Code Review / dmaap / datarouter.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Fix InternalServlet Vulenrabilities
[dmaap/datarouter.git] / datarouter-prov / src / main / java / org / onap / dmaap / datarouter / provisioning / InternalServlet.java
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
index 2719208..c35978b 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
@@ -51,83 +51,90 @@ import org.onap.dmaap.datarouter.provisioning.utils.RLEBitSet;
 import com.att.eelf.configuration.EELFLogger;
 import com.att.eelf.configuration.EELFManager;
 
+import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError;
+
 /**
  * <p>
- * This servlet handles requests to URLs under /internal on the provisioning server.
- * These include:
+ * This servlet handles requests to URLs under /internal on the provisioning server. These include:
  * </p>
  * <div class="contentContainer">
  * <table class="packageSummary" border="0" cellpadding="3" cellspacing="0">
  * <caption><span>URL Path Summary</span><span class="tabEnd">&nbsp;</span></caption>
  * <tr>
- *   <th class="colFirst" width="15%">URL Path</th>
- *   <th class="colOne">Method</th>
- *   <th class="colLast">Purpose</th>
+ * <th class="colFirst" width="15%">URL Path</th>
+ * <th class="colOne">Method</th>
+ * <th class="colLast">Purpose</th>
  * </tr>
  * <tr class="altColor">
- *   <td class="colFirst">/internal/prov</td>
- *   <td class="colOne">GET</td>
- *   <td class="colLast">used to GET a full JSON copy of the provisioning data.</td>
+ * <td class="colFirst">/internal/prov</td>
+ * <td class="colOne">GET</td>
+ * <td class="colLast">used to GET a full JSON copy of the provisioning data.</td>
  * </tr>
  * <tr class="rowColor">
- *   <td class="colFirst">/internal/fetchProv</td>
- *   <td class="colOne">GET</td>
- *   <td class="colLast">used to signal to a standby POD that the provisioning data should be fetched from the active POD.</td>
+ * <td class="colFirst">/internal/fetchProv</td>
+ * <td class="colOne">GET</td>
+ * <td class="colLast">used to signal to a standby POD that the provisioning data should be fetched from the active
+ * POD.</td>
  * </tr>
  * <tr class="altColor">
- *   <td class="colFirst" rowspan="2">/internal/logs</td>
- *   <td class="colOne">GET</td>
- *   <td class="colLast">used to GET an index of log files and individual logs for this provisioning server.</td>
+ * <td class="colFirst" rowspan="2">/internal/logs</td>
+ * <td class="colOne">GET</td>
+ * <td class="colLast">used to GET an index of log files and individual logs for this provisioning server.</td>
  * </tr>
  * <tr class="altColor">
- *   <td class="colOne">POST</td>
- *   <td class="colLast">used to POST log files from the individual nodes to this provisioning server.</td>
+ * <td class="colOne">POST</td>
+ * <td class="colLast">used to POST log files from the individual nodes to this provisioning server.</td>
  * </tr>
  * <tr class="rowColor">
- *   <td class="colFirst" rowspan="4">/internal/api</td>
- *   <td class="colOne">GET</td>
- *   <td class="colLast">used to GET an individual parameter value. The parameter name is specified by the path after /api/.</td>
+ * <td class="colFirst" rowspan="4">/internal/api</td>
+ * <td class="colOne">GET</td>
+ * <td class="colLast">used to GET an individual parameter value. The parameter name is specified by the path after
+ * /api/.</td>
  * </tr>
  * <tr class="rowColor">
- *   <td class="colOne">PUT</td>
- *   <td class="colLast">used to set an individual parameter value. The parameter name is specified by the path after /api/.</td>
+ * <td class="colOne">PUT</td>
+ * <td class="colLast">used to set an individual parameter value. The parameter name is specified by the path after
+ * /api/.</td>
  * </tr>
  * <tr class="rowColor">
- *   <td class="colOne">DELETE</td>
- *   <td class="colLast">used to remove an individual parameter value. The parameter name is specified by the path after /api/.</td>
+ * <td class="colOne">DELETE</td>
+ * <td class="colLast">used to remove an individual parameter value. The parameter name is specified by the path after
+ * /api/.</td>
  * </tr>
  * <tr class="rowColor">
- *   <td class="colOne">POST</td>
- *   <td class="colLast">used to create a new individual parameter value. The parameter name is specified by the path after /api/.</td>
+ * <td class="colOne">POST</td>
+ * <td class="colLast">used to create a new individual parameter value. The parameter name is specified by the path
+ * after /api/.</td>
  * </tr>
  * <tr class="altColor">
- *   <td class="colFirst">/internal/halt</td>
- *   <td class="colOne">GET</td>
- *   <td class="colLast">used to halt the server (must be accessed from 127.0.0.1).</td>
+ * <td class="colFirst">/internal/halt</td>
+ * <td class="colOne">GET</td>
+ * <td class="colLast">used to halt the server (must be accessed from 127.0.0.1).</td>
  * </tr>
  * <tr class="rowColor">
- *   <td class="colFirst" rowspan="2">/internal/drlogs</td>
- *   <td class="colOne">GET</td>
- *   <td class="colLast">used to get a list of DR log entries available for retrieval.
- *   Note: these are the actual data router log entries sent to the provisioning server
- *   by the nodes, not the provisioning server's internal logs (access via /internal/logs above).
- *   The range is returned as a list of record sequence numbers.</td>
+ * <td class="colFirst" rowspan="2">/internal/drlogs</td>
+ * <td class="colOne">GET</td>
+ * <td class="colLast">used to get a list of DR log entries available for retrieval.
+ * Note: these are the actual data router log entries sent to the provisioning server by the nodes, not the provisioning
+ * server's internal logs (access via /internal/logs above). The range is returned as a list of record sequence
+ * numbers.</td>
  * </tr>
  * <tr class="rowColor">
- *   <td class="colOne">POST</td>
- *   <td class="colLast">used to retrieve specific log entries.
- *   The sequence numbers of the records to fetch are POST-ed; the records matching the sequence numbers are returned.</td>
+ * <td class="colOne">POST</td>
+ * <td class="colLast">used to retrieve specific log entries.
+ * The sequence numbers of the records to fetch are POST-ed; the records matching the sequence numbers are
+ * returned.</td>
  * </tr>
  * <tr class="altColor">
- *   <td class="colFirst">/internal/route/*</td>
- *   <td class="colOne">*</td>
- *   <td class="colLast">URLs under this path are handled via the {@link org.onap.dmaap.datarouter.provisioning.RouteServlet}</td>
+ * <td class="colFirst">/internal/route/*</td>
+ * <td class="colOne">*</td>
+ * <td class="colLast">URLs under this path are handled via the {@link org.onap.dmaap.datarouter.provisioning.RouteServlet}</td>
  * </tr>
  * </table>
  * </div>
  * <p>
- * Authorization to use these URLs is a little different than for other URLs on the provisioning server.
- * For the most part, the IP address that the request comes from should be either:
+ * Authorization to use these URLs is a little different than for other URLs on the provisioning server. For the most
+ * part, the IP address that the request comes from should be either:
  * </p>
  * <ol>
  * <li>an IP address of a provisioning server, or</li>
@@ -139,8 +146,8 @@ import com.att.eelf.configuration.EELFManager;
  * In addition, requests to /internal/halt can ONLY come from localhost (127.0.0.1) on the HTTP port.
  * </p>
  * <p>
- * All DELETE/GET/PUT/POST requests made to /internal/api on this servlet on the standby server are
- * proxied to the active server (using the {@link ProxyServlet}) if it is up and reachable.
+ * All DELETE/GET/PUT/POST requests made to /internal/api on this servlet on the standby server are proxied to the
+ * active server (using the {@link ProxyServlet}) if it is up and reachable.
