2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest;
24 import java.io.FileInputStream;
25 import java.io.IOException;
26 import java.io.InputStream;
27 import java.io.OutputStream;
28 import java.io.UnsupportedEncodingException;
29 import java.net.ConnectException;
30 import java.net.HttpURLConnection;
31 import java.net.InetAddress;
32 import java.net.MalformedURLException;
33 import java.net.SocketTimeoutException;
35 import java.net.URLDecoder;
36 import java.net.UnknownHostException;
37 import java.nio.file.Files;
38 import java.nio.file.Path;
39 import java.nio.file.Paths;
40 import java.util.ArrayList;
41 import java.util.HashMap;
42 import java.util.HashSet;
43 import java.util.List;
44 import java.util.Properties;
45 import java.util.Scanner;
47 import java.util.UUID;
48 import java.util.concurrent.CopyOnWriteArrayList;
50 import javax.persistence.EntityManagerFactory;
51 import javax.persistence.Persistence;
52 import javax.persistence.PersistenceException;
53 import javax.servlet.Servlet;
54 import javax.servlet.ServletConfig;
55 import javax.servlet.ServletException;
56 import javax.servlet.annotation.WebInitParam;
57 import javax.servlet.annotation.WebServlet;
58 import javax.servlet.http.HttpServlet;
59 import javax.servlet.http.HttpServletRequest;
60 import javax.servlet.http.HttpServletResponse;
62 import org.apache.commons.io.IOUtils;
63 import org.onap.policy.common.ia.IntegrityAudit;
64 import org.onap.policy.common.im.AdministrativeStateException;
65 import org.onap.policy.common.im.ForwardProgressException;
66 import org.onap.policy.common.im.IntegrityMonitor;
67 import org.onap.policy.common.im.IntegrityMonitorException;
68 import org.onap.policy.common.im.IntegrityMonitorProperties;
69 import org.onap.policy.common.im.StandbyStatusException;
70 import org.onap.policy.common.logging.ONAPLoggingContext;
71 import org.onap.policy.common.logging.ONAPLoggingUtils;
72 import org.onap.policy.common.logging.eelf.MessageCodes;
73 import org.onap.policy.common.logging.eelf.PolicyLogger;
74 import org.onap.policy.common.logging.flexlogger.FlexLogger;
75 import org.onap.policy.common.logging.flexlogger.Logger;
76 import org.onap.policy.pap.xacml.rest.components.PolicyDBDao;
77 import org.onap.policy.pap.xacml.rest.components.PolicyDBDaoTransaction;
78 import org.onap.policy.pap.xacml.rest.handler.APIRequestHandler;
79 import org.onap.policy.pap.xacml.rest.handler.PushPolicyHandler;
80 import org.onap.policy.pap.xacml.rest.handler.SavePolicyHandler;
81 import org.onap.policy.pap.xacml.restAuth.CheckPDP;
82 import org.onap.policy.rest.XACMLRest;
83 import org.onap.policy.rest.XACMLRestProperties;
84 import org.onap.policy.rest.dao.PolicyDBException;
85 import org.onap.policy.utils.CryptoUtils;
86 import org.onap.policy.utils.PolicyUtils;
87 import org.onap.policy.xacml.api.XACMLErrorConstants;
88 import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
89 import org.onap.policy.xacml.api.pap.OnapPDP;
90 import org.onap.policy.xacml.api.pap.OnapPDPGroup;
91 import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
92 import org.onap.policy.xacml.std.pap.StdPDP;
93 import org.onap.policy.xacml.std.pap.StdPDPGroup;
94 import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener;
95 import org.onap.policy.xacml.std.pap.StdPDPPolicy;
96 import org.onap.policy.xacml.std.pap.StdPDPStatus;
98 import com.att.research.xacml.api.pap.PAPException;
99 import com.att.research.xacml.api.pap.PDPPolicy;
100 import com.att.research.xacml.api.pap.PDPStatus;
101 import com.att.research.xacml.util.FactoryException;
102 import com.att.research.xacml.util.XACMLProperties;
103 import com.fasterxml.jackson.databind.ObjectMapper;
104 import com.google.common.base.Splitter;
107 * Servlet implementation class XacmlPapServlet
110 description = "Implements the XACML PAP RESTful API.",
111 urlPatterns = { "/" },
114 @WebInitParam(name = "XACML_PROPERTIES_NAME", value = "xacml.pap.properties", description = "The location of the properties file holding configuration information.")
116 public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeListener, Runnable {
117 private static final long serialVersionUID = 1L;
118 private static final Logger LOGGER = FlexLogger.getLogger(XACMLPapServlet.class);
119 // audit (transaction) LOGGER
120 private static final Logger auditLogger = FlexLogger.getLogger("auditLogger");
121 //Persistence Unit for JPA
122 private static final String PERSISTENCE_UNIT = "XACML-PAP-REST";
123 private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
125 private static final String ENVIRONMENT_HEADER = "Environment";
126 private static final String ADD_GROUP_ERROR = "addGroupError";
127 private static final String PERSISTENCE_JDBC_PWD = "javax.persistence.jdbc.password";
129 private static final String REGEX = "[0-9a-zA-Z._ ]*";
132 * List of Admin Console URLs.
133 * Used to send notifications when configuration changes.
135 * The CopyOnWriteArrayList *should* protect from concurrency errors.
136 * This list is seldom changed but often read, so the costs of this approach make sense.
138 private static final CopyOnWriteArrayList<String> adminConsoleURLStringList = new CopyOnWriteArrayList<>();
140 private static String configHome;
141 private static String actionHome;
143 * This PAP instance's own URL.
144 * Need this when creating URLs to send to the PDPs so they can GET the Policy files from this process.
146 private static String papURL = null;
147 // The heartbeat thread.
148 private static Heartbeat heartbeat = null;
149 private static Thread heartbeatThread = null;
150 //The entity manager factory for JPA access
151 private static EntityManagerFactory emf;
152 private static PolicyDBDao policyDBDao;
154 * papEngine - This is our engine workhorse that manages the PDP Groups and Nodes.
156 private static PAPPolicyEngine papEngine = null;
158 * These are the parameters needed for DB access from the PAP
160 private static int papIntegrityAuditPeriodSeconds = -1;
161 private static String papDbDriver = null;
162 private static String papDbUrl = null;
163 private static String papDbUser = null;
164 private static String papDbPassword = null;
165 private static String papResourceName = null;
166 private static String[] papDependencyGroupsFlatArray = null;
167 private static String environment = null;
168 private static String pdpFile = null;
170 private transient IntegrityMonitor im;
171 private transient IntegrityAudit ia;
173 //MicroService Model Properties
174 private static String msOnapName;
175 private static String msPolicyName;
177 * This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when
178 * this servlet starts. Its configurable by the admin.
180 private static transient Thread initiateThread = null;
181 private transient ONAPLoggingContext baseLoggingContext = null;
184 * @see HttpServlet#HttpServlet()
186 public XACMLPapServlet() {
191 * @see Servlet#init(ServletConfig)
193 public void init(ServletConfig config) throws ServletException {
196 baseLoggingContext = new ONAPLoggingContext();
197 // fixed data that will be the same in all logging output goes here
199 String hostname = InetAddress.getLocalHost().getCanonicalHostName();
200 baseLoggingContext.setServer(hostname);
201 } catch (UnknownHostException e) {
202 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get hostname for logging", e);
205 XACMLRest.xacmlInit(config);
206 // Load the properties
207 XACMLRest.loadXacmlProperties(null, null);
209 * Retrieve the property values
211 setCommonProperties();
212 String papSiteName = XACMLProperties.getProperty(XACMLRestProperties.PAP_SITE_NAME);
213 if(papSiteName == null){
214 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papSiteName property entry");
215 throw new PAPException("papSiteName is null");
217 String papNodeType = XACMLProperties.getProperty(XACMLRestProperties.PAP_NODE_TYPE);
218 if(papNodeType == null){
219 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papNodeType property entry");
220 throw new PAPException("papNodeType is null");
222 //Integer will throw an exception of anything is missing or unrecognized
223 int papTransWait = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT));
224 int papTransTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT));
225 int papAuditTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_TIMEOUT));
226 //Boolean will default to false if anything is missing or unrecognized
227 boolean papAuditFlag = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG));
228 boolean papFileSystemAudit = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_FLAG));
229 String papDependencyGroups = XACMLProperties.getProperty(XACMLRestProperties.PAP_DEPENDENCY_GROUPS);
230 if(papDependencyGroups == null){
231 throw new PAPException("papDependencyGroups is null");
233 setPAPDependencyGroups(papDependencyGroups);
234 //Integer will throw an exception of anything is missing or unrecognized
235 int fpMonitorInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FP_MONITOR_INTERVAL));
236 int failedCounterThreshold = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FAILED_COUNTER_THRESHOLD));
237 int testTransInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.TEST_TRANS_INTERVAL));
238 int writeFpcInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.WRITE_FPC_INTERVAL));
239 LOGGER.debug("\n\n\n**************************************"
240 + "\n*************************************"
242 + "\n papDbDriver = " + papDbDriver
243 + "\n papDbUrl = " + papDbUrl
244 + "\n papDbUser = " + papDbUser
245 + "\n papTransWait = " + papTransWait
246 + "\n papTransTimeout = " + papTransTimeout
247 + "\n papAuditTimeout = " + papAuditTimeout
248 + "\n papAuditFlag = " + papAuditFlag
249 + "\n papFileSystemAudit = " + papFileSystemAudit
250 + "\n papResourceName = " + papResourceName
251 + "\n fpMonitorInterval = " + fpMonitorInterval
252 + "\n failedCounterThreshold = " + failedCounterThreshold
253 + "\n testTransInterval = " + testTransInterval
254 + "\n writeFpcInterval = " + writeFpcInterval
255 + "\n papSiteName = " + papSiteName
256 + "\n papNodeType = " + papNodeType
257 + "\n papDependencyGroupsList = " + papDependencyGroups
258 + "\n papIntegrityAuditPeriodSeconds = " + papIntegrityAuditPeriodSeconds
259 + "\n\n*************************************"
260 + "\n**************************************");
261 // Pull custom persistence settings
262 Properties properties;
264 properties = XACMLProperties.getProperties();
265 LOGGER.debug("\n\n\n**************************************"
266 + "\n**************************************"
268 + "properties = " + properties
269 + "\n\n**************************************");
270 } catch (IOException e) {
271 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " Error loading properties with: "
272 + "XACMLProperties.getProperties()");
273 throw new ServletException(e.getMessage(), e.getCause());
275 // Create an IntegrityMonitor
276 if(properties.getProperty(PERSISTENCE_JDBC_PWD) != null ){
277 properties.setProperty(PERSISTENCE_JDBC_PWD, CryptoUtils.decryptTxtNoExStr(properties.getProperty(PERSISTENCE_JDBC_PWD, "")));
279 im = IntegrityMonitor.getInstance(papResourceName,properties);
280 // Create an IntegrityAudit
281 ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
282 ia.startAuditThread();
283 // Create the entity manager factory
285 // we are about to call the PDPs and give them their configuration.
