.key"; + + + // Static class, hide constructor + private XacmlRestProperties() { + super(); + } +} diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/util/MSModelUtils.java b/ONAP-REST/src/main/java/org/onap/policy/rest/util/MSModelUtils.java index 56e110019..29fb635b2 100644 --- a/ONAP-REST/src/main/java/org/onap/policy/rest/util/MSModelUtils.java +++ b/ONAP-REST/src/main/java/org/onap/policy/rest/util/MSModelUtils.java @@ -4,6 +4,7 @@ * ================================================================================ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd. + * Modifications Copyright (C) 2019 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -63,7 +64,7 @@ import org.eclipse.emf.ecore.resource.ResourceSet; import org.eclipse.emf.ecore.resource.impl.ResourceSetImpl; import org.eclipse.emf.ecore.xmi.impl.XMIResourceFactoryImpl; import org.json.JSONObject; -import org.onap.policy.rest.XACMLRestProperties; +import org.onap.policy.rest.XacmlRestProperties; import org.onap.policy.rest.dao.CommonClassDao; import org.onap.policy.rest.jpa.DictionaryData; import org.yaml.snakeyaml.Yaml; @@ -409,7 +410,7 @@ public class MSModelUtils { } public String checkRequiredPattern(int upper, int lower) { - String pattern = XACMLProperties.getProperty(XACMLRestProperties.PROP_XCORE_REQUIRED_PATTERN); + String pattern = XACMLProperties.getProperty(XacmlRestProperties.PROP_XCORE_REQUIRED_PATTERN); if (pattern != null && upper == Integer.parseInt(pattern.split(",")[1]) && lower == Integer.parseInt(pattern.split(",")[0])) { return REQUIREDTRUE; diff --git a/ONAP-REST/src/test/java/org/onap/policy/rest/XACMLRestTest.java b/ONAP-REST/src/test/java/org/onap/policy/rest/XACMLRestTest.java deleted file mode 100644 index 5b8513823..000000000 --- a/ONAP-REST/src/test/java/org/onap/policy/rest/XACMLRestTest.java +++ /dev/null @@ -1,111 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP-REST - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.rest; - -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import java.io.IOException; -import java.lang.reflect.Constructor; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Modifier; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.log4j.Level; -import org.apache.log4j.Logger; -import org.junit.Before; -import org.junit.Test; -import org.mockito.Mockito; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.mock.web.MockServletConfig; - -public class XACMLRestTest extends Mockito{ - private static Log logger = LogFactory.getLog(XACMLRestTest.class); - - private List headers = new ArrayList<>(); - - private HttpServletRequest httpServletRequest; - private HttpServletResponse httpServletResponse; - private ServletOutputStream mockOutput; - private ServletConfig servletConfig; - - - @Before - public void setUp(){ - httpServletRequest = Mockito.mock(HttpServletRequest.class); - Mockito.when(httpServletRequest.getMethod()).thenReturn("POST"); - Mockito.when(httpServletRequest.getHeaderNames()).thenReturn(Collections.enumeration(headers)); - Mockito.when(httpServletRequest.getAttributeNames()).thenReturn(Collections.enumeration(headers)); - - mockOutput = Mockito.mock(ServletOutputStream.class); - - httpServletResponse = Mockito.mock(MockHttpServletResponse.class); - - try { - Mockito.when(httpServletResponse.getOutputStream()).thenReturn(mockOutput); - } catch (IOException e) { - fail(); - } - - servletConfig = Mockito.mock(MockServletConfig.class); - Mockito.when(servletConfig.getInitParameterNames()).thenReturn(Collections.enumeration(headers)); - Mockito.when(servletConfig.getInitParameter("XACML_PROPERTIES_NAME")).thenReturn("xacml.pdp.properties"); - - System.setProperty("xacml.properties", "xacml.pdp.properties"); - System.setProperty("xacml.rest.pdp.config", "config_testing"); - System.setProperty("xacml.rest.pep.idfile", "testclient.properties"); - System.setProperty("xacml.rest.pdp.webapps", "/webapps"); - System.setProperty("xacml.rootPolicies", "test_PolicyEngine.xml"); - System.setProperty("xacml.referencedPolicies", "test_PolicyEngine.xml"); - System.setProperty("test_PolicyEngine.xml.file", "config_testing\\test_PolicyEngine.xml"); - System.setProperty("xacml.rest.pdp.register", "false"); - } - - @Test - public void testXacmlInit(){ - logger.info("XACMLRestTest - testInit"); - try { - XACMLRest.xacmlInit(servletConfig); - Logger.getRootLogger().setLevel(Level.DEBUG); - XACMLRest.dumpRequest(httpServletRequest); - XACMLRest.loadXacmlProperties(null, null); - } catch (Exception e) { - fail(); - } - } - - @Test - public void testConstructorIsPrivate() throws NoSuchMethodException, IllegalAccessException, InvocationTargetException, InstantiationException { - Constructor constructor = XACMLRestProperties.class.getDeclaredConstructor(); - assertTrue(Modifier.isPrivate(constructor.getModifiers())); - constructor.setAccessible(true); - constructor.newInstance(); - } -} \ No newline at end of file diff --git a/ONAP-REST/src/test/java/org/onap/policy/rest/XacmlAdminAuthorizationTest.java b/ONAP-REST/src/test/java/org/onap/policy/rest/XacmlAdminAuthorizationTest.java new file mode 100644 index 000000000..75abb4f53 --- /dev/null +++ b/ONAP-REST/src/test/java/org/onap/policy/rest/XacmlAdminAuthorizationTest.java @@ -0,0 +1,38 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.rest; + +import static org.junit.Assert.assertNotNull; + +import org.junit.Test; + +/** + * Test the XacmlAdminAuthorizaiton class. + * + * @author Liam Fallon (liam.fallon@est.tech) + */ +public class XacmlAdminAuthorizationTest { + + @Test + public void test() { + assertNotNull(new XacmlAdminAuthorization()); + } +} diff --git a/ONAP-REST/src/test/java/org/onap/policy/rest/XacmlRestTest.java b/ONAP-REST/src/test/java/org/onap/policy/rest/XacmlRestTest.java new file mode 100644 index 000000000..19800b42e --- /dev/null +++ b/ONAP-REST/src/test/java/org/onap/policy/rest/XacmlRestTest.java @@ -0,0 +1,304 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP-REST + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.rest; + +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import com.att.research.xacml.util.XACMLProperties; + +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Modifier; +import java.util.ArrayList; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import javax.servlet.ReadListener; +import javax.servlet.ServletConfig; +import javax.servlet.ServletInputStream; +import javax.servlet.ServletOutputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.log4j.Level; +import org.apache.log4j.Logger; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.mock.web.MockServletConfig; + +public class XacmlRestTest extends Mockito { + private static Log logger = LogFactory.getLog(XacmlRestTest.class); + + private List headers = new ArrayList<>(); + + private HttpServletRequest httpServletRequest; + private HttpServletResponse httpServletResponse; + private ServletOutputStream mockOutput; + private ServletConfig servletConfig; + private ServletInputStream servletInputStream; + + /** + * Prepare for the test. + */ + @Before + public void setUp() { + httpServletRequest = Mockito.mock(HttpServletRequest.class); + Mockito.when(httpServletRequest.getMethod()).thenReturn("POST"); + Mockito.when(httpServletRequest.getHeaderNames()).thenReturn(Collections.enumeration(headers)); + Mockito.when(httpServletRequest.getAttributeNames()).thenReturn(Collections.enumeration(headers)); + + mockOutput = Mockito.mock(ServletOutputStream.class); + + httpServletResponse = Mockito.mock(MockHttpServletResponse.class); + + try { + Mockito.when(httpServletResponse.getOutputStream()).thenReturn(mockOutput); + } catch (IOException e) { + fail(); + } + + servletConfig = Mockito.mock(MockServletConfig.class); + Mockito.when(servletConfig.getInitParameterNames()).thenReturn(Collections.enumeration(headers)); + Mockito.when(servletConfig.getInitParameter("XACML_PROPERTIES_NAME")).thenReturn("xacml.pdp.properties"); + + System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, "xacml.pdp.properties"); + System.setProperty("xacml.rest.pdp.config", "config_testing"); + System.setProperty("xacml.rest.pep.idfile", "testclient.properties"); + System.setProperty("xacml.rest.pdp.webapps", "/webapps"); + System.setProperty("xacml.rootPolicies", "test_PolicyEngine.xml"); + System.setProperty("xacml.referencedPolicies", "test_PolicyEngine.xml"); + System.setProperty("test_PolicyEngine.xml.file", "config_testing\\test_PolicyEngine.xml"); + System.setProperty("xacml.rest.pdp.register", "false"); + + servletInputStream = Mockito.mock(ServletInputStream.class); + } + + @Test + public void testXacmlInit() { + logger.info("XACMLRestTest - testInit"); + + try { + XacmlRest.xacmlInit(servletConfig); + Logger.getRootLogger().setLevel(Level.DEBUG); + XacmlRest.dumpRequest(httpServletRequest); + XacmlRest.loadXacmlProperties(null, null); + } catch (Exception e) { + fail("Normal case of initiation of XACML REST failed"); + } + + System.clearProperty(XACMLProperties.XACML_PROPERTIES_NAME); + try { + XacmlRest.xacmlInit(servletConfig); + Logger.getRootLogger().setLevel(Level.DEBUG); + XacmlRest.dumpRequest(httpServletRequest); + XacmlRest.loadXacmlProperties(null, null); + } catch (Exception e) { + fail("Normal case of initiation of XACML REST failed"); + } + + System.clearProperty(XACMLProperties.XACML_PROPERTIES_NAME); + try { + Logger.getRootLogger().setLevel(Level.INFO); + XacmlRest.xacmlInit(servletConfig); + Logger.getRootLogger().setLevel(Level.DEBUG); + XacmlRest.dumpRequest(httpServletRequest); + XacmlRest.loadXacmlProperties(null, null); + } catch (Exception e) { + fail("Normal case of initiation of XACML REST failed"); + } + + System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, "xacml.pdp.properties"); + + try { + Logger.getRootLogger().setLevel(Level.DEBUG); + XacmlRest.xacmlInit(servletConfig); + XacmlRest.dumpRequest(httpServletRequest); + XacmlRest.loadXacmlProperties(null, null); + } catch (Exception e) { + fail("Normal case of initiation of XACML REST failed"); + } + + Mockito.when(servletConfig.getInitParameter("XACML_PROPERTIES_NAME")).thenReturn(null); + try { + XacmlRest.xacmlInit(servletConfig); + Logger.getRootLogger().setLevel(Level.DEBUG); + XacmlRest.dumpRequest(httpServletRequest); + XacmlRest.loadXacmlProperties(null, null); + } catch (Exception e) { + fail("Normal case of initiation of XACML REST failed"); + } + + try { + Logger.getRootLogger().setLevel(Level.INFO); + XacmlRest.xacmlInit(servletConfig); + Logger.getRootLogger().setLevel(Level.DEBUG); + XacmlRest.dumpRequest(httpServletRequest); + XacmlRest.loadXacmlProperties(null, null); + } catch (Exception e) { + fail("Normal case of initiation of XACML REST failed"); + } + + Mockito.when(servletConfig.getInitParameter("XACML_PROPERTIES_NAME")).thenReturn("xacml.pdp.properties"); + + List parNameList = new ArrayList() { + private static final long serialVersionUID = 1L; + + { + add("Name0"); + add("Name1"); + add("Name2"); + add("XACML_PROPERTIES_NAME"); + } + }; + + Mockito.when(servletConfig.getInitParameterNames()).thenReturn(Collections.enumeration(parNameList)); + Mockito.when(servletConfig.getInitParameter("Name0")).thenReturn("Value0"); + Mockito.when(servletConfig.getInitParameter("Name1")).thenReturn("Value1"); + Mockito.when(servletConfig.getInitParameter("Name2")).thenReturn("Value2"); + try { + XacmlRest.xacmlInit(servletConfig); + Logger.getRootLogger().setLevel(Level.DEBUG); + XacmlRest.dumpRequest(httpServletRequest); + XacmlRest.loadXacmlProperties(null, null); + } catch (Exception e) { + e.printStackTrace(); + fail("Normal case of initiation of XACML REST failed"); + } + + } + + @Test + public void testConstructorIsPrivate() + throws NoSuchMethodException, IllegalAccessException, InvocationTargetException, InstantiationException { + Constructor constructor = XacmlRestProperties.class.getDeclaredConstructor(); + assertTrue(Modifier.isPrivate(constructor.getModifiers())); + constructor.setAccessible(true); + constructor.newInstance(); + } + + @Test + public void testLoadXacmlProperties() { + XacmlRest.xacmlInit(servletConfig); + XacmlRest.loadXacmlProperties(null, null); + + XacmlRest.loadXacmlProperties(new Properties(), new Properties()); + + Logger.getRootLogger().setLevel(Level.INFO); + XacmlRest.loadXacmlProperties(new Properties(), new Properties()); + } + + @Test + public void testDumpRequest() throws IOException { + XacmlRest.xacmlInit(servletConfig); + + Logger.getRootLogger().setLevel(Level.INFO); + XacmlRest.dumpRequest(httpServletRequest); + Logger.getRootLogger().setLevel(Level.DEBUG); + + Mockito.when(httpServletRequest.getMethod()).thenReturn("GET"); + XacmlRest.dumpRequest(httpServletRequest); + Mockito.when(httpServletRequest.getParameter("type")).thenReturn("hb"); + XacmlRest.dumpRequest(httpServletRequest); + Mockito.when(httpServletRequest.getMethod()).thenReturn("POST"); + + List headerNameList = new ArrayList() { + private static final long serialVersionUID = 1L; + + { + add("Name0"); + add("Name1"); + } + }; + + List header0List = new ArrayList() { + private static final long serialVersionUID = 1L; + + { + add("Name0H0"); + add("Name0H1"); + add("Name0H2"); + } + }; + + List header1List = new ArrayList() { + private static final long serialVersionUID = 1L; + + { + add("Name1H0"); + add("Name1H1"); + add("Name1H2"); + } + }; + + Mockito.when(httpServletRequest.getHeaderNames()).thenReturn(Collections.enumeration(headerNameList)); + Mockito.when(httpServletRequest.getHeaders("Name0")).thenReturn(Collections.enumeration(header0List)); + Mockito.when(httpServletRequest.getHeaders("Name1")).thenReturn(Collections.enumeration(header1List)); + XacmlRest.dumpRequest(httpServletRequest); + + List attributeList = new ArrayList() { + private static final long serialVersionUID = 1L; + + { + add("Attribute0"); + add("Attribute1"); + } + }; + Mockito.when(httpServletRequest.getAttributeNames()).thenReturn(Collections.enumeration(attributeList)); + Mockito.when(httpServletRequest.getAttribute("Attribute0")).thenReturn("AttributeValue0"); + Mockito.when(httpServletRequest.getAttribute("Attribute1")).thenReturn("AttributeValue1"); + XacmlRest.dumpRequest(httpServletRequest); + + Mockito.when(httpServletRequest.getInputStream()).thenReturn(servletInputStream); + XacmlRest.dumpRequest(httpServletRequest); + + Mockito.when(httpServletRequest.getInputStream()).thenThrow(new IOException()); + XacmlRest.dumpRequest(httpServletRequest); + + Mockito.when(httpServletRequest.getMethod()).thenReturn("PUT"); + XacmlRest.dumpRequest(httpServletRequest); + + Map parameterMap = new LinkedHashMap<>(); + String[] mapValue0 = {"MapValue0"}; + String[] mapValue1 = {"MapValue0"}; + String[] mapValue2 = {}; + parameterMap.put("Key0", mapValue0); + parameterMap.put("Key1", mapValue1); + parameterMap.put("Key2", mapValue2); + + Mockito.when(httpServletRequest.getMethod()).thenReturn("DELETE"); + Mockito.when(httpServletRequest.getParameterMap()).thenReturn(parameterMap); + XacmlRest.dumpRequest(httpServletRequest); + Mockito.when(httpServletRequest.getMethod()).thenReturn("POST"); + } +} -- cgit 1.2.3-korg