X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=POLICY-SDK-APP%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fadmin%2FPolicyManagerServlet.java;h=91f82932e8212336ee8f4f5516c1689ea08a2844;hb=a6b8bc8875402ab721a8529926d01b2565d0f595;hp=6fab5a6087e7973444c1959580bc880f01014b79;hpb=b51d8192e662e3ee8775235500cabb875f480e2b;p=policy%2Fengine.git diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java index 6fab5a608..91f82932e 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyManagerServlet.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -33,9 +33,11 @@ import java.io.InputStream; import java.io.OutputStream; import java.io.PrintWriter; import java.nio.charset.StandardCharsets; +import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.util.ArrayList; +import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -45,6 +47,7 @@ import java.util.Set; import javax.json.Json; import javax.json.JsonArray; import javax.json.JsonReader; +import javax.script.SimpleBindings; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.annotation.WebInitParam; @@ -66,6 +69,7 @@ import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.components.HumanPolicyComponent; import org.onap.policy.controller.PolicyController; import org.onap.policy.controller.PolicyExportAndImportController; +import org.onap.policy.model.Roles; import org.onap.policy.rest.XACMLRest; import org.onap.policy.rest.XACMLRestProperties; import org.onap.policy.rest.adapter.PolicyRestAdapter; @@ -78,8 +82,7 @@ import org.onap.policy.rest.jpa.UserInfo; import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.util.XACMLPolicyScanner; -import org.openecomp.policy.model.Roles; -import org.openecomp.portalsdk.core.web.support.UserUtils; +import org.onap.portalsdk.core.web.support.UserUtils; import com.att.research.xacml.util.XACMLProperties; import com.fasterxml.jackson.databind.JsonNode; @@ -100,7 +103,7 @@ public class PolicyManagerServlet extends HttpServlet { return policyController; } - public synchronized static void setPolicyController(PolicyController policyController) { + public static synchronized void setPolicyController(PolicyController policyController) { PolicyManagerServlet.policyController = policyController; } @@ -112,11 +115,11 @@ public class PolicyManagerServlet extends HttpServlet { private static String EDITOR = "editor"; private static String GUEST = "guest"; private static String RESULT = "result"; - + private static Path closedLoopJsonLocation; private static JsonArray policyNames; private static String testUserId = null; - + public static JsonArray getPolicyNames() { return policyNames; } @@ -143,7 +146,7 @@ public class PolicyManagerServlet extends HttpServlet { // PolicyManagerServlet.initializeJSONLoad(); } - + protected static void initializeJSONLoad() { closedLoopJsonLocation = Paths.get(XACMLProperties .getProperty(XACMLRestProperties.PROP_ADMIN_CLOSEDLOOP)); @@ -152,7 +155,7 @@ public class PolicyManagerServlet extends HttpServlet { String location = closedLoopJsonLocation.toString(); try { inputStream = new FileInputStream(location); - if (location.endsWith("json")) { + if (location.endsWith("json")) { jsonReader = Json.createReader(inputStream); policyNames = jsonReader.readArray(); serviceTypeNamesList = new ArrayList<>(); @@ -224,24 +227,24 @@ public class PolicyManagerServlet extends HttpServlet { if (!item.isFormField()) { // Process form file field (input type="file"). files.put(item.getName(), item.getInputStream()); - if(item.getName().endsWith(".xls")){ - OutputStream outputStream = null; - try{ - File file = new File(item.getName()); - outputStream = new FileOutputStream(file); + if(item.getName().endsWith(".xls") && item.getSize() <= PolicyController.getFileSizeLimit()){ + File file = new File(item.getName()); + try (OutputStream outputStream = new FileOutputStream(file);) + { IOUtils.copy(item.getInputStream(), outputStream); - outputStream.close(); newFile = file.toString(); PolicyExportAndImportController importController = new PolicyExportAndImportController(); importController.importRepositoryFile(newFile, request); }catch(Exception e){ LOGGER.error("Upload error : " + e); - }finally{ - if(outputStream != null){ - outputStream.close(); - } } } + else if (!item.getName().endsWith(".xls")) { + LOGGER.error("Non .xls filetype uploaded: " + item.getName()); + } + else { //uploaded file size is greater than allowed + LOGGER.error("Upload file size limit exceeded! File size (Bytes) is: " + item.getSize()); + } } } @@ -271,6 +274,12 @@ public class PolicyManagerServlet extends HttpServlet { JSONObject jObj = new JSONObject(sb.toString()); JSONObject params = jObj.getJSONObject("params"); Mode mode = Mode.valueOf(params.getString("mode")); + + String userId = UserUtils.getUserSession(request).getOrgUserId(); + LOGGER.info("****************************************Logging UserID while doing actions on Editor tab*******************************************"); + LOGGER.info("UserId: " + userId + "Action Mode: "+ mode.toString() + "Action Params: "+params.toString()); + LOGGER.info("***********************************************************************************************************************************"); + switch (mode) { case ADDFOLDER: case ADDSUBSCOPE: @@ -330,7 +339,7 @@ public class PolicyManagerServlet extends HttpServlet { try { //Get the Login Id of the User from Request String userId = UserUtils.getUserSession(request).getOrgUserId(); - //Check if the Role and Scope Size are Null get the values from db. + //Check if the Role and Scope Size are Null get the values from db. List userRoles = controller.getRoles(userId); roles = new ArrayList<>(); scopes = new HashSet<>(); @@ -345,7 +354,7 @@ public class PolicyManagerServlet extends HttpServlet { } }else{ scopes.add(userRole.getScope()); - } + } } } if (roles.contains(ADMIN) || roles.contains(EDITOR) || roles.contains(GUEST) ) { @@ -362,21 +371,24 @@ public class PolicyManagerServlet extends HttpServlet { } } } - } + } if(policyList!= null){ for(int i = 0; i < policyList.length(); i++){ String policyName = policyList.get(i).toString().replace(".xml", ""); - String version = policyName.substring(policyName.lastIndexOf(".")+1); - policyName = policyName.substring(0, policyName.lastIndexOf(".")).replace(".", File.separator); + String version = policyName.substring(policyName.lastIndexOf('.')+1); + policyName = policyName.substring(0, policyName.lastIndexOf('.')).replace(".", File.separator); if(policyName.contains("\\")){ policyName = policyName.replace("\\", "\\\\"); } - String policyVersionQuery = "From PolicyVersion where policy_name ='"+policyName+"' and active_version = '"+version+"'and id >0"; - List activeData = controller.getDataByQuery(policyVersionQuery); + String policyVersionQuery = "From PolicyVersion where policy_name = :policyName and active_version = :version and id >0"; + SimpleBindings pvParams = new SimpleBindings(); + pvParams.put("policyName", policyName); + pvParams.put("version", version); + List activeData = controller.getDataByQuery(policyVersionQuery, pvParams); if(!activeData.isEmpty()){ PolicyVersion policy = (PolicyVersion) activeData.get(0); JSONObject el = new JSONObject(); - el.put("name", policy.getPolicyName().replace(File.separator, "/")); + el.put("name", policy.getPolicyName().replace(File.separator, "/")); el.put("date", policy.getModifiedDate()); el.put("version", policy.getActiveVersion()); el.put("size", ""); @@ -395,7 +407,7 @@ public class PolicyManagerServlet extends HttpServlet { PolicyVersion filterdata = (PolicyVersion) filter; try{ String scopeName = filterdata.getPolicyName().substring(0, filterdata.getPolicyName().lastIndexOf(File.separator)); - if(scopes.contains(scopeName)){ + if(scopes.contains(scopeName)){ policyData.add(filterdata); } }catch(Exception e){ @@ -403,12 +415,12 @@ public class PolicyManagerServlet extends HttpServlet { } } } - + if(!policyData.isEmpty()){ for(int i =0; i < policyData.size(); i++){ PolicyVersion policy = (PolicyVersion) policyData.get(i); JSONObject el = new JSONObject(); - el.put("name", policy.getPolicyName().replace(File.separator, "/")); + el.put("name", policy.getPolicyName().replace(File.separator, "/")); el.put("date", policy.getModifiedDate()); el.put("version", policy.getActiveVersion()); el.put("size", ""); @@ -422,7 +434,7 @@ public class PolicyManagerServlet extends HttpServlet { }catch(Exception e){ LOGGER.error("Exception occured while reading policy Data from Policy Version table for Policy Search Data"+e); } - + return new JSONObject().put(RESULT, resultList); } @@ -438,9 +450,9 @@ public class PolicyManagerServlet extends HttpServlet { String policyName; String removeExtension = path.replace(".xml", ""); if(path.startsWith("/")){ - policyName = removeExtension.substring(1, removeExtension.lastIndexOf(".")); + policyName = removeExtension.substring(1, removeExtension.lastIndexOf('.')); }else{ - policyName = removeExtension.substring(0, removeExtension.lastIndexOf(".")); + policyName = removeExtension.substring(0, removeExtension.lastIndexOf('.')); } String activePolicy = null; @@ -461,8 +473,11 @@ public class PolicyManagerServlet extends HttpServlet { dbCheckName = dbCheckName.replace(".Decision_", ":Decision_"); } String[] splitDBCheckName = dbCheckName.split(":"); - String peQuery = "FROM PolicyEntity where policyName = '"+splitDBCheckName[1]+"' and scope ='"+splitDBCheckName[0]+"'"; - List policyEntity = controller.getDataByQuery(peQuery); + String peQuery = "FROM PolicyEntity where policyName = :splitDBCheckName_1 and scope = :splitDBCheckName_0"; + SimpleBindings policyParams = new SimpleBindings(); + policyParams.put("splitDBCheckName_1", splitDBCheckName[1]); + policyParams.put("splitDBCheckName_0", splitDBCheckName[0]); + List policyEntity = controller.getDataByQuery(peQuery, policyParams); PolicyEntity pentity = (PolicyEntity) policyEntity.get(0); if(pentity.isDeleted()){ return error("The Policy is Not Existing in Workspace"); @@ -505,7 +520,7 @@ public class PolicyManagerServlet extends HttpServlet { String policyName = null; if(path.startsWith("/")){ path = path.substring(1); - policyName = path.substring(path.lastIndexOf("/") +1); + policyName = path.substring(path.lastIndexOf('/') +1); path = path.replace("/", "."); }else{ path = path.replace("/", "."); @@ -520,8 +535,16 @@ public class PolicyManagerServlet extends HttpServlet { } PolicyController controller = getPolicyControllerInstance(); String[] split = path.split(":"); - String query = "FROM PolicyEntity where policyName = '"+split[1]+"' and scope ='"+split[0]+"'"; - List queryData = controller.getDataByQuery(query); + String query = "FROM PolicyEntity where policyName = :split_1 and scope = :split_0"; + SimpleBindings peParams = new SimpleBindings(); + peParams.put("split_1", split[1]); + peParams.put("split_0", split[0]); + List queryData = null; + if(PolicyController.isjUnit()){ + queryData = controller.getDataByQuery(query, null); + }else{ + queryData = controller.getDataByQuery(query, peParams); + } if(!queryData.isEmpty()){ PolicyEntity entity = (PolicyEntity) queryData.get(0); File temp = null; @@ -549,12 +572,12 @@ public class PolicyManagerServlet extends HttpServlet { }else{ return error("Error Occured while Describing the Policy"); } - + return object; } //Get the List of Policies and Scopes for Showing in Editor tab - private JSONObject list(JSONObject params, HttpServletRequest request) throws ServletException { + private JSONObject list(JSONObject params, HttpServletRequest request) throws ServletException { Set scopes = null; List roles = null; try { @@ -562,7 +585,7 @@ public class PolicyManagerServlet extends HttpServlet { //Get the Login Id of the User from Request String testUserID = getTestUserId(); String userId = testUserID != null ? testUserID : UserUtils.getUserSession(request).getOrgUserId(); - //Check if the Role and Scope Size are Null get the values from db. + //Check if the Role and Scope Size are Null get the values from db. List userRoles = controller.getRoles(userId); roles = new ArrayList<>(); scopes = new HashSet<>(); @@ -577,7 +600,7 @@ public class PolicyManagerServlet extends HttpServlet { } }else{ scopes.add(userRole.getScope()); - } + } } } @@ -598,8 +621,8 @@ public class PolicyManagerServlet extends HttpServlet { scopes.add(tempScope); } } - } - + } + if("/".equals(path)){ if(roles.contains(SUPERADMIN) || roles.contains(SUPEREDITOR) || roles.contains(SUPERGUEST)){ List scopesList = queryPolicyEditorScopes(null); @@ -607,8 +630,8 @@ public class PolicyManagerServlet extends HttpServlet { PolicyEditorScopes scope = (PolicyEditorScopes) list; if(!(scope.getScopeName().contains(File.separator))){ JSONObject el = new JSONObject(); - el.put("name", scope.getScopeName()); - el.put("date", scope.getCreatedDate()); + el.put("name", scope.getScopeName()); + el.put("date", scope.getModifiedDate()); el.put("size", ""); el.put("type", "dir"); el.put("createdBy", scope.getUserCreatedBy().getUserName()); @@ -622,8 +645,8 @@ public class PolicyManagerServlet extends HttpServlet { List scopesList = queryPolicyEditorScopes(scope.toString()); if(!scopesList.isEmpty()){ PolicyEditorScopes scopeById = (PolicyEditorScopes) scopesList.get(0); - el.put("name", scopeById.getScopeName()); - el.put("date", scopeById.getCreatedDate()); + el.put("name", scopeById.getScopeName()); + el.put("date", scopeById.getModifiedDate()); el.put("size", ""); el.put("type", "dir"); el.put("createdBy", scopeById.getUserCreatedBy().getUserName()); @@ -634,11 +657,11 @@ public class PolicyManagerServlet extends HttpServlet { } }else{ try{ - String scopeName = path.substring(path.indexOf("/") +1); + String scopeName = path.substring(path.indexOf('/') +1); activePolicyList(scopeName, resultList, roles, scopes, onlyFolders); } catch (Exception ex) { LOGGER.error("Error Occured While reading Policy Files List"+ex ); - } + } } return new JSONObject().put(RESULT, resultList); @@ -650,13 +673,20 @@ public class PolicyManagerServlet extends HttpServlet { private List queryPolicyEditorScopes(String scopeName){ String scopeNamequery = ""; + SimpleBindings params = new SimpleBindings(); if(scopeName == null){ scopeNamequery = "from PolicyEditorScopes"; }else{ - scopeNamequery = "from PolicyEditorScopes where SCOPENAME like'" +scopeName+"%'"; + scopeNamequery = "from PolicyEditorScopes where SCOPENAME like :scopeName"; + params.put("scopeName", scopeName + "%"); } PolicyController controller = getPolicyControllerInstance(); - List scopesList = controller.getDataByQuery(scopeNamequery); + List scopesList = null; + if(PolicyController.isjUnit()){ + scopesList = controller.getDataByQuery(scopeNamequery, null); + }else{ + scopesList = controller.getDataByQuery(scopeNamequery, params); + } return scopesList; } @@ -669,10 +699,21 @@ public class PolicyManagerServlet extends HttpServlet { if(scopeName.contains("\\")){ scopeName = scopeName.replace("\\", "\\\\\\\\"); } - String query = "from PolicyVersion where POLICY_NAME like '" +scopeName+"%'"; - String scopeNamequery = "from PolicyEditorScopes where SCOPENAME like '" +scopeName+"%'"; - List activePolicies = controller.getDataByQuery(query); - List scopesList = controller.getDataByQuery(scopeNamequery); + String query = "from PolicyVersion where POLICY_NAME like :scopeName"; + String scopeNamequery = "from PolicyEditorScopes where SCOPENAME like :scopeName"; + + SimpleBindings params = new SimpleBindings(); + params.put("scopeName", scopeName + "%"); + + List activePolicies = null; + List scopesList = null; + if(PolicyController.isjUnit()){ + activePolicies = controller.getDataByQuery(query, null); + scopesList = controller.getDataByQuery(scopeNamequery, null); + }else{ + activePolicies = controller.getDataByQuery(query, params); + scopesList = controller.getDataByQuery(scopeNamequery, params); + } for(Object list : scopesList){ PolicyEditorScopes scopeById = (PolicyEditorScopes) list; String scope = scopeById.getScopeName(); @@ -689,7 +730,7 @@ public class PolicyManagerServlet extends HttpServlet { } if(scopeName.equalsIgnoreCase(checkScope)){ JSONObject el = new JSONObject(); - el.put("name", scope); + el.put("name", scope); el.put("date", scopeById.getModifiedDate()); el.put("size", ""); el.put("type", "dir"); @@ -697,7 +738,7 @@ public class PolicyManagerServlet extends HttpServlet { el.put("modifiedBy", scopeById.getUserModifiedBy().getUserName()); resultList.add(el); } - } + } } String scopeNameCheck = null; for (Object list : activePolicies) { @@ -711,7 +752,7 @@ public class PolicyManagerServlet extends HttpServlet { } if(scopeNameValue.equals(scopeNameCheck)){ JSONObject el = new JSONObject(); - el.put("name", policy.getPolicyName().substring(policy.getPolicyName().lastIndexOf(File.separator)+1)); + el.put("name", policy.getPolicyName().substring(policy.getPolicyName().lastIndexOf(File.separator)+1)); el.put("date", policy.getModifiedDate()); el.put("version", policy.getActiveVersion()); el.put("size", ""); @@ -720,10 +761,9 @@ public class PolicyManagerServlet extends HttpServlet { el.put("modifiedBy", getUserName(policy.getModifiedBy())); resultList.add(el); } - }else if(!scopes.isEmpty()){ - if(scopes.contains(scopeNameValue)){ + }else if(!scopes.isEmpty() && scopes.contains(scopeNameValue)){ JSONObject el = new JSONObject(); - el.put("name", policy.getPolicyName().substring(policy.getPolicyName().lastIndexOf(File.separator)+1)); + el.put("name", policy.getPolicyName().substring(policy.getPolicyName().lastIndexOf(File.separator)+1)); el.put("date", policy.getModifiedDate()); el.put("version", policy.getActiveVersion()); el.put("size", ""); @@ -731,9 +771,8 @@ public class PolicyManagerServlet extends HttpServlet { el.put("createdBy", getUserName(policy.getCreatedBy())); el.put("modifiedBy", getUserName(policy.getModifiedBy())); resultList.add(el); - } } - } + } } private String getUserName(String loginId){ @@ -754,8 +793,8 @@ public class PolicyManagerServlet extends HttpServlet { String userId = UserUtils.getUserSession(request).getOrgUserId(); String oldPath = params.getString("path"); String newPath = params.getString("newPath"); - oldPath = oldPath.substring(oldPath.indexOf("/")+1); - newPath = newPath.substring(newPath.indexOf("/")+1); + oldPath = oldPath.substring(oldPath.indexOf('/')+1); + newPath = newPath.substring(newPath.indexOf('/')+1); if(oldPath.endsWith(".xml")){ JSONObject result = policyRename(oldPath, newPath, userId); if(!(Boolean)(result.getJSONObject("result").get("success"))){ @@ -773,10 +812,12 @@ public class PolicyManagerServlet extends HttpServlet { newScopeName = newScopeName.replace("\\", "\\\\\\\\"); } PolicyController controller = getPolicyControllerInstance(); - String query = "from PolicyVersion where POLICY_NAME like'" +scopeName+"%'"; - String scopeNamequery = "from PolicyEditorScopes where SCOPENAME like'" +scopeName+"%'"; - List activePolicies = controller.getDataByQuery(query); - List scopesList = controller.getDataByQuery(scopeNamequery); + String query = "from PolicyVersion where POLICY_NAME like :scopeName"; + String scopeNamequery = "from PolicyEditorScopes where SCOPENAME like :scopeName"; + SimpleBindings pvParams = new SimpleBindings(); + pvParams.put("scopeName", scopeName + "%"); + List activePolicies = controller.getDataByQuery(query, pvParams); + List scopesList = controller.getDataByQuery(scopeNamequery, pvParams); for(Object object : activePolicies){ PolicyVersion activeVersion = (PolicyVersion) object; String policyOldPath = activeVersion.getPolicyName().replace(File.separator, "/") + "." + activeVersion.getActiveVersion() + ".xml"; @@ -785,7 +826,7 @@ public class PolicyManagerServlet extends HttpServlet { if(!