286 // To do that we need to have the URL of this PAP so we can construct the Policy file URLs
287 setPAPURL(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL));
288 //Create the policyDBDao
290 // Load our PAP engine, first create a factory
291 ONAPPapEngineFactory factory = ONAPPapEngineFactory.newInstance(XACMLProperties.getProperty(XACMLProperties.PROP_PAP_PAPENGINEFACTORY));
292 // The factory knows how to go about creating a PAP Engine
293 setPAPEngine((PAPPolicyEngine) factory.newEngine());
294 PolicyDBDaoTransaction addNewGroup = null;
295 if (((org.onap.policy.xacml.std.pap.StdEngine) papEngine).wasDefaultGroupJustAdded) {
297 addNewGroup = policyDBDao.getNewTransaction();
298 OnapPDPGroup group = papEngine.getDefaultGroup();
299 addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(),
300 "automaticallyAdded");
301 addNewGroup.commitTransaction();
302 addNewGroup = policyDBDao.getNewTransaction();
303 addNewGroup.changeDefaultGroup(group, "automaticallyAdded");
304 addNewGroup.commitTransaction();
305 } catch (Exception e) {
306 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet",
307 " Error creating new default group in the database");
308 if (addNewGroup != null) {
309 addNewGroup.rollbackTransaction();
313 policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine);
314 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){
316 * Auditing the local File System groups to be in sync with the Database
319 //get an AuditTransaction to lock out all other transactions
320 PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction();
322 LOGGER.info("PapServlet: calling auditLocalFileSystem for PDP group audit");
323 LOGGER.info("PapServlet: old group is " + papEngine.getDefaultGroup().toString());
324 //get the current filesystem group and update from the database if needed
325 StdPDPGroup group = (StdPDPGroup) papEngine.getDefaultGroup();
326 StdPDPGroup updatedGroup = policyDBDao.auditLocalFileSystem(group);
327 if(updatedGroup!=null) {
328 papEngine.updateGroup(updatedGroup);
330 LOGGER.info("PapServlet: updated group is " + papEngine.getDefaultGroup().toString());
332 //release the transaction lock
336 // Sanity check for URL.
337 if (XACMLPapServlet.papURL == null) {
338 throw new PAPException("The property " + XACMLRestProperties.PROP_PAP_URL + " is not valid: " + XACMLPapServlet.papURL);
340 // Configurable - have the PAP servlet initiate sending the latest PDP policy/pip configuration
341 // to all its known PDP nodes.
342 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_INITIATE_PDP_CONFIG))) {
343 startInitiateThreadService(new Thread(this));
345 // After startup, the PAP does Heartbeat's to each of the PDPs periodically
346 startHeartBeatService(new Heartbeat((PAPPolicyEngine) XACMLPapServlet.papEngine));
348 } catch (FactoryException | PAPException e) {
349 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine");
350 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; error: "+e);
351 } catch (Exception e) {
352 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine - unexpected error");
353 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; unexpected error: "+e);
357 private static void startInitiateThreadService(Thread thread) {
358 initiateThread = thread;
359 initiateThread.start();
362 private static void mapperWriteValue(ObjectMapper mapper, HttpServletResponse response, Object value) {
364 mapper.writeValue(response.getOutputStream(), value);
365 } catch (Exception e) {
370 private static void startHeartBeatService(Heartbeat heartbeat) {
371 XACMLPapServlet.heartbeat = heartbeat;
372 XACMLPapServlet.heartbeatThread = new Thread(XACMLPapServlet.heartbeat);
373 XACMLPapServlet.heartbeatThread.start();
376 private static void setPolicyDBDao() throws ServletException {
378 policyDBDao = PolicyDBDao.getPolicyDBDaoInstance(getEmf());
379 } catch (Exception e) {
380 throw new ServletException("Unable to Create Policy DBDao Instance",e);
384 private static void setEMF(Properties properties) throws ServletException {
385 emf = Persistence.createEntityManagerFactory(PERSISTENCE_UNIT, properties);
387 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager factory with persistence unit: "
389 throw new ServletException("Unable to create Entity Manager Factory");
393 private static void setPAPURL(String papURL) {
394 XACMLPapServlet.papURL = papURL;
397 private static void setPAPEngine(PAPPolicyEngine newEngine) {
398 XACMLPapServlet.papEngine = newEngine;
401 private static void setPAPDependencyGroups(String papDependencyGroups) throws PAPException {
403 //Now we have flattened the array into a simple comma-separated list
404 papDependencyGroupsFlatArray = papDependencyGroups.split("[;,]");
405 //clean up the entries
406 for (int i = 0 ; i < papDependencyGroupsFlatArray.length ; i ++){
407 papDependencyGroupsFlatArray[i] = papDependencyGroupsFlatArray[i].trim();
410 if(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS) != null){
411 papIntegrityAuditPeriodSeconds = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS).trim());
414 String msg = "integrity_audit_period_seconds ";
415 LOGGER.error("\n\nERROR: " + msg + "Bad property entry: " + e.getMessage() + "\n");
416 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: " + msg +"Bad property entry");
420 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry");
421 throw new PAPException(e);
425 private static void setCommonProperties() throws PAPException {
428 papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER);
429 if(papDbDriver == null){
430 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbDriver property entry");
431 throw new PAPException("papDbDriver is null");
433 setPapDbDriver(papDbDriver);
434 papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL);
435 if(papDbUrl == null){
436 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUrl property entry");
437 throw new PAPException("papDbUrl is null");
439 setPapDbUrl(papDbUrl);
440 papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER);
441 if(papDbUser == null){
442 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUser property entry");
443 throw new PAPException("papDbUser is null");
445 setPapDbUser(papDbUser);
446 papDbPassword = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD, ""));
447 if(papDbPassword == null){
448 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
449 throw new PAPException("papDbPassword is null");
451 setPapDbPassword(papDbPassword);
452 papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME);
453 if(papResourceName == null){
454 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papResourceName property entry");
455 throw new PAPException("papResourceName is null");
457 environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
458 //Micro Service Properties
459 msOnapName=XACMLProperties.getProperty("xacml.policy.msOnapName");
460 setMsOnapName(msOnapName);
461 msPolicyName=XACMLProperties.getProperty("xacml.policy.msPolicyName");
462 setMsPolicyName(msPolicyName);
463 // PDPId File location
464 XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE);
465 if (XACMLPapServlet.pdpFile == null) {
466 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " The PDP Id Authentication File Property is not valid: "
467 + XACMLRestProperties.PROP_PDP_IDFILE);
468 throw new PAPException("The PDP Id Authentication File Property :"+ XACMLRestProperties.PROP_PDP_IDFILE+ " is not Valid. ");
473 * Thread used only during PAP startup to initiate change messages to all known PDPs.
474 * This must be on a separate thread so that any GET requests from the PDPs during this update can be serviced.
478 // send the current configuration to all the PDPs that we know about
483 * @see Servlet#destroy()
485 * Depending on how this servlet is run, we may or may not care about cleaning up the resources.
486 * For now we assume that we do care.
489 public void destroy() {
490 // Make sure our threads are destroyed
491 if (XACMLPapServlet.heartbeatThread != null) {
492 // stop the heartbeat
494 if (XACMLPapServlet.heartbeat != null) {
495 XACMLPapServlet.heartbeat.terminate();
497 XACMLPapServlet.heartbeatThread.interrupt();
498 XACMLPapServlet.heartbeatThread.join();
499 } catch (InterruptedException e) {
500 XACMLPapServlet.heartbeatThread.interrupt();
501 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping heartbeat");
504 if (initiateThread != null) {
506 initiateThread.interrupt();
507 initiateThread.join();
508 } catch (InterruptedException e) {
509 initiateThread.interrupt();
510 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping thread");
517 * - PDP nodes to register themselves with the PAP, and
518 * - Admin Console to make changes in the PDP Groups.
520 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
522 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
523 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
524 loggingContext.transactionStarted();
525 loggingContext.setServiceName("PAP.post");
526 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
527 UUID requestID = UUID.randomUUID();
528 loggingContext.setRequestID(requestID.toString());
529 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPost) so we generated one");
531 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)");
533 PolicyDBDaoTransaction pdpTransaction = null;
534 loggingContext.metricStarted();
536 im.startTransaction();
537 loggingContext.metricEnded();
538 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
539 } catch (AdministrativeStateException ae){
540 String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
541 + " state of " + im.getStateManager().getAdminState()
542 + "\n Exception Message: " + PolicyUtils.CATCH_EXCEPTION;
543 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae);
544 loggingContext.metricEnded();
545 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
546 loggingContext.transactionEnded();
547 PolicyLogger.audit("Transaction Failed - See Error.log");
548 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
550 }catch (StandbyStatusException se) {
551 String message = "POST interface called for PAP " + papResourceName + " but it has a Standby Status"
552 + " of " + im.getStateManager().getStandbyStatus()
553 + "\n Exception Message: " + se.getMessage();
554 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, se);
555 loggingContext.metricEnded();
556 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
557 loggingContext.transactionEnded();
558 PolicyLogger.audit("Transaction Failed - See Error.log");
559 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
561 } catch (IntegrityMonitorException e) {
562 String message = "POST interface called for PAP " + papResourceName + " but an exception occurred"
563 + "\n Exception Message: " + e.getMessage();
564 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, e);
565 loggingContext.metricEnded();
566 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
567 loggingContext.transactionEnded();
568 PolicyLogger.audit("Transaction Failed - See Error.log");
569 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
573 loggingContext.metricStarted();
574 XACMLRest.dumpRequest(request);
575 loggingContext.metricEnded();
576 PolicyLogger.metrics("XACMLPapServlet doPost dumpRequest");
577 // since getParameter reads the content string, explicitly get the content before doing that.
578 // Simply getting the inputStream seems to protect it against being consumed by getParameter.
579 request.getInputStream();
580 String groupId = request.getParameter("groupId");
581 String apiflag = request.getParameter("apiflag");
582 if(groupId != null) {
583 // Is this from the Admin Console or API?
584 if(apiflag!=null && apiflag.equalsIgnoreCase("api")) {
585 // this is from the API so we need to check the client credentials before processing the request
586 if(!authorizeRequest(request)){
587 String message = "PEP not Authorized for making this Request!!";
588 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
589 loggingContext.transactionEnded();
590 PolicyLogger.audit("Transaction Failed - See Error.log");
591 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
596 loggingContext.metricStarted();
597 doACPost(request, response, groupId, loggingContext);
598 loggingContext.metricEnded();
599 PolicyLogger.metrics("XACMLPapServlet doPost doACPost");
600 loggingContext.transactionEnded();
601 PolicyLogger.audit("Transaction Ended Successfully");
605 // Request is from a PDP asking for its config.
