X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-prov%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fprovisioning%2FFeedServlet.java;h=3cbaac3ce91b7ac7142d7948263e222cf914ad12;hb=b60213dc26540543f500b3442b061565907c3cf8;hp=e64f2c6938de4d4cb11e6597cb5c2b9c993027a5;hpb=ee6fa61e2cd7df99891092709765235b6166a041;p=dmaap%2Fdatarouter.git diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java index e64f2c69..3cbaac3c 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java @@ -54,7 +54,7 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send public class FeedServlet extends ProxyServlet { //Adding EELF Logger Rally:US664892 - private static EELFLogger eelflogger = EELFManager.getInstance().getLogger(FeedServlet.class); + private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(FeedServlet.class); /** * Delete the Feed at the address /feed/<feednumber>. @@ -64,15 +64,15 @@ public class FeedServlet extends ProxyServlet { @Override public void doDelete(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+""); EventLogRecord elr = new EventLogRecord(req); String message = isAuthorizedForProvisioning(req); if (message != null) { elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -85,7 +85,7 @@ public class FeedServlet extends ProxyServlet { message = "Missing "+BEHALF_HEADER+" header."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -94,7 +94,7 @@ public class FeedServlet extends ProxyServlet { message = "Missing or bad feed number."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -103,38 +103,58 @@ public class FeedServlet extends ProxyServlet { message = "Missing or bad feed number."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } - // Check with the Authorizer - AuthorizationResponse aresp = authz.decide(req); - if (! aresp.isAuthorized()) { - message = "Policy Engine disallows access."; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; + /* + * START - AAF changes + * TDP EPIC US# 307413 + * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove feed + */ + String aafInstance = feed.getAafInstance(); + if (aafInstance == null || aafInstance.equals("") || aafInstance.equalsIgnoreCase("legacy")) { + AuthorizationResponse aresp = authz.decide(req); + if (! aresp.isAuthorized()) { + message = "Policy Engine disallows access."; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } else { + String permission = getFeedPermission(aafInstance, BaseServlet.DELETE_PERMISSION); + eventlogger.info("FeedServlet.doDelete().. Permission String - " + permission); + if (!req.isUserInRole(permission)) { + message = "AAF disallows access to permission - " + permission; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } } - + /* + * END - AAF changes + */ // Delete FEED table entry (set DELETED flag) feed.setDeleted(true); if (doUpdate(feed)) { activeFeeds--; // send response elr.setResult(HttpServletResponse.SC_NO_CONTENT); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_NO_CONTENT); provisioningDataChanged(); } else { // Something went wrong with the UPDATE elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger); } } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } /** @@ -145,15 +165,15 @@ public class FeedServlet extends ProxyServlet { @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doGet", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+""); EventLogRecord elr = new EventLogRecord(req); String message = isAuthorizedForProvisioning(req); if (message != null) { elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -166,7 +186,7 @@ public class FeedServlet extends ProxyServlet { message = "Missing "+BEHALF_HEADER+" header."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -175,7 +195,7 @@ public class FeedServlet extends ProxyServlet { message = "Missing or bad feed number."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -184,7 +204,7 @@ public class FeedServlet extends ProxyServlet { message = "Missing or bad feed number."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } @@ -194,14 +214,14 @@ public class FeedServlet extends ProxyServlet { message = "Policy Engine disallows access."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } // send response elr.setResult(HttpServletResponse.SC_OK); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType(FEEDFULL_CONTENT_TYPE); try { @@ -210,7 +230,7 @@ public class FeedServlet extends ProxyServlet { eventlogger.error("IOException" + ioe.getMessage()); } } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } /** @@ -221,15 +241,15 @@ public class FeedServlet extends ProxyServlet { @Override public void doPut(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doPut", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER),getIdFromPath(req)+""); EventLogRecord elr = new EventLogRecord(req); String message = isAuthorizedForProvisioning(req); if (message != null) { elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -242,7 +262,7 @@ public class FeedServlet extends ProxyServlet { message = "Missing "+BEHALF_HEADER+" header."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -251,7 +271,7 @@ public class FeedServlet extends ProxyServlet { message = "Missing or bad feed number."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -260,7 +280,7 @@ public class FeedServlet extends ProxyServlet { message = "Missing or bad feed number."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } @@ -271,7 +291,7 @@ public class FeedServlet extends ProxyServlet { message = "Incorrect content-type"; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger); return; } @@ -280,20 +300,20 @@ public class FeedServlet extends ProxyServlet { message = "Badly formed JSON"; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } if (intlogger.isDebugEnabled()) intlogger.debug(jo.toString()); - Feed feed = null; + Feed feed; try { feed = new Feed(jo); } catch (InvalidObjectException e) { message = e.getMessage(); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -305,7 +325,7 @@ public class FeedServlet extends ProxyServlet { message = "This feed must be modified by the same publisher that created it."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } @@ -313,34 +333,60 @@ public class FeedServlet extends ProxyServlet { message = "The name of the feed may not be updated."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - if (!oldFeed.getVersion().equals(feed.getVersion())) { - message = "The version of the feed may not be updated."; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); - sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); - return; + // US DSCDR-19 for DCAE if version is not null, version can't be changed + if ((oldFeed.getVersion() != null) && (feed.getVersion() != null)) { + if (!oldFeed.getVersion().equals(feed.getVersion())) { + message = "The version of the feed may not be updated."; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_BAD_REQUEST); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); + return; + } } - // Check with the Authorizer - AuthorizationResponse aresp = authz.decide(req); - if (! aresp.isAuthorized()) { - message = "Policy Engine disallows access."; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; + + /* + * START - AAF changes + * TDP EPIC US# 307413 + * CADI code - check on permissions based on Legacy/AAF users to allow feed edit/update/modify + */ + String aafInstance = feed.getAafInstance(); + if (aafInstance == null || aafInstance.equals("") || aafInstance.equalsIgnoreCase("legacy")) { + // Check with the Authorizer + AuthorizationResponse aresp = authz.decide(req); + if (!aresp.isAuthorized()) { + message = "Policy Engine disallows access."; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } else { + String permission = getFeedPermission(aafInstance, BaseServlet.EDIT_PERMISSION); + eventlogger.info("FeedServlet.doPut().. Permission String - " + permission); + if (!req.isUserInRole(permission)) { + message = "AAF disallows access to permission - " + permission; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } } + /* + * END - AAF changes + */ // Update FEEDS table entries if (doUpdate(feed)) { // send response elr.setResult(HttpServletResponse.SC_OK); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType(FEEDFULL_CONTENT_TYPE); try { @@ -368,11 +414,11 @@ public class FeedServlet extends ProxyServlet { } else { // Something went wrong with the UPDATE elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger); } } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } /** @@ -381,17 +427,17 @@ public class FeedServlet extends ProxyServlet { @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doPost", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); String message = "POST not allowed for the feedURL."; EventLogRecord elr = new EventLogRecord(req); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger); } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } }