From: Ram Koya Date: Tue, 14 Aug 2018 20:20:32 +0000 (+0000) Subject: Merge "remove the policy and security issue dependencies" X-Git-Tag: 1.0.1~85 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=f20d316c4a4d8666f93be0a654dd042c6d0ac835;hp=8cbe8a88bc6dfe8673a33a017fe6a5a3e7ce86c3;p=dmaap%2Fdatarouter.git Merge "remove the policy and security issue dependencies" --- diff --git a/datarouter-node/pom.xml b/datarouter-node/pom.xml index abd81afa..fb28724f 100755 --- a/datarouter-node/pom.xml +++ b/datarouter-node/pom.xml @@ -86,52 +86,52 @@ org.eclipse.jetty jetty-server - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-continuation - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-util - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-deploy - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-servlet - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-servlets - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-http - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-security - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-websocket - 7.6.14.v20131031 + ${jetty.websocket.version} org.eclipse.jetty jetty-io - 7.6.14.v20131031 + ${jetty.version} org.apache.commons diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java index d7650030..b9cdb541 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java @@ -21,14 +21,12 @@ * * ******************************************************************************/ - package org.onap.dmaap.datarouter.node; +import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.servlet.*; import org.eclipse.jetty.util.ssl.*; import org.eclipse.jetty.server.*; -import org.eclipse.jetty.server.nio.*; -import org.eclipse.jetty.server.ssl.*; import org.apache.log4j.Logger; /** @@ -43,7 +41,7 @@ public class NodeMain { private static class wfconfig implements Runnable { private NodeConfigManager ncm; - public wfconfig(NodeConfigManager ncm) { + wfconfig(NodeConfigManager ncm) { this.ncm = ncm; } @@ -51,13 +49,14 @@ public class NodeMain { notify(); } - public synchronized void waitforconfig() { + synchronized void waitforconfig() { ncm.registerConfigTask(this); while (!ncm.isConfigured()) { logger.info("NODE0003 Waiting for Node Configuration"); try { wait(); } catch (Exception e) { + logger.debug("NodeMain: waitforconfig exception"); } } ncm.deregisterConfigTask(this); @@ -71,7 +70,7 @@ public class NodeMain { /** * Reset the retry timer for a subscription */ - public static void resetQueue(String subid, String ip) { + static void resetQueue(String subid, String ip) { d.resetQueue(ncm.getSpoolDir(subid, ip)); } @@ -91,25 +90,37 @@ public class NodeMain { d = new Delivery(ncm); LogManager lm = new LogManager(ncm); Server server = new Server(); - SelectChannelConnector http = new SelectChannelConnector(); + + // HTTP configuration + HttpConfiguration http_config = new HttpConfiguration(); + http_config.setIdleTimeout(2000); + http_config.setRequestHeaderSize(2048); + + ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config)); http.setPort(ncm.getHttpPort()); - http.setMaxIdleTime(2000); - http.setRequestHeaderSize(2048); - SslSelectChannelConnector https = new SslSelectChannelConnector(); + + // HTTPS configuration + SslContextFactory sslContextFactory = new SslContextFactory(); + sslContextFactory.setKeyStoreType(ncm.getKSType()); + sslContextFactory.setKeyStorePath(ncm.getKSFile()); + sslContextFactory.setKeyStorePassword(ncm.getKSPass()); + sslContextFactory.setKeyManagerPassword(ncm.getKPass()); + + HttpConfiguration https_config = new HttpConfiguration(http_config); + https_config.setRequestHeaderSize(8192); + + ServerConnector https = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(https_config)); https.setPort(ncm.getHttpsPort()); - https.setMaxIdleTime(30000); - https.setRequestHeaderSize(8192); - SslContextFactory cf = https.getSslContextFactory(); - - /**Skip SSLv3 Fixes*/ - cf.addExcludeProtocols("SSLv3"); - logger.info("Excluded protocols node-" + cf.getExcludeProtocols()); - /**End of SSLv3 Fixes*/ - - cf.setKeyStoreType(ncm.getKSType()); - cf.setKeyStorePath(ncm.getKSFile()); - cf.setKeyStorePassword(ncm.getKSPass()); - cf.setKeyManagerPassword(ncm.getKPass()); + https.setIdleTimeout(500000); + https.setAcceptQueueSize(2); + + /* Skip SSLv3 Fixes */ + sslContextFactory.addExcludeProtocols("SSLv3"); + logger.info("Excluded protocols node-" + sslContextFactory.getExcludeProtocols()); + /* End of SSLv3 Fixes */ + server.setConnectors(new Connector[]{http, https}); ServletContextHandler ctxt = new ServletContextHandler(0); ctxt.setContextPath("/"); diff --git a/datarouter-prov/pom.xml b/datarouter-prov/pom.xml index 8e187905..a0650a02 100755 --- a/datarouter-prov/pom.xml +++ b/datarouter-prov/pom.xml @@ -82,52 +82,52 @@ org.eclipse.jetty jetty-server - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-continuation - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-util - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-deploy - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-servlet - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-servlets - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-http - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-security - 7.6.14.v20131031 + ${jetty.version} org.eclipse.jetty jetty-websocket - 7.6.14.v20131031 + ${jetty.websocket.version} org.eclipse.jetty jetty-io - 7.6.14.v20131031 + ${jetty.version} org.apache.commons diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java index abcd76cd..60496e56 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java @@ -1,249 +1,267 @@ -/******************************************************************************* - * ============LICENSE_START================================================== - * * org.onap.dmaap - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ - - -package org.onap.dmaap.datarouter.provisioning; - -import java.security.Security; -import java.util.Properties; -import java.util.Timer; - -import org.apache.log4j.Logger; -import org.eclipse.jetty.server.Connector; -import org.eclipse.jetty.server.Handler; -import org.eclipse.jetty.server.NCSARequestLog; -import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.server.handler.ContextHandlerCollection; -import org.eclipse.jetty.server.handler.DefaultHandler; -import org.eclipse.jetty.server.handler.HandlerCollection; -import org.eclipse.jetty.server.handler.RequestLogHandler; -import org.eclipse.jetty.server.nio.SelectChannelConnector; -import org.eclipse.jetty.server.ssl.SslSelectChannelConnector; -import org.eclipse.jetty.servlet.FilterHolder; -import org.eclipse.jetty.servlet.FilterMapping; -import org.eclipse.jetty.servlet.ServletContextHandler; -import org.eclipse.jetty.servlet.ServletHolder; -import org.eclipse.jetty.util.ssl.SslContextFactory; -import org.eclipse.jetty.util.thread.QueuedThreadPool; -import org.onap.dmaap.datarouter.provisioning.utils.DB; -import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader; -import org.onap.dmaap.datarouter.provisioning.utils.PurgeLogDirTask; -import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter; - -/** - *

- * A main class which may be used to start the provisioning server with an "embedded" Jetty server. - * Configuration is done via the properties file provserver.properties, which should be in the CLASSPATH. - * The provisioning server may also be packaged with a web.xml and started as a traditional webapp. - *

- *

- * Most of the work of the provisioning server is carried out within the eight servlets (configured below) - * that are used to handle each of the eight types of requests the server may receive. - * In addition, there are background threads started to perform other tasks: - *

- *
    - *
  • One background Thread runs the {@link LogfileLoader} in order to process incoming logfiles. - * This Thread is created as a side effect of the first successful POST to the /internal/logs/ servlet.
    • - *
  • One background Thread runs the {@link SynchronizerTask} which is used to periodically - * synchronize the database between active and standby servers.
    • - *
  • One background Thread runs the {@link Poker} which is used to notify the nodes whenever - * provisioning data changes.
    • - *
  • One task is run once a day to run {@link PurgeLogDirTask} which purges older logs from the - * /opt/app/datartr/logs directory.
