X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-prov%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fprovisioning%2FDRFeedsServlet.java;h=86e0268d55c9efded17bb2ae8e45c36d94fb403d;hb=b60213dc26540543f500b3442b061565907c3cf8;hp=28b2a3ca9bdeae333cf579a946ae8f4172186b9d;hpb=14b8d9552808063686e0c22760cec6e35b960b59;p=dmaap%2Fdatarouter.git diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java index 28b2a3ca..86e0268d 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java @@ -24,13 +24,8 @@ package org.onap.dmaap.datarouter.provisioning; -import java.io.IOException; -import java.io.InvalidObjectException; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; import org.json.JSONObject; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; @@ -38,8 +33,11 @@ import org.onap.dmaap.datarouter.provisioning.beans.Feed; import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs; import org.onap.dmaap.datarouter.provisioning.utils.JSONUtilities; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.util.List; import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError; @@ -54,8 +52,8 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send public class DRFeedsServlet extends ProxyServlet { //Adding EELF Logger Rally:US664892 - private static EELFLogger eelflogger = EELFManager.getInstance() - .getLogger(DRFeedsServlet.class); + private static EELFLogger eelfLogger = EELFManager.getInstance() + .getLogger(DRFeedsServlet.class); /** * DELETE on the <drFeedsURL> -- not supported. @@ -63,17 +61,17 @@ public class DRFeedsServlet extends ProxyServlet { @Override public void doDelete(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); String message = "DELETE not allowed for the drFeedsURL."; EventLogRecord elr = new EventLogRecord(req); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger); } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } @@ -84,15 +82,15 @@ public class DRFeedsServlet extends ProxyServlet { @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doGet", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); EventLogRecord elr = new EventLogRecord(req); String message = isAuthorizedForProvisioning(req); if (message != null) { elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -105,17 +103,17 @@ public class DRFeedsServlet extends ProxyServlet { message = "Missing " + BEHALF_HEADER + " header."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - String path = req - .getRequestURI(); // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?) + // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?) + String path = req.getRequestURI(); if (path != null && !path.equals("/")) { message = "Bad URL."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } @@ -125,7 +123,7 @@ public class DRFeedsServlet extends ProxyServlet { message = "Policy Engine disallows access."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -141,12 +139,12 @@ public class DRFeedsServlet extends ProxyServlet { message = "This feed does not exist in the database."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); } else { // send response elr.setResult(HttpServletResponse.SC_OK); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType(FEEDFULL_CONTENT_TYPE); try { @@ -170,7 +168,7 @@ public class DRFeedsServlet extends ProxyServlet { String t = JSONUtilities.createJSONArray(list); // send response elr.setResult(HttpServletResponse.SC_OK); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType(FEEDLIST_CONTENT_TYPE); try { @@ -180,7 +178,7 @@ public class DRFeedsServlet extends ProxyServlet { } } } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } @@ -190,17 +188,17 @@ public class DRFeedsServlet extends ProxyServlet { @Override public void doPut(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doPut", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); String message = "PUT not allowed for the drFeedsURL."; EventLogRecord elr = new EventLogRecord(req); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger); } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } @@ -211,15 +209,15 @@ public class DRFeedsServlet extends ProxyServlet { @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doPost", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); EventLogRecord elr = new EventLogRecord(req); String message = isAuthorizedForProvisioning(req); if (message != null) { elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -232,17 +230,17 @@ public class DRFeedsServlet extends ProxyServlet { message = "Missing " + BEHALF_HEADER + " header."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - String path = req - .getRequestURI(); // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?) + // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?) + String path = req.getRequestURI(); if (path != null && !path.equals("/")) { message = "Bad URL."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } @@ -253,26 +251,16 @@ public class DRFeedsServlet extends ProxyServlet { message = "Incorrect content-type"; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger); return; } - // Check with the Authorizer - AuthorizationResponse aresp = authz.decide(req); - if (!aresp.isAuthorized()) { - message = "Policy Engine disallows access."; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } JSONObject jo = getJSONfromInput(req); if (jo == null) { message = "Badly formed JSON"; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -284,22 +272,76 @@ public class DRFeedsServlet extends ProxyServlet { message = "Cannot create feed; the maximum number of feeds has been configured."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_CONFLICT); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_CONFLICT, message, eventlogger); return; } - Feed feed = null; + Feed feed; try { feed = new Feed(jo); } catch (InvalidObjectException e) { message = e.getMessage(); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - feed.setPublisher(bhdr); // set from X-ATT-DR-ON-BEHALF-OF header + + /* + * START - AAF changes + * TDP EPIC US# 307413 + * CADI code - No legacy user check as all new users will be AAF users + */ + String aafInstance = feed.getAafInstance(); + if (Boolean.parseBoolean(isCadiEnabled)) { + if ((aafInstance == null || aafInstance.equals("") || (aafInstance.equalsIgnoreCase("legacy")) && req.getHeader(EXCLUDE_AAF_HEADER).equalsIgnoreCase("true"))) { + // Check with the Authorizer + AuthorizationResponse aresp = authz.decide(req); + if (!aresp.isAuthorized()) { + message = "Policy Engine disallows access."; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } else { + if (req.getHeader(EXCLUDE_AAF_HEADER).equalsIgnoreCase("true")) { + message = "DRFeedsServlet.doPost() -Invalid request exclude_AAF should not be true if passing AAF_Instance value= " + aafInstance; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + String permission = getFeedPermission(aafInstance, BaseServlet.CREATE_PERMISSION); + eventlogger.info("DRFeedsServlet.doPost().. Permission String - " + permission); + if (!req.isUserInRole(permission)) { + message = "AAF disallows access to permission - " + permission; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } + } else { + AuthorizationResponse aresp = authz.decide(req); + if (!aresp.isAuthorized()) { + message = "Policy Engine disallows access."; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } + /* + * END - AAF changes + */ + + feed.setPublisher(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header // Check if this feed already exists Feed feed2 = Feed.getFeedByNameVersion(feed.getName(), feed.getVersion()); @@ -307,7 +349,7 @@ public class DRFeedsServlet extends ProxyServlet { message = "This feed already exists in the database."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -316,7 +358,7 @@ public class DRFeedsServlet extends ProxyServlet { if (doInsert(feed)) { // send response elr.setResult(HttpServletResponse.SC_CREATED); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_CREATED); resp.setContentType(FEEDFULL_CONTENT_TYPE); resp.setHeader("Location", feed.getLinks().getSelf()); @@ -329,11 +371,11 @@ public class DRFeedsServlet extends ProxyServlet { } else { // Something went wrong with the INSERT elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger); } } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } }