X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-prov%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fprovisioning%2FDRFeedsServlet.java;h=eada48628fa7adef58adfecf04c99bd4a4932b3e;hb=0ad65c47b4fbddd5d1b653c5e38dcdf84884de9f;hp=895eba08c484e03d1f01a5584e54c63b41e04238;hpb=ee6fa61e2cd7df99891092709765235b6166a041;p=dmaap%2Fdatarouter.git diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java index 895eba08..eada4862 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java @@ -24,13 +24,15 @@ package org.onap.dmaap.datarouter.provisioning; +import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; import java.io.IOException; import java.io.InvalidObjectException; import java.util.List; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.json.JSONObject; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; @@ -38,10 +40,7 @@ import org.onap.dmaap.datarouter.provisioning.beans.Feed; import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs; import org.onap.dmaap.datarouter.provisioning.utils.JSONUtilities; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; -import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError; /** * This servlet handles provisioning for the <drFeedsURL> which is the URL on the provisioning server used to @@ -54,8 +53,8 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send public class DRFeedsServlet extends ProxyServlet { //Adding EELF Logger Rally:US664892 - private static EELFLogger eelflogger = EELFManager.getInstance() - .getLogger(DRFeedsServlet.class); + private static EELFLogger eelfLogger = EELFManager.getInstance() + .getLogger(DRFeedsServlet.class); /** * DELETE on the <drFeedsURL> -- not supported. @@ -63,17 +62,18 @@ public class DRFeedsServlet extends ProxyServlet { @Override public void doDelete(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, + req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); String message = "DELETE not allowed for the drFeedsURL."; EventLogRecord elr = new EventLogRecord(req); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger); } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } @@ -84,15 +84,16 @@ public class DRFeedsServlet extends ProxyServlet { @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doGet", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, + req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); EventLogRecord elr = new EventLogRecord(req); String message = isAuthorizedForProvisioning(req); if (message != null) { elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -105,27 +106,27 @@ public class DRFeedsServlet extends ProxyServlet { message = "Missing " + BEHALF_HEADER + " header."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - String path = req - .getRequestURI(); // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?) - if (path != null && !path.equals("/")) { - message = "Bad URL."; + // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?) + String path = req.getRequestURI(); + if (path != null && !"/".equals(path)) { + message = BAD_URL; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } // Check with the Authorizer AuthorizationResponse aresp = authz.decide(req); if (!aresp.isAuthorized()) { - message = "Policy Engine disallows access."; + message = POLICY_ENGINE; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -141,18 +142,18 @@ public class DRFeedsServlet extends ProxyServlet { message = "This feed does not exist in the database."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); } else { // send response elr.setResult(HttpServletResponse.SC_OK); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType(FEEDFULL_CONTENT_TYPE); try { resp.getOutputStream().print(feed.asJSONObject(true).toString()); } catch (IOException ioe) { - eventlogger.error("IOException" + ioe.getMessage()); + eventlogger.error("PROV0111 DRFeedServlet.doGet " + ioe.getMessage(), ioe); } } } else { @@ -167,20 +168,20 @@ public class DRFeedsServlet extends ProxyServlet { } else { list = Feed.getFilteredFeedUrlList("all", null); } - String t = JSONUtilities.createJSONArray(list); + String strList = JSONUtilities.createJSONArray(list); // send response elr.setResult(HttpServletResponse.SC_OK); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType(FEEDLIST_CONTENT_TYPE); try { - resp.getOutputStream().print(t); + resp.getOutputStream().print(strList); } catch (IOException ioe) { - eventlogger.error("IOException" + ioe.getMessage()); + eventlogger.error("PROV0112 DRFeedServlet.doGet " + ioe.getMessage(), ioe); } } } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } @@ -190,17 +191,18 @@ public class DRFeedsServlet extends ProxyServlet { @Override public void doPut(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doPut", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, + req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); String message = "PUT not allowed for the drFeedsURL."; EventLogRecord elr = new EventLogRecord(req); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger); } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } @@ -211,15 +213,15 @@ public class DRFeedsServlet extends ProxyServlet { @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doPost", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); EventLogRecord elr = new EventLogRecord(req); String message = isAuthorizedForProvisioning(req); if (message != null) { elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -232,73 +234,116 @@ public class DRFeedsServlet extends ProxyServlet { message = "Missing " + BEHALF_HEADER + " header."