(Boolean)(result.getJSONObject("result").get("success"))){ isActive = true; policyActiveInPDP.add(policyOldPath); - String scope = policyOldPath.substring(0, policyOldPath.lastIndexOf("/")); + String scope = policyOldPath.substring(0, policyOldPath.lastIndexOf('/')); scopeOfPolicyActiveInPDP.add(scope.replace("/", File.separator)); } } @@ -793,11 +834,11 @@ public class PolicyManagerServlet extends HttpServlet { if(activePolicies.size() != policyActiveInPDP.size()){ rename = true; } - + UserInfo userInfo = new UserInfo(); userInfo.setUserLoginId(userId); - if(policyActiveInPDP.size() == 0){ - renameScope(scopesList, scopeName, newScopeName, controller); + if(policyActiveInPDP.isEmpty()){ + renameScope(scopesList, scopeName, newScopeName, controller); }else if(rename){ renameScope(scopesList, scopeName, newScopeName, controller); for(String scope : scopeOfPolicyActiveInPDP){ @@ -810,7 +851,7 @@ public class PolicyManagerServlet extends HttpServlet { } if(isActive){ return error("The Following policies rename failed. Since they are active in PDP Groups" +policyActiveInPDP); - } + } } return success(); } catch (Exception e) { @@ -818,7 +859,7 @@ public class PolicyManagerServlet extends HttpServlet { return error(e.getMessage()); } } - + private void renameScope(List scopesList, String scopeName, String newScopeName, PolicyController controller){ for(Object object : scopesList){ PolicyEditorScopes editorScopeEntity = (PolicyEditorScopes) object; @@ -831,17 +872,17 @@ public class PolicyManagerServlet extends HttpServlet { controller.updateData(editorScopeEntity); } } - + private JSONObject policyRename(String oldPath, String newPath, String userId) throws ServletException { try { PolicyEntity entity = null; PolicyController controller = getPolicyControllerInstance(); String policyVersionName = newPath.replace(".xml", ""); - String policyName = policyVersionName.substring(0, policyVersionName.lastIndexOf(".")).replace("/", File.separator); + String policyName = policyVersionName.substring(0, policyVersionName.lastIndexOf('.')).replace("/", File.separator); String oldpolicyVersionName = oldPath.replace(".xml", ""); - String oldpolicyName = oldpolicyVersionName.substring(0, oldpolicyVersionName.lastIndexOf(".")).replace("/", File.separator); + String oldpolicyName = oldpolicyVersionName.substring(0, oldpolicyVersionName.lastIndexOf('.')).replace("/", File.separator); String newpolicyName = newPath.replace("/", "."); String newPolicyCheck = newpolicyName; @@ -866,30 +907,39 @@ public class PolicyManagerServlet extends HttpServlet { String[] oldPolicySplit = oldPolicyCheck.split(":"); //Check PolicyEntity table with newPolicy Name - String policyEntityquery = "FROM PolicyEntity where policyName = '"+newPolicySplit[1]+"' and scope ='"+newPolicySplit[0]+"'"; - List queryData = controller.getDataByQuery(policyEntityquery); + String policyEntityquery = "FROM PolicyEntity where policyName = :newPolicySplit_1 and scope = :newPolicySplit_0"; + SimpleBindings policyParams = new SimpleBindings(); + policyParams.put("newPolicySplit_1", newPolicySplit[1]); + policyParams.put("newPolicySplit_0", newPolicySplit[0]); + List queryData = controller.getDataByQuery(policyEntityquery, policyParams); if(!queryData.isEmpty()){ entity = (PolicyEntity) queryData.get(0); return error("Policy rename failed. Since, the policy with same name already exists."); } //Query the Policy Entity with oldPolicy Name - String policyEntityCheck = oldPolicySplit[1].substring(0, oldPolicySplit[1].indexOf(".")); - String oldpolicyEntityquery = "FROM PolicyEntity where policyName like '"+policyEntityCheck+"%' and scope ='"+oldPolicySplit[0]+"'"; - List oldEntityData = controller.getDataByQuery(oldpolicyEntityquery); + String policyEntityCheck = oldPolicySplit[1].substring(0, oldPolicySplit[1].indexOf('.')); + String oldpolicyEntityquery = "FROM PolicyEntity where policyName like :policyEntityCheck and scope = :oldPolicySplit_0"; + SimpleBindings params = new SimpleBindings(); + params.put("policyEntityCheck", policyEntityCheck + "%"); + params.put("oldPolicySplit_0", oldPolicySplit[0]); + List oldEntityData = controller.getDataByQuery(oldpolicyEntityquery, params); if(!oldEntityData.isEmpty()){ String groupQuery = "FROM PolicyGroupEntity where ("; + SimpleBindings geParams = new SimpleBindings(); for(int i=0; i groupEntityData = controller.getDataByQuery(groupQuery); - if(groupEntityData.size() > 0){ + List groupEntityData = controller.getDataByQuery(groupQuery, geParams); + if(! groupEntityData.isEmpty()){ return error("Policy rename failed. Since the policy or its version is active in PDP Groups."); } for(int i=0; i queryData = controller.getDataByQuery(policyEntityquery); + String policyEntityquery = "FROM PolicyEntity where policyName = :newPolicySplit_1 and scope = :newPolicySplit_0"; + SimpleBindings policyParams = new SimpleBindings(); + policyParams.put("newPolicySplit_1", newPolicySplit[1]); + policyParams.put("newPolicySplit_0", newPolicySplit[0]); + List queryData = controller.getDataByQuery(policyEntityquery, policyParams); if(!queryData.isEmpty()){ return error("Policy already exists with same name"); } //Query the Policy Entity with oldPolicy Name - policyEntityquery = "FROM PolicyEntity where policyName = '"+oldPolicySplit[1]+"' and scope ='"+oldPolicySplit[0]+"'"; - queryData = controller.getDataByQuery(policyEntityquery); + policyEntityquery = "FROM PolicyEntity where policyName = :oldPolicySplit_1 and scope = :oldPolicySplit_0"; + SimpleBindings peParams = new SimpleBindings(); + peParams.put("oldPolicySplit_1", oldPolicySplit[1]); + peParams.put("oldPolicySplit_0", oldPolicySplit[0]); + queryData = controller.getDataByQuery(policyEntityquery, peParams); if(!queryData.isEmpty()){ entity = (PolicyEntity) queryData.get(0); } @@ -1093,7 +1149,7 @@ public class PolicyManagerServlet extends HttpServlet { cloneRecord(newPolicySplit[1], oldPolicySplit[0], oldPolicySplit[1], newPolicySplit[0], newPolicySplit[1], entity, userId); success = true; } - + if(success){ PolicyVersion entityItem = new PolicyVersion(); entityItem.setActiveVersion(Integer.parseInt(version)); @@ -1101,6 +1157,7 @@ public class PolicyManagerServlet extends HttpServlet { entityItem.setPolicyName(policyName); entityItem.setCreatedBy(userId); entityItem.setModifiedBy(userId); + entityItem.setModifiedDate(new Date()); controller.saveData(entityItem); } @@ -1127,12 +1184,13 @@ public class PolicyManagerServlet extends HttpServlet { if(params.has("deleteVersion")){ deleteVersion = params.getString("deleteVersion"); } - path = path.substring(path.indexOf("/")+1); + path = path.substring(path.indexOf('/')+1); String policyNamewithExtension = path.replace("/", File.separator); String policyVersionName = policyNamewithExtension.replace(".xml", ""); String query = ""; + SimpleBindings policyParams = new SimpleBindings(); if(path.endsWith(".xml")){ - policyNamewithoutExtension = policyVersionName.substring(0, policyVersionName.lastIndexOf(".")); + policyNamewithoutExtension = policyVersionName.substring(0, policyVersionName.lastIndexOf('.')); policyNamewithoutExtension = policyNamewithoutExtension.replace(File.separator, "."); String splitPolicyName = null; if(policyNamewithoutExtension.contains("Config_")){ @@ -1143,24 +1201,29 @@ public class PolicyManagerServlet extends HttpServlet { splitPolicyName = policyNamewithoutExtension.replace(".Decision_", ":Decision_"); } String[] split = splitPolicyName.split(":"); - query = "FROM PolicyEntity where policyName like '"+split[1]+"%' and scope ='"+split[0]+"'"; + + query = "FROM PolicyEntity where policyName like :split_1 and scope = :split_0"; + policyParams.put("split_1", split[1] + "%"); + policyParams.put("split_0", split[0]); }else{ policyNamewithoutExtension = path.replace(File.separator, "."); - query = "FROM PolicyEntity where scope like '"+policyNamewithoutExtension+"%'"; + query = "FROM PolicyEntity where scope like :policyNamewithoutExtension"; + policyParams.put("policyNamewithoutExtension", policyNamewithoutExtension + "%"); } - - List policyEntityobjects = controller.getDataByQuery(query); + + List policyEntityobjects = controller.getDataByQuery(query, policyParams); String activePolicyName = null; boolean pdpCheck = false; if(path.endsWith(".xml")){ policyNamewithoutExtension = policyNamewithoutExtension.replace(".", File.separator); - int version = Integer.parseInt(policyVersionName.substring(policyVersionName.indexOf(".")+1)); + int version = Integer.parseInt(policyVersionName.substring(policyVersionName.indexOf('.')+1)); if("ALL".equals(deleteVersion)){ if(!policyEntityobjects.isEmpty()){ for(Object object : policyEntityobjects){ policyEntity = (PolicyEntity) object; - String groupEntityquery = "from PolicyGroupEntity where policyid = '"+policyEntity.getPolicyId()+"'"; - List groupobject = controller.getDataByQuery(groupEntityquery); + String groupEntityquery = "from PolicyGroupEntity where policyid ='"+policyEntity.getPolicyId()+"'"; + SimpleBindings pgeParams = new SimpleBindings(); + List groupobject = controller.getDataByQuery(groupEntityquery, pgeParams); if(!groupobject.isEmpty()){ pdpCheck = true; activePolicyName = policyEntity.getScope() +"."+ policyEntity.getPolicyName(); @@ -1171,10 +1234,12 @@ public class PolicyManagerServlet extends HttpServlet { //Delete the entity from Policy Entity table controller.deleteData(policyEntity); if(policyNamewithoutExtension.contains("Config_")){ + Files.deleteIfExists(Paths.get(PolicyController.getConfigHome() + File.separator + policyEntity.getConfigurationData().getConfigurationName())); controller.deleteData(policyEntity.getConfigurationData()); }else if(policyNamewithoutExtension.contains("Action_")){ + Files.deleteIfExists(Paths.get(PolicyController.getActionHome() + File.separator + policyEntity.getActionBodyEntity().getActionBodyName())); controller.deleteData(policyEntity.getActionBodyEntity()); - } + } } } } @@ -1186,7 +1251,7 @@ public class PolicyManagerServlet extends HttpServlet { if(pdpCheck){ //Delete from policyVersion table String getActivePDPPolicyVersion = activePolicyName.replace(".xml", ""); - getActivePDPPolicyVersion = getActivePDPPolicyVersion.substring(getActivePDPPolicyVersion.lastIndexOf(".")+1); + getActivePDPPolicyVersion = getActivePDPPolicyVersion.substring(getActivePDPPolicyVersion.lastIndexOf('.')