1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
25 package org.onap.dmaap.datarouter.provisioning;
27 import java.io.IOException;
28 import java.io.InvalidObjectException;
30 import javax.servlet.http.HttpServletRequest;
31 import javax.servlet.http.HttpServletResponse;
33 import org.json.JSONException;
34 import org.json.JSONObject;
35 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
36 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
37 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
38 import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;
40 import com.att.eelf.configuration.EELFLogger;
41 import com.att.eelf.configuration.EELFManager;
43 import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError;
46 * This servlet handles provisioning for the <feedURL> which is generated by the provisioning
47 * server to handle a particular feed. It supports DELETE to mark the feed as deleted,
48 * and GET to retrieve information about the feed, and PUT to modify the feed.
53 @SuppressWarnings("serial")
54 public class FeedServlet extends ProxyServlet {
56 //Adding EELF Logger Rally:US664892
57 private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(FeedServlet.class);
60 * Delete the Feed at the address /feed/<feednumber>.
61 * See the <i>Deleting a Feed</i> section in the <b>Provisioning API</b>
62 * document for details on how this method should be invoked.
65 public void doDelete(HttpServletRequest req, HttpServletResponse resp) {
66 setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req);
67 eelfLogger.info(EelfMsgs.ENTRY);
69 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+"");
70 EventLogRecord elr = new EventLogRecord(req);
71 String message = isAuthorizedForProvisioning(req);
72 if (message != null) {
73 elr.setMessage(message);
74 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
75 eventlogger.error(elr.toString());
76 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
79 if (isProxyServer()) {
80 super.doDelete(req, resp);
83 String bhdr = req.getHeader(BEHALF_HEADER);
85 message = "Missing "+BEHALF_HEADER+" header.";
86 elr.setMessage(message);
87 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
88 eventlogger.error(elr.toString());
89 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
92 int feedid = getIdFromPath(req);
94 message = "Missing or bad feed number.";
95 elr.setMessage(message);
96 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
97 eventlogger.error(elr.toString());
98 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
101 Feed feed = Feed.getFeedById(feedid);
102 if (feed == null || feed.isDeleted()) {
103 message = "Missing or bad feed number.";
104 elr.setMessage(message);
105 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
106 eventlogger.error(elr.toString());
107 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
111 * START - AAF changes
112 * TDP EPIC US# 307413
113 * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove feed
115 String aafInstance = feed.getAafInstance();
116 if (aafInstance == null || aafInstance.equals("") || aafInstance.equalsIgnoreCase("legacy")) {
117 AuthorizationResponse aresp = authz.decide(req);
118 if (! aresp.isAuthorized()) {
119 message = "Policy Engine disallows access.";
120 elr.setMessage(message);
121 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
122 eventlogger.error(elr.toString());
123 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
127 String permission = getFeedPermission(aafInstance, BaseServlet.DELETE_PERMISSION);
128 eventlogger.info("FeedServlet.doDelete().. Permission String - " + permission);
129 if (!req.isUserInRole(permission)) {
130 message = "AAF disallows access to permission - " + permission;
131 elr.setMessage(message);
132 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
133 eventlogger.error(elr.toString());
134 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
141 // Delete FEED table entry (set DELETED flag)
142 feed.setDeleted(true);
143 if (doUpdate(feed)) {
146 elr.setResult(HttpServletResponse.SC_NO_CONTENT);
147 eventlogger.info(elr.toString());
148 resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
149 provisioningDataChanged();
151 // Something went wrong with the UPDATE
152 elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
153 eventlogger.error(elr.toString());
154 sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);
157 eelfLogger.info(EelfMsgs.EXIT);
161 * Get information on the feed at the address /feed/<feednumber>.
162 * See the <i>Retrieving Information about a Feed</i> section in the <b>Provisioning API</b>
163 * document for details on how this method should be invoked.
166 public void doGet(HttpServletRequest req, HttpServletResponse resp) {
167 setIpFqdnRequestIDandInvocationIDForEelf("doGet", req);
168 eelfLogger.info(EelfMsgs.ENTRY);
170 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+"");
171 EventLogRecord elr = new EventLogRecord(req);
172 String message = isAuthorizedForProvisioning(req);
173 if (message != null) {
174 elr.setMessage(message);
175 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
176 eventlogger.error(elr.toString());
177 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
180 if (isProxyServer()) {
181 super.doGet(req, resp);
184 String bhdr = req.getHeader(BEHALF_HEADER);
186 message = "Missing "+BEHALF_HEADER+" header.";
187 elr.setMessage(message);
188 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
189 eventlogger.error(elr.toString());
190 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
193 int feedid = getIdFromPath(req);
195 message = "Missing or bad feed number.";
196 elr.setMessage(message);
197 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
198 eventlogger.error(elr.toString());
199 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
202 Feed feed = Feed.getFeedById(feedid);
203 if (feed == null || feed.isDeleted()) {
204 message = "Missing or bad feed number.";
205 elr.setMessage(message);
206 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
207 eventlogger.error(elr.toString());
208 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
211 // Check with the Authorizer
212 AuthorizationResponse aresp = authz.decide(req);
213 if (! aresp.isAuthorized()) {
214 message = "Policy Engine disallows access.";
215 elr.setMessage(message);
216 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
217 eventlogger.error(elr.toString());
218 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
223 elr.setResult(HttpServletResponse.SC_OK);
224 eventlogger.info(elr.toString());
225 resp.setStatus(HttpServletResponse.SC_OK);
226 resp.setContentType(FEEDFULL_CONTENT_TYPE);
228 resp.getOutputStream().print(feed.asJSONObject(true).toString());
229 } catch (IOException ioe) {
230 eventlogger.error("PROV0101 FeedServlet.doGet: " + ioe.getMessage(), ioe);
233 eelfLogger.info(EelfMsgs.EXIT);
237 * PUT on the <feedURL> for a feed.
238 * See the <i>Modifying a Feed</i> section in the <b>Provisioning API</b>
239 * document for details on how this method should be invoked.
242 public void doPut(HttpServletRequest req, HttpServletResponse resp) {
243 setIpFqdnRequestIDandInvocationIDForEelf("doPut", req);
244 eelfLogger.info(EelfMsgs.ENTRY);
246 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+"");
247 EventLogRecord elr = new EventLogRecord(req);
248 String message = isAuthorizedForProvisioning(req);
249 if (message != null) {
250 elr.setMessage(message);
251 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
252 eventlogger.error(elr.toString());
253 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
256 if (isProxyServer()) {
257 super.doPut(req, resp);
260 String bhdr = req.getHeader(BEHALF_HEADER);
262 message = "Missing "+BEHALF_HEADER+" header.";
263 elr.setMessage(message);
264 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
265 eventlogger.error(elr.toString());
266 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
269 int feedid = getIdFromPath(req);
271 message = "Missing or bad feed number.";
272 elr.setMessage(message);
273 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
274 eventlogger.error(elr.toString());
275 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
278 Feed oldFeed = Feed.getFeedById(feedid);
279 if (oldFeed == null || oldFeed.isDeleted()) {
280 message = "Missing or bad feed number.";
281 elr.setMessage(message);
282 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
283 eventlogger.error(elr.toString());
284 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
287 // check content type is FEED_CONTENT_TYPE, version 1.0
288 ContentHeader ch = getContentHeader(req);
289 String ver = ch.getAttribute("version");
290 if (!ch.getType().equals(FEED_BASECONTENT_TYPE) || !(ver.equals("1.0") || ver.equals("2.0"))) {
291 message = "Incorrect content-type";
292 elr.setMessage(message);
293 elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
294 eventlogger.error(elr.toString());
295 sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger);
298 JSONObject jo = getJSONfromInput(req);
300 message = "Badly formed JSON";
301 elr.setMessage(message);
302 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
303 eventlogger.error(elr.toString());
304 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
