X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fdatarouter.git;a=blobdiff_plain;f=datarouter-node%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fnode%2FNodeServlet.java;h=d665080b54606388f4f419eb8a71ed8cb6a25dda;hp=51e59925476f9973e00b4e8b9f541922ddca6806;hb=5e6a9f65049e8e8d39e8dcab227e5d75b328b173;hpb=233898bab542c5425af9f6240955bad3904f9838
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
index 51e59925..d665080b 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
@@ -26,6 +26,13 @@ package org.onap.dmaap.datarouter.node;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
+import org.jetbrains.annotations.Nullable;
+import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
+import org.slf4j.MDC;
+
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
@@ -38,13 +45,6 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Enumeration;
import java.util.regex.Pattern;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.log4j.Logger;
-import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
import static org.onap.dmaap.datarouter.node.NodeUtils.sendResponseError;
@@ -60,12 +60,11 @@ import static org.onap.dmaap.datarouter.node.NodeUtils.sendResponseError;
* PUT/DELETE https://node/publish/feedid/fileid - publsh request
*/
public class NodeServlet extends HttpServlet {
- private static Logger logger = Logger.getLogger("org.onap.dmaap.datarouter.node.NodeServlet");
+
private static NodeConfigManager config;
private static Pattern MetaDataPattern;
- //Adding EELF Logger Rally:US664892
- private static EELFLogger eelflogger = EELFManager.getInstance()
- .getLogger("org.onap.dmaap.datarouter.node.NodeServlet");
+ private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServlet.class);
+ private final Delivery delivery;
static {
final String ws = "\\s*";
@@ -79,163 +78,195 @@ public class NodeServlet extends HttpServlet {
MetaDataPattern = Pattern.compile(object, Pattern.DOTALL);
}
+ NodeServlet(Delivery delivery) {
+ this.delivery = delivery;
+ }
+
/**
* Get the NodeConfigurationManager
*/
+ @Override
public void init() {
config = NodeConfigManager.getInstance();
- logger.info("NODE0101 Node Servlet Configured");
+ eelfLogger.info("NODE0101 Node Servlet Configured");
}
private boolean down(HttpServletResponse resp) throws IOException {
if (config.isShutdown() || !config.isConfigured()) {
- sendResponseError(resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE, logger);
- logger.info("NODE0102 Rejecting request: Service is being quiesced");
- return (true);
+ sendResponseError(resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE, eelfLogger);
+ eelfLogger.info("NODE0102 Rejecting request: Service is being quiesced");
+ return true;
}
- return (false);
+ return false;
}
/**
* Handle a GET for /internal/fetchProv
*/
- protected void doGet(HttpServletRequest req, HttpServletResponse resp){
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
NodeUtils.setIpAndFqdnForEelf("doGet");
- eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"),
- getIdFromPath(req) + "");
- try{
- if (down(resp)) {
- return;
- }
+ NodeUtils.setRequestIdAndInvocationId(req);
+ eelfLogger.info(EelfMsgs.ENTRY);
+ try {
+ eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-DMAAP-DR-ON-BEHALF-OF"),
+ getIdFromPath(req) + "");
+ try {
+ if (down(resp)) {
+ return;
+ }
- } catch (IOException ioe) {
- logger.error("IOException" + ioe.getMessage());
- }
- String path = req.getPathInfo();
- String qs = req.getQueryString();
- String ip = req.getRemoteAddr();
- if (qs != null) {
- path = path + "?" + qs;
- }
- if ("/internal/fetchProv".equals(path)) {
- config.gofetch(ip);
- resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
- return;
- } else if (path.startsWith("/internal/resetSubscription/")) {
- String subid = path.substring(28);