    • - *
- *

- * The provisioning server is stopped by issuing a GET to the URL http://127.0.0.1/internal/halt - * using curl or some other such tool. - *

- * - * @author Robert Eby - * @version $Id: Main.java,v 1.12 2014/03/12 19:45:41 eby Exp $ - */ -public class Main { - /** - * The truststore to use if none is specified - */ - public static final String DEFAULT_TRUSTSTORE = "/opt/java/jdk/jdk180/jre/lib/security/cacerts"; - public static final String KEYSTORE_TYPE_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.type"; - public static final String KEYSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.path"; - public static final String KEYSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.password"; - public static final String TRUSTSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.path"; - public static final String TRUSTSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.password"; - - /** - * The one and only {@link Server} instance in this JVM - */ - private static Server server; - - /** - * Starts the Data Router Provisioning server. - * - * @param args not used - * @throws Exception if Jetty has a problem starting - */ - public static void main(String[] args) throws Exception { - Security.setProperty("networkaddress.cache.ttl", "4"); - Logger logger = Logger.getLogger("org.onap.dmaap.datarouter.provisioning.internal"); - - // Check DB is accessible and contains the expected tables - if (!checkDatabase(logger)) - System.exit(1); - - logger.info("PROV0000 **** AT&T Data Router Provisioning Server starting...."); - - // Get properties - Properties p = (new DB()).getProperties(); - int http_port = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080")); - int https_port = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.https.port", "8443")); - - // HTTP connector - SelectChannelConnector http = new SelectChannelConnector(); - http.setPort(http_port); - http.setMaxIdleTime(300000); - http.setRequestHeaderSize(2048); - http.setAcceptors(2); - http.setConfidentialPort(https_port); - http.setLowResourcesConnections(20000); - - // HTTPS connector - SslSelectChannelConnector https = new SslSelectChannelConnector(); - https.setPort(https_port); - https.setMaxIdleTime(30000); - https.setRequestHeaderSize(8192); - https.setAcceptors(2); - - // SSL stuff - SslContextFactory cf = https.getSslContextFactory(); - - /**Skip SSLv3 Fixes*/ - cf.addExcludeProtocols("SSLv3"); - logger.info("Excluded protocols prov-" + cf.getExcludeProtocols()); - /**End of SSLv3 Fixes*/ - - cf.setKeyStoreType(p.getProperty(KEYSTORE_TYPE_PROPERTY, "jks")); - cf.setKeyStorePath(p.getProperty(KEYSTORE_PATH_PROPERTY)); - cf.setKeyStorePassword(p.getProperty(KEYSTORE_PASSWORD_PROPERTY)); - cf.setKeyManagerPassword(p.getProperty("org.onap.dmaap.datarouter.provserver.keymanager.password")); - String ts = p.getProperty(TRUSTSTORE_PATH_PROPERTY); - if (ts != null && ts.length() > 0) { - System.out.println("@@ TS -> " + ts); - cf.setTrustStore(ts); - cf.setTrustStorePassword(p.getProperty(TRUSTSTORE_PASSWORD_PROPERTY)); - } else { - cf.setTrustStore(DEFAULT_TRUSTSTORE); - cf.setTrustStorePassword("changeit"); - } - cf.setTrustStore("/opt/app/datartr/self_signed/cacerts.jks"); - cf.setTrustStorePassword("changeit"); - cf.setWantClientAuth(true); - - // Servlet and Filter configuration - ServletContextHandler ctxt = new ServletContextHandler(0); - ctxt.setContextPath("/"); - ctxt.addServlet(new ServletHolder(new FeedServlet()), "/feed/*"); - ctxt.addServlet(new ServletHolder(new FeedLogServlet()), "/feedlog/*"); - ctxt.addServlet(new ServletHolder(new PublishServlet()), "/publish/*"); - ctxt.addServlet(new ServletHolder(new SubscribeServlet()), "/subscribe/*"); - ctxt.addServlet(new ServletHolder(new StatisticsServlet()), "/statistics/*"); - ctxt.addServlet(new ServletHolder(new SubLogServlet()), "/sublog/*"); - ctxt.addServlet(new ServletHolder(new GroupServlet()), "/group/*"); //Provision groups - Rally US708115 -1610 - ctxt.addServlet(new ServletHolder(new SubscriptionServlet()), "/subs/*"); - ctxt.addServlet(new ServletHolder(new InternalServlet()), "/internal/*"); - ctxt.addServlet(new ServletHolder(new RouteServlet()), "/internal/route/*"); - ctxt.addServlet(new ServletHolder(new DRFeedsServlet()), "/"); - ctxt.addFilter(new FilterHolder(new ThrottleFilter()), "/publish/*", FilterMapping.REQUEST); - - ContextHandlerCollection