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - String path = req - .getRequestURI(); // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?) - if (path != null && !path.equals("/")) { - message = "Bad URL."; + // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?) + String path = req.getRequestURI(); + if (path != null && !"/".equals(path)) { + message = BAD_URL; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } // check content type is FEED_CONTENT_TYPE, version 1.0 ContentHeader ch = getContentHeader(req); String ver = ch.getAttribute("version"); - if (!ch.getType().equals(FEED_BASECONTENT_TYPE) || !(ver.equals("1.0") || ver.equals("2.0"))) { + if (!ch.getType().equals(FEED_BASECONTENT_TYPE) || !("1.0".equals(ver) || "2.0".equals(ver))) { message = "Incorrect content-type"; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger); return; } - // Check with the Authorizer - AuthorizationResponse aresp = authz.decide(req); - if (!aresp.isAuthorized()) { - message = "Policy Engine disallows access."; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } JSONObject jo = getJSONfromInput(req); if (jo == null) { - message = "Badly formed JSON"; + message = BAD_JSON; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - if (intlogger.isDebugEnabled()) { - intlogger.debug(jo.toString()); - } if (++activeFeeds > maxFeeds) { activeFeeds--; message = "Cannot create feed; the maximum number of feeds has been configured."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_CONFLICT); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_CONFLICT, message, eventlogger); return; } - Feed feed = null; + Feed feed; try { feed = new Feed(jo); } catch (InvalidObjectException e) { message = e.getMessage(); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString(), e); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } + + /* + * START - AAF changes + * TDP EPIC US# 307413 + * CADI code - No legacy user check as all new users will be AAF users + */ + String aafInstance = feed.getAafInstance(); + if (Boolean.parseBoolean(isCadiEnabled)) { + if ((aafInstance == null || "".equals(aafInstance) || ("legacy".equalsIgnoreCase(aafInstance)) + && "true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER)))) { + // Check with the Authorizer + AuthorizationResponse aresp = authz.decide(req); + if (!aresp.isAuthorized()) { + message = POLICY_ENGINE; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } else { + if ("true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER))) { + message = "DRFeedsServlet.doPost() -Invalid request exclude_AAF should not be true if passing " + + "AAF_Instance value= " + aafInstance; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + String permission = getFeedPermission(aafInstance, BaseServlet.CREATE_PERMISSION); + eventlogger.info("DRFeedsServlet.doPost().. Permission String - " + permission); + if (!req.isUserInRole(permission)) { + message = "AAF disallows access to permission - " + permission; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } + } else { + AuthorizationResponse aresp = authz.decide(req); + if (!aresp.isAuthorized()) { + message = POLICY_ENGINE; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } + /* + * END - AAF changes + */ + feed.setPublisher(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header // Check if this feed already exists @@ -307,7 +352,7 @@ public class DRFeedsServlet extends ProxyServlet { message = "This feed already exists in the database."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -316,24 +361,24 @@ public class DRFeedsServlet extends ProxyServlet { if (doInsert(feed)) { // send response elr.setResult(HttpServletResponse.SC_CREATED); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_CREATED); resp.setContentType(FEEDFULL_CONTENT_TYPE); resp.setHeader("Location", feed.getLinks().getSelf()); try { resp.getOutputStream().print(feed.asLimitedJSONObject().toString()); } catch (IOException ioe) { - eventlogger.error("IOException" + ioe.getMessage()); + eventlogger.error("PROV0113 DRFeedServlet.doPost " + ioe.getMessage(), ioe); } provisioningDataChanged(); } else { // Something went wrong with the INSERT elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger); } } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } }