1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
25 package org.onap.dmaap.datarouter.provisioning;
27 import com.att.eelf.configuration.EELFLogger;
28 import com.att.eelf.configuration.EELFManager;
29 import org.json.JSONObject;
30 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
31 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
32 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
33 import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;
34 import org.onap.dmaap.datarouter.provisioning.utils.JSONUtilities;
36 import javax.servlet.http.HttpServletRequest;
37 import javax.servlet.http.HttpServletResponse;
38 import java.io.IOException;
39 import java.io.InvalidObjectException;
40 import java.util.List;
42 import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError;
45 * This servlet handles provisioning for the <drFeedsURL> which is the URL on the provisioning server used to
46 * create new feeds. It supports POST to create new feeds, and GET to support the Feeds Collection Query function.
51 @SuppressWarnings("serial")
52 public class DRFeedsServlet extends ProxyServlet {
54 //Adding EELF Logger Rally:US664892
55 private static EELFLogger eelfLogger = EELFManager.getInstance()
56 .getLogger(DRFeedsServlet.class);
59 * DELETE on the <drFeedsURL> -- not supported.
62 public void doDelete(HttpServletRequest req, HttpServletResponse resp) {
63 setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req);
64 eelfLogger.info(EelfMsgs.ENTRY);
66 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
67 String message = "DELETE not allowed for the drFeedsURL.";
68 EventLogRecord elr = new EventLogRecord(req);
69 elr.setMessage(message);
70 elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
71 eventlogger.error(elr.toString());
72 sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);
74 eelfLogger.info(EelfMsgs.EXIT);
79 * GET on the <drFeedsURL> -- query the list of feeds already existing in the DB. See the <i>Feeds Collection
80 * Queries</i> section in the <b>Provisioning API</b> document for details on how this method should be invoked.
83 public void doGet(HttpServletRequest req, HttpServletResponse resp) {
84 setIpFqdnRequestIDandInvocationIDForEelf("doGet", req);
85 eelfLogger.info(EelfMsgs.ENTRY);
87 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
88 EventLogRecord elr = new EventLogRecord(req);
89 String message = isAuthorizedForProvisioning(req);
90 if (message != null) {
91 elr.setMessage(message);
92 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
93 eventlogger.error(elr.toString());
94 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
97 if (isProxyServer()) {
98 super.doGet(req, resp);
101 String bhdr = req.getHeader(BEHALF_HEADER);
103 message = "Missing " + BEHALF_HEADER + " header.";
104 elr.setMessage(message);
105 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
106 eventlogger.error(elr.toString());
107 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
110 // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?)
111 String path = req.getRequestURI();
112 if (path != null && !"/".equals(path)) {
114 elr.setMessage(message);
115 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
116 eventlogger.error(elr.toString());
117 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
120 // Check with the Authorizer
121 AuthorizationResponse aresp = authz.decide(req);
122 if (!aresp.isAuthorized()) {
123 message = POLICY_ENGINE;
124 elr.setMessage(message);
125 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
126 eventlogger.error(elr.toString());
127 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
131 String name = req.getParameter("name");
132 String vers = req.getParameter("version");
133 String publ = req.getParameter("publisher");
134 String subs = req.getParameter("subscriber");
135 if (name != null && vers != null) {
136 // Display a specific feed
137 Feed feed = Feed.getFeedByNameVersion(name, vers);
138 if (feed == null || feed.isDeleted()) {
139 message = "This feed does not exist in the database.";
140 elr.setMessage(message);
141 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
142 eventlogger.error(elr.toString());
143 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
146 elr.setResult(HttpServletResponse.SC_OK);
147 eventlogger.info(elr.toString());
148 resp.setStatus(HttpServletResponse.SC_OK);
149 resp.setContentType(FEEDFULL_CONTENT_TYPE);
151 resp.getOutputStream().print(feed.asJSONObject(true).toString());
152 } catch (IOException ioe) {
153 eventlogger.error("PROV0111 DRFeedServlet.doGet " + ioe.getMessage(), ioe);
157 // Display a list of URLs
158 List<String> list = null;
160 list = Feed.getFilteredFeedUrlList("name", name);
161 } else if (publ != null) {
162 list = Feed.getFilteredFeedUrlList("publ", publ);
163 } else if (subs != null) {
164 list = Feed.getFilteredFeedUrlList("subs", subs);
166 list = Feed.getFilteredFeedUrlList("all", null);
168 String t = JSONUtilities.createJSONArray(list);
170 elr.setResult(HttpServletResponse.SC_OK);
171 eventlogger.info(elr.toString());
172 resp.setStatus(HttpServletResponse.SC_OK);
173 resp.setContentType(FEEDLIST_CONTENT_TYPE);
175 resp.getOutputStream().print(t);
176 } catch (IOException ioe) {
177 eventlogger.error("PROV0112 DRFeedServlet.doGet " + ioe.getMessage(), ioe);
181 eelfLogger.info(EelfMsgs.EXIT);
186 * PUT on the <drFeedsURL> -- not supported.
189 public void doPut(HttpServletRequest req, HttpServletResponse resp) {
190 setIpFqdnRequestIDandInvocationIDForEelf("doPut", req);
191 eelfLogger.info(EelfMsgs.ENTRY);
193 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
194 String message = "PUT not allowed for the drFeedsURL.";
195 EventLogRecord elr = new EventLogRecord(req);
196 elr.setMessage(message);
197 elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
198 eventlogger.error(elr.toString());
199 sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);
201 eelfLogger.info(EelfMsgs.EXIT);
206 * POST on the <drFeedsURL> -- create a new feed. See the <i>Creating a Feed</i> section in the
207 * <b>Provisioning API</b> document for details on how this method should be invoked.
210 public void doPost(HttpServletRequest req, HttpServletResponse resp) {
211 setIpFqdnRequestIDandInvocationIDForEelf("doPost", req);
212 eelfLogger.info(EelfMsgs.ENTRY);
214 eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER));
215 EventLogRecord elr = new EventLogRecord(req);
216 String message = isAuthorizedForProvisioning(req);
217 if (message != null) {
218 elr.setMessage(message);
219 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
220 eventlogger.error(elr.toString());
221 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
224 if (isProxyServer()) {
225 super.doPost(req, resp);
228 String bhdr = req.getHeader(BEHALF_HEADER);
230 message = "Missing " + BEHALF_HEADER + " header.";
231 elr.setMessage(message);
232 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
233 eventlogger.error(elr.toString());
234 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
237 // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?)
238 String path = req.getRequestURI();
239 if (path != null && !"/".equals(path)) {
241 elr.setMessage(message);
242 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
243 eventlogger.error(elr.toString());
244 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
247 // check content type is FEED_CONTENT_TYPE, version 1.0
248 ContentHeader ch = getContentHeader(req);
249 String ver = ch.getAttribute("version");
250 if (!ch.getType().equals(FEED_BASECONTENT_TYPE) || !("1.0".equals(ver) || "2.0".equals(ver))) {
251 message = "Incorrect content-type";
252 elr.setMessage(message);
253 elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
254 eventlogger.error(elr.toString());
255 sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger);
258 JSONObject jo = getJSONfromInput(req);
261 elr.setMessage(message);
262 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
263 eventlogger.error(elr.toString());
264 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
267 if (intlogger.isDebugEnabled()) {
268 intlogger.debug(jo.toString());
270 if (++activeFeeds > maxFeeds) {
272 message = "Cannot create feed; the maximum number of feeds has been configured.";
273 elr.setMessage(message);
274 elr.setResult(HttpServletResponse.SC_CONFLICT);
275 eventlogger.error(elr.toString());
276 sendResponseError(resp, HttpServletResponse.SC_CONFLICT, message, eventlogger);
282 } catch (InvalidObjectException e) {
283 message = e.getMessage();
284 elr.setMessage(message);
285 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
286 eventlogger.error(elr.toString(), e);
287 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
292 * START - AAF changes
293 * TDP EPIC US# 307413
294 * CADI code - No legacy user check as all new users will be AAF users
296 String aafInstance = feed.getAafInstance();
297 if (Boolean.parseBoolean(isCadiEnabled)) {
298 if ((aafInstance == null || "".equals(aafInstance) || ("legacy".equalsIgnoreCase(aafInstance)) && "true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER)))) {
299 // Check with the Authorizer
300 AuthorizationResponse aresp = authz.decide(req);
301 if (!aresp.isAuthorized()) {
302 message = POLICY_ENGINE;
303 elr.setMessage(message);
304 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
305 eventlogger.error(elr.toString());
306 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
310 if ("true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER))) {
311 message = "DRFeedsServlet.doPost() -Invalid request exclude_AAF should not be true if passing AAF_Instance value= " + aafInstance;
312 elr.setMessage(message);
313 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
314 eventlogger.error(elr.toString());
315 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
318 String permission = getFeedPermission(aafInstance, BaseServlet.CREATE_PERMISSION);
319 eventlogger.info("DRFeedsServlet.doPost().. Permission String - " + permission);
320 if (!req.isUserInRole(permission)) {
321 message = "AAF disallows access to permission - " + permission;
322 elr.setMessage(message);
323 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
324 eventlogger.error(elr.toString());
325 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
330 AuthorizationResponse aresp = authz.decide(req);
331 if (!aresp.isAuthorized()) {
332 message = POLICY_ENGINE;
333 elr.setMessage(message);
334 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
335 eventlogger.error(elr.toString());
336 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
344 feed.setPublisher(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header
346 // Check if this feed already exists
347 Feed feed2 = Feed.getFeedByNameVersion(feed.getName(), feed.getVersion());
349 message = "This feed already exists in the database.";
350 elr.setMessage(message);
351 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
352 eventlogger.error(elr.toString());
353 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
357 // Create FEED table entries
358 if (doInsert(feed)) {
360 elr.setResult(HttpServletResponse.SC_CREATED);
361 eventlogger.info(elr.toString());
362 resp.setStatus(HttpServletResponse.SC_CREATED);
363 resp.setContentType(FEEDFULL_CONTENT_TYPE);
364 resp.setHeader("Location", feed.getLinks().getSelf());
366 resp.getOutputStream().print(feed.asLimitedJSONObject().toString());
367 } catch (IOException ioe) {
368 eventlogger.error("PROV0113 DRFeedServlet.doPost " + ioe.getMessage(), ioe);
370 provisioningDataChanged();
372 // Something went wrong with the INSERT
373 elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
374 eventlogger.error(elr.toString());
375 sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);
378 eelfLogger.info(EelfMsgs.EXIT);