- * PUT - The PAP engine sends configuration information using HTTP PUT request.
- *
- * One parameter is expected:
- *
- * config=[policy|pip|all]
- *
- * policy - Expect a properties file that contains updated lists of the root and referenced policies that the PDP should
- * be using for PEP requests.
- *
- * Specifically should AT LEAST contain the following properties:
- * xacml.rootPolicies
- * xacml.referencedPolicies
- *
- * In addition, any relevant information needed by the PDP to load or retrieve the policies to store in its cache.
- *
- * EXAMPLE:
- * xacml.rootPolicies=PolicyA.1, PolicyB.1
- *
- * PolicyA.1.url=http://localhost:9090/PAP?id=b2d7b86d-d8f1-4adf-ba9d-b68b2a90bee1&version=1
- * PolicyB.1.url=http://localhost:9090/PAP/id=be962404-27f6-41d8-9521-5acb7f0238be&version=1
- *
- * xacml.referencedPolicies=RefPolicyC.1, RefPolicyD.1
- *
- * RefPolicyC.1.url=http://localhost:9090/PAP?id=foobar&version=1
- * RefPolicyD.1.url=http://localhost:9090/PAP/id=example&version=1
- *
- * pip - Expect a properties file that contain PIP engine configuration properties.
- *
- * Specifically should AT LEAST the following property:
- * xacml.pip.engines
- *
- * In addition, any relevant information needed by the PDP to load and configure the PIPs.
- *
- * EXAMPLE:
- * xacml.pip.engines=foo,bar
- *
- * foo.classname=com.foo
- * foo.sample=abc
- * foo.example=xyz
- * ......
- *
- * bar.classname=com.bar
- * ......
- *
- * all - Expect ALL new configuration properties for the PDP
- *
- * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
- */
- @Override
- protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
- ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
- loggingContext.transactionStarted();
- if ((loggingContext.getRequestID() == null) || "".equals(loggingContext.getRequestID())){
- UUID requestID = UUID.randomUUID();
- loggingContext.setRequestID(requestID.toString());
- PolicyLogger.info("requestID not provided in call to XACMLPdpSrvlet (doPut) so we generated one");
- } else {
- PolicyLogger.info("requestID was provided in call to XACMLPdpSrvlet (doPut)");
- }
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 1 of 2");
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 2 of 2");
- //
- // Dump our request out
- //
- if (logger.isDebugEnabled()) {
- XACMLRest.dumpRequest(request);
- }
-
- try {
- im.startTransaction();
- }
- catch (AdministrativeStateException | StandbyStatusException e) {
- String message = e.toString();
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- return;
- }
- //
- // What is being PUT?
- //
- String cache = request.getParameter("cache");
- //
- // Should be a list of policy and pip configurations in Java properties format
- //
- if (cache != null && request.getContentType().equals("text/x-java-properties")) {
- loggingContext.setServiceName("PDP.putConfig");
- try{
- if (request.getContentLength() > Integer.parseInt(XACMLProperties.getProperty("MAX_CONTENT_LENGTH", DEFAULT_MAX_CONTENT_LENGTH))) {
- String message = "Content-Length larger than server will accept.";
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
- loggingContext.transactionEnded();
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
- im.endTransaction();
- return;
- }
- this.doPutConfig(cache, request, response, loggingContext);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction ended");
-
- im.endTransaction();
- }catch(Exception e){
- logger.error("Exception Occured while getting Max Content lenght"+e);
- }
- } else {
- String message = "Invalid cache: '" + cache + "' or content-type: '" + request.getContentType() + "'";
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + message);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- im.endTransaction();
- return;
- }
- }
-
- protected void doPutConfig(String config, HttpServletRequest request, HttpServletResponse response, ONAPLoggingContext loggingContext) throws ServletException, IOException {
- try {
- // prevent multiple configuration changes from stacking up
- if (XACMLPdpServlet.queue.remainingCapacity() <= 0) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Queue capacity reached");
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "Queue capacity reached");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_CONFLICT, "Multiple configuration changes waiting processing.");
- return;
- }
- //
- // Read the properties data into an object.
- //
- Properties newProperties = new Properties();
- newProperties.load(request.getInputStream());
- // should have something in the request
- if (newProperties.size() == 0) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No properties in PUT");
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "No properties in PUT");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "PUT must contain at least one property");
- return;
- }
- //
- // Which set of properties are they sending us? Whatever they send gets
- // put on the queue (if there is room).
- // For audit logging purposes, we consider the transaction done once the
- // the request gets put on the queue.
- //
- if (config.equals("policies")) {
- newProperties = XACMLProperties.getPolicyProperties(newProperties, true);
- if (newProperties.size() == 0) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No policy properties in PUT");
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "No policy properties in PUT");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "PUT with cache=policies must contain at least one policy property");
- return;
- }
- XACMLPdpServlet.queue.offer(new PutRequest(newProperties, null));
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Success");
- } else if (config.equals("pips")) {
- newProperties = XACMLProperties.getPipProperties(newProperties);
- if (newProperties.size() == 0) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No pips properties in PUT");
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "No pips properties in PUT");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "PUT with cache=pips must contain at least one pip property");
- return;
- }
- XACMLPdpServlet.queue.offer(new PutRequest(null, newProperties));
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Success");
- } else if (config.equals("all")) {
- Properties newPolicyProperties = XACMLProperties.getPolicyProperties(newProperties, true);
- if (newPolicyProperties.size() == 0) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No policy properties in PUT");
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "No policy properties in PUT");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "PUT with cache=all must contain at least one policy property");
- return;
- }
- Properties newPipProperties = XACMLProperties.getPipProperties(newProperties);
- if (newPipProperties.size() == 0) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No pips properties in PUT");
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "No pips properties in PUT");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "PUT with cache=all must contain at least one pip property");
- return;
- }
- XACMLPdpServlet.queue.offer(new PutRequest(newPolicyProperties, newPipProperties));
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Success");
- } else {
- //
- // Invalid value
- //
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid config value: " + config);
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "Invalid config value: " + config);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Config must be one of 'policies', 'pips', 'all'");
- return;
- }
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed to process new configuration.", e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "Failed to process new configuration");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- return;
- }
-
- }
-
- /**
- * Parameters: type=hb|config|Status
- *
- * 1. HeartBeat Status
- * HeartBeat
- * OK - All Policies are Loaded, All PIPs are Loaded
- * LOADING_IN_PROGRESS - Currently loading a new policy set/pip configuration
- * LAST_UPDATE_FAILED - Need to track the items that failed during last update
- * LOAD_FAILURE - ??? Need to determine what information is sent and how
- * 2. Configuration
- * 3. Status
- * return the StdPDPStatus object in the Response content
- *
- *
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
- */
- @Override
- protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
- ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
- loggingContext.transactionStarted();
- if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
- UUID requestID = UUID.randomUUID();
- loggingContext.setRequestID(requestID.toString());
- PolicyLogger.info("requestID not provided in call to XACMLPdpSrvlet (doGet) so we generated one");
- } else {
- PolicyLogger.info("requestID was provided in call to XACMLPdpSrvlet (doGet)");
- }
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 1 of 2");
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 2 of 2");
-
- XACMLRest.dumpRequest(request);
-
- String pathInfo = request.getRequestURI();
- if (pathInfo != null){
- // health check from Global Site Selector (iDNS).
- // DO NOT do a im.startTransaction for the test request
- if (pathInfo.equals("/pdp/test")) {
- loggingContext.setServiceName("iDNS:PDP.test");
- try {
- im.evaluateSanity();
- //If we make it this far, all is well
- String message = "GET:/pdp/test called and PDP " + pdpResourceName + " is OK";
- PolicyLogger.debug(message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Success");
- response.setStatus(HttpServletResponse.SC_OK);
- return;
- } catch (ForwardProgressException fpe){
- //No forward progress is being made
- String message = "GET:/pdp/test called and PDP " + pdpResourceName + " is not making forward progress."
- + " Exception Message: " + fpe.getMessage();
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + fpe);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- return;
- }catch (AdministrativeStateException ase){
- //Administrative State is locked
- String message = "GET:/pdp/test called and PDP " + pdpResourceName + " Administrative State is LOCKED "
- + " Exception Message: " + ase.getMessage();
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + ase);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- return;
- }catch (StandbyStatusException sse){
- //Administrative State is locked
- String message = "GET:/pdp/test called and PDP " + pdpResourceName + " Standby Status is NOT PROVIDING SERVICE "
- + " Exception Message: " + sse.getMessage();
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + sse);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- return;
- } catch (Exception e) {
- //A subsystem is not making progress or is not responding
- String eMsg = e.getMessage();
- if(eMsg == null){
- eMsg = "No Exception Message";
- }
- String message = "GET:/pdp/test called and PDP " + pdpResourceName + " has had a subsystem failure."
- + " Exception Message: " + eMsg;
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message );
- //Get the specific list of subsystems that failed
- String failedNodeList = null;
- for(String node : dependencyNodes){
- if(eMsg.contains(node)){
- if(failedNodeList == null){
- failedNodeList = node;
- }else{
- failedNodeList = failedNodeList.concat(","+node);
- }
- }
- }
- if(failedNodeList == null){
- failedNodeList = "UnknownSubSystem";
- }
- response.addHeader("X-ONAP-SubsystemFailure", failedNodeList);
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log" + e);
- return;
- }
- }
- }
-
- try {
- im.startTransaction();
- }
- catch (AdministrativeStateException | StandbyStatusException e) {
- String message = e.toString();
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log" +e);
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- return;
- }
- //
- // What are they requesting?
- //
- boolean returnHB = false;
- response.setHeader("Cache-Control", "no-cache");
- String type = request.getParameter("type");
- // type might be null, so use equals on string constants
- if ("config".equals(type)) {
- loggingContext.setServiceName("PDP.getConfig");
- response.setContentType("text/x-java-properties");
- try {
- String lists = XACMLProperties.PROP_ROOTPOLICIES + "=" + XACMLProperties.getProperty(XACMLProperties.PROP_ROOTPOLICIES, "");
- lists = lists + "\n" + XACMLProperties.PROP_REFERENCEDPOLICIES + "=" + XACMLProperties.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES, "") + "\n";
- try (InputStream listInputStream = new ByteArrayInputStream(lists.getBytes());
- InputStream pipInputStream = Files.newInputStream(XACMLPdpLoader.getPIPConfig());
- OutputStream os = response.getOutputStream()) {
- IOUtils.copy(listInputStream, os);
- IOUtils.copy(pipInputStream, os);
- }
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Success");
- response.setStatus(HttpServletResponse.SC_OK);
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed to copy property file", e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "Failed to copy property file");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(400, "Failed to copy Property file");
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- }
-
- } else if ("hb".equals(type)) {
- returnHB = true;
- response.setStatus(HttpServletResponse.SC_NO_CONTENT);
-
- } else if ("Status".equals(type)) {
- loggingContext.setServiceName("PDP.getStatus");
- // convert response object to JSON and include in the response
- synchronized(pdpStatusLock) {
- ObjectMapper mapper = new ObjectMapper();
- try{
- mapper.writeValue(response.getOutputStream(), status);
- }catch(Exception e1){
- logger.error("Exception occured while writing output stream" +e1);
- }
- }
- response.setStatus(HttpServletResponse.SC_OK);
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Success");
-
- } else {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid type value: " + type);
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "Invalid type value: " + type);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "type not 'config' or 'hb'");
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- }
- if (returnHB) {
- synchronized(pdpStatusLock) {
- response.addHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB, status.getStatus().toString());
- }
- }
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended");
- im.endTransaction();
-
- }
-
- /**
- * POST - We expect XACML requests to be posted by PEP applications. They can be in the form of XML or JSON according
- * to the XACML 3.0 Specifications for both.
- *
- *
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
- */
- @Override
- protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
- ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
- loggingContext.transactionStarted();
- loggingContext.setServiceName("PDP.decide");
- if ((loggingContext.getRequestID() == null) || ("".equals(loggingContext.getRequestID()))){
- UUID requestID = UUID.randomUUID();
- loggingContext.setRequestID(requestID.toString());
- PolicyLogger.info("requestID not provided in call to XACMLPdpSrvlet (doPost) so we generated one");
- } else {
- PolicyLogger.info("requestID was provided in call to XACMLPdpSrvlet (doPost)");
- }
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 1 of 2");
- loggingContext.metricStarted();
- loggingContext.metricEnded();
- PolicyLogger.metrics("Metric example posted here - 2 of 2");
- monitor.pdpEvaluationAttempts();
-
- try {
- im.startTransaction();
- }
- catch (AdministrativeStateException | StandbyStatusException e) {
- String message = e.toString();
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- return;
- }
- //
- // no point in doing any work if we know from the get-go that we cannot do anything with the request
- //
- if (status.getLoadedRootPolicies().isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Request from PEP at " + request.getRequestURI() + " for service when PDP has No Root Policies loaded");
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, "Request from PEP at " + request.getRequestURI() + " for service when PDP has No Root Policies loaded");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- im.endTransaction();
- return;
- }
-
- XACMLRest.dumpRequest(request);
- //
- // Set our no-cache header
- //
- response.setHeader("Cache-Control", "no-cache");
- //
- // They must send a Content-Type
- //
- if (request.getContentType() == null) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Must specify a Content-Type");
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "Must specify a Content-Type");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "no content-type given");
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- im.endTransaction();
- return;
- }
- //
- // Limit the Content-Length to something reasonable
- //
- try{
- if (request.getContentLength() > Integer.parseInt(XACMLProperties.getProperty("MAX_CONTENT_LENGTH", "32767"))) {
- String message = "Content-Length larger than server will accept.";
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
- im.endTransaction();
- return;
- }
- }catch(Exception e){
- logger.error("Exception occured while getting max content length"+e);
- }
-
- if (request.getContentLength() <= 0) {
- String message = "Content-Length is negative";
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- im.endTransaction();
- return;
- }
- ContentType contentType = null;
- try {
- contentType = ContentType.parse(request.getContentType());
- }
- catch (Exception e) {
- String message = "Parsing Content-Type: " + request.getContentType() + ", error=" + e.getMessage();
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message, e);
- loggingContext.transactionEnded();
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, message);
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- im.endTransaction();
- return;
- }
- //
- // What exactly did they send us?
