Code Review / dmaap / datarouter.git / blob
? search:


a98421166e4fb7b426246d3850d5c6622efc7d0d
[dmaap/datarouter.git] / datarouter-node / src / main / java / org / onap / dmaap / datarouter / node / NodeServlet.java
1 /*******************************************************************************
2  * ============LICENSE_START==================================================
3  * * org.onap.dmaap
4  * * ===========================================================================
5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6  * * ===========================================================================
7  * * Licensed under the Apache License, Version 2.0 (the "License");
8  * * you may not use this file except in compliance with the License.
9  * * You may obtain a copy of the License at
10  * *
11  *  *      http://www.apache.org/licenses/LICENSE-2.0
12  * *
13  *  * Unless required by applicable law or agreed to in writing, software
14  * * distributed under the License is distributed on an "AS IS" BASIS,
15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * * See the License for the specific language governing permissions and
17  * * limitations under the License.
18  * * ============LICENSE_END====================================================
19  * *
20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
21  * *
22  ******************************************************************************/
23
24
25 package org.onap.dmaap.datarouter.node;
26
27 import com.att.eelf.configuration.EELFLogger;
28 import com.att.eelf.configuration.EELFManager;
29 import org.jetbrains.annotations.Nullable;
30 import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
31 import org.slf4j.MDC;
32
33 import javax.servlet.http.HttpServlet;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpServletResponse;
36 import java.io.File;
37 import java.io.FileOutputStream;
38 import java.io.FileWriter;
39 import java.io.IOException;
40 import java.io.InputStream;
41 import java.io.OutputStream;
42 import java.io.Writer;
43 import java.nio.file.Files;
44 import java.nio.file.Path;
45 import java.nio.file.Paths;
46 import java.util.Enumeration;
47 import java.util.regex.Pattern;
48
49 import static org.onap.dmaap.datarouter.node.NodeUtils.sendResponseError;
50
51 /**
52  * Servlet for handling all http and https requests to the data router node
53  * <p>
54  * Handled requests are:
55  * <br>
56  * GET http://<i>node</i>/internal/fetchProv - fetch the provisioning data
57  * <br>
58  * PUT/DELETE https://<i>node</i>/internal/publish/<i>fileid</i> - n2n transfer
59  * <br>
60  * PUT/DELETE https://<i>node</i>/publish/<i>feedid</i>/<i>fileid</i> - publsh request
61  */
62 public class NodeServlet extends HttpServlet {
63
64     private static NodeConfigManager config;
65     private static Pattern MetaDataPattern;
66     private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServlet.class);
67     private final Delivery delivery;
68
69     static {
70         final String ws = "\\s*";
71         // assume that \\ and \" have been replaced by X
72         final String string = "\"[^\"]*\"";
73         //String string = "\"(?:[^\"\\\\]|\\\\.)*\"";
74         final String number = "[+-]?(?:\\.\\d+|(?:0|[1-9]\\d*)(?:\\.\\d*)?)(?:[eE][+-]?\\d+)?";
75         final String value = "(?:" + string + "|" + number + "|null|true|false)";
76         final String item = string + ws + ":" + ws + value + ws;
77         final String object = ws + "\\{" + ws + "(?:" + item + "(?:" + "," + ws + item + ")*)?\\}" + ws;
78         MetaDataPattern = Pattern.compile(object, Pattern.DOTALL);
79     }
80
81     NodeServlet(Delivery delivery) {
82         this.delivery = delivery;
83     }
84
85     /**
86      * Get the NodeConfigurationManager
87      */
88     @Override
89     public void init() {
90         config = NodeConfigManager.getInstance();
91         eelfLogger.info("NODE0101 Node Servlet Configured");
92     }
93
94     private boolean down(HttpServletResponse resp) throws IOException {
95         if (config.isShutdown() || !config.isConfigured()) {
96             sendResponseError(resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE, eelfLogger);
97             eelfLogger.info("NODE0102 Rejecting request: Service is being quiesced");
98             return true;
99         }
100         return false;
101     }
102
103     /**
104      * Handle a GET for /internal/fetchProv
105      */
106     @Override
107     protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
108         NodeUtils.setIpAndFqdnForEelf("doGet");
109         NodeUtils.setRequestIdAndInvocationId(req);
110         eelfLogger.info(EelfMsgs.ENTRY);
111         try {
112             eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-DMAAP-DR-ON-BEHALF-OF"),