  * </p>
  *
  * @author Robert Eby
@@ -148,31 +155,37 @@ import com.att.eelf.configuration.EELFManager;
  */
 @SuppressWarnings("serial")
 public class InternalServlet extends ProxyServlet {
-    private static Integer logseq = new Integer(0); // another piece of info to make log spool file names unique
+
+    private static Integer logseq = 0; // another piece of info to make log spool file names unique
     //Adding EELF Logger Rally:US664892
-    private static EELFLogger eelflogger = EELFManager.getInstance().getLogger("org.onap.dmaap.datarouter.provisioning.InternalServlet");
+    private static EELFLogger eelflogger = EELFManager.getInstance()
+        .getLogger("org.onap.dmaap.datarouter.provisioning.InternalServlet");
 
     /**
-     * Delete a parameter at the address /internal/api/&lt;parameter&gt;.
-     * See the <b>Internal API</b> document for details on how this method should be invoked.
+     * Delete a parameter at the address /internal/api/&lt;parameter&gt;. See the <b>Internal API</b> document for
+     * details on how this method should be invoked.
      */
     @Override
-    public void doDelete(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+    public void doDelete(HttpServletRequest req, HttpServletResponse resp) {
         setIpAndFqdnForEelf("doDelete");
-        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+"");
+        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
         EventLogRecord elr = new EventLogRecord(req);
         if (!isAuthorizedForInternal(req)) {
             elr.setMessage("Unauthorized.");
             elr.setResult(HttpServletResponse.SC_FORBIDDEN);
             eventlogger.info(elr);
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized.");
+            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, "Unauthorized.", eventlogger);
             return;
         }
 
         String path = req.getPathInfo();
         if (path.startsWith("/api/")) {
             if (isProxyOK(req) && isProxyServer()) {
-                super.doDelete(req, resp);
+                try {
+                    super.doDelete(req, resp);
+                } catch (IOException ioe) {
+                    intlogger.error("IOException" + ioe.getMessage());
+                }
                 return;
             }
             String key = path.substring(5);
@@ -189,32 +202,34 @@ public class InternalServlet extends ProxyServlet {
                         // Something went wrong with the DELETE
                         elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                         eventlogger.info(elr);
-                        resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG);
+                        sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);
                     }
                     return;
                 }
             }
         }
-        resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Bad URL.");
+        sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Bad URL.", eventlogger);
     }
+
     /**
-     * Get some information (such as a parameter) underneath the /internal/ namespace.
-     * See the <b>Internal API</b> document for details on how this method should be invoked.
+     * Get some information (such as a parameter) underneath the /internal/ namespace. See the <b>Internal API</b>
+     * document for details on how this method should be invoked.
      */
     @Override
-    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+    public void doGet(HttpServletRequest req, HttpServletResponse resp) {
         setIpAndFqdnForEelf("doGet");
-        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+"");
+        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
         String path = req.getPathInfo();
+        Properties props = (new DB()).getProperties();
         if (path.equals("/halt") && !req.isSecure()) {
             // request to halt the server - can ONLY come from localhost
             String remote = req.getRemoteAddr();
-            if (remote.equals("127.0.0.1")) {
+            if (remote.equals(props.getProperty("org.onap.dmaap.datarouter.provserver.localhost"))) {
                 intlogger.info("PROV0009 Request to HALT received.");
                 resp.setStatus(HttpServletResponse.SC_OK);
                 Main.shutdown();
             } else {
-                intlogger.info("PROV0010 Disallowed request to HALT received from "+remote);
+                intlogger.info("PROV0010 Disallowed request to HALT received from " + remote);
                 resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
             }
             return;
@@ -225,7 +240,7 @@ public class InternalServlet extends ProxyServlet {
             elr.setMessage("Unauthorized.");
             elr.setResult(HttpServletResponse.SC_FORBIDDEN);
             eventlogger.info(elr);
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized.");
+            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, "Unauthorized.", eventlogger);
             return;