- //
- String incomingRequestString = null;
- Request pdpRequest = null;
- if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType()) ||
- contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType()) ||
- contentType.getMimeType().equalsIgnoreCase("application/xacml+xml") ) {
- //
- // Read in the string
- //
- StringBuilder buffer = new StringBuilder();
- BufferedReader reader = null;
- try{
- reader = new BufferedReader(new InputStreamReader(request.getInputStream()));
- }catch(IOException e){
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error during reading input stream",e);
- return;
- }
- String line;
- try{
- while((line = reader.readLine()) != null){
- buffer.append(line);
- }
- }catch(Exception e){
- logger.error("Exception Occured while reading line"+e);
- }
-
- incomingRequestString = buffer.toString();
- logger.info(incomingRequestString);
- //
- // Parse into a request
- //
- try {
- if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) {
- pdpRequest = JSONRequest.load(incomingRequestString);
- } else if ( contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType()) ||
- contentType.getMimeType().equalsIgnoreCase("application/xacml+xml")) {
- pdpRequest = DOMRequest.load(incomingRequestString);
- }
- }
- catch(Exception e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Could not parse request", e);
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "Could not parse request");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- im.endTransaction();
- return;
- }
- } else {
- String message = "unsupported content type" + request.getContentType();
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- im.endTransaction();
- return;
- }
- //
- // Did we successfully get and parse a request?
- //
- if (pdpRequest == null || pdpRequest.getRequestAttributes() == null || pdpRequest.getRequestAttributes().size() <= 0) {
- String message = "Zero Attributes found in the request";
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- im.endTransaction();
- return;
- }
- //
- // Run it
- //
- try {
- //
- // Authenticating the Request here.
- //
- if(!authorizeRequest(request)){
- String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
- PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
- im.endTransaction();
- return;
- }
- //
- // Get the pointer to the PDP Engine
- //
- PDPEngine myEngine = null;
- synchronized(pdpEngineLock) {
- myEngine = XACMLPdpServlet.pdpEngine;
- }
- if (myEngine == null) {
- String message = "No engine loaded.";
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + message);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- im.endTransaction();
- return;
- }
- //
- // Send the request and save the response
- //
- long lTimeStart;
- long lTimeEnd;
- Response pdpResponse = null;
-
- synchronized(pdpEngineLock) {
- myEngine = XACMLPdpServlet.pdpEngine;
- try {
- PolicyList.clearPolicyList();
- lTimeStart = System.currentTimeMillis();
- pdpResponse = myEngine.decide(pdpRequest);
- lTimeEnd = System.currentTimeMillis();
- } catch (PDPException e) {
- String message = "Exception during decide: " + e.getMessage();
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + message +e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- im.endTransaction();
- return;
- }
- }
- monitor.computeLatency(lTimeEnd - lTimeStart);
- requestLogger.info(lTimeStart + "=" + incomingRequestString);
- for(String policy : PolicyList.getpolicyList()){
- monitor.policyCountAdd(policy, 1);
- }
-
-
- logger.info("PolicyID triggered in Request: " + PolicyList.getpolicyList());
-
- //need to go through the list and find out if the value is unique and then add it other wise
- // monitor.policyCountAdd(PolicyList.getpolicyList(), 1);
-
- if (logger.isDebugEnabled()) {
- logger.debug("Request time: " + (lTimeEnd - lTimeStart) + "ms");
- }
- //
- // Convert Response to appropriate Content-Type
- //
- if (pdpResponse == null) {
- requestLogger.info(lTimeStart + "=" + "{}");
- try{
- throw new PDPException("Failed to get response from PDP engine.");
- }catch(Exception e1){
- logger.error("Exception occured while throwing Exception" +e1);
- }
- }
- //
- // Set our content-type
- //
- response.setContentType(contentType.getMimeType());
- //
- // Convert the PDP response object to a String to
- // return to our caller as well as dump to our loggers.
- //
- String outgoingResponseString = "";
- try{
- if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) {
- //
- // Get it as a String. This is not very efficient but we need to log our
- // results for auditing.
- //
- outgoingResponseString = JSONResponse.toString(pdpResponse, logger.isDebugEnabled());
- if (logger.isDebugEnabled()) {
- logger.debug(outgoingResponseString);
- //
- // Get rid of whitespace
- //
- outgoingResponseString = JSONResponse.toString(pdpResponse, false);
- }
- } else if ( contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType()) ||
- contentType.getMimeType().equalsIgnoreCase("application/xacml+xml")) {
- //
- // Get it as a String. This is not very efficient but we need to log our
- // results for auditing.
