1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
25 package org.onap.dmaap.datarouter.provisioning;
27 import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError;
29 import com.att.eelf.configuration.EELFLogger;
30 import com.att.eelf.configuration.EELFManager;
31 import java.io.IOException;
32 import java.io.InvalidObjectException;
33 import java.util.List;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpServletResponse;
36 import org.json.JSONObject;
37 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
38 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
39 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
40 import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;
41 import org.onap.dmaap.datarouter.provisioning.utils.JSONUtilities;
46 * This servlet handles provisioning for the <drFeedsURL> which is the URL on the provisioning server used to
47 * create new feeds. It supports POST to create new feeds, and GET to support the Feeds Collection Query function.
52 @SuppressWarnings("serial")
53 public class DRFeedsServlet extends ProxyServlet {
55 //Adding EELF Logger Rally:US664892
56 private static EELFLogger eelfLogger = EELFManager.getInstance()
57 .getLogger(DRFeedsServlet.class);
60 * DELETE on the <drFeedsURL> -- not supported.
63 public void doDelete(HttpServletRequest req, HttpServletResponse resp) {
64 setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req);
65 eelfLogger.info(EelfMsgs.ENTRY);
67 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID,
68 req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
69 String message = "DELETE not allowed for the drFeedsURL.";
70 EventLogRecord elr = new EventLogRecord(req);
71 elr.setMessage(message);
72 elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
73 eventlogger.error(elr.toString());
74 sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);
76 eelfLogger.info(EelfMsgs.EXIT);
81 * GET on the <drFeedsURL> -- query the list of feeds already existing in the DB. See the <i>Feeds Collection
82 * Queries</i> section in the <b>Provisioning API</b> document for details on how this method should be invoked.
85 public void doGet(HttpServletRequest req, HttpServletResponse resp) {
86 setIpFqdnRequestIDandInvocationIDForEelf("doGet", req);
87 eelfLogger.info(EelfMsgs.ENTRY);
89 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID,
90 req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
91 EventLogRecord elr = new EventLogRecord(req);
92 String message = isAuthorizedForProvisioning(req);
93 if (message != null) {
94 elr.setMessage(message);
95 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
96 eventlogger.error(elr.toString());
97 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
100 if (isProxyServer()) {
101 super.doGet(req, resp);
104 String bhdr = req.getHeader(BEHALF_HEADER);
106 message = "Missing " + BEHALF_HEADER + " header.";
107 elr.setMessage(message);
108 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
109 eventlogger.error(elr.toString());
110 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
113 // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?)
114 String path = req.getRequestURI();
115 if (path != null && !"/".equals(path)) {
117 elr.setMessage(message);
118 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
119 eventlogger.error(elr.toString());
120 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
123 // Check with the Authorizer
124 AuthorizationResponse aresp = authz.decide(req);
125 if (!aresp.isAuthorized()) {
126 message = POLICY_ENGINE;
127 elr.setMessage(message);
128 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
129 eventlogger.error(elr.toString());
130 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
134 String name = req.getParameter("name");
135 String vers = req.getParameter("version");
136 String publ = req.getParameter("publisher");
137 String subs = req.getParameter("subscriber");
138 if (name != null && vers != null) {
139 // Display a specific feed
140 Feed feed = Feed.getFeedByNameVersion(name, vers);
141 if (feed == null || feed.isDeleted()) {
142 message = "This feed does not exist in the database.";
143 elr.setMessage(message);
144 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
145 eventlogger.error(elr.toString());
146 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
149 elr.setResult(HttpServletResponse.SC_OK);
150 eventlogger.info(elr.toString());
151 resp.setStatus(HttpServletResponse.SC_OK);
152 resp.setContentType(FEEDFULL_CONTENT_TYPE);
154 resp.getOutputStream().print(feed.asJSONObject(true).toString());
155 } catch (IOException ioe) {
156 eventlogger.error("PROV0111 DRFeedServlet.doGet " + ioe.getMessage(), ioe);
160 // Display a list of URLs
161 List<String> list = null;
163 list = Feed.getFilteredFeedUrlList("name", name);
164 } else if (publ != null) {
165 list = Feed.getFilteredFeedUrlList("publ", publ);
166 } else if (subs != null) {
167 list = Feed.getFilteredFeedUrlList("subs", subs);
169 list = Feed.getFilteredFeedUrlList("all", null);
171 String strList = JSONUtilities.createJSONArray(list);
173 elr.setResult(HttpServletResponse.SC_OK);
174 eventlogger.info(elr.toString());
175 resp.setStatus(HttpServletResponse.SC_OK);
176 resp.setContentType(FEEDLIST_CONTENT_TYPE);
178 resp.getOutputStream().print(strList);
179 } catch (IOException ioe) {
180 eventlogger.error("PROV0112 DRFeedServlet.doGet " + ioe.getMessage(), ioe);
184 eelfLogger.info(EelfMsgs.EXIT);
189 * PUT on the <drFeedsURL> -- not supported.
192 public void doPut(HttpServletRequest req, HttpServletResponse resp) {
193 setIpFqdnRequestIDandInvocationIDForEelf("doPut", req);
194 eelfLogger.info(EelfMsgs.ENTRY);
196 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID,
197 req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
198 String message = "PUT not allowed for the drFeedsURL.";
199 EventLogRecord elr = new EventLogRecord(req);
200 elr.setMessage(message);
201 elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
202 eventlogger.error(elr.toString());
203 sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);
205 eelfLogger.info(EelfMsgs.EXIT);
210 * POST on the <drFeedsURL> -- create a new feed. See the <i>Creating a Feed</i> section in the
211 * <b>Provisioning API</b> document for details on how this method should be invoked.
214 public void doPost(HttpServletRequest req, HttpServletResponse resp) {
215 setIpFqdnRequestIDandInvocationIDForEelf("doPost", req);
216 eelfLogger.info(EelfMsgs.ENTRY);
218 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER));
219 EventLogRecord elr = new EventLogRecord(req);
220 String message = isAuthorizedForProvisioning(req);
221 if (message != null) {
222 elr.setMessage(message);
223 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
224 eventlogger.error(elr.toString());
225 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
228 if (isProxyServer()) {
229 super.doPost(req, resp);
232 String bhdr = req.getHeader(BEHALF_HEADER);
234 message = "Missing " + BEHALF_HEADER + " header.";
235 elr.setMessage(message);
236 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
237 eventlogger.error(elr.toString());
238 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
241 // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?)
242 String path = req.getRequestURI();
243 if (path != null && !"/".equals(path)) {
245 elr.setMessage(message);
246 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
247 eventlogger.error(elr.toString());
248 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
251 // check content type is FEED_CONTENT_TYPE, version 1.0
252 ContentHeader ch = getContentHeader(req);
253 String ver = ch.getAttribute("version");
254 if (!ch.getType().equals(FEED_BASECONTENT_TYPE) || !("1.0".equals(ver) || "2.0".equals(ver))) {
255 message = "Incorrect content-type";
256 elr.setMessage(message);
257 elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
258 eventlogger.error(elr.toString());
259 sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger);
262 JSONObject jo = getJSONfromInput(req);
265 elr.setMessage(message);
266 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
267 eventlogger.error(elr.toString());
268 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
271 if (++activeFeeds > maxFeeds) {
273 message = "Cannot create feed; the maximum number of feeds has been configured.";
274 elr.setMessage(message);
275 elr.setResult(HttpServletResponse.SC_CONFLICT);
276 eventlogger.error(elr.toString());
277 sendResponseError(resp, HttpServletResponse.SC_CONFLICT, message, eventlogger);
283 } catch (InvalidObjectException e) {
284 message = e.getMessage();
285 elr.setMessage(message);
286 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
287 eventlogger.error(elr.toString(), e);
288 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
293 * START - AAF changes
294 * TDP EPIC US# 307413
295 * CADI code - No legacy user check as all new users will be AAF users
297 String aafInstance = feed.getAafInstance();
298 if (Boolean.parseBoolean(isCadiEnabled)) {
299 if ((aafInstance == null || "".equals(aafInstance) || ("legacy".equalsIgnoreCase(aafInstance))
300 && "true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER)))) {
301 // Check with the Authorizer
302 AuthorizationResponse aresp = authz.decide(req);
303 if (!aresp.isAuthorized()) {
304 message = POLICY_ENGINE;
305 elr.setMessage(message);
306 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
307 eventlogger.error(elr.toString());
308 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
312 if ("true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER))) {
313 message = "DRFeedsServlet.doPost() -Invalid request exclude_AAF should not be true if passing "
314 + "AAF_Instance value= " + aafInstance;
315 elr.setMessage(message);
316 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
317 eventlogger.error(elr.toString());
318 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
321 String permission = getFeedPermission(aafInstance, BaseServlet.CREATE_PERMISSION);
322 eventlogger.info("DRFeedsServlet.doPost().. Permission String - " + permission);
323 if (!req.isUserInRole(permission)) {
324 message = "AAF disallows access to permission - " + permission;
325 elr.setMessage(message);
326 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
327 eventlogger.error(elr.toString());
328 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
333 AuthorizationResponse aresp = authz.decide(req);
334 if (!aresp.isAuthorized()) {
335 message = POLICY_ENGINE;
336 elr.setMessage(message);
337 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
338 eventlogger.error(elr.toString());
339 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
347 feed.setPublisher(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header
349 // Check if this feed already exists
350 Feed feed2 = Feed.getFeedByNameVersion(feed.getName(), feed.getVersion());
352 message = "This feed already exists in the database.";
353 elr.setMessage(message);
354 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
355 eventlogger.error(elr.toString());
356 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
360 // Create FEED table entries
361 if (doInsert(feed)) {
363 elr.setResult(HttpServletResponse.SC_CREATED);
364 eventlogger.info(elr.toString());
365 resp.setStatus(HttpServletResponse.SC_CREATED);
366 resp.setContentType(FEEDFULL_CONTENT_TYPE);
367 resp.setHeader("Location", feed.getLinks().getSelf());
369 resp.getOutputStream().print(feed.asLimitedJSONObject().toString());
370 } catch (IOException ioe) {
371 eventlogger.error("PROV0113 DRFeedServlet.doPost " + ioe.getMessage(), ioe);
373 provisioningDataChanged();
375 // Something went wrong with the INSERT
376 elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
377 eventlogger.error(elr.toString());
378 sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);
381 eelfLogger.info(EelfMsgs.EXIT);