- public void doDelete(HttpServletRequest req, HttpServletResponse resp) throws IOException {\r
- setIpAndFqdnForEelf("doDelete");\r
- eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");\r
- EventLogRecord elr = new EventLogRecord(req);\r
- String message = isAuthorizedForProvisioning(req);\r
- if (message != null) {\r
- elr.setMessage(message);\r
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
- eventlogger.info(elr);\r
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);\r
- return;\r
- }\r
- if (isProxyServer()) {\r
- super.doDelete(req, resp);\r
- return;\r
- }\r
- String bhdr = req.getHeader(BEHALF_HEADER);\r
- if (bhdr == null) {\r
- message = "Missing " + BEHALF_HEADER + " header.";\r
- elr.setMessage(message);\r
- elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
- eventlogger.info(elr);\r
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, message);\r
- return;\r
- }\r
- int subid = getIdFromPath(req);\r
- if (subid < 0) {\r
- message = "Missing or bad subscription number.";\r
- elr.setMessage(message);\r
- elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
- eventlogger.info(elr);\r
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, message);\r
- return;\r
- }\r
- Subscription sub = Subscription.getSubscriptionById(subid);\r
- if (sub == null) {\r
- message = "Missing or bad subscription number.";\r
- elr.setMessage(message);\r
- elr.setResult(HttpServletResponse.SC_NOT_FOUND);\r
- eventlogger.info(elr);\r
- resp.sendError(HttpServletResponse.SC_NOT_FOUND, message);\r
- return;\r
- }\r
- // Check with the Authorizer\r
- AuthorizationResponse aresp = authz.decide(req);\r
- if (!aresp.isAuthorized()) {\r
- message = "Policy Engine disallows access.";\r
- elr.setMessage(message);\r
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
- eventlogger.info(elr);\r
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);\r
- return;\r
- }\r
-\r
- // Delete Subscription\r
- if (doDelete(sub)) {\r
- activeSubs--;\r
- // send response\r
- elr.setResult(HttpServletResponse.SC_NO_CONTENT);\r
- eventlogger.info(elr);\r
- resp.setStatus(HttpServletResponse.SC_NO_CONTENT);\r
- provisioningDataChanged();\r
- } else {\r
- // Something went wrong with the DELETE\r
- elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);\r
- eventlogger.info(elr);\r
- resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG);\r
+ public void doDelete(HttpServletRequest req, HttpServletResponse resp) {\r
+ setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req);\r
+ eelfLogger.info(EelfMsgs.ENTRY);\r
+ try {\r
+ eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");\r
+ EventLogRecord elr = new EventLogRecord(req);\r
+ String message = isAuthorizedForProvisioning(req);\r
+ if (message != null) {\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+ eventlogger.error(elr.toString());\r
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+ return;\r
+ }\r
+ if (isProxyServer()) {\r
+ super.doDelete(req, resp);\r
+ return;\r
+ }\r
+ String bhdr = req.getHeader(BEHALF_HEADER);\r
+ if (bhdr == null) {\r
+ message = MISSING_ON_BEHALF;\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
+ eventlogger.error(elr.toString());\r
+ sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
+ return;\r
+ }\r
+ int subid = getIdFromPath(req);\r
+ if (subid < 0) {\r
+ message = BAD_SUB;\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
+ eventlogger.error(elr.toString());\r
+ sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
+ return;\r
+ }\r
+ Subscription sub = Subscription.getSubscriptionById(subid);\r
+ if (sub == null) {\r
+ message = BAD_SUB;\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_NOT_FOUND);\r
+ eventlogger.error(elr.toString());\r
+ sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);\r
+ return;\r
+ }\r
+ /*\r
+ * START - AAF changes\r
+ * TDP EPIC US# 307413\r
+ * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription\r
+ */\r
+ String aafInstance = sub.getAafInstance();\r
+ if (aafInstance == null || "".equals(aafInstance) || "legacy".equalsIgnoreCase(aafInstance)) {\r
+ AuthorizationResponse aresp = authz.decide(req);\r
+ if (!aresp.isAuthorized()) {\r
+ message = POLICY_ENGINE;\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+ eventlogger.error(elr.toString());\r
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+ return;\r
+ }\r
+ } else {\r
+ String permission = getSubscriberPermission(aafInstance, BaseServlet.DELETE_PERMISSION);\r
+ eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);\r
+ if (!req.isUserInRole(permission)) {\r
+ message = "AAF disallows access to permission - " + permission;\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+ eventlogger.error(elr.toString());\r
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+ return;\r
+ }\r
+ }\r
+ /*\r
+ * END - AAF changes\r
+ */\r
+ // Delete Subscription\r
+ if (doDelete(sub)) {\r
+ activeSubs--;\r
+ // send response\r
+ elr.setResult(HttpServletResponse.SC_NO_CONTENT);\r
+ eventlogger.info(elr.toString());\r
+ resp.setStatus(HttpServletResponse.SC_NO_CONTENT);\r
+ provisioningDataChanged();\r
+ } else {\r
+ // Something went wrong with the DELETE\r
+ elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);\r
+ eventlogger.error(elr.toString());\r
+ sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, intlogger);\r
+ }\r
+ } finally {\r
+ eelfLogger.info(EelfMsgs.EXIT);\r