- if (subid.length() != 0 && subid.indexOf('/') == -1) {
- NodeMain.resetQueue(subid, ip);
+ } catch (IOException ioe) {
+ eelfLogger.error("IOException", ioe);
+ }
+ String path = req.getPathInfo();
+ String qs = req.getQueryString();
+ String ip = req.getRemoteAddr();
+ if (qs != null) {
+ path = path + "?" + qs;
+ }
+ if ("/internal/fetchProv".equals(path)) {
+ config.gofetch(ip);
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
return;
+ } else if (path.startsWith("/internal/resetSubscription/")) {
+ String subid = path.substring(28);
+ if (subid.length() != 0 && subid.indexOf('/') == -1) {
+ NodeMain.resetQueue(subid, ip);
+ resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
+ return;
+ }
}
- }
- logger.info("NODE0103 Rejecting invalid GET of " + path + " from " + ip);
- sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, logger);
+ eelfLogger.info("NODE0103 Rejecting invalid GET of " + path + " from " + ip);
+ sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, eelfLogger);
+ } finally {
+ eelfLogger.info(EelfMsgs.EXIT);
+ }
}
/**
* Handle all PUT requests
*/
+ @Override
protected void doPut(HttpServletRequest req, HttpServletResponse resp) {
NodeUtils.setIpAndFqdnForEelf("doPut");
- eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"),
- getIdFromPath(req) + "");
+ NodeUtils.setRequestIdAndInvocationId(req);
+ eelfLogger.info(EelfMsgs.ENTRY);
+ eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-DMAAP-DR-ON-BEHALF-OF"),
+ getIdFromPath(req) + "");
try {
common(req, resp, true);
- } catch(IOException ioe){
- logger.error("IOException" + ioe.getMessage());
- } catch(ServletException se){
- logger.error("ServletException" + se.getMessage());
+ } catch (IOException ioe) {
+ eelfLogger.error("IOException", ioe);
+ eelfLogger.info(EelfMsgs.EXIT);
}
}
/**
* Handle all DELETE requests
*/
- protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ @Override
+ protected void doDelete(HttpServletRequest req, HttpServletResponse resp) {
NodeUtils.setIpAndFqdnForEelf("doDelete");
- eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"),
- getIdFromPath(req) + "");
+ NodeUtils.setRequestIdAndInvocationId(req);
+ eelfLogger.info(EelfMsgs.ENTRY);
+ eelfLogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-DMAAP-DR-ON-BEHALF-OF"),
+ getIdFromPath(req) + "");
try {
common(req, resp, false);
- } catch(IOException ioe){
- logger.error("IOException" + ioe.getMessage());
- } catch(ServletException se){
- logger.error("ServletException" + se.getMessage());
+ } catch (IOException ioe) {
+ eelfLogger.error("IOException", ioe);
+ eelfLogger.info(EelfMsgs.EXIT);
}
}
- private void common(HttpServletRequest req, HttpServletResponse resp, boolean isput)
- throws ServletException, IOException {
- if (down(resp)) {
- return;
- }
- if (!req.isSecure()) {
- logger.info(
- "NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + " from " + req.getRemoteAddr());
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, "https required on publish requests");
- return;
- }
- String fileid = req.getPathInfo();
- if (fileid == null) {
- logger.info("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
- resp.sendError(HttpServletResponse.SC_NOT_FOUND,
- "Invalid request URI. Expecting /.");
- return;
- }
+ private void common(HttpServletRequest req, HttpServletResponse resp, boolean isput) throws IOException {
+ String fileid = getFileId(req, resp);
+ if (fileid == null) return;
String feedid = null;
String user = null;
- String credentials = req.getHeader("Authorization");
- if (credentials == null) {
- logger.info("NODE0106 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Authorization header required");
- return;
- }
String ip = req.getRemoteAddr();
String lip = req.getLocalAddr();
String pubid = null;
String xpubid = null;
String rcvd = NodeUtils.logts(System.currentTimeMillis()) + ";from=" + ip + ";by=" + lip;
Target[] targets = null;
+ boolean isAAFFeed = false;
+ if (fileid.startsWith("/delete/")) {
+ deleteFile(req, resp, fileid, pubid);
+ return;
+ }
+ String credentials = req.getHeader("Authorization");
+ if (credentials == null) {
+ eelfLogger.error("NODE0106 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + " from " + req
+ .getRemoteAddr());
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Authorization header required");
+ eelfLogger.info(EelfMsgs.EXIT);
+ return;
+ }
if (fileid.startsWith("/publish/")) {
fileid = fileid.substring(9);
int i = fileid.indexOf('/');
if (i == -1 || i == fileid.length() - 1) {
- logger.info("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_NOT_FOUND,
- "Invalid request URI. Expecting /. Possible missing fileid.");
+ "Invalid request URI. Expecting /. Possible missing fileid.");
+ eelfLogger.info(EelfMsgs.EXIT);
return;
}
feedid = fileid.substring(0, i);
+
+ if (config.getCadiEnabeld()) {
+ String path = req.getPathInfo();
+ if (!path.startsWith("/internal") && feedid != null) {
+ String aafInstance = config.getAafInstance(feedid);
+ if (!(aafInstance.equalsIgnoreCase("legacy"))) {
+ isAAFFeed = true;
+ String permission = config.getPermission(aafInstance);
+ eelfLogger.info("NodeServlet.common() permission string - " + permission);
+ //Check in CADI Framework API if user has AAF permission or not
+ if (!req.isUserInRole(permission)) {
+ String message = "AAF disallows access to permission string - " + permission;
+ eelfLogger.error("NODE0106 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + " from " + req.getRemoteAddr());
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
+ eelfLogger.info(EelfMsgs.EXIT);
+ return;
+ }
+ }
+ }
+ }
+
fileid = fileid.substring(i + 1);
pubid = config.getPublishId();
- xpubid = req.getHeader("X-ATT-DR-PUBLISH-ID");
+ xpubid = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
targets = config.getTargets(feedid);
} else if (fileid.startsWith("/internal/publish/")) {
if (!config.isAnotherNode(credentials, ip)) {
- logger.info("NODE0107 Rejecting unauthorized node-to-node transfer attempt from " + ip);
+ eelfLogger.error("NODE0107 Rejecting unauthorized node-to-node transfer attempt from " + ip);
resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ eelfLogger.info(EelfMsgs.EXIT);
return;
}
fileid = fileid.substring(18);
- pubid = req.getHeader("X-ATT-DR-PUBLISH-ID");
- targets = config.parseRouting(req.getHeader("X-ATT-DR-ROUTING"));
+ pubid = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
+ user = "datartr"; // SP6 : Added usr as datartr to avoid null entries for internal routing
+ targets = config.parseRouting(req.getHeader("X-DMAAP-DR-ROUTING"));
} else {
- logger.info("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_NOT_FOUND,
- "Invalid request URI. Expecting /.");
+ "Invalid request URI. Expecting /.");
+ eelfLogger.info(EelfMsgs.EXIT);
return;
}
if (fileid.indexOf('/') != -1) {
- logger.info("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
- .getRemoteAddr());
+ eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
+ .getRemoteAddr());
resp.sendError(HttpServletResponse.SC_NOT_FOUND,
- "Invalid request URI. Expecting /.");
+ "Invalid request URI. Expecting /.");
+ eelfLogger.info(EelfMsgs.EXIT);
return;
}
String qs = req.getQueryString();
@@ -250,15 +281,34 @@ public class NodeServlet extends HttpServlet {
String logurl = "https://" + hp + "/internal/publish/" + fileid;
if (feedid != null) {
logurl = "https://" + hp + "/publish/" + feedid + "/" + fileid;
- String reason = config.isPublishPermitted(feedid, credentials, ip);
- if (reason != null) {
- logger.info(
- "NODE0111 Rejecting unauthorized publish attempt to feed " + feedid + " fileid " + fileid + " from "
- + ip + " reason " + reason);
