X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-prov%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fprovisioning%2FSubscribeServlet.java;h=fa4a24ffc04752c348d56f2687782ba997f30f52;hb=0ad65c47b4fbddd5d1b653c5e38dcdf84884de9f;hp=2127f004909df3068943876fcb35cd19045ca526;hpb=ee6fa61e2cd7df99891092709765235b6166a041;p=dmaap%2Fdatarouter.git diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java index 2127f004..fa4a24ff 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java @@ -24,13 +24,15 @@ package org.onap.dmaap.datarouter.provisioning; +import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; import java.io.IOException; import java.io.InvalidObjectException; import java.util.Collection; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.json.JSONObject; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; @@ -39,10 +41,6 @@ import org.onap.dmaap.datarouter.provisioning.beans.Subscription; import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs; import org.onap.dmaap.datarouter.provisioning.utils.JSONUtilities; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError; /** * This servlet handles provisioning for the <subscribeURL> which is generated by the provisioning server to @@ -52,10 +50,11 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send * @version $Id$ */ @SuppressWarnings("serial") + public class SubscribeServlet extends ProxyServlet { //Adding EELF Logger Rally:US664892 - private static EELFLogger eelflogger = EELFManager.getInstance() + private static EELFLogger eelfLogger = EELFManager.getInstance() .getLogger(SubscribeServlet.class); /** @@ -64,17 +63,18 @@ public class SubscribeServlet extends ProxyServlet { @Override public void doDelete(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, + req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); String message = "DELETE not allowed for the subscribeURL."; EventLogRecord elr = new EventLogRecord(req); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger); } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } @@ -85,15 +85,16 @@ public class SubscribeServlet extends ProxyServlet { @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doGet", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, + req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); EventLogRecord elr = new EventLogRecord(req); String message = isAuthorizedForProvisioning(req); if (message != null) { elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -106,55 +107,44 @@ public class SubscribeServlet extends ProxyServlet { message = "Missing " + BEHALF_HEADER + " header."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } int feedid = getIdFromPath(req); if (feedid < 0) { - message = "Missing or bad feed number."; + message = MISSING_FEED; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } Feed feed = Feed.getFeedById(feedid); if (feed == null || feed.isDeleted()) { - message = "Missing or bad feed number."; + message = MISSING_FEED; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } - // Check with the Authorizer - AuthorizationResponse aresp = authz.decide(req); - if (!aresp.isAuthorized()) { - message = "Policy Engine disallows access."; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - // Display a list of URLs Collection list = Subscription.getSubscriptionUrlList(feedid); - String t = JSONUtilities.createJSONArray(list); + String strList = JSONUtilities.createJSONArray(list); // send response elr.setResult(HttpServletResponse.SC_OK); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType(SUBLIST_CONTENT_TYPE); try { - resp.getOutputStream().print(t); + resp.getOutputStream().print(strList); } catch (IOException ioe) { - eventlogger.error("IOException: " + ioe.getMessage()); + eventlogger.error("PROV0181 SubscribeServlet.doGet: " + ioe.getMessage(), ioe); } } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } @@ -164,17 +154,18 @@ public class SubscribeServlet extends ProxyServlet { @Override public void doPut(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doPut", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, + req.getHeader(BEHALF_HEADER), getIdFromPath(req) + ""); String message = "PUT not allowed for the subscribeURL."; EventLogRecord elr = new EventLogRecord(req); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger); } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } @@ -185,15 +176,15 @@ public class SubscribeServlet extends ProxyServlet { @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) { setIpFqdnRequestIDandInvocationIDForEelf("doPost", req); - eelflogger.info(EelfMsgs.ENTRY); + eelfLogger.info(EelfMsgs.ENTRY); try { - eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); + eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER)); EventLogRecord elr = new EventLogRecord(req); String message = isAuthorizedForProvisioning(req); if (message != null) { elr.setMessage(message); elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); return; } @@ -206,73 +197,59 @@ public class SubscribeServlet extends ProxyServlet { message = "Missing " + BEHALF_HEADER + " header."