307 if (intlogger.isDebugEnabled())
308 intlogger.debug(jo.toString());
312 } catch (InvalidObjectException e) {
313 message = e.getMessage();
314 elr.setMessage(message);
315 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
316 eventlogger.error(elr.toString(), e);
317 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
320 feed.setFeedid(feedid);
321 feed.setPublisher(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header
323 String subjectgroup = (req.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")); //Adding for group feature:Rally US708115
324 if (!oldFeed.getPublisher().equals(feed.getPublisher()) && subjectgroup == null) {
325 message = "This feed must be modified by the same publisher that created it.";
326 elr.setMessage(message);
327 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
328 eventlogger.error(elr.toString());
329 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
332 if (!oldFeed.getName().equals(feed.getName())) {
333 message = "The name of the feed may not be updated.";
334 elr.setMessage(message);
335 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
336 eventlogger.error(elr.toString());
337 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
340 // US DSCDR-19 for DCAE if version is not null, version can't be changed
341 if ((oldFeed.getVersion() != null) && (feed.getVersion() != null)) {
342 if (!oldFeed.getVersion().equals(feed.getVersion())) {
343 message = "The version of the feed may not be updated.";
344 elr.setMessage(message);
345 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
346 eventlogger.error(elr.toString());
347 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
353 * START - AAF changes
354 * TDP EPIC US# 307413
355 * CADI code - check on permissions based on Legacy/AAF users to allow feed edit/update/modify
357 String aafInstance = feed.getAafInstance();
358 if (aafInstance == null || aafInstance.equals("") || aafInstance.equalsIgnoreCase("legacy")) {
359 // Check with the Authorizer
360 AuthorizationResponse aresp = authz.decide(req);
361 if (!aresp.isAuthorized()) {
362 message = "Policy Engine disallows access.";
363 elr.setMessage(message);
364 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
365 eventlogger.error(elr.toString());
366 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
370 String permission = getFeedPermission(aafInstance, BaseServlet.EDIT_PERMISSION);
371 eventlogger.info("FeedServlet.doPut().. Permission String - " + permission);
372 if (!req.isUserInRole(permission)) {
373 message = "AAF disallows access to permission - " + permission;
374 elr.setMessage(message);
375 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
376 eventlogger.error(elr.toString());
377 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
385 // Update FEEDS table entries
386 if (doUpdate(feed)) {
388 elr.setResult(HttpServletResponse.SC_OK);
389 eventlogger.info(elr.toString());
390 resp.setStatus(HttpServletResponse.SC_OK);
391 resp.setContentType(FEEDFULL_CONTENT_TYPE);
393 resp.getOutputStream().print(feed.asLimitedJSONObject().toString());
394 } catch (IOException ioe) {
395 eventlogger.error("PROV0102 FeedServlet.doPut: " + ioe.getMessage(), ioe);
399 /**Change Owner ship of Feed //Adding for group feature:Rally US708115*/
400 if (jo.has("changeowner") && subjectgroup != null) {
402 Boolean changeowner = (Boolean) jo.get("changeowner");
403 if (changeowner != null && changeowner.equals(true)) {
404 feed.setPublisher(req.getHeader(BEHALF_HEADER));
405 feed.changeOwnerShip();
407 } catch (JSONException je) {
408 eventlogger.error("PROV0103 FeedServlet.doPut: " + je.getMessage(), je);
411 /***End of change ownership*/
413 provisioningDataChanged();
415 // Something went wrong with the UPDATE
416 elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
417 eventlogger.error(elr.toString());
418 sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);
421 eelfLogger.info(EelfMsgs.EXIT);
425 * POST on the <feedURL> -- not supported.
428 public void doPost(HttpServletRequest req, HttpServletResponse resp) {
429 setIpFqdnRequestIDandInvocationIDForEelf("doPost", req);
430 eelfLogger.info(EelfMsgs.ENTRY);
432 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER));
433 String message = "POST not allowed for the feedURL.";
434 EventLogRecord elr = new EventLogRecord(req);
435 elr.setMessage(message);
436 elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
437 eventlogger.error(elr.toString());
438 sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);
440 eelfLogger.info(EelfMsgs.EXIT);