X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;ds=sidebyside;f=ONAP-PAP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpap%2Fxacml%2Frest%2FXACMLPapServlet.java;h=bedc212a20eacbbd31b4a2d796d8df39b22e04a4;hb=e5c628fee6a6e6bb57a34d5b73e092d89ee26a5c;hp=85d79f74aee1a4412622da4cb825e7e14f42b559;hpb=b6bae924c4a794cd772ac1524089fc8739e310b1;p=policy%2Fengine.git diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java index 85d79f74a..bedc212a2 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP-PAP-REST * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -40,7 +40,6 @@ import java.nio.file.Paths; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; -import java.util.Iterator; import java.util.List; import java.util.Properties; import java.util.Scanner; @@ -65,6 +64,7 @@ import org.onap.policy.common.ia.IntegrityAudit; import org.onap.policy.common.im.AdministrativeStateException; import org.onap.policy.common.im.ForwardProgressException; import org.onap.policy.common.im.IntegrityMonitor; +import org.onap.policy.common.im.IntegrityMonitorException; import org.onap.policy.common.im.IntegrityMonitorProperties; import org.onap.policy.common.im.StandbyStatusException; import org.onap.policy.common.logging.ONAPLoggingContext; @@ -82,13 +82,13 @@ import org.onap.policy.pap.xacml.restAuth.CheckPDP; import org.onap.policy.rest.XACMLRest; import org.onap.policy.rest.XACMLRestProperties; import org.onap.policy.rest.dao.PolicyDBException; +import org.onap.policy.utils.CryptoUtils; import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory; import org.onap.policy.xacml.api.pap.OnapPDP; import org.onap.policy.xacml.api.pap.OnapPDPGroup; import org.onap.policy.xacml.api.pap.PAPPolicyEngine; -import org.onap.policy.xacml.std.pap.StdPAPPolicy; import org.onap.policy.xacml.std.pap.StdPDP; import org.onap.policy.xacml.std.pap.StdPDPGroup; import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener; @@ -123,6 +123,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU"; // Client Headers. private static final String ENVIRONMENT_HEADER = "Environment"; + private static final String ADD_GROUP_ERROR = "addGroupError"; + private static final String PERSISTENCE_JDBC_PWD = "javax.persistence.jdbc.password"; + + private static final String REGEX = "[0-9a-zA-Z._ ]*"; + /* * List of Admin Console URLs. * Used to send notifications when configuration changes. @@ -237,7 +242,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList + "\n papDbDriver = " + papDbDriver + "\n papDbUrl = " + papDbUrl + "\n papDbUser = " + papDbUser - + "\n papDbPassword = " + papDbPassword + "\n papTransWait = " + papTransWait + "\n papTransTimeout = " + papTransTimeout + "\n papAuditTimeout = " + papAuditTimeout @@ -269,6 +273,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList throw new ServletException(e.getMessage(), e.getCause()); } // Create an IntegrityMonitor + if(properties.getProperty(PERSISTENCE_JDBC_PWD) != null ){ + properties.setProperty(PERSISTENCE_JDBC_PWD, CryptoUtils.decryptTxtNoExStr(properties.getProperty(PERSISTENCE_JDBC_PWD, ""))); + } im = IntegrityMonitor.getInstance(papResourceName,properties); // Create an IntegrityAudit ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties); @@ -436,7 +443,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList throw new PAPException("papDbUser is null"); } setPapDbUser(papDbUser); - papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD); + papDbPassword = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD, "")); if(papDbPassword == null){ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry"); throw new PAPException("papDbPassword is null"); @@ -532,7 +539,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } catch (AdministrativeStateException ae){ String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative" + " state of " + im.getStateManager().getAdminState() - + "\n Exception Message: " + ae.getMessage(); + + "\n Exception Message: " + PolicyUtils.CATCH_EXCEPTION; LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae); loggingContext.metricEnded(); PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction"); @@ -551,6 +558,16 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; + } catch (IntegrityMonitorException e) { + String message = "POST interface called for PAP " + papResourceName + " but an exception occurred" + + "\n Exception Message: " + e.getMessage(); + LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, e); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; } try { loggingContext.metricStarted(); @@ -752,7 +769,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList private void setResponseError(HttpServletResponse response,int responseCode, String message) { try { - response.sendError(responseCode, message); + if(message != null && !message.isEmpty()){ + response.sendError(responseCode, message); + } } catch (IOException e) { LOGGER.error("Error setting Error response Header ", e); } @@ -817,6 +836,15 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; + } catch (IntegrityMonitorException e) { + String message = "GET interface called for PAP " + papResourceName + " but an exception occurred" + + "\n Exception Message: " + e.getMessage(); + LOGGER.info(message, e); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; } // Request from the API to get the gitPath String apiflag = request.getParameter("apiflag"); @@ -989,7 +1017,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.startTransaction(); loggingContext.metricEnded(); PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction"); - } catch (AdministrativeStateException | StandbyStatusException e) { + } catch (IntegrityMonitorException e) { String message = "PUT interface called for PAP " + papResourceName; if (e instanceof AdministrativeStateException) { message += " but it has an Administrative state of " @@ -997,6 +1025,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else if (e instanceof StandbyStatusException) { message += " but it has a Standby Status of " + im.getStateManager().getStandbyStatus(); + } else { + message += " but an exception occurred"; } message += "\n Exception Message: " + e.getMessage(); @@ -1018,6 +1048,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList //This would occur if a PolicyDBDao notification was received String policyDBDaoRequestUrl = request.getParameter("policydbdaourl"); if(policyDBDaoRequestUrl != null){ + LOGGER.info("XACMLPapServlet: PolicyDBDao Notification received." ); String policyDBDaoRequestEntityId = request.getParameter("entityid"); String policyDBDaoRequestEntityType = request.getParameter("entitytype"); String policyDBDaoRequestExtraData = request.getParameter("extradata"); @@ -1028,7 +1059,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - loggingContext.metricStarted(); + loggingContext.metricStarted(); + LOGGER.info("XACMLPapServlet: Calling PolicyDBDao to handlIncomingHttpNotification"); policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this); loggingContext.metricEnded(); PolicyLogger.metrics("XACMLPapServlet doPut handle incoming http notification"); @@ -1269,6 +1301,15 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; + } catch (IntegrityMonitorException e) { + String message = "PUT interface called for PAP " + papResourceName + " but an exception occurred" + + "\n Exception Message: " + e.getMessage(); + LOGGER.info(message, e); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; } loggingContext.metricStarted(); XACMLRest.dumpRequest(request); @@ -1421,12 +1462,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList //If the selected policy is in the group we must remove the old version of it LOGGER.info("Removing old version of the policy"); for(PDPPolicy existingPolicy : currentPoliciesInGroup) { - if (existingPolicy.getName().equals(policy.getName())){ - if (!existingPolicy.getId().equals(policy.getId())) { - group.removePolicy(existingPolicy); - LOGGER.info("Removing policy: " + existingPolicy); - break; - } + if (existingPolicy.getName().equals(policy.getName()) && !existingPolicy.getId().equals(policy.getId())){ + group.removePolicy(existingPolicy); + LOGGER.info("Removing policy: " + existingPolicy); + break; } } @@ -1442,11 +1481,16 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList LOGGER.info("Calling updatGroup() with new group"); papEngine.updateGroup(group); - String policyId = "empty"; - if(policy!=null){ + if(policy !=null && policy.getId() != null){ policyId = policy.getId(); } + if(!policyId.matches(REGEX) ){ + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", "Policy Id is not valid"); + return; + } response.setStatus(HttpServletResponse.SC_NO_CONTENT); response.addHeader("operation", "push"); response.addHeader("policyId", policyId); @@ -1485,7 +1529,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP."; setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.addHeader("error","addGroupError"); + response.addHeader("error",ADD_GROUP_ERROR); response.addHeader("message", message); return; } @@ -1559,6 +1603,13 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } if (group == null) { String message = "Unknown groupId '" + groupId + "'"; + //for fixing Header Manipulation of Fortify issue + if(!message.matches(REGEX)){ + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", "GroupId Id is not valid"); + return; + } PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); @@ -1578,8 +1629,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if(apiflag!