1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
25 package org.onap.dmaap.datarouter.provisioning;
27 import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError;
29 import com.att.eelf.configuration.EELFLogger;
30 import com.att.eelf.configuration.EELFManager;
31 import java.io.IOException;
32 import java.io.InvalidObjectException;
33 import java.util.List;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpServletResponse;
36 import org.json.JSONObject;
38 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
39 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
40 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
41 import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;
42 import org.onap.dmaap.datarouter.provisioning.utils.JSONUtilities;
47 * This servlet handles provisioning for the <drFeedsURL> which is the URL on the provisioning server used to
48 * create new feeds. It supports POST to create new feeds, and GET to support the Feeds Collection Query function.
53 @SuppressWarnings("serial")
54 public class DRFeedsServlet extends ProxyServlet {
56 //Adding EELF Logger Rally:US664892
57 private static EELFLogger eelfLogger = EELFManager.getInstance()
58 .getLogger(DRFeedsServlet.class);
61 * DELETE on the <drFeedsURL> -- not supported.
64 public void doDelete(HttpServletRequest req, HttpServletResponse resp) {
65 setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req);
66 eelfLogger.info(EelfMsgs.ENTRY);
68 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID,
69 req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
70 String message = "DELETE not allowed for the drFeedsURL.";
71 EventLogRecord elr = new EventLogRecord(req);
72 elr.setMessage(message);
73 elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
74 eventlogger.error(elr.toString());
75 sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);
77 eelfLogger.info(EelfMsgs.EXIT);
82 * GET on the <drFeedsURL> -- query the list of feeds already existing in the DB. See the <i>Feeds Collection
83 * Queries</i> section in the <b>Provisioning API</b> document for details on how this method should be invoked.
86 public void doGet(HttpServletRequest req, HttpServletResponse resp) {
87 setIpFqdnRequestIDandInvocationIDForEelf("doGet", req);
88 eelfLogger.info(EelfMsgs.ENTRY);
90 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID,
91 req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
92 EventLogRecord elr = new EventLogRecord(req);
93 String message = isAuthorizedForProvisioning(req);
94 if (message != null) {
95 elr.setMessage(message);
96 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
97 eventlogger.error(elr.toString());
98 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
101 if (isProxyServer()) {
102 super.doGet(req, resp);
105 String bhdr = req.getHeader(BEHALF_HEADER);
107 message = "Missing " + BEHALF_HEADER + " header.";
108 elr.setMessage(message);
109 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
110 eventlogger.error(elr.toString());
111 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
114 // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?)
115 String path = req.getRequestURI();
116 if (path != null && !"/".equals(path)) {
118 elr.setMessage(message);
119 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
120 eventlogger.error(elr.toString());
121 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
124 // Check with the Authorizer
125 AuthorizationResponse aresp = authz.decide(req);
126 if (!aresp.isAuthorized()) {
127 message = POLICY_ENGINE;
128 elr.setMessage(message);
129 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
130 eventlogger.error(elr.toString());
131 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
135 String name = req.getParameter("name");
136 String vers = req.getParameter("version");
137 String publ = req.getParameter("publisher");
138 String subs = req.getParameter("subscriber");
139 if (name != null && vers != null) {
140 // Display a specific feed
141 Feed feed = Feed.getFeedByNameVersion(name, vers);
142 if (feed == null || feed.isDeleted()) {
143 message = "This feed does not exist in the database.";
144 elr.setMessage(message);
145 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
146 eventlogger.error(elr.toString());
147 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
150 elr.setResult(HttpServletResponse.SC_OK);
151 eventlogger.info(elr.toString());
152 resp.setStatus(HttpServletResponse.SC_OK);
153 resp.setContentType(FEEDFULL_CONTENT_TYPE);
155 resp.getOutputStream().print(feed.asJSONObject(true).toString());
156 } catch (IOException ioe) {
157 eventlogger.error("PROV0111 DRFeedServlet.doGet " + ioe.getMessage(), ioe);
161 // Display a list of URLs
162 List<String> list = null;
164 list = Feed.getFilteredFeedUrlList("name", name);
165 } else if (publ != null) {
166 list = Feed.getFilteredFeedUrlList("publ", publ);
167 } else if (subs != null) {
168 list = Feed.getFilteredFeedUrlList("subs", subs);
170 list = Feed.getFilteredFeedUrlList("all", null);
172 String strList = JSONUtilities.createJSONArray(list);
174 elr.setResult(HttpServletResponse.SC_OK);
175 eventlogger.info(elr.toString());
176 resp.setStatus(HttpServletResponse.SC_OK);
177 resp.setContentType(FEEDLIST_CONTENT_TYPE);
179 resp.getOutputStream().print(strList);
180 } catch (IOException ioe) {
181 eventlogger.error("PROV0112 DRFeedServlet.doGet " + ioe.getMessage(), ioe);
185 eelfLogger.info(EelfMsgs.EXIT);
190 * PUT on the <drFeedsURL> -- not supported.
