* These are the parameters needed for DB access from the PAP
*/
private static int papIntegrityAuditPeriodSeconds = -1;
- public static String papDbDriver = null;
- public static String papDbUrl = null;
- public static String papDbUser = null;
- public static String papDbPassword = null;
+ private static String papDbDriver = null;
+ private static String papDbUrl = null;
+ private static String papDbUser = null;
+ private static String papDbPassword = null;
private static Integer papTransWait = null;
private static Integer papTransTimeout = null;
private static Integer papAuditTimeout = null;
private IntegrityAudit ia;
//MicroService Model Properties
- public static String msEcompName;
- public static String msPolicyName;
+ private static String msEcompName;
+ private static String msPolicyName;
/*
* This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when
* this servlet starts. Its configurable by the admin.
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbDriver property entry");
throw new PAPException("papDbDriver is null");
}
+ setPapDbDriver(papDbDriver);
papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL);
if(papDbUrl == null){
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUrl property entry");
throw new PAPException("papDbUrl is null");
}
+ setPapDbUrl(papDbUrl);
papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER);
if(papDbUser == null){
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUser property entry");
throw new PAPException("papDbUser is null");
}
+ setPapDbUser(papDbUser);
papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD);
if(papDbPassword == null){
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
throw new PAPException("papDbPassword is null");
}
+ setPapDbPassword(papDbPassword);
papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME);
if(papResourceName == null){
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papResourceName property entry");
}
//Micro Service Properties
msEcompName=properties.getProperty("xacml.policy.msEcompName");
+ setMsEcompName(msEcompName);
msPolicyName=properties.getProperty("xacml.policy.msPolicyName");
+ setMsPolicyName(msPolicyName);
// PDPId File location
XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE);
if (XACMLPapServlet.pdpFile == null) {
}
}
policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine);
+ //boolean performFileToDatabaseAudit = false;
+ if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){
+ //get an AuditTransaction to lock out all other transactions
+ PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction();
+ policyDBDao.auditLocalDatabase(XACMLPapServlet.papEngine);
+ //release the transaction lock
+ auditTrans.close();
+ }
+
// Sanity check for URL.
if (XACMLPapServlet.papURL == null) {
throw new PAPException("The property " + XACMLRestProperties.PROP_PAP_URL + " is not valid: " + XACMLPapServlet.papURL);
String message = "PUT interface called for PAP " + papResourceName + " but it has an Administrative"
+ " state of " + im.getStateManager().getAdminState()
+ "\n Exception Message: " + ae.getMessage();
- LOGGER.info(message);
+ LOGGER.info(message +ae);
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
+ " of " + im.getStateManager().getStandbyStatus()
+ "\n Exception Message: " + se.getMessage();
- LOGGER.info(message);
+ LOGGER.info(message +se);
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
im.endTransaction();
return;
}
- //This would occur if we received a notification of a policy creation or update
- String policyToCreateUpdate = request.getParameter("policyToCreateUpdate");
- if(policyToCreateUpdate != null){
- if(LOGGER.isDebugEnabled()){
- LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding"
- + "\npolicyToCreateUpdate = " + policyToCreateUpdate);
- }
- //decode it
- try{
- policyToCreateUpdate = URLDecoder.decode(policyToCreateUpdate, "UTF-8");
- if(LOGGER.isDebugEnabled()){
- LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding"
- + "\npolicyToCreateUpdate = " + policyToCreateUpdate);
- }
- } catch(UnsupportedEncodingException e){
- PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
- + "\npolicyToCreateUpdate = " + policyToCreateUpdate);
- response.sendError(500,"policyToCreateUpdate encoding not supported"
- + "\nfailure with the following exception: " + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See error.log");
- im.endTransaction();
- return;
- }
- //send it to PolicyDBDao
- PolicyDBDaoTransaction createUpdateTransaction = policyDBDao.getNewTransaction();
- try{
- createUpdateTransaction.createPolicy(policyToCreateUpdate, "XACMLPapServlet.doPut");
- }catch(Exception e){
- createUpdateTransaction.rollbackTransaction();
- response.sendError(500,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
- + "\nfailure with the following exception: " + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See error.log");
- im.endTransaction();
- return;
- }
- createUpdateTransaction.commitTransaction();
- // Before sending Ok. Lets call AutoPush.
