X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ONAP-PAP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpap%2Fxacml%2Frest%2FXACMLPapServlet.java;h=1acec1bd91b4764c2a6ca2f366e3f613113341d9;hb=b6d9063e06ab8cdf2d97fc75810792659344e4a8;hp=b3ac236cf1943a360ded09a5e6f0b923fd9ea496;hpb=1bfd18f999cda39a7b27bef8972864aafe59aecb;p=policy%2Fengine.git diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java index b3ac236cf..1acec1bd9 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP-PAP-REST * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -40,9 +40,9 @@ import java.nio.file.Paths; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; -import java.util.Iterator; import java.util.List; import java.util.Properties; +import java.util.Scanner; import java.util.Set; import java.util.UUID; import java.util.concurrent.CopyOnWriteArrayList; @@ -53,7 +53,6 @@ import javax.persistence.PersistenceException; import javax.servlet.Servlet; import javax.servlet.ServletConfig; import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; import javax.servlet.annotation.WebInitParam; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; @@ -65,6 +64,7 @@ import org.onap.policy.common.ia.IntegrityAudit; import org.onap.policy.common.im.AdministrativeStateException; import org.onap.policy.common.im.ForwardProgressException; import org.onap.policy.common.im.IntegrityMonitor; +import org.onap.policy.common.im.IntegrityMonitorException; import org.onap.policy.common.im.IntegrityMonitorProperties; import org.onap.policy.common.im.StandbyStatusException; import org.onap.policy.common.logging.ONAPLoggingContext; @@ -82,13 +82,13 @@ import org.onap.policy.pap.xacml.restAuth.CheckPDP; import org.onap.policy.rest.XACMLRest; import org.onap.policy.rest.XACMLRestProperties; import org.onap.policy.rest.dao.PolicyDBException; +import org.onap.policy.utils.CryptoUtils; import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory; import org.onap.policy.xacml.api.pap.OnapPDP; import org.onap.policy.xacml.api.pap.OnapPDPGroup; import org.onap.policy.xacml.api.pap.PAPPolicyEngine; -import org.onap.policy.xacml.std.pap.StdPAPPolicy; import org.onap.policy.xacml.std.pap.StdPDP; import org.onap.policy.xacml.std.pap.StdPDPGroup; import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener; @@ -123,6 +123,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU"; // Client Headers. private static final String ENVIRONMENT_HEADER = "Environment"; + private static final String ADD_GROUP_ERROR = "addGroupError"; + private static final String PERSISTENCE_JDBC_PWD = "javax.persistence.jdbc.password"; + + private static final String REGEX = "[0-9a-zA-Z._ ]*"; + /* * List of Admin Console URLs. * Used to send notifications when configuration changes. @@ -237,7 +242,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList + "\n papDbDriver = " + papDbDriver + "\n papDbUrl = " + papDbUrl + "\n papDbUser = " + papDbUser - + "\n papDbPassword = " + papDbPassword + "\n papTransWait = " + papTransWait + "\n papTransTimeout = " + papTransTimeout + "\n papAuditTimeout = " + papAuditTimeout @@ -269,6 +273,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList throw new ServletException(e.getMessage(), e.getCause()); } // Create an IntegrityMonitor + if(properties.getProperty(PERSISTENCE_JDBC_PWD) != null ){ + properties.setProperty(PERSISTENCE_JDBC_PWD, CryptoUtils.decryptTxtNoExStr(properties.getProperty(PERSISTENCE_JDBC_PWD, ""))); + } im = IntegrityMonitor.getInstance(papResourceName,properties); // Create an IntegrityAudit ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties); @@ -305,9 +312,23 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine); if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){ + /* + * Auditing the local File System groups to be in sync with the Database + */ + //get an AuditTransaction to lock out all other transactions PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction(); - policyDBDao.auditLocalDatabase(XACMLPapServlet.papEngine); + + LOGGER.info("PapServlet: calling auditLocalFileSystem for PDP group audit"); + LOGGER.info("PapServlet: old group is " + papEngine.getDefaultGroup().toString()); + //get the current filesystem group and update from the database if needed + StdPDPGroup group = (StdPDPGroup) papEngine.getDefaultGroup(); + StdPDPGroup updatedGroup = policyDBDao.auditLocalFileSystem(group); + if(updatedGroup!=null) { + papEngine.updateGroup(updatedGroup); + } + LOGGER.info("PapServlet: updated group is " + papEngine.getDefaultGroup().toString()); + //release the transaction lock auditTrans.close(); } @@ -338,11 +359,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList initiateThread.start(); } - private static void mapperWriteValue(ObjectMapper mapper, ServletOutputStream out, Object value) { + private static void mapperWriteValue(ObjectMapper mapper, HttpServletResponse response, Object value) { try { - mapper.writeValue(out, value); + mapper.writeValue(response.getOutputStream(), value); } catch (Exception e) { - LOGGER.debug(e); + LOGGER.error(e); } } @@ -422,7 +443,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList throw new PAPException("papDbUser is null"); } setPapDbUser(papDbUser); - papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD); + papDbPassword = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD, "")); if(papDbPassword == null){ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry"); throw new PAPException("papDbPassword is null"); @@ -510,14 +531,19 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)"); } PolicyDBDaoTransaction pdpTransaction = null; + loggingContext.metricStarted(); try { im.startTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction"); } catch (AdministrativeStateException ae){ String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative" + " state of " + im.getStateManager().getAdminState() - + "\n Exception Message: " + ae.getMessage(); + + "\n Exception Message: " + PolicyUtils.CATCH_EXCEPTION; LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae); - loggingContext.transactionEnded(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction"); + loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; @@ -526,13 +552,28 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList + " of " + im.getStateManager().getStandbyStatus() + "\n Exception Message: " + se.getMessage(); LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, se); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; + } catch (IntegrityMonitorException e) { + String message = "POST interface called for PAP " + papResourceName + " but an exception occurred" + + "\n Exception Message: " + e.getMessage(); + LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, e); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction"); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; } try { + loggingContext.metricStarted(); XACMLRest.dumpRequest(request); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPost dumpRequest"); // since getParameter reads the content string, explicitly get the content before doing that. // Simply getting the inputStream seems to protect it against being consumed by getParameter. request.getInputStream(); @@ -552,7 +593,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } } + loggingContext.metricStarted(); doACPost(request, response, groupId, loggingContext); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPost doACPost"); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); @@ -605,15 +649,18 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } else { String message = "PDP is Unauthorized to Connect to PAP: "+ id; - PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); loggingContext.transactionEnded(); + PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message); setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration."); PolicyLogger.audit("Transaction Failed - See Error.log"); im.endTransaction(); return; } try{ + loggingContext.metricStarted(); pdpTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPost commitTransaction"); } catch(Exception e){ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database"); } @@ -696,7 +743,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } // tell the AC that something changed + loggingContext.metricStarted(); notifyAC(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPost notifyAC"); loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -719,7 +769,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList private void setResponseError(HttpServletResponse response,int responseCode, String message) { try { - response.sendError(responseCode, message); + if(message != null && !message.isEmpty()){ + response.sendError(responseCode, message); + } } catch (IOException e) { LOGGER.error("Error setting Error response Header ", e); } @@ -740,8 +792,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else { PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)"); } - try { + loggingContext.metricStarted(); XACMLRest.dumpRequest(request); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doGet dumpRequest"); String pathInfo = request.getRequestURI(); LOGGER.info("path info: " + pathInfo); if (pathInfo != null){ @@ -757,7 +811,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } //This im.startTransaction() covers all other Get transactions try { + loggingContext.metricStarted(); im.startTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doGet im startTransaction"); } catch (AdministrativeStateException ae){ String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative" + " state of " + im.getStateManager().getAdminState() @@ -778,13 +835,29 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; + } catch (IntegrityMonitorException e) { + String message = "GET interface called for PAP " + papResourceName + " but an exception occurred" + + "\n Exception Message: " + e.getMessage(); + LOGGER.info(message, e); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; } // Request from the API to get the gitPath String apiflag = request.getParameter("apiflag"); if (apiflag!=null) { if(authorizeRequest(request)){ APIRequestHandler apiRequestHandler = new APIRequestHandler(); - apiRequestHandler.doGet(request,response, apiflag); + try{ + loggingContext.metricStarted(); + apiRequestHandler.doGet(request,response, apiflag); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doGet apiRequestHandler doGet"); + }catch(IOException e){ + LOGGER.error(e); + } loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); @@ -803,7 +876,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList String groupId = request.getParameter("groupId"); if (groupId != null) { // this is from the Admin Console, so handle separately - doACGet(request, response, groupId, loggingContext); + try{ + loggingContext.metricStarted(); + doACGet(request, response, groupId, loggingContext); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doGet doACGet"); + } catch(IOException e){ + LOGGER.error(e); + } loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); @@ -826,9 +906,20 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList request.getRemoteHost().equals(request.getLocalAddr())) { // Return status information - basically all the groups loggingContext.setServiceName("PAP.getGroups"); - Set groups = papEngine.getOnapPDPGroups(); + Set groups = null; + try { + groups = papEngine.getOnapPDPGroups(); + } catch(PAPException e) { + LOGGER.debug(e); + PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); + im.endTransaction(); + return; + } // convert response object to JSON and include in the response - mapperWriteValue(new ObjectMapper(), response.getOutputStream(), groups); + mapperWriteValue(new ObjectMapper(), response, groups); response.setHeader("content-type", "application/json"); response.setStatus(HttpServletResponse.SC_OK); loggingContext.transactionEnded(); @@ -846,7 +937,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } loggingContext.setServiceName("PAP.getPolicy"); // Get the PDP's Group - OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp); + OnapPDPGroup group = null; + try { + group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp); + } catch (PAPException e) { + LOGGER.error(e); + } if (group == null) { String message = "No group associated with pdp " + pdp.getId(); LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message); @@ -877,8 +973,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n " - + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString()); + try{ + LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n " + + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString()); + } catch (PAPException| IOException e){ + LOGGER.error(e); + } try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) { // Send the policy back IOUtils.copy(is, os); @@ -894,15 +994,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message); } - } catch (PAPException | IOException e) { - LOGGER.debug(e); - PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception"); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - im.endTransaction(); - return; - } loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended"); im.endTransaction(); @@ -923,8 +1014,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)"); } try { + loggingContext.metricStarted(); im.startTransaction(); - } catch (AdministrativeStateException | StandbyStatusException e) { + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction"); + } catch (IntegrityMonitorException e) { String message = "PUT interface called for PAP " + papResourceName; if (e instanceof AdministrativeStateException) { message += " but it has an Administrative state of " @@ -932,6 +1026,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else if (e instanceof StandbyStatusException) { message += " but it has a Standby Status of " + im.getStateManager().getStandbyStatus(); + } else { + message += " but an exception occurred"; } message += "\n Exception Message: " + e.getMessage(); @@ -944,14 +1040,17 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } + loggingContext.metricStarted(); XACMLRest.dumpRequest(request); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPut dumpRequest"); //need to check if request is from the API or Admin console String apiflag = request.getParameter("apiflag"); //This would occur if a PolicyDBDao notification was received String policyDBDaoRequestUrl = request.getParameter("policydbdaourl"); if(policyDBDaoRequestUrl != null){ + LOGGER.info("XACMLPapServlet: PolicyDBDao Notification received." ); String policyDBDaoRequestEntityId = request.getParameter("entityid"); - //String policyDBDaoRequestEntityType = request.getParameter("entitytype"); String policyDBDaoRequestEntityType = request.getParameter("entitytype"); String policyDBDaoRequestExtraData = request.getParameter("extradata"); if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){ @@ -961,7 +1060,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.endTransaction(); return; } - policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this); + loggingContext.metricStarted(); + LOGGER.info("XACMLPapServlet: Calling PolicyDBDao to handlIncomingHttpNotification"); + policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPut handle incoming http notification"); response.setStatus(200); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); @@ -975,7 +1078,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if (importService != null) { if(authorizeRequest(request)){ APIRequestHandler apiRequestHandler = new APIRequestHandler(); - apiRequestHandler.doPut(request, response, importService); + try{ + loggingContext.metricStarted(); + apiRequestHandler.doPut(request, response, importService); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doPut apiRequestHandler doPut"); + }catch(IOException e){ + LOGGER.error(e); + } im.endTransaction(); return; } else { @@ -987,52 +1097,6 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } } - //This would occur if we received a notification of a policy rename from AC - String oldPolicyName = request.getParameter("oldPolicyName"); - String newPolicyName = request.getParameter("newPolicyName"); - if(oldPolicyName != null && newPolicyName != null){ - if(LOGGER.isDebugEnabled()){ - LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding" - + "\npolicyToCreateUpdate = " + " "); - } - //decode it - try{ - oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8"); - newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8"); - if(LOGGER.isDebugEnabled()){ - LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding" - + "\npolicyToCreateUpdate = " + " "); - } - } catch(UnsupportedEncodingException e){ - PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)" - + "\npolicyToCreateUpdate = " + " "); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToCreateUpdate encoding not supported" - + "\nfailure with the following exception: " + e); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See error.log"); - im.endTransaction(); - return; - } - //send it to PolicyDBDao - PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction(); - try{ - renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut"); - }catch(Exception e){ - renameTransaction.rollbackTransaction(); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) " - + "\nfailure with the following exception: " + e); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See error.log"); - im.endTransaction(); - return; - } - renameTransaction.commitTransaction(); - response.setStatus(HttpServletResponse.SC_OK); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Ended Successfully"); - im.endTransaction(); - return; - } // // See if this is Admin Console registering itself with us // @@ -1070,7 +1134,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } if(apiflag.equalsIgnoreCase("addPolicyToGroup")){ - updateGroupsFromAPI(request, response, groupId, loggingContext); + try{ + updateGroupsFromAPI(request, response, groupId, loggingContext); + }catch(IOException e){ + LOGGER.error(e); + } loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); @@ -1078,7 +1146,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } // this is from the Admin Console, so handle separately - doACPut(request, response, groupId, loggingContext); + try { + loggingContext.metricEnded(); + doACPut(request, response, groupId, loggingContext); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet goPut doACPut"); + } catch (IOException e) { + LOGGER.error(e); + } loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); @@ -1090,16 +1165,30 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if (apiflag != null && apiflag.equalsIgnoreCase("admin")){ // this request is from the Admin Console SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance(); - savePolicyHandler.doPolicyAPIPut(request, response); + try{ + loggingContext.metricStarted(); + savePolicyHandler.doPolicyAPIPut(request, response); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet goPut savePolicyHandler"); + } catch (IOException e) { + LOGGER.error(e); + } loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); return; - } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) { + } else if (apiflag != null && "api".equalsIgnoreCase(apiflag)) { // this request is from the Policy Creation API if(authorizeRequest(request)){ APIRequestHandler apiRequestHandler = new APIRequestHandler(); - apiRequestHandler.doPut(request, response, request.getHeader("ClientScope")); + try{ + loggingContext.metricStarted(); + apiRequestHandler.doPut(request, response, request.getHeader("ClientScope")); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet goPut apiRequestHandler doPut"); + } catch (IOException e) { + LOGGER.error(e); + } loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); @@ -1140,7 +1229,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)"); } try { + loggingContext.metricStarted(); im.startTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doDelete im startTransaction"); } catch (AdministrativeStateException ae){ String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative" + " state of " + im.getStateManager().getAdminState() @@ -1161,8 +1253,20 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return; + } catch (IntegrityMonitorException e) { + String message = "PUT interface called for PAP " + papResourceName + " but an exception occurred" + + "\n Exception Message: " + e.getMessage(); + LOGGER.info(message, e); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + return; } + loggingContext.metricStarted(); XACMLRest.dumpRequest(request); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doDelete dumpRequest"); String groupId = request.getParameter("groupId"); String apiflag = request.getParameter("apiflag"); if (groupId != null) { @@ -1178,17 +1282,27 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } APIRequestHandler apiRequestHandler = new APIRequestHandler(); try { + loggingContext.metricStarted(); apiRequestHandler.doDelete(request, response, loggingContext, apiflag); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doDelete apiRequestHandler doDelete"); } catch (Exception e) { LOGGER.error("Exception Occured"+e); } if(apiRequestHandler.getNewGroup()!