606 loggingContext.setServiceName("PDP:PAP.register");
608 String id = this.getPDPID(request);
609 String jmxport = this.getPDPJMX(request);
610 LOGGER.info("Request(doPost) from PDP coming up: " + id);
611 // Get the PDP Object
612 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
615 LOGGER.info("Unknown PDP: " + id);
617 if(CheckPDP.validateID(id)){
618 pdpTransaction = policyDBDao.getNewTransaction();
620 pdpTransaction.addPdpToGroup(id, XACMLPapServlet.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister");
621 XACMLPapServlet.papEngine.newPDP(id, XACMLPapServlet.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport));
622 } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException | PolicyDBException e) {
623 pdpTransaction.rollbackTransaction();
624 String message = "Failed to create new PDP for id: " + id;
625 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message);
626 loggingContext.transactionEnded();
627 PolicyLogger.audit("Transaction Failed - See Error.log");
628 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
632 // get the PDP we just created
634 pdp = XACMLPapServlet.papEngine.getPDP(id);
635 }catch(PAPException e){
639 if(pdpTransaction != null){
640 pdpTransaction.rollbackTransaction();
642 String message = "Failed to create new PDP for id: " + id;
643 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
644 loggingContext.transactionEnded();
645 PolicyLogger.audit("Transaction Failed - See Error.log");
646 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
651 String message = "PDP is Unauthorized to Connect to PAP: "+ id;
652 loggingContext.transactionEnded();
653 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
654 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration.");
655 PolicyLogger.audit("Transaction Failed - See Error.log");
660 loggingContext.metricStarted();
661 pdpTransaction.commitTransaction();
662 loggingContext.metricEnded();
663 PolicyLogger.metrics("XACMLPapServlet doPost commitTransaction");
664 } catch(Exception e){
665 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database");
668 if (jmxport != null && jmxport != ""){
670 ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport));
671 }catch(NumberFormatException e){
675 // Get the PDP's Group
676 OnapPDPGroup group =null;
678 group= XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
679 }catch(PAPException e){
683 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " PDP not associated with any group, even the default");
684 loggingContext.transactionEnded();
685 PolicyLogger.audit("Transaction Failed - See Error.log");
686 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not associated with any group, even the default");
690 // Determine what group the PDP node is in and get
691 // its policy/pip properties.
692 Properties policies = group.getPolicyProperties();
693 Properties pipconfig = group.getPipConfigProperties();
694 // Get the current policy/pip configuration that the PDP has
695 Properties pdpProperties = new Properties();
697 pdpProperties.load(request.getInputStream());
698 }catch(IOException e){
701 LOGGER.info("PDP Current Properties: " + pdpProperties.toString());
702 LOGGER.info("Policies: " + (policies != null ? policies.toString() : "null"));
703 LOGGER.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null"));
704 // Validate the node's properties
705 boolean isCurrent = this.isPDPCurrent(policies, pipconfig, pdpProperties);
706 // Send back current configuration
707 if (isCurrent == false) {
708 // Tell the PDP we are sending back the current policies/pip config
709 LOGGER.info("PDP configuration NOT current.");
710 if (policies != null) {
711 // Put URL's into the properties in case the PDP needs to
713 this.populatePolicyURL(request.getRequestURL(), policies);
714 // Copy the properties to the output stream
716 policies.store(response.getOutputStream(), "");
717 }catch(IOException e){
721 if (pipconfig != null) {
722 // Copy the properties to the output stream
724 pipconfig.store(response.getOutputStream(), "");
725 }catch(IOException e){
729 // We are good - and we are sending them information
730 response.setStatus(HttpServletResponse.SC_OK);
732 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
733 }catch(PAPException e){
737 // Tell them they are good
738 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
740 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
741 }catch(PAPException e){
745 // tell the AC that something changed
746 loggingContext.metricStarted();
748 loggingContext.metricEnded();
749 PolicyLogger.metrics("XACMLPapServlet doPost notifyAC");
750 loggingContext.transactionEnded();
751 auditLogger.info("Success");
752 PolicyLogger.audit("Transaction Ended Successfully");
753 } catch (PAPException | IOException | NumberFormatException e) {
754 if(pdpTransaction != null){
755 pdpTransaction.rollbackTransaction();
757 LOGGER.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e);
758 loggingContext.transactionEnded();
759 PolicyLogger.audit("Transaction Failed - See Error.log");
760 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
764 //Catch anything that fell through
765 loggingContext.transactionEnded();
766 PolicyLogger.audit("Transaction Ended");
770 private void setResponseError(HttpServletResponse response,int responseCode, String message) {
772 if(message != null && !message.isEmpty()){
773 response.sendError(responseCode, message);
775 } catch (IOException e) {
776 LOGGER.error("Error setting Error response Header ", e);
782 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
784 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
785 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
786 loggingContext.transactionStarted();
787 loggingContext.setServiceName("PAP.get");
788 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
789 UUID requestID = UUID.randomUUID();
790 loggingContext.setRequestID(requestID.toString());
791 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doGet) so we generated one");
793 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)");
796 loggingContext.metricStarted();
797 XACMLRest.dumpRequest(request);
798 loggingContext.metricEnded();
799 PolicyLogger.metrics("XACMLPapServlet doGet dumpRequest");
800 String pathInfo = request.getRequestURI();
801 LOGGER.info("path info: " + pathInfo);
802 if (pathInfo != null){
803 //DO NOT do a im.startTransaction for the test request
804 if (pathInfo.equals("/pap/test")) {
806 testService(loggingContext, response);
807 } catch (IOException e) {
813 //This im.startTransaction() covers all other Get transactions
815 loggingContext.metricStarted();
816 im.startTransaction();
817 loggingContext.metricEnded();
818 PolicyLogger.metrics("XACMLPapServlet doGet im startTransaction");
819 } catch (AdministrativeStateException ae){
820 String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative"
821 + " state of " + im.getStateManager().getAdminState()
822 + "\n Exception Message: " + ae.getMessage();
823 LOGGER.info(message, ae);
824 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
825 loggingContext.transactionEnded();
826 PolicyLogger.audit("Transaction Failed - See Error.log");
827 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
829 }catch (StandbyStatusException se) {
830 String message = "GET interface called for PAP " + papResourceName + " but it has a Standby Status"
831 + " of " + im.getStateManager().getStandbyStatus()
832 + "\n Exception Message: " + se.getMessage();
833 LOGGER.info(message, se);
834 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
835 loggingContext.transactionEnded();
836 PolicyLogger.audit("Transaction Failed - See Error.log");
837 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
839 } catch (IntegrityMonitorException e) {
840 String message = "GET interface called for PAP " + papResourceName + " but an exception occurred"
841 + "\n Exception Message: " + e.getMessage();
842 LOGGER.info(message, e);
843 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
844 loggingContext.transactionEnded();
845 PolicyLogger.audit("Transaction Failed - See Error.log");
846 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
849 // Request from the API to get the gitPath
850 String apiflag = request.getParameter("apiflag");
852 if(authorizeRequest(request)){
853 APIRequestHandler apiRequestHandler = new APIRequestHandler();
855 loggingContext.metricStarted();
856 apiRequestHandler.doGet(request,response, apiflag);
857 loggingContext.metricEnded();
858 PolicyLogger.metrics("XACMLPapServlet doGet apiRequestHandler doGet");
859 }catch(IOException e){
862 loggingContext.transactionEnded();
863 PolicyLogger.audit("Transaction Ended Successfully");
867 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
868 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
869 loggingContext.transactionEnded();
870 PolicyLogger.audit("Transaction Failed - See Error.log");
871 setResponseError(response, HttpServletResponse.SC_FORBIDDEN, message);
876 // Is this from the Admin Console?
877 String groupId = request.getParameter("groupId");
878 if (groupId != null) {
879 // this is from the Admin Console, so handle separately
881 loggingContext.metricStarted();
882 doACGet(request, response, groupId, loggingContext);
883 loggingContext.metricEnded();
884 PolicyLogger.metrics("XACMLPapServlet doGet doACGet");
885 } catch(IOException e){
888 loggingContext.transactionEnded();
889 PolicyLogger.audit("Transaction Ended Successfully");
894 String id = this.getPDPID(request);
895 LOGGER.info("doGet from: " + id);
896 // Get the PDP Object
899 pdp = XACMLPapServlet.papEngine.getPDP(id);
900 }catch(PAPException e){
905 // Check if request came from localhost
906 if (request.getRemoteHost().equals("localhost") ||
907 request.getRemoteHost().equals(request.getLocalAddr())) {
908 // Return status information - basically all the groups
909 loggingContext.setServiceName("PAP.getGroups");
910 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
911 // convert response object to JSON and include in the response
912 mapperWriteValue(new ObjectMapper(), response, groups);
913 response.setHeader("content-type", "application/json");
914 response.setStatus(HttpServletResponse.SC_OK);
915 loggingContext.transactionEnded();
916 PolicyLogger.audit("Transaction Ended Successfully");
920 String message = "Unknown PDP: " + id + " from " + request.getRemoteHost() + " us: " + request.getLocalAddr();
921 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
922 loggingContext.transactionEnded();
923 PolicyLogger.audit("Transaction Failed - See Error.log");
924 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
928 loggingContext.setServiceName("PAP.getPolicy");
929 // Get the PDP's Group
930 OnapPDPGroup group = null;
932 group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
933 } catch (PAPException e) {
937 String message = "No group associated with pdp " + pdp.getId();
938 LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message);
939 loggingContext.transactionEnded();
940 PolicyLogger.audit("Transaction Failed - See Error.log");
941 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
945 // Which policy do they want?
