-
- /**
- * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
- */
- protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
- ECOMPLoggingContext loggingContext = ECOMPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
- storedRequestId = loggingContext.getRequestID();
- loggingContext.transactionStarted();
- loggingContext.setServiceName("PAP.put"); // we may set a more specific value later
- if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
- UUID requestID = UUID.randomUUID();
- loggingContext.setRequestID(requestID.toString());
- PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPut) so we generated one");
- } else {
- PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)");
- }
- // dummy metric.log example posted below as proof of concept
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 1 of 2");
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 2 of 2");
- //This im.startTransaction() covers all Put transactions
- try {
- im.startTransaction();
- } catch (AdministrativeStateException ae){
- String message = "PUT interface called for PAP " + papResourceName + " but it has an Administrative"
- + " state of " + im.getStateManager().getAdminState()
- + "\n Exception Message: " + ae.getMessage();
- logger.info(message);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
- }catch (StandbyStatusException se) {
- se.printStackTrace();
- String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
- + " of " + im.getStateManager().getStandbyStatus()
- + "\n Exception Message: " + se.getMessage();
- logger.info(message);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
- }
-
- XACMLRest.dumpRequest(request);
-
- //
- // since getParameter reads the content string, explicitly get the content before doing that.
- // Simply getting the inputStream seems to protect it against being consumed by getParameter.
- //
- request.getInputStream();
-
- //need to check if request is from the API or Admin console
- String apiflag = request.getParameter("apiflag");
-
- //This would occur if a PolicyDBDao notification was received
- String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
- if(policyDBDaoRequestUrl != null){
- String policyDBDaoRequestEntityId = request.getParameter("entityid");
- //String policyDBDaoRequestEntityType = request.getParameter("entitytype");
- String policyDBDaoRequestEntityType = request.getParameter("entitytype");
- String policyDBDaoRequestExtraData = request.getParameter("extradata");
- if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){
- response.sendError(400, "entityid or entitytype not supplied");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
- }
- policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
- response.setStatus(200);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
- }
-
- //This would occur if we received a notification of a policy creation or update
- String policyToCreateUpdate = request.getParameter("policyToCreateUpdate");
- if(policyToCreateUpdate != null){
- if(logger.isDebugEnabled()){
- logger.debug("\nXACMLPapServlet.doPut() - before decoding"
- + "\npolicyToCreateUpdate = " + policyToCreateUpdate);
- }
- //decode it
- try{
- policyToCreateUpdate = URLDecoder.decode(policyToCreateUpdate, "UTF-8");
- if(logger.isDebugEnabled()){
- logger.debug("\nXACMLPapServlet.doPut() - after decoding"
- + "\npolicyToCreateUpdate = " + policyToCreateUpdate);
- }
- } catch(UnsupportedEncodingException e){
- PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
- + "\npolicyToCreateUpdate = " + policyToCreateUpdate);
- response.sendError(500,"policyToCreateUpdate encoding not supported"
- + "\nfailure with the following exception: " + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See error.log");
- im.endTransaction();
- return;
- }
-
- //send it to PolicyDBDao
- PolicyDBDaoTransaction createUpdateTransaction = policyDBDao.getNewTransaction();
- try{
- createUpdateTransaction.createPolicy(policyToCreateUpdate, "XACMLPapServlet.doPut");
- }catch(Exception e){
- createUpdateTransaction.rollbackTransaction();
- response.sendError(500,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
- + "\nfailure with the following exception: " + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See error.log");
- im.endTransaction();
- return;
- }
- createUpdateTransaction.commitTransaction();
- // Before sending Ok. Lets call AutoPush.