=null){ - groupChanged(apiRequestHandler.getNewGroup()); + groupChanged(apiRequestHandler.getNewGroup(), loggingContext); } return; } // this is from the Admin Console, so handle separately - doACDelete(request, response, groupId, loggingContext); + try{ + loggingContext.metricStarted(); + doACDelete(request, response, groupId, loggingContext); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doDelete doACDelete"); + } catch (IOException e) { + LOGGER.error(e); + } loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Ended Successfully"); im.endTransaction(); @@ -1277,52 +1391,36 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList */ public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException { PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction(); + PolicyLogger.audit("PolicyDBDaoTransaction started for updateGroupsFromAPI"); try { // for PUT operations the group may or may not need to exist before the operation can be done StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId); + // get the request input stream content into a String String json = null; java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); scanner.useDelimiter("\\A"); json = scanner.hasNext() ? scanner.next() : ""; scanner.close(); - PolicyLogger.info("JSON request from PolicyEngine API: " + json); + + PolicyLogger.info("pushPolicy request from API: " + json); + // convert Object sent as JSON into local object StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class); - Set policies = new HashSet<>(); - if(policy!=null){ - policies.add(policy); - } + //Get the current policies from the Group and Add the new one Set currentPoliciesInGroup = new HashSet<>(); currentPoliciesInGroup = group.getPolicies(); - //If the selected policy is in the group we must remove it because the name is default - Iterator policyIterator = policies.iterator(); - LOGGER.debug("policyIterator....." + policies); - while (policyIterator.hasNext()) { - PDPPolicy selPolicy = policyIterator.next(); - for (PDPPolicy existingPolicy : currentPoliciesInGroup) { - if (existingPolicy.getId().equals(selPolicy.getId())) { - group.removePolicyFromGroup(existingPolicy); - LOGGER.debug("Removing policy: " + existingPolicy); - break; - } - } - } - //Update the PDP Group after removing old version of policy - Set updatedPoliciesInGroup = new HashSet<>(); - updatedPoliciesInGroup = group.getPolicies(); - //need to remove the policy with default name from group - for (PDPPolicy updatedPolicy : currentPoliciesInGroup) { - if (updatedPolicy.getName().equalsIgnoreCase("default")) { - group.removePolicyFromGroup(updatedPolicy); + //If the selected policy is in the group we must remove the old version of it + LOGGER.info("Removing old version of the policy"); + for(PDPPolicy existingPolicy : currentPoliciesInGroup) { + if (existingPolicy.getName().equals(policy.getName()) && !existingPolicy.getId().equals(policy.getId())){ + group.removePolicy(existingPolicy); + LOGGER.info("Removing policy: " + existingPolicy); break; } } - if(updatedPoliciesInGroup!=null){ - policies.addAll(updatedPoliciesInGroup); - } - group.setPolicies(policies); + // Assume that this is an update of an existing PDP Group loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup"); try{ @@ -1332,24 +1430,39 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList +"group="+group.getId()); throw new PAPException(e.getMessage()); } + + LOGGER.info("Calling updatGroup() with new group"); papEngine.updateGroup(group); String policyId = "empty"; - if(policy!=null){ + if(policy !=null && policy.getId() != null){ policyId = policy.getId(); } + if(!policyId.matches(REGEX) ){ + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", "Policy Id is not valid"); + return; + } response.setStatus(HttpServletResponse.SC_NO_CONTENT); response.addHeader("operation", "push"); response.addHeader("policyId", policyId); response.addHeader("groupId", groupId); - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Group '" + group.getId() + "' updated"); - } + + LOGGER.info("Group '" + group.getId() + "' updated"); + + loggingContext.metricStarted(); acPutTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction"); + loggingContext.metricStarted(); notifyAC(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC"); + // Group changed, which might include changing the policies - groupChanged(group); + groupChanged(group, loggingContext); loggingContext.transactionEnded(); - auditLogger.info("Success"); + LOGGER.info("Success"); if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) { PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance(); @@ -1368,7 +1481,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP."; setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.addHeader("error","addGroupError"); + response.addHeader("error",ADD_GROUP_ERROR); response.addHeader("message", message); return; } @@ -1393,18 +1506,26 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if (groupName != null && groupDescription != null) { // Args: group= groupName= groupDescription= <= create a new group loggingContext.setServiceName("AC:PAP.createGroup"); - String unescapedName = URLDecoder.decode(groupName, "UTF-8"); - String unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8"); + String unescapedName = null; + String unescapedDescription = null; + try{ + unescapedName = URLDecoder.decode(groupName, "UTF-8"); + unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8"); + } catch (UnsupportedEncodingException e) { + LOGGER.error(e); + } PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction(); try { newGroupTransaction.createGroup(PolicyDBDao.createNewPDPGroupId(unescapedName), unescapedName, unescapedDescription,"XACMLPapServlet.doACPost"); papEngine.newGroup(unescapedName, unescapedDescription); + loggingContext.metricStarted(); newGroupTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction"); } catch (Exception e) { newGroupTransaction.rollbackTransaction(); PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to create new group '" + groupId + "'"); return; @@ -1414,7 +1535,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList LOGGER.debug("New Group '" + groupId + "' created"); } // tell the Admin Consoles there is a change + loggingContext.metricStarted(); notifyAC(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC"); // new group by definition has no PDPs, so no need to notify them of changes loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); @@ -1423,9 +1547,21 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } // for all remaining POST operations the group must exist before the operation can be done - OnapPDPGroup group = papEngine.getGroup(groupId); + OnapPDPGroup group = null; + try{ + group = papEngine.getGroup(groupId); + } catch (PAPException e){ + LOGGER.error(e); + } if (group == null) { String message = "Unknown groupId '" + groupId + "'"; + //for fixing Header Manipulation of Fortify issue + if(!message.matches(REGEX)){ + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", "GroupId Id is not valid"); + return; + } PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); @@ -1439,57 +1575,41 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } return; } - // determine the operation needed based on the parameters in the request + + // If the request contains a policyId then we know we are pushing the policy to PDP if (request.getParameter("policyId") != null) { - // Args: group= policy= <= copy file - // copy a policy from the request contents into a file in the group's directory on this machine + if(apiflag!