- if(autoPushFlag){
- Set<StdPDPGroup> changedGroups = autoPushPolicy.checkGroupsToPush(policyToCreateUpdate, XACMLPapServlet.papEngine);
- if(!changedGroups.isEmpty()){
- for(StdPDPGroup group: changedGroups){
- try{
- papEngine.updateGroup(group);
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("Group '" + group.getId() + "' updated");
- }
- notifyAC();
- // Group changed, which might include changing the policies
- groupChanged(group);
- }catch(Exception e){
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Failed to Push policy. ");
- }
- }
- }
- }
- response.setStatus(HttpServletResponse.SC_OK);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
- }
/*
* Request for ImportService
*/
loggingContext.transactionEnded();
auditLogger.info("Success");
- if ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param"))) {
+ if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
if (pushPolicyHandler.preSafetyCheck(policy, CONFIG_HOME)) {
LOGGER.debug("Precheck Successful.");
try{
doACPostTransaction.movePdp(pdp, group, "XACMLPapServlet.doACPost");
}catch(Exception e){
+ doACPostTransaction.rollbackTransaction();
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet",
" Error while moving pdp in the database: "
+"pdp="+pdp.getId()+",to group="+group.getId());
return;
}
} catch (PAPException e) {
- if(doACPostTransaction != null){
- doACPostTransaction.rollbackTransaction();
- }
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
response.sendError(500, "Bad input, pdpid="+pdpId+" object="+objectFromJSON);
}
StdPDP pdp = (StdPDP) objectFromJSON;
- if (papEngine.getPDP(pdpId) == null) {
- // this is a request to create a new PDP object
- try{
- acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(), pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut");
- } catch(Exception e){
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: "
- +"pdp="+pdp.getId()+",to group="+group.getId());
- throw new PAPException(e.getMessage());
+ if(pdp != null){
+ if (papEngine.getPDP(pdpId) == null) {
+ // this is a request to create a new PDP object
+ try{
+ acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(),
+ pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut");
+ } catch(Exception e){
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: "
+ +"pdp="+ (pdp.getId()) +",to group="+group.getId());
+ throw new PAPException(e.getMessage());
+ }
+ papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
+ } else {
+ try{
+ acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
+ } catch(Exception e){
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: "
+ +"pdp="+ pdp.getId());
+ throw new PAPException(e.getMessage());
+ }
+ // this is a request to update the pdp
+ papEngine.updatePDP(pdp);
}
- papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
- } else {
+ response.setStatus(HttpServletResponse.SC_NO_CONTENT);
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug("PDP '" + pdpId + "' created/updated");
+ }
+ // adjust the group's state including the new PDP
+ ((StdPDPGroup)group).resetStatus();
+ // tell the Admin Consoles there is a change
+ notifyAC();
+ // this might affect the PDP, so notify it of the change
+ pdpChanged(pdp);
+ acPutTransaction.commitTransaction();
+ loggingContext.transactionEnded();
+ auditLogger.info("Success");
+ PolicyLogger.audit("Transaction Ended Successfully");
+ return;
+ }else{
try{
- acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "XACMLPapServlet", " Error while adding pdp to group in the database: "
+ +"pdp=null" + ",to group="+group.getId());
+ throw new PAPException("PDP is null");
} catch(Exception e){
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: "
- +"pdp="+pdp.getId());
- throw new PAPException(e.getMessage());
+ throw new PAPException("PDP is null" + e.getMessage() +e);
}
- // this is a request to update the pdp
- papEngine.updatePDP(pdp);
- }
- response.setStatus(HttpServletResponse.SC_NO_CONTENT);
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("PDP '" + pdpId + "' created/updated");
}
- // adjust the group's state including the new PDP
- ((StdPDPGroup)group).resetStatus();
- // tell the Admin Consoles there is a change
- notifyAC();
- // this might affect the PDP, so notify it of the change
- pdpChanged(pdp);
- acPutTransaction.commitTransaction();
- loggingContext.transactionEnded();
- auditLogger.info("Success");
- PolicyLogger.audit("Transaction Ended Successfully");
- return;
} else if (request.getParameter("pipId") != null) {
// group=<groupId> pipId=<pipEngineId> contents=pip properties <= add a PIP to pip config, or replace it if it already exists (lenient operation)
loggingContext.setServiceName("AC:PAP.putPIP");
// The Path on the PAP side is not carried on the RESTful interface with the AC
// (because it is local to the PAP)
// so we need to fill that in before submitting the group for update
- ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
+ if(objectFromJSON != null){
+ ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
+ }
try{
acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
} catch(Exception e){
HttpURLConnection connection = null;
try {
// Open up the connection
- connection = (HttpURLConnection)pdpURL.openConnection();
- // Setup our method and headers
- connection.setRequestMethod("GET");
- connection.setConnectTimeout(heartbeatTimeout);
- // Authentication
- String encoding = CheckPDP.getEncoding(pdp.getId());
- if(encoding !=null){
- connection.setRequestProperty("Authorization", "Basic " + encoding);
- }
- // Do the connect
- connection.connect();
- if (connection.getResponseCode() == 204) {
- newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB);
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'");
+ if(pdpURL != null){
+ connection = (HttpURLConnection)pdpURL.openConnection();
+ // Setup our method and headers
+ connection.setRequestMethod("GET");
+ connection.setConnectTimeout(heartbeatTimeout);
+ // Authentication
+ String encoding = CheckPDP.getEncoding(pdp.getId());
+ if(encoding !=null){
+ connection.setRequestProperty("Authorization", "Basic " + encoding);
}
- } else {
- // anything else is an unexpected result
- newStatus = PDPStatus.Status.UNKNOWN.toString();
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId());
+ // Do the connect
+ connection.connect();
+ if (connection.getResponseCode() == 204) {
+ newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB);
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'");
+ }
+ } else {
+ // anything else is an unexpected result
+ newStatus = PDPStatus.Status.UNKNOWN.toString();
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId());
+ }
}
} catch (UnknownHostException e) {
newStatus = PDPStatus.Status.NO_SUCH_HOST.toString();
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat '" + pdp.getId() + "' connect exception");
} finally {
// cleanup the connection
- connection.disconnect();
+ if(connection != null)
+ connection.disconnect();
}
if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) {
if (LOGGER.isDebugEnabled()) {
}
} finally {
// cleanup the connection
- connection.disconnect();
+ if(connection != null){
+ connection.disconnect();
+ }
// tell the AC to update it's status info
notifyAC();
}
disconnectedACs.add(acURL);
} finally {
// cleanup the connection
- connection.disconnect();
+ if(connection != null)
+ connection.disconnect();
}
}
// remove any ACs that are no longer connected
return emf;
}
+ public IntegrityAudit getIa() {
+ return ia;
+ }
+
public static String getPDPFile(){
return XACMLPapServlet.pdpFile;
}
public static PolicyDBDaoTransaction getDbDaoTransaction(){
return policyDBDao.getNewTransaction();
}
+ public static String getPapDbDriver() {
+ return papDbDriver;
+ }
+
+ public static void setPapDbDriver(String papDbDriver) {
+ XACMLPapServlet.papDbDriver = papDbDriver;
+ }
+
+ public static String getPapDbUrl() {
+ return papDbUrl;
+ }
+
+ public static void setPapDbUrl(String papDbUrl) {
+ XACMLPapServlet.papDbUrl = papDbUrl;
+ }
+
+ public static String getPapDbUser() {
+ return papDbUser;
+ }
+
+ public static void setPapDbUser(String papDbUser) {
+ XACMLPapServlet.papDbUser = papDbUser;
+ }
+
+ public static String getPapDbPassword() {
+ return papDbPassword;
+ }
+
+ public static void setPapDbPassword(String papDbPassword) {
+ XACMLPapServlet.papDbPassword = papDbPassword;
+ }
+
+ public static String getMsEcompName() {
+ return msEcompName;
+ }
+
+ public static void setMsEcompName(String msEcompName) {
+ XACMLPapServlet.msEcompName = msEcompName;
+ }
+
+ public static String getMsPolicyName() {
+ return msPolicyName;
+ }
+
+ public static void setMsPolicyName(String msPolicyName) {
+ XACMLPapServlet.msPolicyName = msPolicyName;
+ }
}