- //
- outgoingResponseString = DOMResponse.toString(pdpResponse, logger.isDebugEnabled());
- if (logger.isDebugEnabled()) {
- logger.debug(outgoingResponseString);
- //
- // Get rid of whitespace
- //
- outgoingResponseString = DOMResponse.toString(pdpResponse, false);
- }
- }
- // adding the jmx values for NA, Permit and Deny
- //
- if (outgoingResponseString.contains("NotApplicable") || outgoingResponseString.contains("Decision not a Permit")){
- monitor.pdpEvaluationNA();
- }
-
- if (outgoingResponseString.contains("Permit") && !outgoingResponseString.contains("Decision not a Permit")){
- monitor.pdpEvaluationPermit();
- }
-
- if (outgoingResponseString.contains("Deny")){
- monitor.pdpEvaluationDeny();
- }
- //
- // lTimeStart is used as an ID within the requestLogger to match up
- // request's with responses.
- //
- requestLogger.info(lTimeStart + "=" + outgoingResponseString);
- response.getWriter().print(outgoingResponseString);
- }catch(Exception e){
- logger.error("Exception Occured"+e );
- }
- }
- catch (Exception e) {
- String message = "Exception executing request: " + e;
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + message, e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- try{
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- }catch(Exception e1){
- logger.error("Exception occured while sending error in response" +e1);
- }
- return;
- }
-
- monitor.pdpEvaluationSuccess();
- response.setStatus(HttpServletResponse.SC_OK);
-
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Success");
-
- }
-
- /*
- * Added for Authorizing the PEP Requests for Environment check.
- */
- private boolean authorizeRequest(HttpServletRequest request) {
- // Get the client Credentials from the Request header.
- HttpServletRequest httpServletRequest = request;
- String clientCredentials = httpServletRequest.getHeader(ENVIORNMENT_HEADER);
- if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){
- return true;
- }else{
- return false;
- }
- }
-
- @Override
- public void run() {
- //
- // Keep running until we are told to terminate
- //
- try {
- // variable not used, but constructor has needed side-effects so don't remove:
- while (! XACMLPdpServlet.configThreadTerminate) {
- PutRequest request = XACMLPdpServlet.queue.take();
- StdPDPStatus newStatus = new StdPDPStatus();
-
- PDPEngine newEngine = null;
- synchronized(pdpStatusLock) {
- XACMLPdpServlet.status.setStatus(Status.UPDATING_CONFIGURATION);
- newEngine = XACMLPdpLoader.loadEngine(newStatus, request.policyProperties, request.pipConfigProperties);
- }
- if (newEngine != null) {
- synchronized(XACMLPdpServlet.pdpEngineLock) {
- XACMLPdpServlet.pdpEngine = newEngine;
- try {
- logger.info("Saving configuration.");
- if (request.policyProperties != null) {
- try (OutputStream os = Files.newOutputStream(XACMLPdpLoader.getPDPPolicyCache())) {
- request.policyProperties.store(os, "");
- }
- }
- if (request.pipConfigProperties != null) {
- try (OutputStream os = Files.newOutputStream(XACMLPdpLoader.getPIPConfig())) {
- request.pipConfigProperties.store(os, "");
- }
- }
- newStatus.setStatus(Status.UP_TO_DATE);
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to store new properties."+e);
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "Failed to store new properties");
- newStatus.setStatus(Status.LOAD_ERRORS);
- newStatus.addLoadWarning("Unable to save configuration: " + e.getMessage());
- }
- }
- // Notification will be Sent Here.
- XACMLPdpLoader.sendNotification();
- } else {
- newStatus.setStatus(Status.LAST_UPDATE_FAILED);
- }
- synchronized(pdpStatusLock) {
- XACMLPdpServlet.status.set(newStatus);
- }
- }
- } catch (InterruptedException e) {
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "interrupted"+e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, "interrupted");
- Thread.currentThread().interrupt();
- }
- }
-
- public static PDPEngine getPDPEngine(){
- PDPEngine myEngine = null;
- synchronized(pdpEngineLock) {
- myEngine = XACMLPdpServlet.pdpEngine;
- }
- return myEngine;
- }
-
- public static Constructor<?> getCreateUpdatePolicyConstructor(){
- return createUpdatePolicyConstructor;
- }
-
- private static void setCreateUpdatePolicyConstructor(String createUpdateResourceName) throws ServletException{
- try{
- Class<?> createUpdateclass = Class.forName(createUpdateResourceName);
- createUpdatePolicyConstructor = createUpdateclass.getConstructor(PolicyParameters.class, String.class, boolean.class);
- }catch(Exception e){
- PolicyLogger.error(MessageCodes.MISS_PROPERTY_ERROR, "createUpdatePolicy.impl.className", "xacml.pdp.init" +e);
- throw new ServletException("Could not find the Class name : " +createUpdateResourceName + "\n" +e.getMessage());
- }
- }
+ * POST - We expect XACML requests to be posted by PEP applications. They can be in the form of XML or JSON
+ * according to the XACML 3.0 Specifications for both.