113                     getIdFromPath(req) + "");
114             try {
115                 if (down(resp)) {
116                     return;
117                 }
118
119             } catch (IOException ioe) {
120                 eelfLogger.error("IOException" + ioe.getMessage());
121             }
122             String path = req.getPathInfo();
123             String qs = req.getQueryString();
124             String ip = req.getRemoteAddr();
125             if (qs != null) {
126                 path = path + "?" + qs;
127             }
128             if ("/internal/fetchProv".equals(path)) {
129                 config.gofetch(ip);
130                 resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
131                 return;
132             } else if (path.startsWith("/internal/resetSubscription/")) {
133                 String subid = path.substring(28);
134                 if (subid.length() != 0 && subid.indexOf('/') == -1) {
135                     NodeMain.resetQueue(subid, ip);
136                     resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
137                     return;
138                 }
139             }
140
141             eelfLogger.info("NODE0103 Rejecting invalid GET of " + path + " from " + ip);
142             sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, eelfLogger);
143         } finally {
144             eelfLogger.info(EelfMsgs.EXIT);
145         }
146     }
147
148     /**
149      * Handle all PUT requests
150      */
151     @Override
152     protected void doPut(HttpServletRequest req, HttpServletResponse resp) {
153         NodeUtils.setIpAndFqdnForEelf("doPut");
154         NodeUtils.setRequestIdAndInvocationId(req);
155         eelfLogger.info(EelfMsgs.ENTRY);
156         eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-DMAAP-DR-ON-BEHALF-OF"),
157                 getIdFromPath(req) + "");
158         try {
159             common(req, resp, true);
160         } catch (IOException ioe) {
161             eelfLogger.error("IOException" + ioe.getMessage());
162             eelfLogger.info(EelfMsgs.EXIT);
163         }
164     }
165
166     /**
167      * Handle all DELETE requests
168      */
169     @Override
170     protected void doDelete(HttpServletRequest req, HttpServletResponse resp) {
171         NodeUtils.setIpAndFqdnForEelf("doDelete");
172         NodeUtils.setRequestIdAndInvocationId(req);
173         eelfLogger.info(EelfMsgs.ENTRY);
174         eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-DMAAP-DR-ON-BEHALF-OF"),
175                 getIdFromPath(req) + "");
176         try {
177             common(req, resp, false);
178         } catch (IOException ioe) {
179             eelfLogger.error("IOException " + ioe.getMessage());
180             eelfLogger.info(EelfMsgs.EXIT);
181         }
182     }
183
184     private void common(HttpServletRequest req, HttpServletResponse resp, boolean isput) throws IOException {
185         String fileid = getFileId(req, resp);
186         if (fileid == null) return;
187         String feedid = null;
188         String user = null;
189         String ip = req.getRemoteAddr();
190         String lip = req.getLocalAddr();
191         String pubid = null;
192         String xpubid = null;
193         String rcvd = NodeUtils.logts(System.currentTimeMillis()) + ";from=" + ip + ";by=" + lip;
194         Target[] targets = null;
195         boolean isAAFFeed = false;
196         if (fileid.startsWith("/delete/")) {
197             deleteFile(req, resp, fileid, pubid);
198             return;
199         }
200         String credentials = req.getHeader("Authorization");
201         if (credentials == null) {
202             eelfLogger.error("NODE0106 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + " from " + req
203                     .getRemoteAddr());
204             resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Authorization header required");
205             eelfLogger.info(EelfMsgs.EXIT);
206             return;
207         }
208         if (fileid.startsWith("/publish/")) {
209             fileid = fileid.substring(9);
210             int i = fileid.indexOf('/');
211             if (i == -1 || i == fileid.length() - 1) {
212                 eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
213                         .getRemoteAddr());
214                 resp.sendError(HttpServletResponse.SC_NOT_FOUND,
215                         "Invalid request URI.  Expecting <feed-publishing-url>/<fileid>.  Possible missing fileid.");
216                 eelfLogger.info(EelfMsgs.EXIT);
217                 return;
218             }
219             feedid = fileid.substring(0, i);
220
221             if (config.getCadiEnabeld()) {
222                 String path = req.getPathInfo();