946 String policyId = request.getParameter("id");
947 if (policyId == null) {
948 String message = "Did not specify an id for the policy";
949 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
950 loggingContext.transactionEnded();
951 PolicyLogger.audit("Transaction Failed - See Error.log");
952 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
956 PDPPolicy policy = group.getPolicy(policyId);
957 if (policy == null) {
958 String message = "Unknown policy: " + policyId;
959 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
960 loggingContext.transactionEnded();
961 PolicyLogger.audit("Transaction Failed - See Error.log");
962 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
967 LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n "
968 + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString());
969 } catch (PAPException| IOException e){
972 try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) {
973 // Send the policy back
974 IOUtils.copy(is, os);
975 response.setStatus(HttpServletResponse.SC_OK);
976 loggingContext.transactionEnded();
977 auditLogger.info("Success");
978 PolicyLogger.audit("Transaction Ended Successfully");
979 } catch (IOException e) {
980 String message = "Failed to open policy id " + policyId;
982 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
983 loggingContext.transactionEnded();
984 PolicyLogger.audit("Transaction Failed - See Error.log");
985 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
987 } catch (PAPException e) {
989 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception");
990 loggingContext.transactionEnded();
991 PolicyLogger.audit("Transaction Failed - See Error.log");
992 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
996 loggingContext.transactionEnded();
997 PolicyLogger.audit("Transaction Ended");
1002 * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
1004 protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
1005 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
1006 loggingContext.transactionStarted();
1007 loggingContext.setServiceName("PAP.put");
1008 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
1009 UUID requestID = UUID.randomUUID();
1010 loggingContext.setRequestID(requestID.toString());
1011 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPut) so we generated one");
1013 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)");
1016 loggingContext.metricStarted();
1017 im.startTransaction();
1018 loggingContext.metricEnded();
1019 PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction");
1020 } catch (IntegrityMonitorException e) {
1021 String message = "PUT interface called for PAP " + papResourceName;
1022 if (e instanceof AdministrativeStateException) {
1023 message += " but it has an Administrative state of "
1024 + im.getStateManager().getAdminState();
1025 } else if (e instanceof StandbyStatusException) {
1026 message += " but it has a Standby Status of "
1027 + im.getStateManager().getStandbyStatus();
1029 message += " but an exception occurred";
1032 message += "\n Exception Message: " + e.getMessage();
1034 LOGGER.info(message, e);
1035 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1036 loggingContext.transactionEnded();
1037 PolicyLogger.audit("Transaction Failed - See Error.log");
1038 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1042 loggingContext.metricStarted();
1043 XACMLRest.dumpRequest(request);
1044 loggingContext.metricEnded();
1045 PolicyLogger.metrics("XACMLPapServlet doPut dumpRequest");
1046 //need to check if request is from the API or Admin console
1047 String apiflag = request.getParameter("apiflag");
1048 //This would occur if a PolicyDBDao notification was received
1049 String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
1050 if(policyDBDaoRequestUrl != null){
1051 LOGGER.info("XACMLPapServlet: PolicyDBDao Notification received." );
1052 String policyDBDaoRequestEntityId = request.getParameter("entityid");
1053 String policyDBDaoRequestEntityType = request.getParameter("entitytype");
1054 String policyDBDaoRequestExtraData = request.getParameter("extradata");
1055 if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){
1056 setResponseError(response,400, "entityid or entitytype not supplied");
1057 loggingContext.transactionEnded();
1058 PolicyLogger.audit("Transaction Ended Successfully");
1059 im.endTransaction();
1062 loggingContext.metricStarted();
1063 LOGGER.info("XACMLPapServlet: Calling PolicyDBDao to handlIncomingHttpNotification");
1064 policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
1065 loggingContext.metricEnded();
1066 PolicyLogger.metrics("XACMLPapServlet doPut handle incoming http notification");
1067 response.setStatus(200);
1068 loggingContext.transactionEnded();
1069 PolicyLogger.audit("Transaction Ended Successfully");
1070 im.endTransaction();
1074 * Request for ImportService
1076 String importService = request.getParameter("importService");
1077 if (importService != null) {
1078 if(authorizeRequest(request)){
1079 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1081 loggingContext.metricStarted();
1082 apiRequestHandler.doPut(request, response, importService);
1083 loggingContext.metricEnded();
1084 PolicyLogger.metrics("XACMLPapServlet doPut apiRequestHandler doPut");
1085 }catch(IOException e){
1088 im.endTransaction();
1091 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1092 LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
1093 loggingContext.transactionEnded();
1094 PolicyLogger.audit("Transaction Failed - See Error.log");
1095 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1099 //This would occur if we received a notification of a policy rename from AC
1100 String oldPolicyName = request.getParameter("oldPolicyName");
1101 String newPolicyName = request.getParameter("newPolicyName");
1102 if(oldPolicyName != null && newPolicyName != null){
1103 if(LOGGER.isDebugEnabled()){
1104 LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding"
1105 + "\npolicyToCreateUpdate = " + " ");
1109 oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8");
1110 newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8");
1111 if(LOGGER.isDebugEnabled()){
1112 LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding"
1113 + "\npolicyToCreateUpdate = " + " ");
1115 } catch(UnsupportedEncodingException e){
1116 PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
1117 + "\npolicyToCreateUpdate = " + " ");
1118 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToCreateUpdate encoding not supported"
1119 + "\nfailure with the following exception: " + e);
1120 loggingContext.transactionEnded();
1121 PolicyLogger.audit("Transaction Failed - See error.log");
1122 im.endTransaction();
1125 //send it to PolicyDBDao
1126 PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction();
1128 renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
1129 }catch(Exception e){
1130 renameTransaction.rollbackTransaction();
1131 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
1132 + "\nfailure with the following exception: " + e);
1133 loggingContext.transactionEnded();
1134 PolicyLogger.audit("Transaction Failed - See error.log");
1135 im.endTransaction();
1138 loggingContext.metricStarted();
1139 renameTransaction.commitTransaction();
1140 loggingContext.metricEnded();
1141 PolicyLogger.metrics("XACMLPapServlet goPut commitTransaction");
1142 response.setStatus(HttpServletResponse.SC_OK);
1143 loggingContext.transactionEnded();
1144 PolicyLogger.audit("Transaction Ended Successfully");
1145 im.endTransaction();
1149 // See if this is Admin Console registering itself with us
1151 String acURLString = request.getParameter("adminConsoleURL");
1152 if (acURLString != null) {
1153 loggingContext.setServiceName("AC:PAP.register");
1154 // remember this Admin Console for future updates
1155 if ( ! adminConsoleURLStringList.contains(acURLString)) {
1156 adminConsoleURLStringList.add(acURLString);
1158 if (LOGGER.isDebugEnabled()) {
1159 LOGGER.debug("Admin Console registering with URL: " + acURLString);
1161 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1162 loggingContext.transactionEnded();
1163 auditLogger.info("Success");
1164 PolicyLogger.audit("Transaction Ended Successfully");
1165 im.endTransaction();
1169 * This is to update the PDP Group with the policy/policies being pushed
1170 * Part of a 2 step process to push policies to the PDP that can now be done
1171 * From both the Admin Console and the PolicyEngine API
1173 String groupId = request.getParameter("groupId");
1174 if (groupId != null) {
1176 if(!authorizeRequest(request)){
1177 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1178 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1179 loggingContext.transactionEnded();
1180 PolicyLogger.audit("Transaction Failed - See Error.log");
1181 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1184 if(apiflag.equalsIgnoreCase("addPolicyToGroup")){
1186 updateGroupsFromAPI(request, response, groupId, loggingContext);
1187 }catch(IOException e){
1190 loggingContext.transactionEnded();
1191 PolicyLogger.audit("Transaction Ended Successfully");
1192 im.endTransaction();
1196 // this is from the Admin Console, so handle separately
1198 loggingContext.metricEnded();
1199 doACPut(request, response, groupId, loggingContext);
1200 loggingContext.metricEnded();
1201 PolicyLogger.metrics("XACMLPapServlet goPut doACPut");
1202 } catch (IOException e) {
1205 loggingContext.transactionEnded();
1206 PolicyLogger.audit("Transaction Ended Successfully");
1207 im.endTransaction();
1211 // Request is for policy validation and creation
1213 if (apiflag != null && apiflag.equalsIgnoreCase("admin")){
1214 // this request is from the Admin Console
1215 SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance();
1217 loggingContext.metricStarted();
1218 savePolicyHandler.doPolicyAPIPut(request, response);
1219 loggingContext.metricEnded();
1220 PolicyLogger.metrics("XACMLPapServlet goPut savePolicyHandler");
1221 } catch (IOException e) {
1224 loggingContext.transactionEnded();
1225 PolicyLogger.audit("Transaction Ended Successfully");
1226 im.endTransaction();
1228 } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) {
1229 // this request is from the Policy Creation API
1230 if(authorizeRequest(request)){
1231 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1233 loggingContext.metricStarted();
1234 apiRequestHandler.doPut(request, response, request.getHeader("ClientScope"));
1235 loggingContext.metricEnded();
1236 PolicyLogger.metrics("XACMLPapServlet goPut apiRequestHandler doPut");
1237 } catch (IOException e) {
1240 loggingContext.transactionEnded();
1241 PolicyLogger.audit("Transaction Ended Successfully");
1242 im.endTransaction();
1245 String message = "PEP not Authorized for making this Request!!";
1246 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1247 loggingContext.transactionEnded();
1248 PolicyLogger.audit("Transaction Failed - See Error.log");
1249 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1250 im.endTransaction();
1254 // We do not expect anything from anywhere else.
1255 // This method is here in case we ever need to support other operations.
1256 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag");
1257 loggingContext.transactionEnded();
1258 PolicyLogger.audit("Transaction Failed - See Error.log");
1259 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
1260 loggingContext.transactionEnded();
1261 PolicyLogger.audit("Transaction Failed - See error.log");
1262 im.endTransaction();
1266 * @see HttpServlet#doDelete(HttpServletRequest request, HttpServletResponse response)
1268 protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
1269 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
1270 loggingContext.transactionStarted();
1271 loggingContext.setServiceName("PAP.delete");
1272 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
1273 UUID requestID = UUID.randomUUID();
1274 loggingContext.setRequestID(requestID.toString());
1275 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doDelete) so we generated one");
1277 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)");
1280 loggingContext.metricStarted();
1281 im.startTransaction();
1282 loggingContext.metricEnded();
1283 PolicyLogger.metrics("XACMLPapServlet doDelete im startTransaction");
1284 } catch (AdministrativeStateException ae){
1285 String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative"
1286 + " state of " + im.getStateManager().getAdminState()
1287 + "\n Exception Message: " + ae.getMessage();
1288 LOGGER.info(message, ae);
1289 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1290 loggingContext.transactionEnded();
1291 PolicyLogger.audit("Transaction Failed - See Error.log");
1292 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1294 }catch (StandbyStatusException se) {
1295 String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
1296 + " of " + im.getStateManager().getStandbyStatus()
1297 + "\n Exception Message: " + se.getMessage();
1298 LOGGER.info(message, se);
1299 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1300 loggingContext.transactionEnded();
1301 PolicyLogger.audit("Transaction Failed - See Error.log");
1302 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1304 } catch (IntegrityMonitorException e) {
1305 String message = "PUT interface called for PAP " + papResourceName + " but an exception occurred"
1306 + "\n Exception Message: " + e.getMessage();
1307 LOGGER.info(message, e);
1308 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1309 loggingContext.transactionEnded();
1310 PolicyLogger.audit("Transaction Failed - See Error.log");
1311 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1314 loggingContext.metricStarted();
1315 XACMLRest.dumpRequest(request);
1316 loggingContext.metricEnded();
1317 PolicyLogger.metrics("XACMLPapServlet doDelete dumpRequest");
1318 String groupId = request.getParameter("groupId");
1319 String apiflag = request.getParameter("apiflag");
1320 if (groupId != null) {
1321 // Is this from the Admin Console or API?
1323 if(!authorizeRequest(request)){
1324 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1325 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1326 loggingContext.transactionEnded();
1327 PolicyLogger.audit("Transaction Failed - See Error.log");
1328 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1331 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1333 loggingContext.metricStarted();
1334 apiRequestHandler.doDelete(request, response, loggingContext, apiflag);
1335 loggingContext.metricEnded();
1336 PolicyLogger.metrics("XACMLPapServlet doDelete apiRequestHandler doDelete");
1337 } catch (Exception e) {
1338 LOGGER.error("Exception Occured"+e);
1340 if(apiRequestHandler.getNewGroup()!=null){
1341 groupChanged(apiRequestHandler.getNewGroup(), loggingContext);
1345 // this is from the Admin Console, so handle separately
1347 loggingContext.metricStarted();
1348 doACDelete(request, response, groupId, loggingContext);
1349 loggingContext.metricEnded();
1350 PolicyLogger.metrics("XACMLPapServlet doDelete doACDelete");
1351 } catch (IOException e) {
1354 loggingContext.transactionEnded();
1355 PolicyLogger.audit("Transaction Ended Successfully");
1356 im.endTransaction();
1359 //Catch anything that fell through
1360 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId");
1361 loggingContext.transactionEnded();
1362 PolicyLogger.audit("Transaction Failed - See Error.log");
1363 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
1364 im.endTransaction();
1367 private boolean isPDPCurrent(Properties policies, Properties pipconfig, Properties pdpProperties) {
1368 String localRootPolicies = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1369 String localReferencedPolicies = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1370 if (localRootPolicies == null || localReferencedPolicies == null) {
1371 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing property on PAP server: RootPolicies="+localRootPolicies+" ReferencedPolicies="+localReferencedPolicies);
1374 // Compare the policies and pipconfig properties to the pdpProperties
1376 // the policy properties includes only xacml.rootPolicies and
1377 // xacml.referencedPolicies without any .url entries
1378 Properties pdpPolicies = XACMLProperties.getPolicyProperties(pdpProperties, false);
1379 Properties pdpPipConfig = XACMLProperties.getPipProperties(pdpProperties);
1380 if (localRootPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_ROOTPOLICIES)) &&
1381 localReferencedPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)) &&
1382 pdpPipConfig.equals(pipconfig)) {
1383 // The PDP is current
1386 } catch (Exception e) {
1387 // we get here if the PDP did not include either xacml.rootPolicies or xacml.pip.engines,
1388 // or if there are policies that do not have a corresponding ".url" property.
