@SuppressWarnings("serial")\r
public class SubscriptionServlet extends ProxyServlet {\r
\r
- public static final String SUBCNTRL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-control";\r
+ private static final String SUBCNTRL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-control";\r
//Adding EELF Logger Rally:US664892\r
private static EELFLogger eelflogger = EELFManager.getInstance()\r
.getLogger(SubscriptionServlet.class);\r
sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);\r
return;\r
}\r
- // Check with the Authorizer\r
- AuthorizationResponse aresp = authz.decide(req);\r
- if (!aresp.isAuthorized()) {\r
- message = "Policy Engine disallows access.";\r
- elr.setMessage(message);\r
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
- eventlogger.info(elr);\r
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
- return;\r
+ /*\r
+ * START - AAF changes\r
+ * TDP EPIC US# 307413\r
+ * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription\r
+ */\r
+ String aafInstance = sub.getAafInstance();\r
+ if (aafInstance == null || aafInstance.equals("") || aafInstance.equalsIgnoreCase("legacy")) {\r
+ AuthorizationResponse aresp = authz.decide(req);\r
+ if (!aresp.isAuthorized()) {\r
+ message = "Policy Engine disallows access.";\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+ eventlogger.info(elr);\r
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+ return;\r
+ }\r
+ } else {\r
+ String permission = getSubscriberPermission(aafInstance, BaseServlet.DELETE_PERMISSION);\r
+ eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);\r
+ if (!req.isUserInRole(permission)) {\r
+ message = "AAF disallows access to permission - " + permission;\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+ eventlogger.info(elr);\r
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+ return;\r
+ }\r
}\r
-\r
+ /*\r
+ * END - AAF changes\r
+ */\r
// Delete Subscription\r
if (doDelete(sub)) {\r
activeSubs--;\r
sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);\r
return;\r
}\r
- // Check with the Authorizer\r
- AuthorizationResponse aresp = authz.decide(req);\r
- if (!aresp.isAuthorized()) {\r
- message = "Policy Engine disallows access.";\r
- elr.setMessage(message);\r
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
- eventlogger.info(elr);\r
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
- return;\r
- }\r
// check content type is SUB_CONTENT_TYPE, version 1.0\r
ContentHeader ch = getContentHeader(req);\r
String ver = ch.getAttribute("version");\r
sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
return;\r
}\r
+\r
+ /*\r
+ * START - AAF changes\r
+ * TDP EPIC US# 307413\r
+ * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription\r
+ */\r
+ String aafInstance = sub.getAafInstance();\r
+ if (aafInstance == null || aafInstance.equals("") || aafInstance.equalsIgnoreCase("legacy")) {\r
+ AuthorizationResponse aresp = authz.decide(req);\r
+ if (!aresp.isAuthorized()) {\r
+ message = "Policy Engine disallows access.";\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+ eventlogger.info(elr);\r
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+ return;\r
+ }\r
+ } else {\r
+ String permission = getSubscriberPermission(aafInstance, BaseServlet.EDIT_PERMISSION);\r
+ eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);\r
+ if (!req.isUserInRole(permission)) {\r
+ message = "AAF disallows access to permission - " + permission;\r
+ elr.setMessage(message);\r
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+ eventlogger.info(elr);\r
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+ return;\r
+ }\r
+ }\r
+ /*\r
+ * END - AAF changes\r
+ */\r
sub.setSubid(oldsub.getSubid());\r
sub.setFeedid(oldsub.getFeedid());\r
sub.setSubscriber(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header\r
*/\r
@Override\r
public void doPost(HttpServletRequest req, HttpServletResponse resp) {\r
-// OLD pre-3.0 code\r
-// String message = "POST not allowed for the subscriptionURL.";\r
-// EventLogRecord elr = new EventLogRecord(req);\r
-// elr.setMessage(message);\r
-// elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);\r
-// eventlogger.info(elr);\r
-// resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, message);\r
\r
setIpFqdnRequestIDandInvocationIDForEelf("doPost", req);\r
eelflogger.info(EelfMsgs.ENTRY);\r