223                 if (!path.startsWith("/internal") && feedid != null) {
224                     String aafInstance = config.getAafInstance(feedid);
225                     if (!(aafInstance.equalsIgnoreCase("legacy"))) {
226                         isAAFFeed = true;
227                         String permission = config.getPermission(aafInstance);
228                         eelfLogger.info("NodeServlet.common() permission string - " + permission);
229                         //Check in CADI Framework API if user has AAF permission or not
230                         if (!req.isUserInRole(permission)) {
231                             String message = "AAF disallows access to permission string - " + permission;
232                             eelfLogger.error("NODE0106 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + " from " + req.getRemoteAddr());
233                             resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
234                             eelfLogger.info(EelfMsgs.EXIT);
235                             return;
236                         }
237                     }
238                 }
239             }
240
241             fileid = fileid.substring(i + 1);
242             pubid = config.getPublishId();
243             xpubid = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
244             targets = config.getTargets(feedid);
245         } else if (fileid.startsWith("/internal/publish/")) {
246             if (!config.isAnotherNode(credentials, ip)) {
247                 eelfLogger.error("NODE0107 Rejecting unauthorized node-to-node transfer attempt from " + ip);
248                 resp.sendError(HttpServletResponse.SC_FORBIDDEN);
249                 eelfLogger.info(EelfMsgs.EXIT);
250                 return;
251             }
252             fileid = fileid.substring(18);
253             pubid = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
254             user = "datartr";   // SP6 : Added usr as datartr to avoid null entries for internal routing
255             targets = config.parseRouting(req.getHeader("X-DMAAP-DR-ROUTING"));
256         } else {
257             eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
258                     .getRemoteAddr());
259             resp.sendError(HttpServletResponse.SC_NOT_FOUND,
260                     "Invalid request URI.  Expecting <feed-publishing-url>/<fileid>.");
261             eelfLogger.info(EelfMsgs.EXIT);
262             return;
263         }
264         if (fileid.indexOf('/') != -1) {
265             eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
266                     .getRemoteAddr());
267             resp.sendError(HttpServletResponse.SC_NOT_FOUND,
268                     "Invalid request URI.  Expecting <feed-publishing-url>/<fileid>.");
269             eelfLogger.info(EelfMsgs.EXIT);
270             return;
271         }
272         String qs = req.getQueryString();
273         if (qs != null) {
274             fileid = fileid + "?" + qs;
275         }
276         String hp = config.getMyName();
277         int xp = config.getExtHttpsPort();
278         if (xp != 443) {
279             hp = hp + ":" + xp;
280         }
281         String logurl = "https://" + hp + "/internal/publish/" + fileid;
282         if (feedid != null) {
283             logurl = "https://" + hp + "/publish/" + feedid + "/" + fileid;
284             //Cadi code starts
285             if (!isAAFFeed) {
286                 String reason = config.isPublishPermitted(feedid, credentials, ip);
287                 if (reason != null) {
288                     eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil.cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + " from " + PathUtil.cleanString(ip) + " reason " + PathUtil.cleanString(reason));
289                     resp.sendError(HttpServletResponse.SC_FORBIDDEN, reason);
290                     eelfLogger.info(EelfMsgs.EXIT);
291                     return;
292                 }
293                 user = config.getAuthUser(feedid, credentials);
294             } else {
295                 String reason = config.isPublishPermitted(feedid, ip);
296                 if (reason != null) {
297                     eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil.cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + " from " + PathUtil.cleanString(ip) + " reason   Invalid AAF user- " + PathUtil.cleanString(reason));
298                     String message = "Invalid AAF user- " + PathUtil.cleanString(reason);
299                     eelfLogger.info("NODE0106 Rejecting unauthenticated PUT or DELETE of " + PathUtil.cleanString(req.getPathInfo()) + " from " + PathUtil.cleanString(req.getRemoteAddr()));
300                     resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