1389 // Either of these cases means that the PDP is not up-to-date, so just drop-through to return false.
1390 PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPapServlet", " PDP Error");
1395 private void populatePolicyURL(StringBuffer urlPath, Properties policies) {
1396 String lists[] = new String[2];
1397 lists[0] = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1398 lists[1] = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1399 for (String list : lists) {
1400 if (list != null && list.isEmpty() == false) {
1401 for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(list)) {
1402 String url = urlPath + "?id=" + id;
1403 LOGGER.info("Policy URL for " + id + ": " + url);
1404 policies.setProperty(id + ".url", url);
1410 protected String getPDPID(HttpServletRequest request) {
1411 String pdpURL = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_ID);
1412 if (pdpURL == null || pdpURL.isEmpty()) {
1413 // Should send back its port for identification
1414 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header");
1420 protected String getPDPJMX(HttpServletRequest request) {
1421 String pdpJMMX = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_JMX_PORT);
1422 if (pdpJMMX == null || pdpJMMX.isEmpty()) {
1423 // Should send back its port for identification
1424 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header for JMX Port so the value of 0 is assigned");
1431 * Requests from the PolicyEngine API to update the PDP Group with pushed policy
1436 * @param loggingContext
1437 * @throws ServletException
1438 * @throws IOException
1440 public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1441 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1442 PolicyLogger.audit("PolicyDBDaoTransaction started for updateGroupsFromAPI");
1444 // for PUT operations the group may or may not need to exist before the operation can be done
1445 StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId);
1447 // get the request input stream content into a String
1449 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1450 scanner.useDelimiter("\\A");
1451 json = scanner.hasNext() ? scanner.next() : "";
1454 PolicyLogger.info("pushPolicy request from API: " + json);
1456 // convert Object sent as JSON into local object
1457 StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class);
1459 //Get the current policies from the Group and Add the new one
1460 Set<PDPPolicy> currentPoliciesInGroup = new HashSet<>();
1461 currentPoliciesInGroup = group.getPolicies();
1462 //If the selected policy is in the group we must remove the old version of it
1463 LOGGER.info("Removing old version of the policy");
1464 for(PDPPolicy existingPolicy : currentPoliciesInGroup) {
1465 if (existingPolicy.getName().equals(policy.getName()) && !existingPolicy.getId().equals(policy.getId())){
1466 group.removePolicy(existingPolicy);
1467 LOGGER.info("Removing policy: " + existingPolicy);
1472 // Assume that this is an update of an existing PDP Group
1473 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1475 acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut");
1476 } catch(Exception e){
1477 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: "
1478 +"group="+group.getId());
1479 throw new PAPException(e.getMessage());
1482 LOGGER.info("Calling updatGroup() with new group");
1483 papEngine.updateGroup(group);
1484 String policyId = "empty";
1485 if(policy !=null && policy.getId() != null){
1486 policyId = policy.getId();
1488 if(!policyId.matches(REGEX) ){
1489 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1490 response.addHeader("error",ADD_GROUP_ERROR);
1491 response.addHeader("message", "Policy Id is not valid");
1494 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1495 response.addHeader("operation", "push");
1496 response.addHeader("policyId", policyId);
1497 response.addHeader("groupId", groupId);
1499 LOGGER.info("Group '" + group.getId() + "' updated");
1501 loggingContext.metricStarted();
1502 acPutTransaction.commitTransaction();
1503 loggingContext.metricEnded();
1504 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction");
1505 loggingContext.metricStarted();
1507 loggingContext.metricEnded();
1508 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC");
1510 // Group changed, which might include changing the policies
1511 groupChanged(group, loggingContext);
1512 loggingContext.transactionEnded();
1513 LOGGER.info("Success");
1515 if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1516 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1517 if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
1518 LOGGER.debug("Precheck Successful.");
1522 PolicyLogger.audit("Transaction Ended Successfully");
1524 } catch (PAPException e) {
1525 acPutTransaction.rollbackTransaction();
1526 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1527 loggingContext.transactionEnded();
1528 PolicyLogger.audit("Transaction Failed - See Error.log");
1529 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
1530 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1531 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1532 response.addHeader("error",ADD_GROUP_ERROR);
1533 response.addHeader("message", message);
1539 * Requests from the Admin Console for operations not on single specific objects
1544 * @param loggingContext
1545 * @throws ServletException
1546 * @throws IOException
1548 private void doACPost(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1549 PolicyDBDaoTransaction doACPostTransaction = null;
1551 String groupName = request.getParameter("groupName");
1552 String groupDescription = request.getParameter("groupDescription");
1553 String apiflag = request.getParameter("apiflag");
1554 if (groupName != null && groupDescription != null) {
1555 // Args: group=<groupId> groupName=<name> groupDescription=<description> <= create a new group
1556 loggingContext.setServiceName("AC:PAP.createGroup");
1557 String unescapedName = null;
1558 String unescapedDescription = null;
1560 unescapedName = URLDecoder.decode(groupName, "UTF-8");
1561 unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8");
1562 } catch (UnsupportedEncodingException e) {
1565 PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction();
1567 newGroupTransaction.createGroup(PolicyDBDao.createNewPDPGroupId(unescapedName), unescapedName, unescapedDescription,"XACMLPapServlet.doACPost");
1568 papEngine.newGroup(unescapedName, unescapedDescription);
1569 loggingContext.metricStarted();
1570 newGroupTransaction.commitTransaction();
1571 loggingContext.metricEnded();
1572 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1573 } catch (Exception e) {
1574 newGroupTransaction.rollbackTransaction();
1575 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group");
1576 loggingContext.transactionEnded();
1577 PolicyLogger.audit("Transaction Failed - See Error.log");
1578 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to create new group '" + groupId + "'");
1581 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1582 if (LOGGER.isDebugEnabled()) {
1583 LOGGER.debug("New Group '" + groupId + "' created");
1585 // tell the Admin Consoles there is a change
1586 loggingContext.metricStarted();
1588 loggingContext.metricEnded();
1589 PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
1590 // new group by definition has no PDPs, so no need to notify them of changes
1591 loggingContext.transactionEnded();
1592 PolicyLogger.audit("Transaction Failed - See Error.log");
1593 auditLogger.info("Success");
1594 PolicyLogger.audit("Transaction Ended Successfully");
1597 // for all remaining POST operations the group must exist before the operation can be done
1598 OnapPDPGroup group = null;
1600 group = papEngine.getGroup(groupId);
1601 } catch (PAPException e){
1604 if (group == null) {
1605 String message = "Unknown groupId '" + groupId + "'";
1606 //for fixing Header Manipulation of Fortify issue
1607 if(!message.matches(REGEX)){
1608 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1609 response.addHeader("error",ADD_GROUP_ERROR);
1610 response.addHeader("message", "GroupId Id is not valid");
1613 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1614 loggingContext.transactionEnded();
1615 PolicyLogger.audit("Transaction Failed - See Error.log");
1617 response.addHeader("error", "unknownGroupId");
1618 response.addHeader("operation", "push");
1619 response.addHeader("message", message);
1620 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
1622 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1627 // If the request contains a policyId then we know we are pushing the policy to PDP
1628 if (request.getParameter("policyId") != null) {
1631 loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy");
1632 LOGGER.info("PushPolicy Request From The API");
1634 loggingContext.setServiceName("AC:PAP.postPolicy");
1635 LOGGER.info("PushPolicy Request From The AC");
1638 String policyId = request.getParameter("policyId");
1639 PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction();
1640 StdPDPGroup updatedGroup = null;
1642 //Copying the policy to the file system and updating groups in database
1643 LOGGER.info("PapServlet: calling PolicyDBDao.addPolicyToGroup()");
1644 updatedGroup = addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost");
1645 loggingContext.metricStarted();
1646 addPolicyToGroupTransaction.commitTransaction();
1647 loggingContext.metricEnded();
1648 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1649 LOGGER.info("PapServlet: addPolicyToGroup() succeeded, transaction was committed");
1651 } catch (Exception e) {
1652 addPolicyToGroupTransaction.rollbackTransaction();
1653 String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
1654 //for fixing Header Manipulation of Fortify issue
1655 if(!message.matches(REGEX)){
1656 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1657 response.addHeader("error",ADD_GROUP_ERROR);
1658 response.addHeader("message", "Policy Id is not valid");
1661 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
1662 loggingContext.transactionEnded();
1663 PolicyLogger.audit("Transaction Failed - See Error.log");
1665 response.addHeader("error", "policyCopyError");
1666 response.addHeader("message", message);
1667 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1669 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1674 if(apiflag != null){
1676 * If request comes from the API we need to run the PolicyDBDao updateGroup() to notify other paps of the change.
1677 * The GUI does this from the POLICY-SDK-APP code.
1680 // Get new transaction to perform updateGroup()
1681 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1683 // get the request content into a String and read the inputStream into a buffer
1684 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1685 scanner.useDelimiter("\\A");
1686 String json = scanner.hasNext() ? scanner.next() : "";
1689 // convert Object sent as JSON into local object
1690 ObjectMapper mapper = new ObjectMapper();
1691 Object objectFromJSON = mapper.readValue(json, StdPDPPolicy.class);
1692 StdPDPPolicy policy = (StdPDPPolicy) objectFromJSON;
1694 LOGGER.info("Request JSON Payload: " + json);
1696 // Assume that this is an update of an existing PDP Group
1697 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1699 acPutTransaction.updateGroup(updatedGroup, "XACMLPapServlet.doACPut");
1700 } catch(Exception e){
1701 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error occurred when notifying PAPs of a group change: "
1703 throw new PAPException(e.getMessage());
1706 LOGGER.info("Calling updatGroup() with new group");
1707 papEngine.updateGroup(updatedGroup);
1709 LOGGER.info("Group '" + updatedGroup.getId() + "' updated");
1711 // Commit transaction to send notification to other PAPs
1712 loggingContext.metricStarted();
1713 acPutTransaction.commitTransaction();
1714 loggingContext.metricEnded();
1715 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction");
1716 loggingContext.metricStarted();
1719 loggingContext.metricEnded();
1720 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC");
1722 // Group changed to send notification to PDPs, which might include changing the policies
1723 groupChanged(updatedGroup,loggingContext);
1724 loggingContext.transactionEnded();
1725 LOGGER.info("Success");
1727 if (policy != null && ((policy.getName().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1728 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1729 if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
1730 LOGGER.debug("Precheck Successful.");
1734 //delete temporary policy file from the bin directory
1735 Files.deleteIfExists(Paths.get(policy.getId()));
1737 } catch (Exception e) {
1738 acPutTransaction.rollbackTransaction();
1739 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1740 loggingContext.transactionEnded();
1741 PolicyLogger.audit("Transaction Failed - See Error.log");
1742 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception occurred when updating the group from API.";
1743 LOGGER.error(message);
1744 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1745 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1746 response.addHeader("error",ADD_GROUP_ERROR);
1747 response.addHeader("message", message);
1752 // policy file copied ok and the Group was updated on the PDP
1753 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1754 response.addHeader("operation", "push");
1755 response.addHeader("policyId", policyId);
1756 response.addHeader("groupId", groupId);
1758 LOGGER.info("policy '" + policyId + "' copied to directory for group '" + groupId + "'");
1759 loggingContext.transactionEnded();
1760 auditLogger.info("Success");
1761 LOGGER.info("Transaction Ended Successfully");
1764 } else if (request.getParameter("default") != null) {
1765 // Args: group=<groupId> default=true <= make default
1766 // change the current default group to be the one identified in the request.
1767 loggingContext.setServiceName("AC:PAP.setDefaultGroup");
1768 // This is a POST operation rather than a PUT "update group" because of the side-effect that the current default group is also changed.
1769 // It should never be the case that multiple groups are currently marked as the default, but protect against that anyway.
1770 PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction();
1772 setDefaultGroupTransaction.changeDefaultGroup(group, "XACMLPapServlet.doACPost");
1773 papEngine.setDefaultGroup(group);
1774 loggingContext.metricStarted();
1775 setDefaultGroupTransaction.commitTransaction();
1776 loggingContext.metricEnded();
1777 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1778 } catch (Exception e) {
1779 setDefaultGroupTransaction.rollbackTransaction();
1780 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group");
1781 loggingContext.transactionEnded();
1782 PolicyLogger.audit("Transaction Failed - See Error.log");
1783 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to set group '" + groupId + "' to default");
1786 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1787 if (LOGGER.isDebugEnabled()) {
1788 LOGGER.debug("Group '" + groupId + "' set to be default");
1790 // Notify the Admin Consoles that something changed
1791 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1792 //TODO - Future: FIGURE OUT WHAT LEVEL TO NOTIFY: 2 groups or entire set - currently notify AC to update whole configuration of all groups
1793 loggingContext.metricStarted();
1795 // This does not affect any PDPs in the existing groups, so no need to notify them of this change
1796 loggingContext.metricEnded();
1797 PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
1798 loggingContext.transactionEnded();
1799 auditLogger.info("Success");
1800 LOGGER.info("Transaction Ended Successfully");
1802 } else if (request.getParameter("pdpId") != null) {
1803 doACPostTransaction = policyDBDao.getNewTransaction();
1804 // Args: group=<groupId> pdpId=<pdpId> <= move PDP to group
1805 loggingContext.setServiceName("AC:PAP.movePDP");
1806 String pdpId = request.getParameter("pdpId");
1807 OnapPDP pdp = papEngine.getPDP(pdpId);
1808 OnapPDPGroup originalGroup = papEngine.getPDPGroup((OnapPDP) pdp);
1810 doACPostTransaction.movePdp(pdp, group, "XACMLPapServlet.doACPost");
1811 }catch(Exception e){
1812 doACPostTransaction.rollbackTransaction();
1813 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet",
1814 " Error while moving pdp in the database: "
1815 +"pdp="+pdp.getId()+",to group="+group.getId());
1816 throw new PAPException(e.getMessage());
1818 papEngine.movePDP((OnapPDP) pdp, group);
1819 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1820 if (LOGGER.isDebugEnabled()) {
1821 LOGGER.debug("PDP '" + pdp.getId() +"' moved to group '" + group.getId() + "' set to be default");
1823 // update the status of both the original group and the new one
1824 ((StdPDPGroup)originalGroup).resetStatus();
1825 ((StdPDPGroup)group).resetStatus();
1826 // Notify the Admin Consoles that something changed
1827 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1828 loggingContext.metricStarted();
1830 loggingContext.metricEnded();
1831 PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
1832 // Need to notify the PDP that it's config may have changed
1833 pdpChanged(pdp, loggingContext);
1834 loggingContext.metricStarted();
1835 doACPostTransaction.commitTransaction();
1836 loggingContext.metricEnded();
1837 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1838 loggingContext.transactionEnded();
1839 auditLogger.info("Success");
1840 PolicyLogger.audit("Transaction Ended Successfully");
1843 } catch (PAPException e) {
1844 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception");
1845 loggingContext.transactionEnded();
1846 PolicyLogger.audit("Transaction Failed - See Error.log");
1847 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1853 * Requests from the Admin Console to GET info about the Groups and PDPs
1858 * @param loggingContext
1859 * @throws ServletException
1860 * @throws IOException
1862 private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1864 String parameterDefault = request.getParameter("default");
1865 String pdpId = request.getParameter("pdpId");
1866 String pdpGroup = request.getParameter("getPDPGroup");
1867 if ("".equals(groupId)) {
1868 // request IS from AC but does not identify a group by name
1869 if (parameterDefault != null) {
1870 // Request is for the Default group (whatever its id)
1871 loggingContext.setServiceName("AC:PAP.getDefaultGroup");
1872 OnapPDPGroup group = papEngine.getDefaultGroup();
1873 // convert response object to JSON and include in the response
1874 mapperWriteValue(new ObjectMapper(), response, group);
1875 if (LOGGER.isDebugEnabled()) {
1876 LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'");
1878 response.setStatus(HttpServletResponse.SC_OK);
1879 response.setHeader("content-type", "application/json");
1881 response.getOutputStream().close();
1882 } catch (IOException e){
1885 loggingContext.transactionEnded();
1886 auditLogger.info("Success");
1887 PolicyLogger.audit("Transaction Ended Successfully");
1889 } else if (pdpId != null) {
1890 // Request is related to a PDP
1891 if (pdpGroup == null) {
1892 // Request is for the (unspecified) group containing a given PDP
1893 loggingContext.setServiceName("AC:PAP.getPDP");
1896 pdp = papEngine.getPDP(pdpId);
1897 }catch(PAPException e){
1900 // convert response object to JSON and include in the response
1901 mapperWriteValue(new ObjectMapper(), response, pdp);
1902 if (LOGGER.isDebugEnabled()) {
1903 LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'");
1905 response.setStatus(HttpServletResponse.SC_OK);
1906 response.setHeader("content-type", "application/json");
1908 response.getOutputStream().close();
1909 } catch (IOException e){
1912 loggingContext.transactionEnded();
1913 auditLogger.info("Success");
1914 PolicyLogger.audit("Transaction Ended Successfully");
1917 // Request is for the group containing a given PDP
1918 loggingContext.setServiceName("AC:PAP.getGroupForPDP");
1919 OnapPDPGroup group =null;
1921 OnapPDP pdp = papEngine.getPDP(pdpId);
1922 group = papEngine.getPDPGroup((OnapPDP) pdp);
1923 }catch(PAPException e){
1926 // convert response object to JSON and include in the response
1927 mapperWriteValue(new ObjectMapper(), response, group);
1928 if (LOGGER.isDebugEnabled()) {
1929 LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'");
1931 response.setStatus(HttpServletResponse.SC_OK);
1932 response.setHeader("content-type", "application/json");
1934 response.getOutputStream().close();
1935 } catch (IOException e){
1938 loggingContext.transactionEnded();
1939 auditLogger.info("Success");
1940 PolicyLogger.audit("Transaction Ended Successfully");
1944 // request is for top-level properties about all groups
1945 loggingContext.setServiceName("AC:PAP.getAllGroups");
1946 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
1947 // convert response object to JSON and include in the response
1948 mapperWriteValue(new ObjectMapper(), response, groups);
1949 if (LOGGER.isDebugEnabled()) {
1950 LOGGER.debug("GET All groups req");
1952 response.setStatus(HttpServletResponse.SC_OK);
1953 response.setHeader("content-type", "application/json");
1955 response.getOutputStream().close();
1956 } catch (IOException e){
1959 loggingContext.transactionEnded();
1960 auditLogger.info("Success");
1961 PolicyLogger.audit("Transaction Ended Successfully");
1965 // for all other GET operations the group must exist before the operation can be done
1966 OnapPDPGroup group = null;
1968 group = papEngine.getGroup(groupId);
1969 } catch(PAPException e){
1972 if (group == null) {
1973 String message = "Unknown groupId '" + groupId + "'";
1974 //for fixing Header Manipulation of Fortify issue
1975 if(!message.matches(REGEX)){
1976 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1977 response.addHeader("error",ADD_GROUP_ERROR);
1978 response.addHeader("message", "Group Id is not valid");
1981 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1982 loggingContext.transactionEnded();
1983 PolicyLogger.audit("Transaction Failed - See Error.log");
1984 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1987 // Figure out which request this is based on the parameters
1988 String policyId = request.getParameter("policyId");
1989 if (policyId != null) {
1990 // retrieve a policy
1991 loggingContext.setServiceName("AC:PAP.getPolicy");
1992 // convert response object to JSON and include in the response
1993 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented");
1994 loggingContext.transactionEnded();
1995 PolicyLogger.audit("Transaction Failed - See Error.log");
1996 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
1998 // No other parameters, so return the identified Group
1999 loggingContext.setServiceName("AC:PAP.getGroup");
2000 // convert response object to JSON and include in the response
2001 mapperWriteValue(new ObjectMapper(), response, group);
2002 if (LOGGER.isDebugEnabled()) {
2003 LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'");
2005 response.setStatus(HttpServletResponse.SC_OK);
2006 response.setHeader("content-type", "application/json");
2008 response.getOutputStream().close();
2009 } catch (IOException e){
2012 loggingContext.transactionEnded();
2013 auditLogger.info("Success");
2014 PolicyLogger.audit("Transaction Ended Successfully");
2017 // Currently there are no other GET calls from the AC.
2018 // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP.
