X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ONAP-PDP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpdp%2Frest%2FXACMLPdpServlet.java;h=c86e21c09d3f2c4465354f67b4149f50d8446406;hb=c1b69dfb1297365d35f2ada8690f13f787d38b4f;hp=87cafc4ef2a61b156bdcee80da6eaa13f5766c7d;hpb=7fd58e9a2427a215daa6b543e901534e83d3c246;p=policy%2Fengine.git diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java index 87cafc4ef..c86e21c09 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,6 +20,17 @@ package org.onap.policy.pdp.rest; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.pap.PDPStatus.Status; +import com.att.research.xacml.api.pdp.PDPEngine; +import com.att.research.xacml.api.pdp.PDPException; +import com.att.research.xacml.std.dom.DOMRequest; +import com.att.research.xacml.std.dom.DOMResponse; +import com.att.research.xacml.std.json.JSONRequest; +import com.att.research.xacml.std.json.JSONResponse; +import com.att.research.xacml.util.XACMLProperties; +import com.fasterxml.jackson.databind.ObjectMapper; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -60,40 +71,30 @@ import org.onap.policy.common.logging.eelf.PolicyLogger; import org.onap.policy.pdp.rest.jmx.PdpRestMonitor; import org.onap.policy.rest.XACMLRest; import org.onap.policy.rest.XACMLRestProperties; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.pdp.std.functions.PolicyList; import org.onap.policy.xacml.std.pap.StdPDPStatus; -import com.att.research.xacml.api.Request; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.api.pap.PDPStatus.Status; -import com.att.research.xacml.api.pdp.PDPEngine; -import com.att.research.xacml.api.pdp.PDPException; -import com.att.research.xacml.std.dom.DOMRequest; -import com.att.research.xacml.std.dom.DOMResponse; -import com.att.research.xacml.std.json.JSONRequest; -import com.att.research.xacml.std.json.JSONResponse; -import com.att.research.xacml.util.XACMLProperties; -import com.fasterxml.jackson.databind.ObjectMapper; /** * Servlet implementation class XacmlPdpServlet - * + * * This is an implementation of the XACML 3.0 RESTful Interface with added features to support simple PAP RESTful API * for policy publishing and PIP configuration changes. - * + * * If you are running this the first time, then we recommend you look at the xacml.pdp.properties file. This properties * file has all the default parameter settings. If you are running the servlet as is, then we recommend setting up * you're container to run it on port 8080 with context "/pdp". Wherever the default working directory is set to, a * "config" directory will be created that holds the policy and pip cache. This setting is located in the * xacml.pdp.properties file. - * + * * When you are ready to customize, you can create a separate xacml.pdp.properties on you're local file system and setup * the parameters as you wish. Just set the Java VM System variable to point to that file: - * + * * -Dxacml.properties=/opt/app/xacml/etc/xacml.pdp.properties - * + * * Or if you only want to change one or two properties, simply set the Java VM System variable for that property. - * + * * -Dxacml.rest.pdp.register=false * * @@ -268,14 +269,25 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { properties.getProperty("createUpdatePolicy.impl.className", CREATE_UPDATE_POLICY_SERVICE); setCreateUpdatePolicyConstructor(createUpdateResourceName); + PeCryptoUtils.initAesKey(properties.getProperty(XACMLRestProperties.PROP_AES_KEY)); + // Create an IntegrityMonitor try { logger.info("Creating IntegrityMonitor"); + properties.setProperty("javax.persistence.jdbc.password", + PeCryptoUtils.decrypt(properties.getProperty("javax.persistence.jdbc.password", ""))); im = IntegrityMonitor.getInstance(pdpResourceName, properties); } catch (Exception e) { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "Failed to create IntegrityMonitor" + e); throw new ServletException(e); } + + try { + System.setProperty("msToscaModel.home", properties.getProperty("msToscaModel.home")); + } catch (Exception e) { + logger.error("ERROR: Unable to set msToscaModel.home- Please check the configuration"); + } + startThreads(baseLoggingContext, new Thread(this)); } @@ -373,42 +385,42 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { /** * PUT - The PAP engine sends configuration information using HTTP PUT request. - * + * * One parameter is expected: - * + * * config=[policy|pip|all] - * + * * policy - Expect a properties file that contains updated lists of