301                     return;
302                 }
303                 if ((req.getUserPrincipal() != null) && (req.getUserPrincipal().getName() != null)) {
304                     String userName = req.getUserPrincipal().getName();
305                     String[] attid = userName.split("@");
306                     user = attid[0];
307                 } else {
308                     user = "AAFUser";
309                 }
310             }
311             //Cadi code Ends
312             String newnode = config.getIngressNode(feedid, user, ip);
313             if (newnode != null) {
314                 String port = "";
315                 int iport = config.getExtHttpsPort();
316                 if (iport != 443) {
317                     port = ":" + iport;
318                 }
319                 String redirto = "https://" + newnode + port + "/publish/" + feedid + "/" + fileid;
320                 eelfLogger.info("NODE0108 Redirecting publish attempt for feed " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " to " + PathUtil.cleanString(redirto));  //Fortify scan fixes - log forging
321                 resp.sendRedirect(PathUtil.cleanString(redirto));         //Fortify scan fixes-open redirect - 2 issues
322                 eelfLogger.info(EelfMsgs.EXIT);
323                 return;
324             }
325             resp.setHeader("X-DMAAP-DR-PUBLISH-ID", pubid);
326         }
327         if (req.getPathInfo().startsWith("/internal/publish/")) {
328             feedid = req.getHeader("X-DMAAP-DR-FEED-ID");
329         }
330         String fbase = PathUtil.cleanString(config.getSpoolDir() + "/" + pubid);  //Fortify scan fixes-Path manipulation
331         File data = new File(fbase);
332         File meta = new File(fbase + ".M");
333         OutputStream dos = null;
334         Writer mw = null;
335         InputStream is = null;
336         try {
337             StringBuffer mx = new StringBuffer();
338             mx.append(req.getMethod()).append('\t').append(fileid).append('\n');
339             Enumeration hnames = req.getHeaderNames();
340             String ctype = null;
341             boolean hasRequestIdHeader = false;
342             boolean hasInvocationIdHeader = false;
343             while (hnames.hasMoreElements()) {
344                 String hn = (String) hnames.nextElement();
345                 String hnlc = hn.toLowerCase();
346                 if ((isput && ("content-type".equals(hnlc) ||
347                         "content-language".equals(hnlc) ||
348                         "content-md5".equals(hnlc) ||
349                         "content-range".equals(hnlc))) ||
350                         "x-dmaap-dr-meta".equals(hnlc) ||
351                         (feedid == null && "x-dmaap-dr-received".equals(hnlc)) ||
352                         (hnlc.startsWith("x-") && !hnlc.startsWith("x-dmaap-dr-"))) {
353                     Enumeration hvals = req.getHeaders(hn);
354                     while (hvals.hasMoreElements()) {
355                         String hv = (String) hvals.nextElement();
356                         if ("content-type".equals(hnlc)) {
357                             ctype = hv;
358                         }
359                         if ("x-onap-requestid".equals(hnlc)) {
360                             hasRequestIdHeader = true;
361                         }
362                         if ("x-invocationid".equals(hnlc)) {
363                             hasInvocationIdHeader = true;
364                         }
365                         if ("x-dmaap-dr-meta".equals(hnlc)) {
366                             if (hv.length() > 4096) {
367                                 eelfLogger.error("NODE0109 Rejecting publish attempt with metadata too long for feed " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip));  //Fortify scan fixes - log forging
368                                 resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Metadata too long");
369                                 eelfLogger.info(EelfMsgs.EXIT);
370                                 return;
371                             }
372                             if (!MetaDataPattern.matcher(hv.replaceAll("\\\\.", "X")).matches()) {
373                                 eelfLogger.error("NODE0109 Rejecting publish attempt with malformed metadata for feed " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip));  //Fortify scan fixes - log forging
374                                 resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Malformed metadata");
375                                 eelfLogger.info(EelfMsgs.EXIT);
376                                 return;
377                             }
378                         }
379                         mx.append(hn).append('\t').append(hv).append('\n');
380                     }
381                 }
382             }
383             if (!hasRequestIdHeader) {
384                 mx.append("X-ONAP-RequestID\t").append(MDC.get("RequestId")).append('\n');
385             }
386             if (!hasInvocationIdHeader) {
387                 mx.append("X-InvocationID\t").append(MDC.get("InvocationId")).append('\n');
388             }
389             mx.append("X-DMAAP-DR-RECEIVED\t").append(rcvd).append('\n');
390             String metadata = mx.toString();
391             byte[] buf = new byte[1024 * 1024];
392             int i;
393             try {
394                 is = req.getInputStream();
395                 dos = new FileOutputStream(data);
396                 while ((i = is.read(buf)) > 0) {
397                     dos.write(buf, 0, i);
398                 }
399                 is.close();
400                 is = null;
401                 dos.close();
402                 dos = null;
403             } catch (IOException ioe) {
404                 long exlen = -1;
405                 try {
406                     exlen = Long.parseLong(req.getHeader("Content-Length"));
407                 } catch (Exception e) {
408                     eelfLogger.error("NODE0529 Exception common: " + e);
409                 }
410                 StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user, ioe.getMessage());
411                 eelfLogger.info(EelfMsgs.EXIT);
412                 throw ioe;
413             }
414             Path dpath = Paths.get(fbase);
415             for (Target t : targets) {
416                 DestInfo di = t.getDestInfo();
417                 if (di == null) {
418                     // TODO: unknown destination
419                     continue;
420                 }
421                 String dbase = PathUtil.cleanString(di.getSpool() + "/" + pubid);  //Fortify scan fixes-Path Manipulation
422                 Files.createLink(Paths.get(dbase), dpath);
423                 mw = new FileWriter(meta);
424                 mw.write(metadata);
425                 if (di.getSubId() == null) {
426                     mw.write("X-DMAAP-DR-ROUTING\t" + t.getRouting() + "\n");
427                 }
428                 mw.close();
429                 meta.renameTo(new File(dbase + ".M"));
430
431             }
432             resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
433             try {
434                 resp.getOutputStream().close();
435             } catch (IOException ioe) {
436                 long exlen = -1;
437                 try {
438                     exlen = Long.parseLong(req.getHeader("Content-Length"));
439                 } catch (Exception e) {
440                     eelfLogger.error("NODE00000 Exception common: " + e.getMessage());
441                 }
442                 StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user, ioe.getMessage());
443                 //Fortify scan fixes - log forging
444                 eelfLogger.error("NODE0110 IO Exception while closing IO stream " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " " + ioe.toString(), ioe);
445
446                 throw ioe;
447             }
448
449             StatusLog.logPub(pubid, feedid, logurl, req.getMethod(), ctype, data.length(), ip, user, HttpServletResponse.SC_NO_CONTENT);
450         } catch (IOException ioe) {
451             eelfLogger.error("NODE0110 IO Exception receiving publish attempt for feed " + feedid + " user " + user + " ip " + ip + " " + ioe.toString(), ioe);
452             eelfLogger.info(EelfMsgs.EXIT);
453             throw ioe;
454         } finally {
455             if (is != null) {
456                 try {
457                     is.close();
458                 } catch (Exception e) {
459                     eelfLogger.error("NODE0530 Exception common: " + e);
460                 }
461             }
462             if (dos != null) {
463                 try {
464                     dos.close();
465                 } catch (Exception e) {
466                     eelfLogger.error("NODE0531 Exception common: " + e);
467                 }
468             }
469             if (mw != null) {
470                 try {
471                     mw.close();
472                 } catch (Exception e) {
473                     eelfLogger.error("NODE0532 Exception common: " + e);
474                 }
475             }
476             try {
477                 data.delete();
478             } catch (Exception e) {
479                 eelfLogger.error("NODE0533 Exception common: " + e);
480             }
481             try {
482                 meta.delete();
483             } catch (Exception e) {
484                 eelfLogger.error("NODE0534 Exception common: " + e);
485             }
486         }
487     }