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, reason);
- return;
+ //Cadi code starts
+ if (!isAAFFeed) {
+ String reason = config.isPublishPermitted(feedid, credentials, ip);
+ if (reason != null) {
+ eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil.cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + " from " + PathUtil.cleanString(ip) + " reason " + PathUtil.cleanString(reason));
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, reason);
+ eelfLogger.info(EelfMsgs.EXIT);
+ return;
+ }
+ user = config.getAuthUser(feedid, credentials);
+ } else {
+ String reason = config.isPublishPermitted(feedid, ip);
+ if (reason != null) {
+ eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil.cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + " from " + PathUtil.cleanString(ip) + " reason Invalid AAF user- " + PathUtil.cleanString(reason));
+ String message = "Invalid AAF user- " + PathUtil.cleanString(reason);
+ eelfLogger.info("NODE0106 Rejecting unauthenticated PUT or DELETE of " + PathUtil.cleanString(req.getPathInfo()) + " from " + PathUtil.cleanString(req.getRemoteAddr()));
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
+ return;
+ }
+ if ((req.getUserPrincipal() != null) && (req.getUserPrincipal().getName() != null)) {
+ String userName = req.getUserPrincipal().getName();
+ String[] attid = userName.split("@");
+ user = attid[0];
+ } else {
+ user = "AAFUser";
+ }
}
- user = config.getAuthUser(feedid, credentials);
+ //Cadi code Ends
String newnode = config.getIngressNode(feedid, user, ip);
if (newnode != null) {
String port = "";
@@ -267,53 +317,62 @@ public class NodeServlet extends HttpServlet {
port = ":" + iport;
}
String redirto = "https://" + newnode + port + "/publish/" + feedid + "/" + fileid;
- logger.info(
- "NODE0108 Redirecting publish attempt for feed " + feedid + " user " + user + " ip " + ip + " to "
- + redirto);
- resp.sendRedirect(redirto);
+ eelfLogger.info("NODE0108 Redirecting publish attempt for feed " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " to " + PathUtil.cleanString(redirto)); //Fortify scan fixes - log forging
+ resp.sendRedirect(PathUtil.cleanString(redirto)); //Fortify scan fixes-open redirect - 2 issues
+ eelfLogger.info(EelfMsgs.EXIT);
return;
}
- resp.setHeader("X-ATT-DR-PUBLISH-ID", pubid);
+ resp.setHeader("X-DMAAP-DR-PUBLISH-ID", pubid);
+ }
+ if (req.getPathInfo().startsWith("/internal/publish/")) {
+ feedid = req.getHeader("X-DMAAP-DR-FEED-ID");
}
- String fbase = config.getSpoolDir() + "/" + pubid;
+ String fbase = PathUtil.cleanString(config.getSpoolDir() + "/" + pubid); //Fortify scan fixes-Path manipulation
File data = new File(fbase);
File meta = new File(fbase + ".M");
OutputStream dos = null;
+ Writer mw = null;
InputStream is = null;
- try (Writer mw = new FileWriter(meta)){
+ try {
StringBuffer mx = new StringBuffer();
mx.append(req.getMethod()).append('\t').append(fileid).append('\n');
Enumeration hnames = req.getHeaderNames();
String ctype = null;
+ boolean hasRequestIdHeader = false;
+ boolean hasInvocationIdHeader = false;
while (hnames.hasMoreElements()) {
String hn = (String) hnames.nextElement();
String hnlc = hn.toLowerCase();
if ((isput && ("content-type".equals(hnlc) ||
- "content-language".equals(hnlc) ||
- "content-md5".equals(hnlc) ||
- "content-range".equals(hnlc))) ||
- "x-att-dr-meta".equals(hnlc) ||
- (feedid == null && "x-att-dr-received".equals(hnlc)) ||
- (hnlc.startsWith("x-") && !hnlc.startsWith("x-att-dr-"))) {
+ "content-language".equals(hnlc) ||
+ "content-md5".equals(hnlc) ||
+ "content-range".equals(hnlc))) ||
+ "x-dmaap-dr-meta".equals(hnlc) ||
+ (feedid == null && "x-dmaap-dr-received".equals(hnlc)) ||
+ (hnlc.startsWith("x-") && !hnlc.startsWith("x-dmaap-dr-"))) {
Enumeration hvals = req.getHeaders(hn);
while (hvals.hasMoreElements()) {
String hv = (String) hvals.nextElement();