the root and referenced policies that the PDP * should be using for PEP requests. - * + * * Specifically should AT LEAST contain the following properties: xacml.rootPolicies xacml.referencedPolicies - * + * * In addition, any relevant information needed by the PDP to load or retrieve the policies to store in its cache. * * EXAMPLE: xacml.rootPolicies=PolicyA.1, PolicyB.1 * * PolicyA.1.url=http://localhost:9090/PAP?id=b2d7b86d-d8f1-4adf-ba9d-b68b2a90bee1&version=1 * PolicyB.1.url=http://localhost:9090/PAP/id=be962404-27f6-41d8-9521-5acb7f0238be&version=1 - * + * * xacml.referencedPolicies=RefPolicyC.1, RefPolicyD.1 * * RefPolicyC.1.url=http://localhost:9090/PAP?id=foobar&version=1 * RefPolicyD.1.url=http://localhost:9090/PAP/id=example&version=1 - * + * * pip - Expect a properties file that contain PIP engine configuration properties. - * + * * Specifically should AT LEAST the following property: xacml.pip.engines - * + * * In addition, any relevant information needed by the PDP to load and configure the PIPs. - * + * * EXAMPLE: xacml.pip.engines=foo,bar - * + * * foo.classname=com.foo foo.sample=abc foo.example=xyz ...... - * + * * bar.classname=com.bar ...... - * + * * all - Expect ALL new configuration properties for the PDP - * + * * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response) */ @Override @@ -497,7 +509,7 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { } protected void doPutConfig(String config, HttpServletRequest request, HttpServletResponse response, - ONAPLoggingContext loggingContext) throws ServletException, IOException { + ONAPLoggingContext loggingContext) throws IOException { try { // prevent multiple configuration changes from stacking up logger.info("XACMLPdpServlet: checking remainingCapacity of Queue."); @@ -618,13 +630,13 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { /** * Parameters: type=hb|config|Status - * + * * 1. HeartBeat Status HeartBeat OK - All Policies are Loaded, All PIPs are Loaded LOADING_IN_PROGRESS - Currently * loading a new policy set/pip configuration LAST_UPDATE_FAILED - Need to track the items that failed during last * update LOAD_FAILURE - ??? Need to determine what information is sent and how 2. Configuration 3. Status return * the StdPDPStatus object in the Response content - * - * + * + * * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ @Override @@ -649,92 +661,63 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { XACMLRest.dumpRequest(request); String pathInfo = request.getRequestURI(); - if (pathInfo != null) { + if (pathInfo != null && "/pdp/test".equals(pathInfo)) { // health check from Global Site Selector (iDNS). // DO NOT do a im.startTransaction for the test request - if (pathInfo.equals("/pdp/test")) { - loggingContext.setServiceName("iDNS:PDP.test"); + loggingContext.setServiceName("iDNS:PDP.test"); + try { + im.evaluateSanity(); + // If we make it this far, all is well + String message = "GET:/pdp/test called and PDP " + pdpResourceName + " is OK"; + PolicyLogger.debug(message); + PolicyLogger.audit("Success"); + response.setStatus(HttpServletResponse.SC_OK); + return; + } catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException fpe) { + // No forward progress is being made + String message = "GET:/pdp/test called and PDP " + pdpResourceName + " is not making forward progress." + + " Exception Message: " + fpe.getMessage(); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + fpe); + PolicyLogger.audit("Transaction Failed - See Error.log"); try { - im.evaluateSanity(); - // If we make it this far, all is well - String message = "GET:/pdp/test called and PDP " + pdpResourceName + " is OK"; - PolicyLogger.debug(message); - loggingContext.transactionEnded(); - PolicyLogger.audit("Success"); - response.setStatus(HttpServletResponse.SC_OK); - return; - } catch (ForwardProgressException fpe) { - // No forward progress is being made - String message = "GET:/pdp/test called and PDP " + pdpResourceName - + " is not making forward progress." + " Exception Message: " + fpe.getMessage(); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + fpe); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - try { - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - } catch (Exception e1) { - logger.error("Exception occured while sending error in response" + e1); - } - return; - } catch (AdministrativeStateException ase) { - // Administrative State is locked - String message = "GET:/pdp/test called and PDP " + pdpResourceName - + " Administrative State is LOCKED " + " Exception Message: " + ase.getMessage(); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + ase); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - try { - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - } catch (Exception e1) { - logger.error("Exception occured while sending error in response" + e1); - } - return; - } catch (StandbyStatusException sse) { - // Administrative State is locked - String message = "GET:/pdp/test called and PDP " + pdpResourceName - + " Standby Status is NOT PROVIDING SERVICE " + " Exception Message: " + sse.getMessage(); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message + sse); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - try { - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - } catch (Exception e1) { - logger.error("Exception occured while sending error in response" + e1); - } - return; - } catch (Exception e) { - // A subsystem is not making progress or is not responding - String eMsg = e.getMessage(); - if (eMsg == null) { - eMsg = "No Exception Message"; - } - String message = "GET:/pdp/test called and PDP " + pdpResourceName + " has had a subsystem failure." - + " Exception Message: " + eMsg; - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message); - // Get the specific list of subsystems that failed - String failedNodeList = null; - for (String node : dependencyNodes) { - if (eMsg.contains(node)) { - if (failedNodeList == null) { - failedNodeList = node; - } else { - failedNodeList = failedNodeList.concat("," + node); - } + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + } catch (Exception e1) { + logger.error("Exception occured while sending error in response" + e1); + } + return; + } catch (Exception e) { + // A subsystem is not making progress or is not responding + String eMsg = e.getMessage(); + if (eMsg == null) { + eMsg = "No Exception Message"; + } + String message = "GET:/pdp/test called and PDP " + pdpResourceName + " has had a subsystem failure." + + " Exception Message: " + eMsg; + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, message); + // Get the specific list of subsystems that failed + String failedNodeList = null; + for (String node : dependencyNodes) { + if (eMsg.contains(node)) { + if (failedNodeList == null) { + failedNodeList = node; + } else { + failedNodeList = failedNodeList.concat("," + node); } } - if (failedNodeList == null) { - failedNodeList = "UnknownSubSystem"; - } - response.addHeader("X-ONAP-SubsystemFailure", failedNodeList); - try { - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - } catch (Exception e1) { - logger.error("Exception occured while sending error in response" + e1); - } - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log" + e); - return; } + if (failedNodeList == null) { + failedNodeList = "UnknownSubSystem"; + } + response.addHeader("X-ONAP-SubsystemFailure", failedNodeList); + try { + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + } catch (Exception e1) { + logger.error("Exception occured while sending error in response" + e1); + } + PolicyLogger.audit("Transaction Failed - See Error.log" + e); + return; + } finally { + loggingContext.transactionEnded(); } } @@ -834,8 +817,8 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { /** * POST - We expect XACML requests to be posted by PEP applications. They can be in the form of XML or JSON * according to the XACML 3.0 Specifications for both. - * - * + * + * * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ @Override @@ -1001,7 +984,7 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) { pdpRequest = JSONRequest.load(incomingRequestString); } else if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType()) - || contentType.getMimeType().equalsIgnoreCase("application/xacml+xml")) { + || "application/xacml+xml".equalsIgnoreCase(contentType.getMimeType())) { pdpRequest = DOMRequest.load(incomingRequestString); } } catch (Exception e) { @@ -1035,7 +1018,7 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { // Did we successfully get and parse a request? // if (pdpRequest == null || pdpRequest.getRequestAttributes() == null - || pdpRequest.getRequestAttributes().size() <= 0) { + || pdpRequest.getRequestAttributes().isEmpty()) { String message = "Zero Attributes found in the request"; logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message); PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, message);