488
489     private void deleteFile(HttpServletRequest req, HttpServletResponse resp, String fileid, String pubid) {
490         try {
491             fileid = fileid.substring(8);
492             int i = fileid.indexOf('/');
493             if (i == -1 || i == fileid.length() - 1) {
494                 eelfLogger.error("NODE0112 Rejecting bad URI for DELETE of " + req.getPathInfo() + " from " + req
495                         .getRemoteAddr());
496                 resp.sendError(HttpServletResponse.SC_NOT_FOUND,
497                         "Invalid request URI. Expecting <subId>/<pubId>.");
498                 eelfLogger.info(EelfMsgs.EXIT);
499                 return;
500             }
501             String subscriptionId = fileid.substring(0, i);
502             int subId = Integer.parseInt(subscriptionId);
503             pubid = fileid.substring(i + 1);
504             String errorMessage = "Unable to delete files (" + pubid + ", " + pubid + ".M) from DR Node: "
505                     + config.getMyName() + ".";
506             int subIdDir = subId - (subId % 100);
507             if (!isAuthorizedToDelete(resp, subscriptionId, errorMessage)) {
508                 return;
509             }
510             boolean result = delivery.markTaskSuccess(config.getSpoolBase() + "/s/" + subIdDir + "/" + subId, pubid);
511             if (result) {
512                 eelfLogger.info("NODE0115 Successfully deleted files (" + pubid + ", " + pubid + ".M) from DR Node: "
513                         + config.getMyName());
514                 resp.setStatus(HttpServletResponse.SC_OK);
515                 eelfLogger.info(EelfMsgs.EXIT);
516             } else {
517                 eelfLogger.error("NODE0116 " + errorMessage);
518                 resp.sendError(HttpServletResponse.SC_NOT_FOUND, "File not found on server.");
519                 eelfLogger.info(EelfMsgs.EXIT);
520             }
521         } catch (IOException ioe) {
522             eelfLogger.error("NODE0117 Unable to delete files (" + pubid + ", " + pubid + ".M) from DR Node: "
523                     + config.getMyName() + ". Error: " + ioe.getMessage());
524             eelfLogger.info(EelfMsgs.EXIT);
525         }
526     }
527
528     @Nullable
529     private String getFileId(HttpServletRequest req, HttpServletResponse resp) throws IOException {
530         if (down(resp)) {
531             eelfLogger.info(EelfMsgs.EXIT);
532             return null;
533         }
534         if (!req.isSecure()) {
535             eelfLogger.error(
536                     "NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + " from " + req
537                             .getRemoteAddr());
538             resp.sendError(HttpServletResponse.SC_FORBIDDEN, "https required on publish requests");
539             eelfLogger.info(EelfMsgs.EXIT);
540             return null;
541         }
542         String fileid = req.getPathInfo();
543         if (fileid == null) {
544             eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
545                     .getRemoteAddr());
546             resp.sendError(HttpServletResponse.SC_NOT_FOUND,
547                     "Invalid request URI.  Expecting <feed-publishing-url>/<fileid>.");
548             eelfLogger.info(EelfMsgs.EXIT);
549             return null;
550         }
551         return fileid;
552     }
553
554     private boolean isAuthorizedToDelete(HttpServletResponse resp, String subscriptionId, String errorMessage) throws IOException {
555         try {
556             boolean deletePermitted = config.isDeletePermitted(subscriptionId);
557             if (!deletePermitted) {
558                 eelfLogger.error("NODE0113 " + errorMessage + " Error: Subscription "
559                         + subscriptionId + " is not a privileged subscription");
560                 resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
561                 eelfLogger.info(EelfMsgs.EXIT);
562                 return false;
563             }
564         } catch (NullPointerException npe) {
565             eelfLogger.error("NODE0114 " + errorMessage + " Error: Subscription " + subscriptionId + " does not exist");
566             resp.sendError(HttpServletResponse.SC_NOT_FOUND);
567             eelfLogger.info(EelfMsgs.EXIT);
568             return false;
569         }
570         return true;
571     }
572
573     private int getIdFromPath(HttpServletRequest req) {
574         String path = req.getPathInfo();
575         if (path == null || path.length() < 2) {
576             return -1;
577         }
578         try {
579             return Integer.parseInt(path.substring(1));
580         } catch (NumberFormatException e) {
581             return -1;
582         }
583     }
584 }
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API