- if(autoPushFlag){
- Set<StdPDPGroup> changedGroups = autoPushPolicy.checkGroupsToPush(policyToCreateUpdate, this.papEngine);
- if(!changedGroups.isEmpty()){
- for(StdPDPGroup group: changedGroups){
- try{
- papEngine.updateGroup(group);
- if (logger.isDebugEnabled()) {
- logger.debug("Group '" + group.getId() + "' updated");
- }
- notifyAC();
- // Group changed, which might include changing the policies
- groupChanged(group);
- }catch(Exception e){
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Failed to Push policy. ");
- }
- }
- }
- }
- response.setStatus(HttpServletResponse.SC_OK);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
- }
-
- /*
- * Request for Micro Service Import
- */
- String microServiceCreation = request.getParameter("importService");
- if (microServiceCreation != null) {
- if(authorizeRequest(request)){
- if (microServiceCreation.contains("MICROSERVICE")){
- doImportMicroServicePut(request, response);
- im.endTransaction();
- return;
- }
- } else {
- String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
- return;
- }
- }
- //This would occur if we received a notification of a policy rename from AC
- String oldPolicyName = request.getParameter("oldPolicyName");
- String newPolicyName = request.getParameter("newPolicyName");
- if(oldPolicyName != null && newPolicyName != null){
- if(logger.isDebugEnabled()){
- logger.debug("\nXACMLPapServlet.doPut() - before decoding"
- + "\npolicyToCreateUpdate = " + " ");
- }
- //decode it
- try{
- oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8");
- newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8");
- if(logger.isDebugEnabled()){
- logger.debug("\nXACMLPapServlet.doPut() - after decoding"
- + "\npolicyToCreateUpdate = " + " ");
- }
- } catch(UnsupportedEncodingException e){
- PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
- + "\npolicyToCreateUpdate = " + " ");
- response.sendError(500,"policyToCreateUpdate encoding not supported"
- + "\nfailure with the following exception: " + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See error.log");
- im.endTransaction();
- return;
- }
- //send it to PolicyDBDao
- PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction();
- try{
- renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
- }catch(Exception e){
- renameTransaction.rollbackTransaction();
- response.sendError(500,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
- + "\nfailure with the following exception: " + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See error.log");
- im.endTransaction();
- return;
- }
- renameTransaction.commitTransaction();
- response.setStatus(HttpServletResponse.SC_OK);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
- }
-
-
- //
- // See if this is Admin Console registering itself with us
- //
- String acURLString = request.getParameter("adminConsoleURL");
- if (acURLString != null) {
- loggingContext.setServiceName("AC:PAP.register");
- //
- // remember this Admin Console for future updates
- //
- if ( ! adminConsoleURLStringList.contains(acURLString)) {
- adminConsoleURLStringList.add(acURLString);
- }
- if (logger.isDebugEnabled()) {
- logger.debug("Admin Console registering with URL: " + acURLString);
- }
- response.setStatus(HttpServletResponse.SC_NO_CONTENT);
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
- }
-
- /*
- * This is to update the PDP Group with the policy/policies being pushed
- * Part of a 2 step process to push policie to the PDP that can now be done
- * From both the Admin Console and the PolicyEngine API
- */
- String groupId = request.getParameter("groupId");
- if (groupId != null) {
- if(apiflag!=null){
- if(apiflag.equalsIgnoreCase("addPolicyToGroup")){
- updateGroupsFromAPI(request, response, groupId, loggingContext);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
- }
- }
- //
- // this is from the Admin Console, so handle separately
- //
- doACPut(request, response, groupId, loggingContext);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
- }
-
- //
- // Request is for policy validation and creation
- //
- if (apiflag != null && apiflag.equalsIgnoreCase("admin")){
- /*
- * this request is from the Admin Console
- */
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- doACPolicyPut(request, response);
- im.endTransaction();
- return;
-
- } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) {
- /*
- * this request is from the Policy Creation API
- */
- // Authenticating the Request here.
- if(authorizeRequest(request)){
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- doPolicyAPIPut(request, response);
- im.endTransaction();
- return;
- } else {
- String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
- PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
- im.endTransaction();
- return;
- }
-
- }
-
-
- //
- // We do not expect anything from anywhere else.
- // This method is here in case we ever need to support other operations.
- //
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag");
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See error.log");
- im.endTransaction();
- }
-
- /**
- * @see HttpServlet#doDelete(HttpServletRequest request, HttpServletResponse response)
- */
- protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
- ECOMPLoggingContext loggingContext = ECOMPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
- loggingContext.transactionStarted();
- loggingContext.setServiceName("PAP.delete"); // we may set a more specific value later
- if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
- UUID requestID = UUID.randomUUID();
- loggingContext.setRequestID(requestID.toString());
- PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doDelete) so we generated one");
- } else {
- PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)");
- }
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 1 of 2");
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 2 of 2");
-
- //This im.startTransaction() covers all Delete transactions
- try {
- im.startTransaction();
- } catch (AdministrativeStateException ae){
- String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative"
- + " state of " + im.getStateManager().getAdminState()
- + "\n Exception Message: " + ae.getMessage();
- logger.info(message);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
- }catch (StandbyStatusException se) {
- se.printStackTrace();
- String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
- + " of " + im.getStateManager().getStandbyStatus()
- + "\n Exception Message: " + se.getMessage();
- logger.info(message);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
-
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
- }
-
- XACMLRest.dumpRequest(request);
-
- String groupId = request.getParameter("groupId");
- String apiflag = request.getParameter("apiflag");
-
- if (groupId != null) {
- // Is this from the Admin Console or API?