if ("content-type".equals(hnlc)) {
ctype = hv;
}
- if ("x-att-dr-meta".equals(hnlc)) {
+ if ("x-onap-requestid".equals(hnlc)) {
+ hasRequestIdHeader = true;
+ }
+ if ("x-invocationid".equals(hnlc)) {
+ hasInvocationIdHeader = true;
+ }
+ if ("x-dmaap-dr-meta".equals(hnlc)) {
if (hv.length() > 4096) {
- logger.info(
- "NODE0109 Rejecting publish attempt with metadata too long for feed " + feedid
- + " user " + user + " ip " + ip);
+ eelfLogger.error("NODE0109 Rejecting publish attempt with metadata too long for feed " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Metadata too long");
+ eelfLogger.info(EelfMsgs.EXIT);
return;
}
if (!MetaDataPattern.matcher(hv.replaceAll("\\\\.", "X")).matches()) {
- logger.info(
- "NODE0109 Rejecting publish attempt with malformed metadata for feed " + feedid
- + " user " + user + " ip " + ip);
+ eelfLogger.error("NODE0109 Rejecting publish attempt with malformed metadata for feed " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Malformed metadata");
+ eelfLogger.info(EelfMsgs.EXIT);
return;
}
}
@@ -321,7 +380,13 @@ public class NodeServlet extends HttpServlet {
}
}
}
- mx.append("X-ATT-DR-RECEIVED\t").append(rcvd).append('\n');
+ if (!hasRequestIdHeader) {
+ mx.append("X-ONAP-RequestID\t").append(MDC.get("RequestId")).append('\n');
+ }
+ if (!hasInvocationIdHeader) {
+ mx.append("X-InvocationID\t").append(MDC.get("InvocationId")).append('\n');
+ }
+ mx.append("X-DMAAP-DR-RECEIVED\t").append(rcvd).append('\n');
String metadata = mx.toString();
byte[] buf = new byte[1024 * 1024];
int i;
@@ -340,9 +405,10 @@ public class NodeServlet extends HttpServlet {
try {
exlen = Long.parseLong(req.getHeader("Content-Length"));
} catch (Exception e) {
+ eelfLogger.error("NODE0529 Exception common: " + e);
}
- StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user,
- ioe.getMessage());
+ StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user, ioe.getMessage());
+ eelfLogger.info(EelfMsgs.EXIT);
throw ioe;
}
Path dpath = Paths.get(fbase);
@@ -352,45 +418,157 @@ public class NodeServlet extends HttpServlet {
// TODO: unknown destination
continue;
}
- String dbase = di.getSpool() + "/" + pubid;
+ String dbase = PathUtil.cleanString(di.getSpool() + "/" + pubid); //Fortify scan fixes-Path Manipulation
Files.createLink(Paths.get(dbase), dpath);
+ mw = new FileWriter(meta);
mw.write(metadata);
if (di.getSubId() == null) {
- mw.write("X-ATT-DR-ROUTING\t" + t.getRouting() + "\n");
+ mw.write("X-DMAAP-DR-ROUTING\t" + t.getRouting() + "\n");
}
+ mw.close();
meta.renameTo(new File(dbase + ".M"));
+
}
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
- resp.getOutputStream().close();
- StatusLog.logPub(pubid, feedid, logurl, req.getMethod(), ctype, data.length(), ip, user,
- HttpServletResponse.SC_NO_CONTENT);
+ try {
+ resp.getOutputStream().close();
+ } catch (IOException ioe) {
+ long exlen = -1;
+ try {
+ exlen = Long.parseLong(req.getHeader("Content-Length"));
+ } catch (Exception e) {
+ eelfLogger.error("NODE00000 Exception common", e);
+ }
+ StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user, ioe.getMessage());
+ //Fortify scan fixes - log forging
+ eelfLogger.error("NODE0110 IO Exception while closing IO stream " + PathUtil.cleanString(feedid) + " user " + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " " + ioe.toString(), ioe);
+
+ throw ioe;
+ }
+
+ StatusLog.logPub(pubid, feedid, logurl, req.getMethod(), ctype, data.length(), ip, user, HttpServletResponse.SC_NO_CONTENT);
} catch (IOException ioe) {
- logger.info(
- "NODE0110 IO Exception receiving publish attempt for feed " + feedid + " user " + user + " ip " + ip
- + " " + ioe.toString(), ioe);
+ eelfLogger.error("NODE0110 IO Exception receiving publish attempt for feed " + feedid + " user " + user + " ip " + ip + " " + ioe.toString(), ioe);