+ *
+ *
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+ ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
+ loggingContext.transactionStarted();
+ loggingContext.setServiceName("PDP.decide");
+ if ((loggingContext.getRequestID() == null) || ("".equals(loggingContext.getRequestID()))) {
+ UUID requestID = UUID.randomUUID();
+ loggingContext.setRequestID(requestID.toString());
+ PolicyLogger.info("requestID not provided in call to XACMLPdpSrvlet (doPost) so we generated one");
+ } else {
+ PolicyLogger.info("requestID was provided in call to XACMLPdpSrvlet (doPost)");
+ }
+ loggingContext.metricStarted();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("Metric example posted here - 1 of 2");
+ loggingContext.metricStarted();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("Metric example posted here - 2 of 2");
+ monitor.pdpEvaluationAttempts();
+
+ try {
+ im.startTransaction();
+ } catch (IntegrityMonitorException e) {
+ String message = e.toString();
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + e);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ return;
+ }
+ //
+ // no point in doing any work if we know from the get-go that we cannot do anything with the request
+ //
+ if (status.getLoadedRootPolicies().isEmpty()) {
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Request from PEP at " + request.getRequestURI()
+ + " for service when PDP has No Root Policies loaded");
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, "Request from PEP at " + request.getRequestURI()
+ + " for service when PDP has No Root Policies loaded");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ im.endTransaction();
+ return;
+ }
+
+ XACMLRest.dumpRequest(request);
+ //
+ // Set our no-cache header
+ //
+ response.setHeader("Cache-Control", "no-cache");
+ //
+ // They must send a Content-Type
+ //
+ if (request.getContentType() == null) {
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Must specify a Content-Type");
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "Must specify a Content-Type");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, "no content-type given");
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ im.endTransaction();
+ return;
+ }
+ //
+ // Limit the Content-Length to something reasonable
+ //
+ try {
+ if (request.getContentLength() > Integer
+ .parseInt(XACMLProperties.getProperty("MAX_CONTENT_LENGTH", "32767"))) {
+ String message = "Content-Length larger than server will accept.";
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
+ im.endTransaction();
+ return;
+ }
+ } catch (Exception e) {
+ logger.error("Exception occured while getting max content length" + e);
+ }
+
+ if (request.getContentLength() <= 0) {
+ String message = "Content-Length is negative";
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ im.endTransaction();
+ return;
+ }
+ ContentType contentType = null;
+ try {
+ contentType = ContentType.parse(request.getContentType());
+ } catch (Exception e) {
+ String message = "Parsing Content-Type: " + request.getContentType() + ", error=" + e.getMessage();
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message, e);
+ loggingContext.transactionEnded();
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, message);
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ im.endTransaction();
+ return;
+ }
+ //
+ // What exactly did they send us?
+ //
+ String incomingRequestString = null;
+ Request pdpRequest = null;
+ if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())
+ || contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType())
+ || contentType.getMimeType().equalsIgnoreCase("application/xacml+xml")) {
+ //
+ // Read in the string
+ //
+ StringBuilder buffer = new StringBuilder();
+ BufferedReader reader = null;
+ try {
+ reader = new BufferedReader(new InputStreamReader(request.getInputStream()));
+ } catch (IOException e) {
+ logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error during reading input stream", e);
+ return;
+ }
+ String line;
+ try {
+ while ((line = reader.readLine()) != null) {
+ buffer.append(line);
+ }
+ } catch (Exception e) {
+ logger.error("Exception Occured while reading line" + e);
+ }
+
+ incomingRequestString = buffer.toString();
+ logger.info(incomingRequestString);
+ //
+ // Parse into a request
+ //
+ try {
+ if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) {
+ pdpRequest = JSONRequest.load(incomingRequestString);
+ } else if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType())
+ || contentType.getMimeType().equalsIgnoreCase("application/xacml+xml")) {
+ pdpRequest = DOMRequest.load(incomingRequestString);
+ }
+ } catch (Exception e) {
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Could not parse request", e);
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "Could not parse request");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ im.endTransaction();
+ return;
+ }
+ } else {
+ String message = "unsupported content type" + request.getContentType();
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ im.endTransaction();
+ return;
+ }
+ //
+ // Did we successfully get and parse a request?