2019 // Other GETs that could be called:
2020 // Specific Group (groupId=<groupId>)
2021 // A Policy (groupId=<groupId> policyId=<policyId>)
2022 // A PDP (groupId=<groupId> pdpId=<pdpId>)
2023 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED ");
2024 loggingContext.transactionEnded();
2025 PolicyLogger.audit("Transaction Failed - See Error.log");
2026 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2027 } catch (PAPException e) {
2028 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception");
2029 loggingContext.transactionEnded();
2030 PolicyLogger.audit("Transaction Failed - See Error.log");
2031 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2037 * Requests from the Admin Console to create new items or update existing ones
2042 * @param loggingContext
2043 * @throws ServletException
2044 * @throws IOException
2046 private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
2047 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
2049 // for PUT operations the group may or may not need to exist before the operation can be done
2050 OnapPDPGroup group = papEngine.getGroup(groupId);
2051 // determine the operation needed based on the parameters in the request
2052 // for remaining operations the group must exist before the operation can be done
2053 if (group == null) {
2054 String message = "Unknown groupId '" + groupId + "'";
2055 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
2056 loggingContext.transactionEnded();
2057 PolicyLogger.audit("Transaction Failed - See Error.log");
2058 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
2061 if (request.getParameter("policy") != null) {
2062 // group=<groupId> policy=<policyId> contents=policy file <= Create new policy file in group dir, or replace it if it already exists (do not touch properties)
2063 loggingContext.setServiceName("AC:PAP.putPolicy");
2064 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PARTIALLY IMPLEMENTED!!! ACTUAL CHANGES SHOULD BE MADE BY PAP SERVLET!!! ");
2065 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2066 loggingContext.transactionEnded();
2067 PolicyLogger.audit("Transaction Failed - See Error.log");
2068 auditLogger.info("Success");
2069 PolicyLogger.audit("Transaction Ended Successfully");
2071 } else if (request.getParameter("pdpId") != null) {
2072 // ARGS: group=<groupId> pdpId=<pdpId/URL> <= create a new PDP or Update an Existing one
2073 String pdpId = request.getParameter("pdpId");
2074 if (papEngine.getPDP(pdpId) == null) {
2075 loggingContext.setServiceName("AC:PAP.createPDP");
2077 loggingContext.setServiceName("AC:PAP.updatePDP");
2079 // get the request content into a String
2081 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
2083 Scanner scanner = new Scanner(request.getInputStream());
2084 scanner.useDelimiter("\\A");
2085 json = scanner.hasNext() ? scanner.next() : "";
2087 }catch(IOException e){
2090 LOGGER.info("JSON request from AC: " + json);
2091 // convert Object sent as JSON into local object
2092 ObjectMapper mapper = new ObjectMapper();
2093 Object objectFromJSON = mapper.readValue(json, StdPDP.class);
2094 if (pdpId == null ||
2095 objectFromJSON == null ||
2096 ! (objectFromJSON instanceof StdPDP) ||
2097 ((StdPDP)objectFromJSON).getId() == null ||
2098 ! ((StdPDP)objectFromJSON).getId().equals(pdpId)) {
2099 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
2100 loggingContext.transactionEnded();
2101 PolicyLogger.audit("Transaction Failed - See Error.log");
2102 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input pdpid for object:"+objectFromJSON);
2104 StdPDP pdp = (StdPDP) objectFromJSON;
2106 OnapPDP oPDP = null;
2108 oPDP = papEngine.getPDP(pdpId);
2109 }catch (PAPException e){
2113 // this is a request to create a new PDP object
2115 acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(),
2116 pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut");
2117 } catch(Exception e){
2118 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: "
2119 +"pdp="+ (pdp.getId()) +",to group="+group.getId());
2120 throw new PAPException(e.getMessage());
2123 papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
2124 }catch(PAPException e){
2129 acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
2130 } catch(Exception e){
2131 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: "
2132 +"pdp="+ pdp.getId());
2133 throw new PAPException(e.getMessage());
2135 // this is a request to update the pdp
2137 papEngine.updatePDP(pdp);
2138 }catch(PAPException e){
2142 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2143 if (LOGGER.isDebugEnabled()) {
2144 LOGGER.debug("PDP '" + pdpId + "' created/updated");
2146 // adjust the group's state including the new PDP
2147 ((StdPDPGroup)group).resetStatus();
2148 // tell the Admin Consoles there is a change
2149 loggingContext.metricStarted();
2151 loggingContext.metricEnded();
2152 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2153 // this might affect the PDP, so notify it of the change
2154 pdpChanged(pdp, loggingContext);
2155 loggingContext.metricStarted();
2156 acPutTransaction.commitTransaction();
2157 loggingContext.metricEnded();
2158 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2159 loggingContext.transactionEnded();
2160 auditLogger.info("Success");
2161 PolicyLogger.audit("Transaction Ended Successfully");
2165 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "XACMLPapServlet", " Error while adding pdp to group in the database: "
2166 +"pdp=null" + ",to group="+group.getId());
2167 throw new PAPException("PDP is null");
2168 } catch(Exception e){
2169 throw new PAPException("PDP is null" + e.getMessage() +e);
2172 } else if (request.getParameter("pipId") != null) {
2173 // group=<groupId> pipId=<pipEngineId> contents=pip properties <= add a PIP to pip config, or replace it if it already exists (lenient operation)
2174 loggingContext.setServiceName("AC:PAP.putPIP");
2175 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2176 loggingContext.transactionEnded();
2177 PolicyLogger.audit("Transaction Failed - See Error.log");
2178 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2181 // Assume that this is an update of an existing PDP Group
2182 // ARGS: group=<groupId> <= Update an Existing Group
2183 loggingContext.setServiceName("AC:PAP.updateGroup");
2184 // get the request content into a String
2186 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
2188 Scanner scanner = new Scanner(request.getInputStream());
2189 scanner.useDelimiter("\\A");
2190 json = scanner.hasNext() ? scanner.next() : "";
2192 }catch(IOException e){
2195 LOGGER.info("JSON request from AC: " + json);
2196 // convert Object sent as JSON into local object
2197 ObjectMapper mapper = new ObjectMapper();
2198 Object objectFromJSON = mapper.readValue(json, StdPDPGroup.class);
2199 if (objectFromJSON == null || ! (objectFromJSON instanceof StdPDPGroup) ||
2200 ! ((StdPDPGroup)objectFromJSON).getId().equals(group.getId())) {
2201 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
2202 loggingContext.transactionEnded();
2203 PolicyLogger.audit("Transaction Failed - See Error.log");
2204 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input id for object:"+objectFromJSON);
2206 // The Path on the PAP side is not carried on the RESTful interface with the AC
2207 // (because it is local to the PAP)
2208 // so we need to fill that in before submitting the group for update
2209 if(objectFromJSON != null){
2210 ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
2213 if("delete".equals(((StdPDPGroup)objectFromJSON).getOperation())){
2214 acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doDelete");
2216 acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
2218 } catch(Exception e){
2219 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: "
2220 +"group="+group.getId());
2222 throw new PAPException(e.getMessage());
2225 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
2226 OnapPDPGroup updatedGroup = (StdPDPGroup)objectFromJSON;
2227 if (pushPolicyHandler.preSafetyCheck(updatedGroup, configHome)) {
2228 LOGGER.debug("Precheck Successful.");
2231 papEngine.updateGroup((StdPDPGroup)objectFromJSON);
2232 }catch(PAPException e){
2235 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2236 if (LOGGER.isDebugEnabled()) {
2237 LOGGER.debug("Group '" + group.getId() + "' updated");
2239 loggingContext.metricStarted();
2240 acPutTransaction.commitTransaction();
2241 loggingContext.metricEnded();
2242 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2243 // tell the Admin Consoles there is a change
2244 loggingContext.metricStarted();
2246 loggingContext.metricEnded();
2247 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2248 // Group changed, which might include changing the policies
2249 groupChanged(group, loggingContext);
2250 loggingContext.transactionEnded();
2251 auditLogger.info("Success");
2252 PolicyLogger.audit("Transaction Ended Successfully");
2255 } catch (PAPException e) {
2257 acPutTransaction.rollbackTransaction();
2258 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
2259 loggingContext.transactionEnded();
2260 PolicyLogger.audit("Transaction Failed - See Error.log");
2261 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2267 * Requests from the Admin Console to delete/remove items
2272 * @param loggingContext
2273 * @throws ServletException
2274 * @throws IOException
2276 private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
2277 //This code is to allow deletes to propagate to the database since delete is not implemented
2278 String isDeleteNotify = request.getParameter("isDeleteNotify");
2279 if(isDeleteNotify != null){
2280 String policyToDelete = request.getParameter("policyToDelete");
2282 policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8");
2283 } catch(UnsupportedEncodingException e){
2284 LOGGER.error("Unsupported URL encoding of policyToDelete (UTF-8", e);
2285 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToDelete encoding not supported");
2288 PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction();
2290 deleteTransaction.deletePolicy(policyToDelete);
2291 } catch(Exception e){
2292 deleteTransaction.rollbackTransaction();
2293 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"deleteTransaction.deleteTransaction(policyToDelete) "
2294 + "\nfailure with the following exception: " + e);
2297 loggingContext.metricStarted();
2298 deleteTransaction.commitTransaction();
2299 loggingContext.metricEnded();
2300 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2301 response.setStatus(HttpServletResponse.SC_OK);
2304 PolicyDBDaoTransaction removePdpOrGroupTransaction = policyDBDao.getNewTransaction();
2306 // for all DELETE operations the group must exist before the operation can be done
2307 loggingContext.setServiceName("AC:PAP.delete");
2308 OnapPDPGroup group = papEngine.getGroup(groupId);
2309 if (group == null) {
2310 String message = "Unknown groupId '" + groupId + "'";
2311 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
2312 loggingContext.transactionEnded();
2313 PolicyLogger.audit("Transaction Failed - See Error.log");
2314 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'");
2317 // determine the operation needed based on the parameters in the request
2318 if (request.getParameter("policy") != null) {
2319 // group=<groupId> policy=<policyId> [delete=<true|false>] <= delete policy file from group
2320 loggingContext.setServiceName("AC:PAP.deletePolicy");
2321 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2322 loggingContext.transactionEnded();
2323 PolicyLogger.audit("Transaction Failed - See Error.log");
2324 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2326 } else if (request.getParameter("pdpId") != null) {
2327 // ARGS: group=<groupId> pdpId=<pdpId> <= delete PDP
2328 String pdpId = request.getParameter("pdpId");
2329 OnapPDP pdp = papEngine.getPDP(pdpId);
2331 removePdpOrGroupTransaction.removePdpFromGroup(pdp.getId(),"XACMLPapServlet.doACDelete");
2332 } catch(Exception e){
2333 throw new PAPException(e);
2336 papEngine.removePDP((OnapPDP) pdp);
2337 }catch(PAPException e){
2340 // adjust the status of the group, which may have changed when we removed this PDP
2341 ((StdPDPGroup)group).resetStatus();
2342 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2343 loggingContext.metricStarted();
2345 loggingContext.metricEnded();
2346 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2347 // update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests)
2348 pdpChanged(pdp, loggingContext);
2349 loggingContext.metricStarted();
2350 removePdpOrGroupTransaction.commitTransaction();
2351 loggingContext.metricEnded();
2352 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2353 loggingContext.transactionEnded();
2354 auditLogger.info("Success");
2355 PolicyLogger.audit("Transaction Ended Successfully");
2357 } else if (request.getParameter("pipId") != null) {
2358 // group=<groupId> pipId=<pipEngineId> <= delete PIP config for given engine
2359 loggingContext.setServiceName("AC:PAP.deletePIPConfig");
2360 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2361 loggingContext.transactionEnded();
2362 PolicyLogger.audit("Transaction Failed - See Error.log");
2363 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2366 // ARGS: group=<groupId> movePDPsToGroupId=<movePDPsToGroupId> <= delete a group and move all its PDPs to the given group
2367 String moveToGroupId = request.getParameter("movePDPsToGroupId");
2368 OnapPDPGroup moveToGroup = null;
2369 if (moveToGroupId != null) {
2371 moveToGroup = papEngine.getGroup(moveToGroupId);
2372 }catch(PAPException e){
2376 // get list of PDPs in the group being deleted so we can notify them that they got changed
2377 Set<OnapPDP> movedPDPs = new HashSet<>();
2378 movedPDPs.addAll(group.getOnapPdps());
2379 // do the move/remove
2381 removePdpOrGroupTransaction.deleteGroup(group, moveToGroup,"XACMLPapServlet.doACDelete");
2382 } catch(Exception e){
2383 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception");
2384 throw new PAPException(e.getMessage());
2387 papEngine.removeGroup(group, moveToGroup);
2388 }catch(PAPException e){
2391 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2392 loggingContext.metricStarted();
2394 loggingContext.metricEnded();
2395 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2396 // notify any PDPs in the removed set that their config may have changed
2397 for (OnapPDP pdp : movedPDPs) {
2398 pdpChanged(pdp, loggingContext);
2400 loggingContext.metricStarted();
2401 removePdpOrGroupTransaction.commitTransaction();
2402 loggingContext.metricEnded();
2403 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2404 loggingContext.transactionEnded();
2405 auditLogger.info("Success");
2406 PolicyLogger.audit("Transaction Ended Successfully");
2409 } catch (PAPException e) {
2410 removePdpOrGroupTransaction.rollbackTransaction();
2411 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC DELETE exception");
2412 loggingContext.transactionEnded();
2413 PolicyLogger.audit("Transaction Failed - See Error.log");
2414 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2420 * Heartbeat thread - periodically check on PDPs' status
2422 * Heartbeat with all known PDPs.
2424 * Implementation note:
2426 * The PDPs are contacted Sequentially, not in Parallel.