+1); String policyVersionQuery = "update PolicyVersion set active_version='"+getActivePDPPolicyVersion+"' , highest_version='"+getActivePDPPolicyVersion+"' where policy_name ='" +policyNamewithoutExtension.replace("\\", "\\\\")+"' and id >0"; if(policyVersionQuery != null){ controller.executeQuery(policyVersionQuery); @@ -1202,14 +1267,21 @@ public class PolicyManagerServlet extends HttpServlet { }else if("CURRENT".equals(deleteVersion)){ String currentVersionPolicyName = policyNamewithExtension.substring(policyNamewithExtension.lastIndexOf(File.separator)+1); String currentVersionScope = policyNamewithExtension.substring(0, policyNamewithExtension.lastIndexOf(File.separator)).replace(File.separator, "."); - query = "FROM PolicyEntity where policyName = '"+currentVersionPolicyName+"' and scope ='"+currentVersionScope+"'"; - List policyEntitys = controller.getDataByQuery(query); + query = "FROM PolicyEntity where policyName = :currentVersionPolicyName and scope = :currentVersionScope"; + + SimpleBindings peParams = new SimpleBindings(); + peParams.put("currentVersionPolicyName", currentVersionPolicyName); + peParams.put("currentVersionScope", currentVersionScope); + + List policyEntitys = controller.getDataByQuery(query, peParams); if(!policyEntitys.isEmpty()){ policyEntity = (PolicyEntity) policyEntitys.get(0); } if(policyEntity != null){ - String groupEntityquery = "from PolicyGroupEntity where policyid = '"+policyEntity.getPolicyId()+"' and policyid > 0"; - List groupobject = controller.getDataByQuery(groupEntityquery); + String groupEntityquery = "from PolicyGroupEntity where policyid = :policyEntityId and policyid > 0"; + SimpleBindings geParams = new SimpleBindings(); + geParams.put("policyEntityId", policyEntity.getPolicyId()); + List groupobject = controller.getDataByQuery(groupEntityquery, geParams); if(groupobject.isEmpty()){ //Delete the entity from Elastic Search Database String searchFileName = policyEntity.getScope() + "." + policyEntity.getPolicyName(); @@ -1217,18 +1289,20 @@ public class PolicyManagerServlet extends HttpServlet { //Delete the entity from Policy Entity table controller.deleteData(policyEntity); if(policyNamewithoutExtension.contains("Config_")){ + Files.deleteIfExists(Paths.get(PolicyController.getConfigHome() + File.separator + policyEntity.getConfigurationData().getConfigurationName())); controller.deleteData(policyEntity.getConfigurationData()); }else if(policyNamewithoutExtension.contains("Action_")){ + Files.deleteIfExists(Paths.get(PolicyController.getActionHome() + File.separator + policyEntity.getActionBodyEntity().getActionBodyName())); controller.deleteData(policyEntity.getActionBodyEntity()); } - + if(version > 1){ - int highestVersion = 0; + int highestVersion = 0; if(!policyEntityobjects.isEmpty()){ for(Object object : policyEntityobjects){ policyEntity = (PolicyEntity) object; String policyEntityName = policyEntity.getPolicyName().replace(".xml", ""); - int policyEntityVersion = Integer.parseInt(policyEntityName.substring(policyEntityName.lastIndexOf(".")+1)); + int policyEntityVersion = Integer.parseInt(policyEntityName.substring(policyEntityName.lastIndexOf('.')+1)); if(policyEntityVersion > highestVersion && policyEntityVersion != version){ highestVersion = policyEntityVersion; } @@ -1254,14 +1328,16 @@ public class PolicyManagerServlet extends HttpServlet { return error("Policy can't be deleted, it is active in PDP Groups. PolicyName: '"+policyEntity.getScope() + "." +policyEntity.getPolicyName()+"'"); } } - } + } }else{ List activePoliciesInPDP = new ArrayList(); if(!policyEntityobjects.isEmpty()){ for(Object object : policyEntityobjects){ policyEntity = (PolicyEntity) object; - String groupEntityquery = "from PolicyGroupEntity where policyid = '"+policyEntity.getPolicyId()+"'"; - List groupobject = controller.getDataByQuery(groupEntityquery); + String groupEntityquery = "from PolicyGroupEntity where policyid = :policyEntityId"; + SimpleBindings geParams = new SimpleBindings(); + geParams.put("policyEntityId", policyEntity.getPolicyId()); + List groupobject = controller.getDataByQuery(groupEntityquery, geParams); if(!groupobject.isEmpty()){ pdpCheck = true; activePoliciesInPDP.add(policyEntity.getScope()+"."+policyEntity.getPolicyName()); @@ -1273,8 +1349,10 @@ public class PolicyManagerServlet extends HttpServlet { controller.deleteData(policyEntity); policyNamewithoutExtension = policyEntity.getPolicyName(); if(policyNamewithoutExtension.contains("Config_")){ + Files.deleteIfExists(Paths.get(PolicyController.getConfigHome() + File.separator + policyEntity.getConfigurationData().getConfigurationName())); controller.deleteData(policyEntity.getConfigurationData()); }else if(policyNamewithoutExtension.contains("Action_")){ + Files.deleteIfExists(Paths.get(PolicyController.getActionHome() + File.separator + policyEntity.getActionBodyEntity().getActionBodyName())); controller.deleteData(policyEntity.getActionBodyEntity()); } } @@ -1282,7 +1360,7 @@ public class PolicyManagerServlet extends HttpServlet { //Delete from policyVersion and policyEditor Scope table String policyVersionQuery = "delete PolicyVersion where POLICY_NAME like '"+path.replace("\\", "\\\\")+"%' and id >0"; controller.executeQuery(policyVersionQuery); - + //Policy Notification PolicyVersion entity = new PolicyVersion(); entity.setPolicyName(path); @@ -1292,8 +1370,8 @@ public class PolicyManagerServlet extends HttpServlet { //Add Active Policies List to PolicyVersionTable for(int i =0; i < activePoliciesInPDP.size(); i++){ String activePDPPolicyName = activePoliciesInPDP.get(i).replace(".xml", ""); - int activePDPPolicyVersion = Integer.parseInt(activePDPPolicyName.substring(activePDPPolicyName.lastIndexOf(".")