contexts = new ContextHandlerCollection(); - contexts.addHandler(ctxt); - - // Request log configuration - NCSARequestLog nrl = new NCSARequestLog(); - nrl.setFilename(p.getProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir") + "/request.log.yyyy_mm_dd"); - nrl.setFilenameDateFormat("yyyyMMdd"); - nrl.setRetainDays(90); - nrl.setAppend(true); - nrl.setExtended(false); - nrl.setLogCookies(false); - nrl.setLogTimeZone("GMT"); - - RequestLogHandler reqlog = new RequestLogHandler(); - reqlog.setRequestLog(nrl); - - // Server's Handler collection - HandlerCollection hc = new HandlerCollection(); - hc.setHandlers(new Handler[]{contexts, new DefaultHandler()}); - hc.addHandler(reqlog); - - // Server's thread pool - QueuedThreadPool pool = new QueuedThreadPool(); - pool.setMinThreads(10); - pool.setMaxThreads(200); - pool.setDetailedDump(false); - - // Daemon to clean up the log directory on a daily basis - Timer rolex = new Timer(); - rolex.scheduleAtFixedRate(new PurgeLogDirTask(), 0, 86400000L); // run once per day - - // Start LogfileLoader - LogfileLoader.getLoader(); - - // The server itself - server = new Server(); - server.setThreadPool(pool); - server.setConnectors(new Connector[]{http, https}); - server.setHandler(hc); - server.setStopAtShutdown(true); - server.setSendServerVersion(true); - server.setSendDateHeader(true); - server.setGracefulShutdown(5000); // allow 5 seconds for servlets to wrap up - server.setDumpAfterStart(false); - server.setDumpBeforeStop(false); - - server.start(); - server.join(); - logger.info("PROV0001 **** AT&T Data Router Provisioning Server halted."); - } - - private static boolean checkDatabase(Logger logger) { - DB db = new DB(); - return db.runRetroFits(); - } - - /** - * Stop the Jetty server. - */ - public static void shutdown() { - new Thread() { - @Override - public void run() { - try { - server.stop(); - Thread.sleep(5000L); - System.exit(0); - } catch (Exception e) { - // ignore - } - } - }.start(); - } -} +/******************************************************************************* + * ============LICENSE_START================================================== + * * org.onap.dmaap + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ + + +package org.onap.dmaap.datarouter.provisioning; + +import java.security.*; +import java.util.*; + +import org.apache.log4j.Logger; +import org.eclipse.jetty.http.HttpVersion; +import org.eclipse.jetty.server.Connector; +import org.eclipse.jetty.server.Handler; +import org.eclipse.jetty.server.HttpConfiguration; +import org.eclipse.jetty.server.HttpConnectionFactory; +import org.eclipse.jetty.server.NCSARequestLog; +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.ServerConnector; +import org.eclipse.jetty.server.handler.ContextHandlerCollection; +import org.eclipse.jetty.server.handler.DefaultHandler; +import org.eclipse.jetty.server.handler.HandlerCollection; +import org.eclipse.jetty.server.handler.RequestLogHandler; +import org.eclipse.jetty.server.SslConnectionFactory; +import org.eclipse.jetty.util.ssl.SslContextFactory; +import org.eclipse.jetty.servlet.FilterHolder; +import org.eclipse.jetty.servlet.ServletContextHandler; +import org.eclipse.jetty.servlet.ServletHolder; +import org.eclipse.jetty.util.thread.QueuedThreadPool; +import org.onap.dmaap.datarouter.provisioning.utils.DB; +import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader; +import org.onap.dmaap.datarouter.provisioning.utils.PurgeLogDirTask; +import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter; + +import javax.servlet.DispatcherType; + +/** + *

+ * A main class which may be used to start the provisioning server with an "embedded" Jetty server. + * Configuration is done via the properties file provserver.properties, which should be in the CLASSPATH. + * The provisioning server may also be packaged with a web.xml and started as a traditional webapp. + *

+ *

+ * Most of the work of the provisioning server is carried out within the eight servlets (configured below) + * that are used to handle each of the eight types of requests the server may receive. + * In addition, there are background threads started to perform other tasks: + *

+ *
    + *
  • One background Thread runs the {@link LogfileLoader} in order to process incoming logfiles. + * This Thread is created as a side effect of the first successful POST to the /internal/logs/ servlet.