- if(apiflag!=null) {
- if (apiflag.equalsIgnoreCase("deletePapApi")) {
- // this is from the API so we need to check the client credentials before processing the request
- if(authorizeRequest(request)){
- doAPIDeleteFromPAP(request, response, loggingContext);
- return;
- } else {
- String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
- PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
- return;
- }
- } else if (apiflag.equalsIgnoreCase("deletePdpApi")) {
- if(authorizeRequest(request)){
- doAPIDeleteFromPDP(request, response, loggingContext);
- return;
- } else {
- String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
- PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
- return;
- }
- }
- }
-
- // this is from the Admin Console, so handle separately
- doACDelete(request, response, groupId, loggingContext);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
-
- }
- //
- // We do not expect anything from anywhere else.
- // This method is here in case we ever need to support other operations.
- //
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId");
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
-
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
-
- //Catch anything that fell through
- im.endTransaction();
-
- }
- //
- // Admin Console request handling
- //
-
- /**
- * Requests from the Admin Console to GET info about the Groups and PDPs
- *
- * @param request
- * @param response
- * @param groupId
- * @param loggingContext
- * @throws ServletException
- * @throws IOException
- */
- private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ECOMPLoggingContext loggingContext) throws ServletException, IOException {
- try {
- String parameterDefault = request.getParameter("default");
- String pdpId = request.getParameter("pdpId");
- String pdpGroup = request.getParameter("getPDPGroup");
- if ("".equals(groupId)) {
- // request IS from AC but does not identify a group by name
- if (parameterDefault != null) {
- // Request is for the Default group (whatever its id)
- loggingContext.setServiceName("AC:PAP.getDefaultGroup");
-
- EcompPDPGroup group = papEngine.getDefaultGroup();
-
- // convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), group);
-
- if (logger.isDebugEnabled()) {
- logger.debug("GET Default group req from '" + request.getRequestURL() + "'");
- }
- response.setStatus(HttpServletResponse.SC_OK);
- response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Transaction Ended Successfully");
- return;
-
- } else if (pdpId != null) {
- // Request is related to a PDP
- if (pdpGroup == null) {
- // Request is for the PDP itself
- // Request is for the (unspecified) group containing a given PDP
- loggingContext.setServiceName("AC:PAP.getPDP");
- EcompPDP pdp = papEngine.getPDP(pdpId);
-
- // convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), pdp);
-
- if (logger.isDebugEnabled()) {
- logger.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'");
- }
- response.setStatus(HttpServletResponse.SC_OK);
- response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Transaction Ended Successfully");
- return;
-
- } else {
- // Request is for the group containing a given PDP
- loggingContext.setServiceName("AC:PAP.getGroupForPDP");
- EcompPDP pdp = papEngine.getPDP(pdpId);
- EcompPDPGroup group = papEngine.getPDPGroup((EcompPDP) pdp);
-
- // convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), group);
-
- if (logger.isDebugEnabled()) {
- logger.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'");
- }
- response.setStatus(HttpServletResponse.SC_OK);
- response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Transaction Ended Successfully");
- return;
- }
-
- } else {
- // request is for top-level properties about all groups
- loggingContext.setServiceName("AC:PAP.getAllGroups");
- Set<EcompPDPGroup> groups = papEngine.getEcompPDPGroups();
-
- // convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), groups);
-
- if (logger.isDebugEnabled()) {
- logger.debug("GET All groups req");
- }
- response.setStatus(HttpServletResponse.SC_OK);
- response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Transaction Ended Successfully");
- return;
- }
- }
-
- // for all other GET operations the group must exist before the operation can be done
- EcompPDPGroup group = papEngine.getGroup(groupId);
- if (group == null) {
- String message = "Unknown groupId '" + groupId + "'";
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
- return;
- }
-
-
- // Figure out which request this is based on the parameters
- String policyId = request.getParameter("policyId");
-
- if (policyId != null) {
- // retrieve a policy
- loggingContext.setServiceName("AC:PAP.getPolicy");
- //
- // convert response object to JSON and include in the response
- //
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented");
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
-
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
-
- } else {
- // No other parameters, so return the identified Group
- loggingContext.setServiceName("AC:PAP.getGroup");
-
- // convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), group);
-
- if (logger.isDebugEnabled()) {
- logger.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'");
- }
- response.setStatus(HttpServletResponse.SC_OK);
- response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Transaction Ended Successfully");
- return;
- }
-
- //
- // Currently there are no other GET calls from the AC.
- // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP.
- // Other GETs that could be called:
- // Specific Group (groupId=<groupId>)
- // A Policy (groupId=<groupId> policyId=<policyId>)
- // A PDP (groupId=<groupId> pdpId=<pdpId>)
-
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED ");
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
-
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
- } catch (PAPException e) {
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception");
- loggingContext.transactionEnded();
-
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, e.getMessage());
- return;