=null){ loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy"); + LOGGER.info("PushPolicy Request From The API"); } else { loggingContext.setServiceName("AC:PAP.postPolicy"); + LOGGER.info("PushPolicy Request From The AC"); } + String policyId = request.getParameter("policyId"); PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction(); + StdPDPGroup updatedGroup = null; try { - InputStream is = null; - File temp= null; - if (apiflag != null){ - // get the request content into a String if the request is from API - String json = null; - // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) - java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); - scanner.useDelimiter("\\A"); - json = scanner.hasNext() ? scanner.next() : ""; - scanner.close(); - LOGGER.info("JSON request from API: " + json); - // convert Object sent as JSON into local object - ObjectMapper mapper = new ObjectMapper(); - Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class); - StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON; - temp = new File(policy.getLocation()); - is = new FileInputStream(temp); - } else { - is = request.getInputStream(); - } - addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost"); - if (apiflag != null){ - ((StdPDPGroup) group).copyPolicyToFile(policyId,"API", is); - } else { - String name = null; - if (policyId.endsWith(".xml")) { - name = policyId.replace(".xml", ""); - name = name.substring(0, name.lastIndexOf(".")); - } - ((StdPDPGroup) group).copyPolicyToFile(policyId, name, is); - } - if(is!=null && temp!=null){ - is.close(); - temp.delete(); - } + //Copying the policy to the file system and updating groups in database + LOGGER.info("PapServlet: calling PolicyDBDao.addPolicyToGroup()"); + updatedGroup = addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost"); + loggingContext.metricStarted(); addPolicyToGroupTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction"); + LOGGER.info("PapServlet: addPolicyToGroup() succeeded, transaction was committed"); + } catch (Exception e) { addPolicyToGroupTransaction.rollbackTransaction(); String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e; + //for fixing Header Manipulation of Fortify issue + if(!message.matches(REGEX)){ + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", "Policy Id is not valid"); + return; + } PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); @@ -1502,17 +1622,96 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } return; } + + if(apiflag != null){ + /* + * If request comes from the API we need to run the PolicyDBDao updateGroup() to notify other paps of the change. + * The GUI does this from the POLICY-SDK-APP code. + */ + + // Get new transaction to perform updateGroup() + PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction(); + try { + // get the request content into a String and read the inputStream into a buffer + java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); + scanner.useDelimiter("\\A"); + String json = scanner.hasNext() ? scanner.next() : ""; + scanner.close(); + + // convert Object sent as JSON into local object + ObjectMapper mapper = new ObjectMapper(); + Object objectFromJSON = mapper.readValue(json, StdPDPPolicy.class); + StdPDPPolicy policy = (StdPDPPolicy) objectFromJSON; + + LOGGER.info("Request JSON Payload: " + json); + + // Assume that this is an update of an existing PDP Group + loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup"); + try{ + acPutTransaction.updateGroup(updatedGroup, "XACMLPapServlet.doACPut"); + } catch(Exception e){ + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error occurred when notifying PAPs of a group change: " + + e); + throw new PAPException(e.getMessage()); + } + + LOGGER.info("Calling updatGroup() with new group"); + papEngine.updateGroup(updatedGroup); + + LOGGER.info("Group '" + updatedGroup.getId() + "' updated"); + + // Commit transaction to send notification to other PAPs + loggingContext.metricStarted(); + acPutTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction"); + loggingContext.metricStarted(); + + notifyAC(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC"); + + // Group changed to send notification to PDPs, which might include changing the policies + groupChanged(updatedGroup,loggingContext); + loggingContext.transactionEnded(); + LOGGER.info("Success"); + + if (policy != null && ((policy.getName().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) { + PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance(); + if (pushPolicyHandler.preSafetyCheck(policy, configHome)) { + LOGGER.debug("Precheck Successful."); + } + } + + //delete temporary policy file from the bin directory + Files.deleteIfExists(Paths.get(policy.getId())); + + } catch (Exception e) { + acPutTransaction.rollbackTransaction(); + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception occurred when updating the group from API."; + LOGGER.error(message); + setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", message); + return; + } + } + // policy file copied ok and the Group was updated on the PDP response.setStatus(HttpServletResponse.SC_NO_CONTENT); response.addHeader("operation", "push"); response.addHeader("policyId", policyId); response.addHeader("groupId", groupId); - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("policy '" + policyId + "' copied to directory for group '" + groupId + "'"); - } + + LOGGER.info("policy '" + policyId + "' copied to directory for group '" + groupId + "'"); loggingContext.transactionEnded(); auditLogger.info("Success"); - PolicyLogger.audit("Transaction Ended Successfully"); + LOGGER.info("Transaction Ended Successfully"); + return; } else if (request.getParameter("default") != null) { // Args: group= default=true <= make default @@ -1523,13 +1722,15 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction(); try { setDefaultGroupTransaction.changeDefaultGroup(group, "XACMLPapServlet.doACPost"); - papEngine.SetDefaultGroup(group); + papEngine.setDefaultGroup(group); + loggingContext.metricStarted(); setDefaultGroupTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction"); } catch (Exception e) { setDefaultGroupTransaction.rollbackTransaction(); PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group"); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to set group '" + groupId + "' to default"); return; @@ -1541,11 +1742,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // Notify the Admin Consoles that something changed // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that //TODO - Future: FIGURE OUT WHAT LEVEL TO NOTIFY: 2 groups or entire set - currently notify AC to update whole configuration of all groups + loggingContext.metricStarted(); notifyAC(); // This does not affect any PDPs in the existing groups, so no need to notify them of this change + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC"); loggingContext.transactionEnded(); auditLogger.info("Success"); - PolicyLogger.audit("Transaction Ended Successfully"); + LOGGER.info("Transaction Ended Successfully"); return; } else if (request.getParameter("pdpId") != null) { doACPostTransaction = policyDBDao.getNewTransaction(); @@ -1573,10 +1777,16 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList ((StdPDPGroup)group).resetStatus(); // Notify the Admin Consoles that something changed // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that + loggingContext.metricStarted(); notifyAC(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC"); // Need to notify the PDP that it's config may have changed - pdpChanged(pdp); + pdpChanged(pdp, loggingContext); + loggingContext.metricStarted(); doACPostTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction"); loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -1601,7 +1811,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList * @throws ServletException * @throws IOException */ - private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException { + private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException { try { String parameterDefault = request.getParameter("default"); String pdpId = request.getParameter("pdpId"); @@ -1613,13 +1823,17 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList loggingContext.setServiceName("AC:PAP.getDefaultGroup"); OnapPDPGroup group = papEngine.getDefaultGroup(); // convert response object to JSON and include in the response - mapperWriteValue(new ObjectMapper(), response.getOutputStream(), group); + mapperWriteValue(new ObjectMapper(), response, group); if (LOGGER.isDebugEnabled()) { LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'"); } response.setStatus(HttpServletResponse.SC_OK); response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); + try{ + response.getOutputStream().close(); + } catch (IOException e){ + LOGGER.error(e); + } loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -1629,15 +1843,24 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if (pdpGroup == null) { // Request is for the (unspecified) group containing a given PDP loggingContext.setServiceName("AC:PAP.getPDP"); - OnapPDP pdp = papEngine.getPDP(pdpId); + OnapPDP pdp = null; + try{ + pdp = papEngine.getPDP(pdpId); + }catch(PAPException e){ + LOGGER.error(e); + } // convert response object to JSON and include in the response - mapperWriteValue(new ObjectMapper(), response.getOutputStream(), pdp); + mapperWriteValue(new ObjectMapper(), response, pdp); if (LOGGER.isDebugEnabled()) { LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'"); } response.setStatus(HttpServletResponse.SC_OK); response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); + try{ + response.getOutputStream().close(); + } catch (IOException e){ + LOGGER.error(e); + } loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -1645,16 +1868,25 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else { // Request is for the group containing a given PDP loggingContext.setServiceName("AC:PAP.getGroupForPDP"); - OnapPDP pdp = papEngine.getPDP(pdpId); - OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp); + OnapPDPGroup group =null; + try{ + OnapPDP pdp = papEngine.getPDP(pdpId); + group = papEngine.getPDPGroup((OnapPDP) pdp); + }catch(PAPException e){ + LOGGER.error(e); + } // convert response object to JSON and include in the response - mapperWriteValue(new ObjectMapper(), response.getOutputStream(), group); + mapperWriteValue(new ObjectMapper(), response, group); if (LOGGER.isDebugEnabled()) { LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'"); } response.setStatus(HttpServletResponse.SC_OK); response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); + try{ + response.getOutputStream().close(); + } catch (IOException e){ + LOGGER.error(e); + } loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -1663,15 +1895,28 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } else { // request is for top-level properties about all groups loggingContext.setServiceName("AC:PAP.getAllGroups"); - Set groups = papEngine.getOnapPDPGroups(); + Set groups = null; + try { + groups = papEngine.getOnapPDPGroups(); + } catch(PAPException e) { + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); + return; + } // convert response object to JSON and include in the response - mapperWriteValue(new ObjectMapper(), response.getOutputStream(), groups); + mapperWriteValue(new ObjectMapper(), response, groups); if (LOGGER.isDebugEnabled()) { LOGGER.debug("GET All groups req"); } response.setStatus(HttpServletResponse.SC_OK); response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); + try{ + response.getOutputStream().close(); + } catch (IOException e){ + LOGGER.error(e); + } loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -1679,12 +1924,23 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } // for all other GET operations the group must exist before the operation can be done - OnapPDPGroup group = papEngine.getGroup(groupId); + OnapPDPGroup group = null; + try{ + group = papEngine.getGroup(groupId); + } catch(PAPException e){ + LOGGER.error(e); + } if (group == null) { String message = "Unknown groupId '" + groupId + "'"; + //for fixing Header Manipulation of Fortify issue + if(!message.matches(REGEX)){ + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + response.addHeader("error",ADD_GROUP_ERROR); + response.addHeader("message", "Group Id is not valid"); + return; + } PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message); return; @@ -1703,13 +1959,17 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // No other parameters, so return the identified Group loggingContext.setServiceName("AC:PAP.getGroup"); // convert response object to JSON and include in the response - mapperWriteValue(new ObjectMapper(), response.getOutputStream(), group); + mapperWriteValue(new ObjectMapper(), response, group); if (LOGGER.isDebugEnabled()) { LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'"); } response.setStatus(HttpServletResponse.SC_OK); response.setHeader("content-type", "application/json"); - response.getOutputStream().close(); + try{ + response.getOutputStream().close(); + } catch (IOException e){ + LOGGER.error(e); + } loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -1744,7 +2004,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList * @throws ServletException * @throws IOException */ - private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException { + private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException { PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction(); try { // for PUT operations the group may or may not need to exist before the operation can be done @@ -1780,14 +2040,23 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // get the request content into a String String json = null; // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) - java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); - scanner.useDelimiter("\\A"); - json = scanner.hasNext() ? scanner.next() : ""; - scanner.close(); + try{ + Scanner scanner = new Scanner(request.getInputStream()); + scanner.useDelimiter("\\A"); + json = scanner.hasNext() ? scanner.next() : ""; + scanner.close(); + }catch(IOException e){ + LOGGER.error(e); + } LOGGER.info("JSON request from AC: " + json); // convert Object sent as JSON into local object ObjectMapper mapper = new ObjectMapper(); - Object objectFromJSON = mapper.readValue(json, StdPDP.class); + Object objectFromJSON = null; + try { + objectFromJSON = mapper.readValue(json, StdPDP.class); + } catch(Exception e) { + LOGGER.error(e); + } if (pdpId == null || objectFromJSON == null || ! (objectFromJSON instanceof StdPDP) || @@ -1796,11 +2065,17 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, pdpid="+pdpId+" object="+objectFromJSON); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input pdpid for object:"+objectFromJSON); } StdPDP pdp = (StdPDP) objectFromJSON; if(pdp != null){ - if (papEngine.getPDP(pdpId) == null) { + OnapPDP oPDP = null; + try{ + oPDP = papEngine.getPDP(pdpId); + }catch (PAPException e){ + LOGGER.error(e); + } + if (oPDP == null) { // this is a request to create a new PDP object try{ acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(), @@ -1810,7 +2085,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList +"pdp="+ (pdp.getId()) +",to group="+group.getId()); throw new PAPException(e.getMessage()); } - papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort()); + try{ + papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort()); + }catch(PAPException e){ + LOGGER.error(e); + } } else { try{ acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut"); @@ -1820,7 +2099,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList throw new PAPException(e.getMessage()); } // this is a request to update the pdp - papEngine.updatePDP(pdp); + try{ + papEngine.updatePDP(pdp); + }catch(PAPException e){ + LOGGER.error(e); + } } response.setStatus(HttpServletResponse.SC_NO_CONTENT); if (LOGGER.isDebugEnabled()) { @@ -1829,10 +2112,16 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // adjust the group's state including the new PDP ((StdPDPGroup)group).resetStatus(); // tell the Admin Consoles there is a change + loggingContext.metricStarted(); notifyAC(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC"); // this might affect the PDP, so notify it of the change - pdpChanged(pdp); + pdpChanged(pdp, loggingContext); + loggingContext.metricStarted(); acPutTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction"); loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -1861,20 +2150,29 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // get the request content into a String String json = null; // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) - java.util.Scanner scanner = new java.util.Scanner(request.getInputStream()); - scanner.useDelimiter("\\A"); - json = scanner.hasNext() ? scanner.next() : ""; - scanner.close(); + try{ + Scanner scanner = new Scanner(request.getInputStream()); + scanner.useDelimiter("\\A"); + json = scanner.hasNext() ? scanner.next() : ""; + scanner.close(); + }catch(IOException e){ + LOGGER.error(e); + } LOGGER.info("JSON request from AC: " + json); // convert Object sent as JSON into local object ObjectMapper mapper = new ObjectMapper(); - Object objectFromJSON = mapper.readValue(json, StdPDPGroup.class); + Object objectFromJSON = null; + try { + objectFromJSON = mapper.readValue(json, StdPDPGroup.class); + } catch(Exception e) { + LOGGER.error(e); + } if (objectFromJSON == null || ! (objectFromJSON instanceof StdPDPGroup) || ! ((StdPDPGroup)objectFromJSON).getId().equals(group.getId())) { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON); loggingContext.transactionEnded(); PolicyLogger.audit("Transaction Failed - See Error.log"); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, id="+group.getId() +" object="+objectFromJSON); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input id for object:"+objectFromJSON); } // The Path on the PAP side is not carried on the RESTful interface with the AC // (because it is local to the PAP) @@ -1883,7 +2181,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory()); } try{ - acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut"); + if("delete".equals(((StdPDPGroup)objectFromJSON).getOperation())){ + acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doDelete"); + } else { + acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut"); + } } catch(Exception e){ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: " +"group="+group.getId()); @@ -1896,18 +2198,26 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if (pushPolicyHandler.preSafetyCheck(updatedGroup, configHome)) { LOGGER.debug("Precheck Successful."); } - - papEngine.updateGroup((StdPDPGroup)objectFromJSON); - + try{ + papEngine.updateGroup((StdPDPGroup)objectFromJSON); + }catch(PAPException e){ + LOGGER.error(e); + } response.setStatus(HttpServletResponse.SC_NO_CONTENT); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Group '" + group.getId() + "' updated"); } + loggingContext.metricStarted(); acPutTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction"); // tell the Admin Consoles there is a change + loggingContext.metricStarted(); notifyAC(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC"); // Group changed, which might include changing the policies - groupChanged(group); + groupChanged(group, loggingContext); loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -1934,31 +2244,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList * @throws ServletException * @throws IOException */ - private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException { - //This code is to allow deletes to propagate to the database since delete is not implemented - String isDeleteNotify = request.getParameter("isDeleteNotify"); - if(isDeleteNotify != null){ - String