+ //
+ if (pdpRequest == null || pdpRequest.getRequestAttributes() == null
+ || pdpRequest.getRequestAttributes().size() <= 0) {
+ String message = "Zero Attributes found in the request";
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ im.endTransaction();
+ return;
+ }
+ //
+ // Run it
+ //
+ try {
+ //
+ // Authenticating the Request here.
+ //
+ if (!authorizeRequest(request)) {
+ String message =
+ "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
+ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + message);
+ PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS, message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
+ im.endTransaction();
+ return;
+ }
+ //
+ // Get the pointer to the PDP Engine
+ //
+ PDPEngine myEngine = null;
+ synchronized (pdpEngineLock) {
+ myEngine = XACMLPdpServlet.pdpEngine;
+ }
+ if (myEngine == null) {
+ String message = "No engine loaded.";
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + message);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ im.endTransaction();
+ return;
+ }
+ //
+ // Send the request and save the response
+ //
+ long lTimeStart;
+ long lTimeEnd;
+ Response pdpResponse = null;
+
+ synchronized (pdpEngineLock) {
+ myEngine = XACMLPdpServlet.pdpEngine;
+ try {
+ PolicyList.clearPolicyList();
+ lTimeStart = System.currentTimeMillis();
+ pdpResponse = myEngine.decide(pdpRequest);
+ lTimeEnd = System.currentTimeMillis();
+ } catch (PDPException e) {
+ String message = "Exception during decide: " + e.getMessage();
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + message + e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ im.endTransaction();
+ return;
+ }
+ }
+ monitor.computeLatency(lTimeEnd - lTimeStart);
+ requestLogger.info(lTimeStart + "=" + incomingRequestString);
+ for (String policy : PolicyList.getpolicyList()) {
+ monitor.policyCountAdd(policy, 1);
+ }
+
+
+ logger.info("PolicyID triggered in Request: " + PolicyList.getpolicyList());
+
+ // need to go through the list and find out if the value is unique and then add it other wise
+ // monitor.policyCountAdd(PolicyList.getpolicyList(), 1);
+
+ if (logger.isDebugEnabled()) {
+ logger.debug("Request time: " + (lTimeEnd - lTimeStart) + "ms");
+ }
+ //
+ // Convert Response to appropriate Content-Type
+ //
+ if (pdpResponse == null) {
+ requestLogger.info(lTimeStart + "=" + "{}");
+ try {
+ throw new PDPException("Failed to get response from PDP engine.");
+ } catch (Exception e1) {
+ logger.error("Exception occured while throwing Exception" + e1);
+ }
+ }
+ //
+ // Set our content-type
+ //
+ response.setContentType(contentType.getMimeType());
+ //
+ // Convert the PDP response object to a String to
+ // return to our caller as well as dump to our loggers.
+ //
+ String outgoingResponseString = "";
+ try {
+ if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) {
+ //
+ // Get it as a String. This is not very efficient but we need to log our
+ // results for auditing.
+ //
+ outgoingResponseString = JSONResponse.toString(pdpResponse, logger.isDebugEnabled());
+ if (logger.isDebugEnabled()) {
+ logger.debug(outgoingResponseString);
+ //
+ // Get rid of whitespace
+ //
+ outgoingResponseString = JSONResponse.toString(pdpResponse, false);
+ }
+ } else if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType())
+ || contentType.getMimeType().equalsIgnoreCase("application/xacml+xml")) {
+ //
+ // Get it as a String. This is not very efficient but we need to log our
+ // results for auditing.
+ //
+ outgoingResponseString = DOMResponse.toString(pdpResponse, logger.isDebugEnabled());
+ if (logger.isDebugEnabled()) {
+ logger.debug(outgoingResponseString);
+ //
+ // Get rid of whitespace
+ //
+ outgoingResponseString = DOMResponse.toString(pdpResponse, false);
+ }
+ }
+ // adding the jmx values for NA, Permit and Deny
+ //
+ if (outgoingResponseString.contains("NotApplicable")
+ || outgoingResponseString.contains("Decision not a Permit")) {
+ monitor.pdpEvaluationNA();
+ }
+
+ if (outgoingResponseString.contains("Permit")
+ && !outgoingResponseString.contains("Decision not a Permit")) {
+ monitor.pdpEvaluationPermit();
+ }
+
+ if (outgoingResponseString.contains("Deny")) {
+ monitor.pdpEvaluationDeny();
+ }
+ //
+ // lTimeStart is used as an ID within the requestLogger to match up
+ // request's with responses.