    • + *
  • One background Thread runs the {@link SynchronizerTask} which is used to periodically + * synchronize the database between active and standby servers.
    • + *
  • One background Thread runs the {@link Poker} which is used to notify the nodes whenever + * provisioning data changes.
    • + *
  • One task is run once a day to run {@link PurgeLogDirTask} which purges older logs from the + * /opt/app/datartr/logs directory.
    • + *
+ *

+ * The provisioning server is stopped by issuing a GET to the URL http://127.0.0.1/internal/halt + * using curl or some other such tool. + *

+ * + * @author Robert Eby + * @version $Id: Main.java,v 1.12 2014/03/12 19:45:41 eby Exp $ + */ +public class Main { + /** + * The truststore to use if none is specified + */ + public static final String DEFAULT_TRUSTSTORE = "/opt/java/jdk/jdk180/jre/lib/security/cacerts"; + public static final String KEYSTORE_TYPE_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.type"; + public static final String KEYSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.path"; + public static final String KEYSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.password"; + public static final String TRUSTSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.path"; + public static final String TRUSTSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.password"; + + /** + * The one and only {@link Server} instance in this JVM + */ + private static Server server; + + /** + * Starts the Data Router Provisioning server. + * + * @param args not used + * @throws Exception if Jetty has a problem starting + */ + public static void main(String[] args) throws Exception { + Security.setProperty("networkaddress.cache.ttl", "4"); + Logger logger = Logger.getLogger("org.onap.dmaap.datarouter.provisioning.internal"); + + // Check DB is accessible and contains the expected tables + if (!checkDatabase(logger)) + System.exit(1); + + logger.info("PROV0000 **** AT&T Data Router Provisioning Server starting...."); + + // Get properties + Properties p = (new DB()).getProperties(); + int http_port = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080")); + int https_port = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.https.port", "8443")); + + // HTTP connector + HttpConfiguration http_config = new HttpConfiguration(); + http_config.setSecureScheme("https"); + http_config.setSecurePort(https_port); + http_config.setOutputBufferSize(32768); + http_config.setRequestHeaderSize(2048); + http_config.setIdleTimeout(300000); + http_config.setSendServerVersion(true); + http_config.setSendDateHeader(false); + + ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config)); + http.setPort(http_port); + http.setAcceptQueueSize(2); + + // HTTPS config + HttpConfiguration https_config = new HttpConfiguration(http_config); + https_config.setRequestHeaderSize(8192); + + // HTTPS connector + SslContextFactory sslContextFactory = new SslContextFactory(); + sslContextFactory.setKeyStorePath(p.getProperty(KEYSTORE_PATH_PROPERTY)); + sslContextFactory.setKeyStorePassword(p.getProperty(KEYSTORE_PASSWORD_PROPERTY)); + sslContextFactory.setKeyManagerPassword(p.getProperty("org.onap.dmaap.datarouter.provserver.keymanager.password")); + + ServerConnector https = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(https_config)); + https.setPort(https_port); + https.setIdleTimeout(30000); + https.setAcceptQueueSize(2); + + // SSL stuff + /* Skip SSLv3 Fixes */ + sslContextFactory.addExcludeProtocols("SSLv3"); + logger.info("Excluded protocols prov-" + sslContextFactory.getExcludeProtocols()); + /* End of SSLv3 Fixes */ + + sslContextFactory.setKeyStoreType(p.getProperty(KEYSTORE_TYPE_PROPERTY, "jks")); + sslContextFactory.setKeyStorePath(p.getProperty(KEYSTORE_PATH_PROPERTY)); + sslContextFactory.setKeyStorePassword(p.getProperty(KEYSTORE_PASSWORD_PROPERTY)); + sslContextFactory.setKeyManagerPassword(p.getProperty("org.onap.dmaap.datarouter.provserver.keymanager.password")); + String ts = p.getProperty(TRUSTSTORE_PATH_PROPERTY); + if (ts != null && ts.length() > 0) { + System.out.println("@@ TS -> " + ts); + sslContextFactory.setTrustStorePath(ts); + sslContextFactory.setTrustStorePassword(p.getProperty(TRUSTSTORE_PASSWORD_PROPERTY)); + } else { + sslContextFactory.setTrustStorePath(DEFAULT_TRUSTSTORE); + sslContextFactory.setTrustStorePassword("changeit"); + } + sslContextFactory.setTrustStorePath("/opt/app/datartr/self_signed/cacerts.jks"); + sslContextFactory.setTrustStorePassword("changeit"); + sslContextFactory.setWantClientAuth(true); + + // Servlet and Filter configuration + ServletContextHandler ctxt = new ServletContextHandler(0); + ctxt.setContextPath("/"); + ctxt.addServlet(new ServletHolder(new FeedServlet()), "/feed/*"); + ctxt.addServlet(new ServletHolder(new FeedLogServlet()), "/feedlog/*"); + ctxt.addServlet(new ServletHolder(new PublishServlet()), "/publish/*"); + ctxt.addServlet(new ServletHolder(new SubscribeServlet()), "/subscribe/*"); + ctxt.addServlet(new ServletHolder(new StatisticsServlet()), "/statistics/*"); + ctxt.addServlet(new ServletHolder(new SubLogServlet()), "/sublog/*"); + ctxt.addServlet(new ServletHolder(new GroupServlet()), "/group/*"); //Provision groups - Rally US708115 -1610 + ctxt.addServlet(new ServletHolder(new SubscriptionServlet()), "/subs/*"); + ctxt.addServlet(new ServletHolder(new InternalServlet()), "/internal/*"); + ctxt.addServlet(new ServletHolder(new RouteServlet()), "/internal/route/*"); + ctxt.addServlet(new ServletHolder(new DRFeedsServlet()), "/"); + ctxt.addFilter(new FilterHolder(new ThrottleFilter()), "/publish/*", EnumSet.of(DispatcherType.REQUEST)); + + ContextHandlerCollection contexts = new ContextHandlerCollection(); + contexts.addHandler(ctxt); + + // Request log configuration + NCSARequestLog nrl = new NCSARequestLog(); + nrl.setFilename(p.getProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir") + "/request.log.yyyy_mm_dd"); + nrl.setFilenameDateFormat("yyyyMMdd"); + nrl.setRetainDays(90); + nrl.setAppend(true); + nrl.setExtended(false); + nrl.setLogCookies(false); + nrl.setLogTimeZone("GMT"); + + RequestLogHandler reqlog = new RequestLogHandler(); + reqlog.setRequestLog(nrl); + + // Server's Handler collection + HandlerCollection hc = new HandlerCollection(); + hc.setHandlers(new Handler[]{contexts, new DefaultHandler()}); + hc.addHandler(reqlog); + + // Server's thread pool + QueuedThreadPool queuedThreadPool = new QueuedThreadPool(); + queuedThreadPool.setMinThreads(10); + queuedThreadPool.setMaxThreads(200); + queuedThreadPool.setDetailedDump(false); + + // Daemon to clean up the log directory on a daily basis + Timer rolex = new Timer(); + rolex.scheduleAtFixedRate(new PurgeLogDirTask(), 0, 86400000L); // run once per day + + // Start LogfileLoader + LogfileLoader.getLoader(); + + // The server itself + server = new Server(queuedThreadPool); + + ServerConnector serverConnector = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(https_config)); + serverConnector.setPort(https_port); + serverConnector.setIdleTimeout(500000); + + server.setConnectors(new Connector[]{http, https}); + server.setHandler(hc); + server.setStopAtShutdown(true); + server.setStopTimeout(5000); + + server.setDumpAfterStart(false); + server.setDumpBeforeStop(false); + + server.start(); + server.join(); + logger.info("PROV0001 **** AT&T Data Router Provisioning Server halted."); + } + + private static boolean checkDatabase(Logger logger) { + DB db = new DB(); + return db.runRetroFits(); + } + + /** + * Stop the Jetty server. + */ + static void shutdown() { + new Thread(() -> { + try { + server.stop(); + Thread.sleep(5000L); + System.exit(0); + } catch (Exception e) { + // ignore + } + }); + } +} diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java index 7f8d7a8c..897c1ea2 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java @@ -46,8 +46,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger; import org.eclipse.jetty.continuation.Continuation; import org.eclipse.jetty.continuation.ContinuationSupport; -import org.eclipse.jetty.server.AbstractHttpConnection; -import org.eclipse.jetty.server.Request; +import org.eclipse.jetty.server.*; import org.onap.dmaap.datarouter.provisioning.beans.Parameters; /** @@ -174,15 +173,15 @@ public class ThrottleFilter extends TimerTask implements Filter { public void dropFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { - int rate = getRequestRate((HttpServletRequest) request); + int rate = getRequestRate(request); if (rate >= n_requests) { // drop request - only works under Jetty - String m = String.format("Dropping connection: %s %d bad connections in %d minutes", getConnectionId((HttpServletRequest) request), rate, m_minutes); + String m = String.format("Dropping connection: %s %d bad connections in %d minutes", getConnectionId(request), rate, m_minutes); logger.info(m); Request base_request = (request instanceof Request) ? (Request) request - : AbstractHttpConnection.getCurrentConnection().getRequest(); - base_request.getConnection().getEndPoint().close(); + : HttpConnection.getCurrentConnection().getHttpChannel().getRequest(); + base_request.getHttpChannel().getEndPoint().close(); } else { chain.doFilter(request, response); } @@ -191,11 +190,11 @@ public class ThrottleFilter extends TimerTask implements Filter { public void throttleFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { // throttle request - String id = getConnectionId((HttpServletRequest) request); - int rate = getRequestRate((HttpServletRequest) request); + String id = getConnectionId(request); + int rate = getRequestRate(request); Object results = request.getAttribute(THROTTLE_MARKER); if (rate >= n_requests && results == null) { - String m = String.format("Throttling connection: %s %d bad connections in %d minutes", getConnectionId((HttpServletRequest) request), rate, m_minutes); + String m = String.format("Throttling connection: %s %d bad connections in %d minutes", getConnectionId(request), rate, m_minutes); logger.info(m); Continuation continuation = ContinuationSupport.getContinuation(request); continuation.suspend(); diff --git a/pom.xml b/pom.xml index 154e6a19..c5aa2fb3 100755 --- a/pom.xml +++ b/pom.xml @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -45,6 +45,8 @@ ${project.build.directory}/coverage-reports/jacoco-it.exec true ${project.version} + 9.4.11.v20180605 + 8.2.0.v20160908 /content/repositories/snapshots/ /content/repositories/releases/ /content/repositories/staging/