policyToDelete = request.getParameter("policyToDelete"); - try{ - policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8"); - } catch(UnsupportedEncodingException e){ - LOGGER.error("Unsupported URL encoding of policyToDelete (UTF-8", e); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToDelete encoding not supported"); - return; - } - PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction(); - try{ - deleteTransaction.deletePolicy(policyToDelete); - } catch(Exception e){ - deleteTransaction.rollbackTransaction(); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"deleteTransaction.deleteTransaction(policyToDelete) " - + "\nfailure with the following exception: " + e); - return; - } - deleteTransaction.commitTransaction(); - response.setStatus(HttpServletResponse.SC_OK); - return; - } + private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException { PolicyDBDaoTransaction removePdpOrGroupTransaction = policyDBDao.getNewTransaction(); try { // for all DELETE operations the group must exist before the operation can be done @@ -1990,14 +2276,24 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } catch(Exception e){ throw new PAPException(e); } - papEngine.removePDP((OnapPDP) pdp); + try{ + papEngine.removePDP((OnapPDP) pdp); + }catch(PAPException e){ + LOGGER.error(e); + } // adjust the status of the group, which may have changed when we removed this PDP ((StdPDPGroup)group).resetStatus(); response.setStatus(HttpServletResponse.SC_NO_CONTENT); + loggingContext.metricStarted(); notifyAC(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC"); // update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests) - pdpChanged(pdp); + pdpChanged(pdp, loggingContext); + loggingContext.metricStarted(); removePdpOrGroupTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction"); loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -2015,7 +2311,11 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList String moveToGroupId = request.getParameter("movePDPsToGroupId"); OnapPDPGroup moveToGroup = null; if (moveToGroupId != null) { - moveToGroup = papEngine.getGroup(moveToGroupId); + try{ + moveToGroup = papEngine.getGroup(moveToGroupId); + }catch(PAPException e){ + LOGGER.error(e); + } } // get list of PDPs in the group being deleted so we can notify them that they got changed Set movedPDPs = new HashSet<>(); @@ -2027,14 +2327,24 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception"); throw new PAPException(e.getMessage()); } - papEngine.removeGroup(group, moveToGroup); + try{ + papEngine.removeGroup(group, moveToGroup); + }catch(PAPException e){ + LOGGER.error(e); + } response.setStatus(HttpServletResponse.SC_NO_CONTENT); + loggingContext.metricStarted(); notifyAC(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC"); // notify any PDPs in the removed set that their config may have changed for (OnapPDP pdp : movedPDPs) { - pdpChanged(pdp); + pdpChanged(pdp, loggingContext); } + loggingContext.metricStarted(); removePdpOrGroupTransaction.commitTransaction(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction"); loggingContext.transactionEnded(); auditLogger.info("Success"); PolicyLogger.audit("Transaction Ended Successfully"); @@ -2264,7 +2574,21 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList groupChanged(group); } } - + + public void changed(ONAPLoggingContext loggingContext) { + // all PDPs in all groups need to be updated/sync'd + Set groups; + try { + groups = papEngine.getOnapPDPGroups(); + } catch (PAPException e) { + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed"); + throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e); + } + for (OnapPDPGroup group : groups) { + groupChanged(group, loggingContext); + } + } + @Override public void groupChanged(OnapPDPGroup group) { // all PDPs within one group need to be updated/sync'd @@ -2273,8 +2597,15 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } + public void groupChanged(OnapPDPGroup group, ONAPLoggingContext loggingContext) { + // all PDPs within one group need to be updated/sync'd + for (OnapPDP pdp : group.getOnapPdps()) { + pdpChanged(pdp, loggingContext); + } + } + @Override - public void pdpChanged(OnapPDP pdp) { + public void pdpChanged(OnapPDP pdp) { // kick off a thread to do an event notification for each PDP. // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc) // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out. @@ -2283,20 +2614,48 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList t.start(); } } + + public void pdpChanged(OnapPDP pdp, ONAPLoggingContext loggingContext) { + // kick off a thread to do an event notification for each PDP. + // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc) + // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out. + Thread t = new Thread(new UpdatePDPThread(pdp, loggingContext)); + if(CheckPDP.validateID(pdp.getId())){ + t.start(); + } + } private class UpdatePDPThread implements Runnable { private OnapPDP pdp; private String requestId; + private ONAPLoggingContext loggingContext; public UpdatePDPThread(OnapPDP pdp) { this.pdp = pdp; } + public UpdatePDPThread(OnapPDP pdp, ONAPLoggingContext loggingContext) { + this.pdp = pdp; + if ((loggingContext != null) && (loggingContext.getRequestID() != null || loggingContext.getRequestID() == "")) { + this.requestId = loggingContext.getRequestID(); + } + this.loggingContext = loggingContext; + } + public void run() { // send the current configuration to one PDP HttpURLConnection connection = null; // get a new logging context for the thread - ONAPLoggingContext loggingContext = new ONAPLoggingContext(baseLoggingContext); + try { + if (this.loggingContext == null) { + loggingContext = new ONAPLoggingContext(baseLoggingContext); + } + } catch (Exception e) { + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId()); + // Since this is a server-side error, it probably does not reflect a problem on the client, + // so do not change the PDP status. + return; + } try { loggingContext.setServiceName("PAP:PDP.putConfig"); // If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP @@ -2358,7 +2717,10 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList return; } // Do the connect + loggingContext.metricStarted(); connection.connect(); + loggingContext.metricEnded(); + PolicyLogger.metrics("XACMLPapServlet UpdatePDPThread connection connect"); if (connection.getResponseCode() == 204) { LOGGER.info("Success. We are configured correctly."); loggingContext.transactionEnded(); @@ -2463,7 +2825,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } // remove any ACs that are no longer connected - if (disconnectedACs.size() > 0) { + if (!disconnectedACs.isEmpty()) { adminConsoleURLStringList.removeAll(disconnectedACs); } } @@ -2672,4 +3034,4 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList public static void setMsPolicyName(String msPolicyName) { XACMLPapServlet.msPolicyName = msPolicyName; } -} +} \ No newline at end of file