193 public void doPut(HttpServletRequest req, HttpServletResponse resp) {
194 setIpFqdnRequestIDandInvocationIDForEelf("doPut", req);
195 eelfLogger.info(EelfMsgs.ENTRY);
197 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID,
198 req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
199 String message = "PUT not allowed for the drFeedsURL.";
200 EventLogRecord elr = new EventLogRecord(req);
201 elr.setMessage(message);
202 elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
203 eventlogger.error(elr.toString());
204 sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);
206 eelfLogger.info(EelfMsgs.EXIT);
211 * POST on the <drFeedsURL> -- create a new feed. See the <i>Creating a Feed</i> section in the
212 * <b>Provisioning API</b> document for details on how this method should be invoked.
215 public void doPost(HttpServletRequest req, HttpServletResponse resp) {
216 setIpFqdnRequestIDandInvocationIDForEelf("doPost", req);
217 eelfLogger.info(EelfMsgs.ENTRY);
219 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER));
220 EventLogRecord elr = new EventLogRecord(req);
221 String message = isAuthorizedForProvisioning(req);
222 if (message != null) {
223 elr.setMessage(message);
224 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
225 eventlogger.error(elr.toString());
226 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
229 if (isProxyServer()) {
230 super.doPost(req, resp);
233 String bhdr = req.getHeader(BEHALF_HEADER);
235 message = "Missing " + BEHALF_HEADER + " header.";
236 elr.setMessage(message);
237 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
238 eventlogger.error(elr.toString());
239 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
242 // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?)
243 String path = req.getRequestURI();
244 if (path != null && !"/".equals(path)) {
246 elr.setMessage(message);
247 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
248 eventlogger.error(elr.toString());
249 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
252 // check content type is FEED_CONTENT_TYPE, version 1.0
253 ContentHeader ch = getContentHeader(req);
254 String ver = ch.getAttribute("version");
255 if (!ch.getType().equals(FEED_BASECONTENT_TYPE) || !("1.0".equals(ver) || "2.0".equals(ver))) {
256 message = "Incorrect content-type";
257 elr.setMessage(message);
258 elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
259 eventlogger.error(elr.toString());
260 sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger);
263 JSONObject jo = getJSONfromInput(req);
266 elr.setMessage(message);
267 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
268 eventlogger.error(elr.toString());
269 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
272 if (intlogger.isDebugEnabled()) {
273 intlogger.debug(jo.toString());
275 if (++activeFeeds > maxFeeds) {
277 message = "Cannot create feed; the maximum number of feeds has been configured.";
278 elr.setMessage(message);
279 elr.setResult(HttpServletResponse.SC_CONFLICT);
280 eventlogger.error(elr.toString());
281 sendResponseError(resp, HttpServletResponse.SC_CONFLICT, message, eventlogger);
287 } catch (InvalidObjectException e) {
288 message = e.getMessage();
289 elr.setMessage(message);
290 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
291 eventlogger.error(elr.toString(), e);
292 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
297 * START - AAF changes
298 * TDP EPIC US# 307413
299 * CADI code - No legacy user check as all new users will be AAF users
301 String aafInstance = feed.getAafInstance();
302 if (Boolean.parseBoolean(isCadiEnabled)) {
303 if ((aafInstance == null || "".equals(aafInstance) || ("legacy".equalsIgnoreCase(aafInstance))
304 && "true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER)))) {
305 // Check with the Authorizer
306 AuthorizationResponse aresp = authz.decide(req);
307 if (!aresp.isAuthorized()) {
308 message = POLICY_ENGINE;
309 elr.setMessage(message);
310 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
311 eventlogger.error(elr.toString());
312 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
316 if ("true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER))) {
317 message = "DRFeedsServlet.doPost() -Invalid request exclude_AAF should not be true if passing "
318 + "AAF_Instance value= " + aafInstance;
319 elr.setMessage(message);
320 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
321 eventlogger.error(elr.toString());
322 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
325 String permission = getFeedPermission(aafInstance, BaseServlet.CREATE_PERMISSION);
326 eventlogger.info("DRFeedsServlet.doPost().. Permission String - " + permission);
327 if (!req.isUserInRole(permission)) {
328 message = "AAF disallows access to permission - " + permission;
329 elr.setMessage(message);
330 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
331 eventlogger.error(elr.toString());
332 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
337 AuthorizationResponse aresp = authz.decide(req);
338 if (!aresp.isAuthorized()) {
339 message = POLICY_ENGINE;
340 elr.setMessage(message);
341 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
342 eventlogger.error(elr.toString());
343 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
351 feed.setPublisher(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header
353 // Check if this feed already exists
354 Feed feed2 = Feed.getFeedByNameVersion(feed.getName(), feed.getVersion());
356 message = "This feed already exists in the database.";
357 elr.setMessage(message);
358 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
359 eventlogger.error(elr.toString());
360 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
364 // Create FEED table entries
365 if (doInsert(feed)) {
367 elr.setResult(HttpServletResponse.SC_CREATED);
368 eventlogger.info(elr.toString());
369 resp.setStatus(HttpServletResponse.SC_CREATED);
370 resp.setContentType(FEEDFULL_CONTENT_TYPE);
371 resp.setHeader("Location", feed.getLinks().getSelf());
373 resp.getOutputStream().print(feed.asLimitedJSONObject().toString());
374 } catch (IOException ioe) {
375 eventlogger.error("PROV0113 DRFeedServlet.doPost " + ioe.getMessage(), ioe);
377 provisioningDataChanged();
379 // Something went wrong with the INSERT
380 elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
381 eventlogger.error(elr.toString());
382 sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);
385 eelfLogger.info(EelfMsgs.EXIT);