+1)); - activePDPPolicyName = activePDPPolicyName.substring(0, activePDPPolicyName.lastIndexOf(".")).replace(".", File.separator); + int activePDPPolicyVersion = Integer.parseInt(activePDPPolicyName.substring(activePDPPolicyName.lastIndexOf('.')+1)); + activePDPPolicyName = activePDPPolicyName.substring(0, activePDPPolicyName.lastIndexOf('.')).replace(".", File.separator); PolicyVersion insertactivePDPVersion = new PolicyVersion(); insertactivePDPVersion.setPolicyName(activePDPPolicyName); insertactivePDPVersion.setHigherVersion(activePDPPolicyVersion); @@ -1302,7 +1380,7 @@ public class PolicyManagerServlet extends HttpServlet { insertactivePDPVersion.setModifiedBy(userId); controller.saveData(insertactivePDPVersion); } - + return error("All the Policies has been deleted in Scope. Except the following list of Policies:"+activePoliciesInPDP); }else{ String policyScopeQuery = "delete PolicyEditorScopes where SCOPENAME like '"+path.replace("\\", "\\\\")+"%' and id >0"; @@ -1328,10 +1406,10 @@ public class PolicyManagerServlet extends HttpServlet { String mode = params.getString("mode"); String path = params.getString("path"); LOGGER.debug("editFile path: {}"+ path); - - String domain = path.substring(1, path.lastIndexOf("/")); + + String domain = path.substring(1, path.lastIndexOf('/')); domain = domain.replace("/", "."); - + path = path.substring(1); path = path.replace("/", "."); String dbCheckName = path; @@ -1342,16 +1420,24 @@ public class PolicyManagerServlet extends HttpServlet { }else if(dbCheckName.contains("Decision_")){ dbCheckName = dbCheckName.replace(".Decision_", ":Decision_"); } - + String[] split = dbCheckName.split(":"); - String query = "FROM PolicyEntity where policyName = '"+split[1]+"' and scope ='"+split[0]+"'"; - List queryData = controller.getDataByQuery(query); + String query = "FROM PolicyEntity where policyName = :split_1 and scope = :split_0"; + SimpleBindings peParams = new SimpleBindings(); + peParams.put("split_1", split[1]); + peParams.put("split_0", split[0]); + List queryData = null; + if(PolicyController.isjUnit()){ + queryData = controller.getDataByQuery(query, null); + }else{ + queryData = controller.getDataByQuery(query, peParams); + } PolicyEntity entity = (PolicyEntity) queryData.get(0); InputStream stream = new ByteArrayInputStream(entity.getPolicyData().getBytes(StandardCharsets.UTF_8)); Object policy = XACMLPolicyScanner.readPolicy(stream); - PolicyRestAdapter policyAdapter = new PolicyRestAdapter(); + PolicyRestAdapter policyAdapter = new PolicyRestAdapter(); policyAdapter.setData(policy); if("viewPolicy".equalsIgnoreCase(mode)){ @@ -1361,16 +1447,16 @@ public class PolicyManagerServlet extends HttpServlet { policyAdapter.setReadOnly(false); policyAdapter.setEditPolicy(true); } - policyAdapter.setDomain(domain); + policyAdapter.setDomainDir(domain); policyAdapter.setPolicyData(policy); String policyName = path.replace(".xml", ""); - policyName = policyName.substring(0, policyName.lastIndexOf(".")); - policyAdapter.setPolicyName(policyName.substring(policyName.lastIndexOf(".")+1)); + policyName = policyName.substring(0, policyName.lastIndexOf('.')); + policyAdapter.setPolicyName(policyName.substring(policyName.lastIndexOf('.')+1)); PolicyAdapter setpolicyAdapter = PolicyAdapter.getInstance(); setpolicyAdapter.configure(policyAdapter,entity); - + policyAdapter.setParentPath(null); ObjectMapper mapper = new ObjectMapper(); String json = mapper.writeValueAsString(policyAdapter); @@ -1397,7 +1483,7 @@ public class PolicyManagerServlet extends HttpServlet { } }else{ name = params.getString("name"); - } + } }catch(Exception e){ name = params.getString("name"); LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Exception Occured While Adding Scope"+e); @@ -1409,10 +1495,10 @@ public class PolicyManagerServlet extends HttpServlet { validateName = name; } if(!name.isEmpty()){ - String validate = PolicyUtils.emptyPolicyValidator(validateName); + String validate = PolicyUtils.policySpecialCharValidator(validateName); if(!validate.contains("success")){ return error(validate); - } + } } LOGGER.debug("addFolder path: {} name: {}" + path +name); if(!name.equals("")){ @@ -1427,7 +1513,7 @@ public class PolicyManagerServlet extends HttpServlet { newScope.setScopeName(name); newScope.setUserCreatedBy(userInfo); newScope.setUserModifiedBy(userInfo); - controller.saveData(newScope); + controller.saveData(newScope); }else{ return error("Scope Already Exists"); } @@ -1462,7 +1548,7 @@ public class PolicyManagerServlet extends HttpServlet { throw new ServletException(e); } } - + private PolicyController getPolicyControllerInstance(){ return policyController != null ? getPolicyController() : new PolicyController(); } @@ -1474,4 +1560,4 @@ public class PolicyManagerServlet extends HttpServlet { public static void setTestUserId(String testUserId) { PolicyManagerServlet.testUserId = testUserId; } -} \ No newline at end of file +}