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } int feedid = getIdFromPath(req); if (feedid < 0) { - message = "Missing or bad feed number."; + message = MISSING_FEED; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } Feed feed = Feed.getFeedById(feedid); if (feed == null || feed.isDeleted()) { - message = "Missing or bad feed number."; + message = MISSING_FEED; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } - // Check with the Authorizer - AuthorizationResponse aresp = authz.decide(req); - if (!aresp.isAuthorized()) { - message = "Policy Engine disallows access."; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.info(elr); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - // check content type is SUB_CONTENT_TYPE, version 1.0 ContentHeader ch = getContentHeader(req); String ver = ch.getAttribute("version"); - if (!ch.getType().equals(SUB_BASECONTENT_TYPE) || !(ver.equals("1.0") || ver.equals("2.0"))) { + if (!ch.getType().equals(SUB_BASECONTENT_TYPE) || !("1.0".equals(ver) || "2.0".equals(ver))) { intlogger.debug("Content-type is: " + req.getHeader("Content-Type")); message = "Incorrect content-type"; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger); return; } JSONObject jo = getJSONfromInput(req); if (jo == null) { - message = "Badly formed JSON"; + message = BAD_JSON; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - if (intlogger.isDebugEnabled()) { - intlogger.debug(jo.toString()); - } if (++activeSubs > maxSubs) { activeSubs--; message = "Cannot create subscription; the maximum number of subscriptions has been configured."; elr.setMessage(message); elr.setResult(HttpServletResponse.SC_CONFLICT); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_CONFLICT, message, eventlogger); return; } - Subscription sub = null; + Subscription sub; try { sub = new Subscription(jo); } catch (InvalidObjectException e) { @@ -280,33 +257,92 @@ public class SubscribeServlet extends ProxyServlet { message = e.getMessage(); elr.setMessage(message); elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.info(elr); + eventlogger.error(elr.toString(), e); sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } sub.setFeedid(feedid); sub.setSubscriber(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header + /* + * START - AAF changes + * TDP EPIC US# 307413 + * CADI code - check on permissions based on Legacy/AAF users to allow to create/add subscription + */ + String feedAafInstance = feed.getAafInstance(); + String subAafInstance = sub.getAafInstance(); + boolean subAafLegacyEmptyOrNull = (subAafInstance == null + || "".equals(subAafInstance) || "legacy".equalsIgnoreCase(subAafInstance)); + // This extra check added to verify AAF feed with AAF subscriber having empty aaf instance check + if (feedAafInstance == null || "".equals(feedAafInstance) || "legacy".equalsIgnoreCase(feedAafInstance)) { + if (subAafLegacyEmptyOrNull) { + AuthorizationResponse aresp = authz.decide(req); + if (!aresp.isAuthorized()) { + message = POLICY_ENGINE; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } else { + //If Legacy Feed and AAF instance provided in Subscriber JSON + message = "AAF Subscriber can not be added to legacy Feed- " + feedid; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } else { + //New AAF Requirement to add legacy subscriber to AAF Feed + if (subAafLegacyEmptyOrNull) { + AuthorizationResponse aresp = authz.decide(req); + if (!aresp.isAuthorized()) { + message = POLICY_ENGINE; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } else { + //New AAF Requirement to add subscriber by publisher on publisher approval only + String permission = getSubscriberPermission(subAafInstance, BaseServlet.APPROVE_SUB_PERMISSION); + eventlogger.info("SubscribeServlet.doPost().. Permission String - " + permission); + if (!req.isUserInRole(permission)) { + message = "AAF disallows access to permission - " + permission; + elr.setMessage(message); + elr.setResult(HttpServletResponse.SC_FORBIDDEN); + eventlogger.error(elr.toString()); + sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); + return; + } + } + } + /* + * END - AAF changes + */ // Check if this subscription already exists; not an error (yet), just warn Subscription sub2 = Subscription.getSubscriptionMatching(sub); if (sub2 != null) { intlogger.warn( - "PROV0011 Creating a duplicate subscription: new subid=" + sub.getSubid() + ", old subid=" + sub2 - .getSubid()); + "PROV0011 Creating a duplicate subscription: new subid=" + + sub.getSubid() + ", old subid=" + sub2.getSubid()); } // Create SUBSCRIPTIONS table entries if (doInsert(sub)) { // send response elr.setResult(HttpServletResponse.SC_CREATED); - eventlogger.info(elr); + eventlogger.info(elr.toString()); resp.setStatus(HttpServletResponse.SC_CREATED); resp.setContentType(SUBFULL_CONTENT_TYPE); resp.setHeader("Location", sub.getLinks().getSelf()); try { resp.getOutputStream().print(sub.asLimitedJSONObject().toString()); } catch (IOException ioe) { - eventlogger.error("IOException: " + ioe.getMessage()); + eventlogger.error("PROV0182 SubscribeServlet.doPost: " + ioe.getMessage(), ioe); } provisioningDataChanged(); @@ -314,11 +350,11 @@ public class SubscribeServlet extends ProxyServlet { // Something went wrong with the INSERT activeSubs--; elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - eventlogger.info(elr); + eventlogger.error(elr.toString()); sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger); } } finally { - eelflogger.info(EelfMsgs.EXIT); + eelfLogger.info(EelfMsgs.EXIT); } } }