+ eelfLogger.info(EelfMsgs.EXIT);
throw ioe;
} finally {
if (is != null) {
try {
is.close();
} catch (Exception e) {
+ eelfLogger.error("NODE0530 Exception common: " + e);
}
}
if (dos != null) {
try {
dos.close();
} catch (Exception e) {
+ eelfLogger.error("NODE0531 Exception common: " + e);
+ }
+ }
+ if (mw != null) {
+ try {
+ mw.close();
+ } catch (Exception e) {
+ eelfLogger.error("NODE0532 Exception common: " + e);
}
}
try {
data.delete();
} catch (Exception e) {
+ eelfLogger.error("NODE0533 Exception common: " + e);
}
try {
meta.delete();
} catch (Exception e) {
+ eelfLogger.error("NODE0534 Exception common: " + e);
+ }
+ }
+ }
+
+ private void deleteFile(HttpServletRequest req, HttpServletResponse resp, String fileid, String pubid) {
+ try {
+ fileid = fileid.substring(8);
+ int i = fileid.indexOf('/');
+ if (i == -1 || i == fileid.length() - 1) {
+ eelfLogger.error("NODE0112 Rejecting bad URI for DELETE of " + req.getPathInfo() + " from " + req
+ .getRemoteAddr());
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND,
+ "Invalid request URI. Expecting /.");
+ eelfLogger.info(EelfMsgs.EXIT);
+ return;
+ }
+ String subscriptionId = fileid.substring(0, i);
+ int subId = Integer.parseInt(subscriptionId);
+ pubid = fileid.substring(i + 1);
+ String errorMessage = "Unable to delete files (" + pubid + ", " + pubid + ".M) from DR Node: "
+ + config.getMyName() + ".";
+ int subIdDir = subId - (subId % 100);
+ if (!isAuthorizedToDelete(resp, subscriptionId, errorMessage)) {
+ return;
+ }
+ boolean result = delivery.markTaskSuccess(config.getSpoolBase() + "/s/" + subIdDir + "/" + subId, pubid);
+ if (result) {
+ eelfLogger.info("NODE0115 Successfully deleted files (" + pubid + ", " + pubid + ".M) from DR Node: "
+ + config.getMyName());
+ resp.setStatus(HttpServletResponse.SC_OK);
+ eelfLogger.info(EelfMsgs.EXIT);
+ } else {
+ eelfLogger.error("NODE0116 " + errorMessage);
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, "File not found on server.");
+ eelfLogger.info(EelfMsgs.EXIT);
+ }
+ } catch (IOException ioe) {
+ eelfLogger.error("NODE0117 Unable to delete files (" + pubid + ", " + pubid + ".M) from DR Node: "
+ + config.getMyName(), ioe);
+ eelfLogger.info(EelfMsgs.EXIT);
+ }
+ }
+
+ @Nullable
+ private String getFileId(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if (down(resp)) {
+ eelfLogger.info(EelfMsgs.EXIT);
+ return null;
+ }
+ if (!req.isSecure()) {
+ eelfLogger.error(
+ "NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + " from " + req
+ .getRemoteAddr());
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "https required on publish requests");
+ eelfLogger.info(EelfMsgs.EXIT);
+ return null;
+ }
+ String fileid = req.getPathInfo();
+ if (fileid == null) {
+ eelfLogger.error("NODE0105 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + " from " + req
+ .getRemoteAddr());
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND,
+ "Invalid request URI. Expecting /.");
+ eelfLogger.info(EelfMsgs.EXIT);
+ return null;
+ }
+ return fileid;
+ }
+
+ private boolean isAuthorizedToDelete(HttpServletResponse resp, String subscriptionId, String errorMessage) throws IOException {
+ try {
+ boolean deletePermitted = config.isDeletePermitted(subscriptionId);
+ if (!deletePermitted) {
+ eelfLogger.error("NODE0113 " + errorMessage + " Error: Subscription "
+ + subscriptionId + " is not a privileged subscription");
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ eelfLogger.info(EelfMsgs.EXIT);
+ return false;
}
+ } catch (NullPointerException npe) {
+ eelfLogger.error("NODE0114 " + errorMessage + " Error: Subscription " + subscriptionId +
+ " does not exist", npe);
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ eelfLogger.info(EelfMsgs.EXIT);
+ return false;
}
+ return true;
}
private int getIdFromPath(HttpServletRequest req) {