=null){ loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy"); + LOGGER.info("PushPolicy Request From The API"); } else { loggingContext.setServiceName("AC:PAP.postPolicy"); + LOGGER.info("PushPolicy Request From The AC"); } String policyId = request.getParameter("policyId"); @@ -1598,6 +1651,13 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } catch (Exception e) { addPolicyToGroupTransaction.rollbackTransaction(); String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e; + //for fixing Header Manipulation of Fortify issue + if(!message.matches(REGEX)){ + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", "Policy Id is not valid"); + return; + } PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); @@ -1611,29 +1671,28 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } - // Get new transaction to perform updateGroup() - PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction(); - try { + if(apiflag != null){ /* * If request comes from the API we need to run the PolicyDBDao updateGroup() to notify other paps of the change. * The GUI does this from the POLICY-SDK-APP code. */ - if(apiflag != null){ - - // get the request content into a String - String json = null; - // read the inputStream into a buffer + + // Get new transaction to perform updateGroup() + PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction(); + try { + // get the request content into a String and read the inputStream into a buffer java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); scanner.useDelimiter("\\A"); - json = scanner.hasNext() ? scanner.next() : ""; + String json = scanner.hasNext() ? scanner.next() : ""; scanner.close(); - LOGGER.info("PushPolicy API request: " + json); // convert Object sent as JSON into local object ObjectMapper mapper = new ObjectMapper(); Object objectFromJSON = mapper.readValue(json, StdPDPPolicy.class); StdPDPPolicy policy = (StdPDPPolicy) objectFromJSON; + LOGGER.info("Request JSON Payload: " + json); + // Assume that this is an update of an existing PDP Group loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup"); try{ @@ -1674,24 +1733,22 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList //delete temporary policy file from the bin directory Files.deleteIfExists(Paths.get(policy.getId())); - + + } catch (Exception e) { + acPutTransaction.rollbackTransaction(); + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception occurred when updating the group from API."; + LOGGER.error(message); + setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", message); + return; } - } catch (Exception e) { - acPutTransaction.rollbackTransaction(); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception"); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception occurred when updating the group from API."; - LOGGER.error(message); - setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.addHeader("error","addGroupError"); - response.addHeader("message", message); - return; } - - // policy file copied ok and the Group was updated on the PDP response.setStatus(HttpServletResponse.SC_NO_CONTENT); response.addHeader("operation", "push"); @@ -1914,6 +1971,13 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } if (group == null) { String message = "Unknown groupId '" + groupId + "'"; + //for fixing Header Manipulation of Fortify issue + if(!message.matches(REGEX)){ + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", "Group Id is not valid"); + return; + } PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); @@ -2035,7 +2099,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, pdpid="+pdpId+" object="+objectFromJSON); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input pdpid for object:"+objectFromJSON); } StdPDP pdp = (StdPDP) objectFromJSON; if(pdp != null){ @@ -2137,7 +2201,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, id="+group.getId() +" object="+objectFromJSON); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input id for object:"+objectFromJSON); } // The Path on the PAP side is not carried on the RESTful interface with the AC // (because it is local to the PAP) @@ -2146,7 +2210,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory()); } try{ - acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut"); + if("delete".equals(((StdPDPGroup)objectFromJSON).getOperation())){ + acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doDelete"); + } else { + acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut"); + } } catch(Exception e){ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: " +"group="+group.getId()); @@ -2624,10 +2692,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList public UpdatePDPThread(OnapPDP pdp, ONAPLoggingContext loggingContext) { this.pdp = pdp; - if (!(loggingContext == null)) { - if (!(loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")) { + if ((loggingContext != null) && (loggingContext.getRequestID() != null || loggingContext.getRequestID() == "")) { this.requestId = loggingContext.getRequestID(); - } } this.loggingContext = loggingContext; } @@ -2637,7 +2703,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList HttpURLConnection connection = null; // get a new logging context for the thread try { - if (this.loggingContext.equals(null)) { + if (this.loggingContext == null) { loggingContext = new ONAPLoggingContext(baseLoggingContext); } } catch (Exception e) {