         }
         if (path.equals("/fetchProv") && !req.isSecure()) {
@@ -237,26 +252,38 @@ public class InternalServlet extends ProxyServlet {
         }
         if (path.equals("/prov")) {
             if (isProxyOK(req) && isProxyServer()) {
-                if (super.doGetWithFallback(req, resp))
-                    return;
+                try {
+                    if (super.doGetWithFallback(req, resp)) {
+                        return;
+                    }
+                } catch (IOException ioe) {
+                    intlogger.error("IOException" + ioe.getMessage());
+                }
                 // fall back to returning the local data if the remote is unreachable
                 intlogger.info("Active server unavailable; falling back to local copy.");
             }
             Poker p = Poker.getPoker();
             resp.setStatus(HttpServletResponse.SC_OK);
             resp.setContentType(PROVFULL_CONTENT_TYPE2);
-            resp.getOutputStream().print(p.getProvisioningString());
+            try {
+                resp.getOutputStream().print(p.getProvisioningString());
+            } catch (IOException ioe) {
+                intlogger.error("IOException" + ioe.getMessage());
+            }
             return;
         }
         if (path.equals("/logs") || path.equals("/logs/")) {
             resp.setStatus(HttpServletResponse.SC_OK);
             resp.setContentType("application/json");
-            resp.getOutputStream().print(generateLogfileList().toString());
+            try {
+                resp.getOutputStream().print(generateLogfileList().toString());
+            } catch (IOException ioe) {
+                intlogger.error("IOException" + ioe.getMessage());
+            }
             return;
         }
         if (path.startsWith("/logs/")) {
-            Properties p = (new DB()).getProperties();
-            String logdir = p.getProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir");
+            String logdir = props.getProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir");
             String logfile = path.substring(6);
             if (logdir != null && logfile != null && logfile.indexOf('/') < 0) {
                 File log = new File(logdir + "/" + logfile);
@@ -264,16 +291,24 @@ public class InternalServlet extends ProxyServlet {
                     resp.setStatus(HttpServletResponse.SC_OK);
                     resp.setContentType("text/plain");
                     Path logpath = Paths.get(log.getAbsolutePath());
-                    Files.copy(logpath, resp.getOutputStream());
+                    try {
+                        Files.copy(logpath, resp.getOutputStream());
+                    } catch (IOException ioe) {
+                        intlogger.error("IOException" + ioe.getMessage());
+                    }
                     return;
                 }
             }
-            resp.sendError(HttpServletResponse.SC_NO_CONTENT, "No file.");
+            sendResponseError(resp, HttpServletResponse.SC_NO_CONTENT, "No file.", eventlogger);
             return;
         }
         if (path.startsWith("/api/")) {
             if (isProxyOK(req) && isProxyServer()) {
-                super.doGet(req, resp);
+                try {
+                    super.doGet(req, resp);
+                } catch (IOException ioe) {
+                    intlogger.error("IOException" + ioe.getMessage());
+                }
                 return;
             }
             String key = path.substring(5);
@@ -282,7 +317,11 @@ public class InternalServlet extends ProxyServlet {
                 if (param != null) {
                     resp.setStatus(HttpServletResponse.SC_OK);
                     resp.setContentType("text/plain");
-                    resp.getOutputStream().print(param.getValue() + "\n");
+                    try {
+                        resp.getOutputStream().print(param.getValue() + "\n");
+                    } catch (IOException ioe) {
+                        intlogger.error("IOException" + ioe.getMessage());
+                    }
                     return;
                 }
             }
@@ -292,31 +331,40 @@ public class InternalServlet extends ProxyServlet {
             LogfileLoader lfl = LogfileLoader.getLoader();
             resp.setStatus(HttpServletResponse.SC_OK);
             resp.setContentType("text/plain");
-            resp.getOutputStream().print(lfl.getBitSet().toString());
+            try {
+                resp.getOutputStream().print(lfl.getBitSet().toString());
+            } catch (IOException ioe) {
+                intlogger.error("IOException" + ioe.getMessage());
+            }
             return;
         }
-        resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Bad URL.");
+        sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Bad URL.", eventlogger);
     }
+
     /**
-     * Modify a parameter at the address /internal/api/&lt;parameter&gt;.
-     * See the <b>Internal API</b> document for details on how this method should be invoked.
+     * Modify a parameter at the address /internal/api/&lt;parameter&gt;. See the <b>Internal API</b> document for
+     * details on how this method should be invoked.
      */
     @Override
-    public void doPut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+    public void doPut(HttpServletRequest req, HttpServletResponse resp) {
         setIpAndFqdnForEelf("doPut");
-        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+"");
+        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
         EventLogRecord elr = new EventLogRecord(req);
         if (!isAuthorizedForInternal(req)) {
             elr.setMessage("Unauthorized.");
             elr.setResult(HttpServletResponse.SC_FORBIDDEN);
             eventlogger.info(elr);
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized.");
+            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, "Unauthorized.", eventlogger);
             return;
         }
         String path = req.getPathInfo();
         if (path.startsWith("/api/")) {
             if (isProxyOK(req) && isProxyServer()) {
-                super.doPut(req, resp);
+                try {
+                    super.doPut(req, resp);
+                } catch (IOException ioe) {
+                    intlogger.error("IOException" + ioe.getMessage());
+                }
                 return;
             }
             String key = path.substring(5);
@@ -335,21 +383,22 @@ public class InternalServlet extends ProxyServlet {
                         // Something went wrong with the UPDATE
                         elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                         eventlogger.info(elr);
-                        resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG);
+                        sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);
                     }
                     return;
                 }
             }
         }
-        resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Bad URL.");
+        sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Bad URL.", eventlogger);
     }
+
     /**
-     * Create some new information (such as a parameter or log entries) underneath the /internal/ namespace.
-     * See the <b>Internal API</b> document for details on how this method should be invoked.
+     * Create some new information (such as a parameter or log entries) underneath the /internal/ namespace. See the
+     * <b>Internal API</b> document for details on how this method should be invoked.
      */
     @SuppressWarnings("resource")
     @Override
-    public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+    public void doPost(HttpServletRequest req, HttpServletResponse resp) {
         setIpAndFqdnForEelf("doPost");
         eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER));
         EventLogRecord elr = new EventLogRecord(req);
@@ -357,14 +406,18 @@ public class InternalServlet extends ProxyServlet {
             elr.setMessage("Unauthorized.");
             elr.setResult(HttpServletResponse.SC_FORBIDDEN);
             eventlogger.info(elr);
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized.");
+            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, "Unauthorized.", eventlogger);
             return;
         }
 
         String path = req.getPathInfo();
         if (path.startsWith("/api/")) {
             if (isProxyOK(req) && isProxyServer()) {
-                super.doPost(req, resp);
+                try {
+                    super.doPost(req, resp);
+                } catch (IOException ioe) {
+                    intlogger.error("IOException" + ioe.getMessage());
+                }
                 return;
             }
             String key = path.substring(5);
@@ -383,7 +436,7 @@ public class InternalServlet extends ProxyServlet {
                         // Something went wrong with the INSERT
                         elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                         eventlogger.info(elr);
-                        resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG);
+                        sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);
                     }
                     return;
                 }
@@ -394,7 +447,7 @@ public class InternalServlet extends ProxyServlet {
             String ctype = req.getHeader("Content-Type");
             if (ctype == null || !ctype.equals("text/plain")) {
                 elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
-                elr.setMessage("Bad media type: "+ctype);
+                elr.setMessage("Bad media type: " + ctype);
                 resp.setStatus(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
                 eventlogger.info(elr);
                 return;
@@ -421,11 +474,18 @@ public class InternalServlet extends ProxyServlet {
             FileSystem fs = (Paths.get(spooldir)).getFileSystem();
             long total = 0;
             long avail = 0;
-            for (FileStore store: fs.getFileStores()) {
-                total += store.getTotalSpace();
-                avail += store.getUsableSpace();
+            for (FileStore store : fs.getFileStores()) {
+                try {
+                    total += store.getTotalSpace();
+                    avail += store.getUsableSpace();
+                } catch (IOException ioe) {
+                    intlogger.error("IOException" + ioe.getMessage());
+                }
+            }
+            try {
+                fs.close();
+            } catch (Exception e) {
             }
-            try { fs.close(); } catch (Exception e) { }
             if (((avail * 100) / total) < 5) {
                 elr.setResult(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
                 resp.setStatus(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
@@ -433,13 +493,17 @@ public class InternalServlet extends ProxyServlet {
                 return;
             }
             Path tmppath = Paths.get(spooldir, spoolname);
-            Path donepath = Paths.get(spooldir, "IN."+spoolname);
-            Files.copy(req.getInputStream(), Paths.get(spooldir, spoolname), StandardCopyOption.REPLACE_EXISTING);
-            Files.move(tmppath, donepath, StandardCopyOption.REPLACE_EXISTING);
-            elr.setResult(HttpServletResponse.SC_CREATED);
-            resp.setStatus(HttpServletResponse.SC_CREATED);
-            eventlogger.info(elr);
-            LogfileLoader.getLoader();    // This starts the logfile loader "task"
+            Path donepath = Paths.get(spooldir, "IN." + spoolname);
+            try {
+                Files.copy(req.getInputStream(), Paths.get(spooldir, spoolname), StandardCopyOption.REPLACE_EXISTING);
+                Files.move(tmppath, donepath, StandardCopyOption.REPLACE_EXISTING);
+                elr.setResult(HttpServletResponse.SC_CREATED);
+                resp.setStatus(HttpServletResponse.SC_CREATED);
+                eventlogger.info(elr);
+                LogfileLoader.getLoader();    // This starts the logfile loader "task"
+            } catch (IOException ioe) {
+                intlogger.error("IOException" + ioe.getMessage());
+            }
             return;
         }
 
@@ -448,27 +512,32 @@ public class InternalServlet extends ProxyServlet {
             String ctype = req.getHeader("Content-Type");
             if (ctype == null || !ctype.equals("text/plain")) {
                 elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
-                elr.setMessage("Bad media type: "+ctype);
+                elr.setMessage("Bad media type: " + ctype);
                 resp.setStatus(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
                 eventlogger.info(elr);
                 return;
             }
-            InputStream is = req.getInputStream();
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-            int ch = 0;
-            while ((ch = is.read()) >= 0)
-                bos.write(ch);
-            RLEBitSet bs = new RLEBitSet(bos.toString());    // The set of records to retrieve
-            elr.setResult(HttpServletResponse.SC_OK);
-            resp.setStatus(HttpServletResponse.SC_OK);
-            resp.setContentType("text/plain");
-            LogRecord.printLogRecords(resp.getOutputStream(), bs);
-            eventlogger.info(elr);
+            try {
+                InputStream is = req.getInputStream();
+                ByteArrayOutputStream bos = new ByteArrayOutputStream();
+                int ch;
+                while ((ch = is.read()) >= 0) {
+                    bos.write(ch);
+                }
+                RLEBitSet bs = new RLEBitSet(bos.toString());    // The set of records to retrieve
+                elr.setResult(HttpServletResponse.SC_OK);
+                resp.setStatus(HttpServletResponse.SC_OK);
+                resp.setContentType("text/plain");
+                LogRecord.printLogRecords(resp.getOutputStream(), bs);
+                eventlogger.info(elr);
+            } catch (IOException ioe) {
+                intlogger.error("IOException" + ioe.getMessage());
+            }
             return;
         }
 
         elr.setResult(HttpServletResponse.SC_NOT_FOUND);
-        resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Bad URL.");
+        sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Bad URL.", eventlogger);
         eventlogger.info(elr);
     }
 
@@ -484,6 +553,7 @@ public class InternalServlet extends ProxyServlet {
         }
         return sb.toString();
     }
+
     private JSONArray generateLogfileList() {
         JSONArray ja = new JSONArray();
         Properties p = (new DB()).getProperties();
@@ -495,8 +565,9 @@ public class InternalServlet extends ProxyServlet {
                 String[] list = f.list();
                 if (list != null) {
                     for (String s2 : list) {
-                        if (!s2.startsWith("."))
+                        if (!s2.startsWith(".")) {
                             ja.put(s2);
+                        }
                     }
                 }
             }
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API