+ //
+ requestLogger.info(lTimeStart + "=" + outgoingResponseString);
+ response.getWriter().print(outgoingResponseString);
+ } catch (Exception e) {
+ logger.error("Exception Occured" + e);
+ }
+ } catch (Exception e) {
+ String message = "Exception executing request: " + e;
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + message, e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ try {
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ } catch (Exception e1) {
+ logger.error("Exception occured while sending error in response" + e1);
+ }
+ return;
+ }
+
+ monitor.pdpEvaluationSuccess();
+ response.setStatus(HttpServletResponse.SC_OK);
+
+ loggingContext.transactionEnded();
+ auditLogger.info("Success");
+ PolicyLogger.audit("Success");
+
+ }
+
+ /*
+ * Added for Authorizing the PEP Requests for Environment check.
+ */
+ private boolean authorizeRequest(HttpServletRequest request) {
+ // Get the client Credentials from the Request header.
+ HttpServletRequest httpServletRequest = request;
+ String clientCredentials = httpServletRequest.getHeader(ENVIORNMENT_HEADER);
+ if (clientCredentials != null && clientCredentials.equalsIgnoreCase(environment)) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ @Override
+ public void run() {
+ //
+ // Keep running until we are told to terminate
+ //
+ try {
+ // variable not used, but constructor has needed side-effects so don't remove:
+ while (!XACMLPdpServlet.configThreadTerminate) {
+ logger.info("XACMLPdpServlet: Taking requests from the queue");
+ PutRequest request = XACMLPdpServlet.queue.take();
+ logger.info("XACMLPdpServlet: Taking requests from the queue COMPLETED");
+ StdPDPStatus newStatus = new StdPDPStatus();
+
+ PDPEngine newEngine = null;
+ synchronized (pdpStatusLock) {
+ XACMLPdpServlet.status.setStatus(Status.UPDATING_CONFIGURATION);
+
+ logger.info("created new PDPEngine");
+ newEngine =
+ XACMLPdpLoader.loadEngine(newStatus, request.policyProperties, request.pipConfigProperties);
+ }
+ if (newEngine != null) {
+ logger.info("XACMLPdpServlet: newEngine created, assigning newEngine to the pdpEngine.");
+ synchronized (XACMLPdpServlet.pdpEngineLock) {
+ XACMLPdpServlet.pdpEngine = newEngine;
+ try {
+ logger.info("Saving configuration.");
+ if (request.policyProperties != null) {
+ logger.info("Saving configuration: Policy Properties: " + request.policyProperties);
+ try (OutputStream os = Files.newOutputStream(XACMLPdpLoader.getPDPPolicyCache())) {
+ request.policyProperties.store(os, "");
+ }
+ }
+ if (request.pipConfigProperties != null) {
+ logger.info("Saving configuration: PIP Properties: " + request.pipConfigProperties);
+ try (OutputStream os = Files.newOutputStream(XACMLPdpLoader.getPIPConfig())) {
+ request.pipConfigProperties.store(os, "");
+ }
+ }
+ newStatus.setStatus(Status.UP_TO_DATE);
+ } catch (Exception e) {
+ logger.error(
+ XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to store new properties." + e);
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "Failed to store new properties");
+ newStatus.setStatus(Status.LOAD_ERRORS);
+ newStatus.addLoadWarning("Unable to save configuration: " + e.getMessage());
+ }
+ }
+ } else {
+ newStatus.setStatus(Status.LAST_UPDATE_FAILED);
+ }
+ synchronized (pdpStatusLock) {
+ XACMLPdpServlet.status.set(newStatus);
+ }
+ logger.info("New PDP Servlet Status: " + newStatus.getStatus());
+ if (Status.UP_TO_DATE.equals(newStatus.getStatus())) {
+ // Notification will be Sent Here.
+ XACMLPdpLoader.sendNotification();
+ }
+ }
+ } catch (InterruptedException e) {
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "interrupted" + e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, "interrupted");
+ Thread.currentThread().interrupt();
+ }
+ }
+
+ public static PDPEngine getPDPEngine() {
+ PDPEngine myEngine = null;
+ synchronized (pdpEngineLock) {
+ myEngine = XACMLPdpServlet.pdpEngine;
+ }
+ return myEngine;
+ }
+
+ public static Constructor<?> getCreateUpdatePolicyConstructor() {
+ return createUpdatePolicyConstructor;
+ }
+
+ public static Object getPDPEngineLock() {
+ return pdpEngineLock;
+ }
+
+ private static void setCreateUpdatePolicyConstructor(String createUpdateResourceName) throws ServletException {
+ try {
+ Class<?> createUpdateclass = Class.forName(createUpdateResourceName);
+ createUpdatePolicyConstructor =
+ createUpdateclass.getConstructor(PolicyParameters.class, String.class, boolean.class);
+ } catch (Exception e) {
+ PolicyLogger.error(MessageCodes.MISS_PROPERTY_ERROR, "createUpdatePolicy.impl.className",
+ "xacml.pdp.init" + e);
+ throw new ServletException(
+ "Could not find the Class name : " + createUpdateResourceName + "\n" + e.getMessage());
+ }
+ }