2428 * If we did this in parallel using multiple threads we would simultaneously use
2432 * This could become a resource problem since we already use multiple threads and connections for updating the PDPs
2433 * when user changes occur.
2434 * Using separate threads can also make it tricky dealing with timeouts on PDPs that are non-responsive.
2436 * The Sequential operation does a heartbeat request to each PDP one at a time.
2437 * This has the flaw that any PDPs that do not respond will hold up the entire heartbeat sequence until they timeout.
2438 * If there are a lot of non-responsive PDPs and the timeout is large-ish (the default is 20 seconds)
2439 * it could take a long time to cycle through all of the PDPs.
2440 * That means that this may not notice a PDP being down in a predictable time.
2442 private class Heartbeat implements Runnable {
2443 private PAPPolicyEngine papEngine;
2444 private Set<OnapPDP> pdps = new HashSet<>();
2445 private int heartbeatInterval;
2446 private int heartbeatTimeout;
2448 public volatile boolean isRunning = false;
2450 public synchronized boolean isRunning() {
2451 return this.isRunning;
2454 public synchronized void terminate() {
2455 this.isRunning = false;
2458 public Heartbeat(PAPPolicyEngine papEngine2) {
2459 papEngine = papEngine2;
2460 this.heartbeatInterval = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_INTERVAL, "10000"));
2461 this.heartbeatTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_TIMEOUT, "10000"));
2466 // Set ourselves as running
2467 synchronized(this) {
2468 this.isRunning = true;
2470 HashMap<String, URL> idToURLMap = new HashMap<>();
2472 while (this.isRunning()) {
2473 // Wait the given time
2474 Thread.sleep(heartbeatInterval);
2475 // get the list of PDPs (may have changed since last time)
2477 synchronized(papEngine) {
2479 for (OnapPDPGroup g : papEngine.getOnapPDPGroups()) {
2480 for (OnapPDP p : g.getOnapPdps()) {
2484 } catch (PAPException e) {
2485 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat unable to read PDPs from PAPEngine");
2488 // Check for shutdown
2489 if (this.isRunning() == false) {
2490 LOGGER.info("isRunning is false, getting out of loop.");
2493 // try to get the summary status from each PDP
2494 boolean changeSeen = false;
2495 for (OnapPDP pdp : pdps) {
2496 // Check for shutdown
2497 if (this.isRunning() == false) {
2498 LOGGER.info("isRunning is false, getting out of loop.");
2501 // the id of the PDP is its url (though we add a query parameter)
2502 URL pdpURL = idToURLMap.get(pdp.getId());
2503 if (pdpURL == null) {
2504 // haven't seen this PDP before
2505 String fullURLString = null;
2508 if(CheckPDP.validateID(pdp.getId())){
2509 fullURLString = pdp.getId() + "?type=hb";
2510 pdpURL = new URL(fullURLString);
2511 idToURLMap.put(pdp.getId(), pdpURL);
2513 } catch (MalformedURLException e) {
2514 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " PDP id '" + fullURLString + "' is not a valid URL");
2518 // Do a GET with type HeartBeat
2519 String newStatus = "";
2520 HttpURLConnection connection = null;
2522 // Open up the connection
2524 connection = (HttpURLConnection)pdpURL.openConnection();
2525 // Setup our method and headers
2526 connection.setRequestMethod("GET");
2527 connection.setConnectTimeout(heartbeatTimeout);
2529 String encoding = CheckPDP.getEncoding(pdp.getId());
2530 if(encoding !=null){
2531 connection.setRequestProperty("Authorization", "Basic " + encoding);
2534 connection.connect();
2535 if (connection.getResponseCode() == 204) {
2536 newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB);
2537 if (LOGGER.isDebugEnabled()) {
2538 LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'");
2541 // anything else is an unexpected result
2542 newStatus = PDPStatus.Status.UNKNOWN.toString();
2543 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId());
2546 } catch (UnknownHostException e) {
2547 newStatus = PDPStatus.Status.NO_SUCH_HOST.toString();
2548 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' NO_SUCH_HOST");
2549 } catch (SocketTimeoutException e) {
2550 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2551 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' connection timeout");
2552 } catch (ConnectException e) {
2553 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2554 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' cannot connect");
2555 } catch (Exception e) {
2556 newStatus = PDPStatus.Status.UNKNOWN.toString();
2557 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat '" + pdp.getId() + "' connect exception");
2559 // cleanup the connection
2560 if(connection != null)
2561 connection.disconnect();
2563 if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) {
2564 if (LOGGER.isDebugEnabled()) {
2565 LOGGER.debug("previous status='" + pdp.getStatus().getStatus()+"' new Status='" + newStatus + "'");
2568 setPDPSummaryStatus(pdp, newStatus);
2569 } catch (PAPException e) {
2570 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Unable to set state for PDP '" + pdp.getId());
2575 // Check for shutdown
2576 if (this.isRunning() == false) {
2577 LOGGER.info("isRunning is false, getting out of loop.");
2580 // if any of the PDPs changed state, tell the ACs to update
2585 } catch (InterruptedException e) {
2586 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat interrupted. Shutting down");
2588 Thread.currentThread().interrupt();
2594 * HELPER to change Group status when PDP status is changed
2595 * (Must NOT be called from a method that is synchronized on the papEngine or it may deadlock)
2597 private void setPDPSummaryStatus(OnapPDP pdp, PDPStatus.Status newStatus) throws PAPException {
2598 setPDPSummaryStatus(pdp, newStatus.toString());
2601 private void setPDPSummaryStatus(OnapPDP pdp, String newStatus) throws PAPException {
2602 synchronized(papEngine) {
2603 StdPDPStatus status = new StdPDPStatus();
2604 status.setStatus(PDPStatus.Status.valueOf(newStatus));
2605 ((StdPDP)pdp).setStatus(status);
2606 // now adjust the group
2607 StdPDPGroup group = (StdPDPGroup)papEngine.getPDPGroup((OnapPDP) pdp);
2608 // if the PDP was just deleted it may transiently exist but not be in a group
2609 if (group != null) {
2610 group.resetStatus();
2616 * Callback methods telling this servlet to notify PDPs of changes made by the PAP StdEngine
2617 * in the PDP group directories
2620 public void changed() {
2621 // all PDPs in all groups need to be updated/sync'd
2622 Set<OnapPDPGroup> groups;
2624 groups = papEngine.getOnapPDPGroups();
2625 } catch (PAPException e) {
2626 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2627 throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2629 for (OnapPDPGroup group : groups) {
2630 groupChanged(group);
2634 public void changed(ONAPLoggingContext loggingContext) {
2635 // all PDPs in all groups need to be updated/sync'd
2636 Set<OnapPDPGroup> groups;
2638 groups = papEngine.getOnapPDPGroups();
2639 } catch (PAPException e) {
2640 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2641 throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2643 for (OnapPDPGroup group : groups) {
2644 groupChanged(group, loggingContext);
2649 public void groupChanged(OnapPDPGroup group) {
2650 // all PDPs within one group need to be updated/sync'd
2651 for (OnapPDP pdp : group.getOnapPdps()) {
2656 public void groupChanged(OnapPDPGroup group, ONAPLoggingContext loggingContext) {
2657 // all PDPs within one group need to be updated/sync'd
2658 for (OnapPDP pdp : group.getOnapPdps()) {
2659 pdpChanged(pdp, loggingContext);
2664 public void pdpChanged(OnapPDP pdp) {
2665 // kick off a thread to do an event notification for each PDP.
2666 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2667 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2668 Thread t = new Thread(new UpdatePDPThread(pdp));
2669 if(CheckPDP.validateID(pdp.getId())){
2674 public void pdpChanged(OnapPDP pdp, ONAPLoggingContext loggingContext) {
2675 // kick off a thread to do an event notification for each PDP.
2676 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2677 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2678 Thread t = new Thread(new UpdatePDPThread(pdp, loggingContext));
2679 if(CheckPDP.validateID(pdp.getId())){
2684 private class UpdatePDPThread implements Runnable {
2685 private OnapPDP pdp;
2686 private String requestId;
2687 private ONAPLoggingContext loggingContext;
2689 public UpdatePDPThread(OnapPDP pdp) {
2693 public UpdatePDPThread(OnapPDP pdp, ONAPLoggingContext loggingContext) {
2695 if ((loggingContext != null) && (loggingContext.getRequestID() != null || loggingContext.getRequestID() == "")) {
2696 this.requestId = loggingContext.getRequestID();
2698 this.loggingContext = loggingContext;
2702 // send the current configuration to one PDP
2703 HttpURLConnection connection = null;
2704 // get a new logging context for the thread
2706 if (this.loggingContext == null) {
2707 loggingContext = new ONAPLoggingContext(baseLoggingContext);
2709 } catch (Exception e) {
2710 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2711 // Since this is a server-side error, it probably does not reflect a problem on the client,
2712 // so do not change the PDP status.
2716 loggingContext.setServiceName("PAP:PDP.putConfig");
2717 // If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP
2718 if ((requestId == null) || (requestId == "")) {
2719 UUID requestID = UUID.randomUUID();
2720 loggingContext.setRequestID(requestID.toString());
2721 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (UpdatePDPThread) so we generated one: " + loggingContext.getRequestID());
2723 loggingContext.setRequestID(requestId);
2724 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (UpdatePDPThread): " + loggingContext.getRequestID());
2726 loggingContext.transactionStarted();
2727 // the Id of the PDP is its URL
2728 if (LOGGER.isDebugEnabled()) {
2729 LOGGER.debug("creating url for id '" + pdp.getId() + "'");
2731 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2732 //TODO (need to change "cache=", implying getting some input saying which to change)
2733 URL url = new URL(pdp.getId() + "?cache=all");
2734 // Open up the connection
2735 connection = (HttpURLConnection)url.openConnection();
2736 // Setup our method and headers
2737 connection.setRequestMethod("PUT");
2739 String encoding = CheckPDP.getEncoding(pdp.getId());
2740 if(encoding !=null){
2741 connection.setRequestProperty("Authorization", "Basic " + encoding);
2743 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2744 connection.setRequestProperty("X-ECOMP-RequestID", loggingContext.getRequestID());
2745 connection.setInstanceFollowRedirects(true);
2746 connection.setDoOutput(true);
2747 try (OutputStream os = connection.getOutputStream()) {
2748 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
2749 // if the PDP was just deleted, there is no group, but we want to send an update anyway
2750 if (group == null) {
2751 // create blank properties files
2752 Properties policyProperties = new Properties();
2753 policyProperties.put(XACMLProperties.PROP_ROOTPOLICIES, "");
2754 policyProperties.put(XACMLProperties.PROP_REFERENCEDPOLICIES, "");
2755 policyProperties.store(os, "");
2756 Properties pipProps = new Properties();
2757 pipProps.setProperty(XACMLProperties.PROP_PIP_ENGINES, "");
2758 pipProps.store(os, "");
2760 // send properties from the current group
2761 group.getPolicyProperties().store(os, "");
2762 Properties policyLocations = new Properties();
2763 for (PDPPolicy policy : group.getPolicies()) {
2764 policyLocations.put(policy.getId() + ".url", XACMLPapServlet.papURL + "?id=" + policy.getId());
2766 policyLocations.store(os, "");
2767 group.getPipConfigProperties().store(os, "");
2769 } catch (Exception e) {
2770 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2771 // Since this is a server-side error, it probably does not reflect a problem on the client,
2772 // so do not change the PDP status.
2776 loggingContext.metricStarted();
2777 connection.connect();
2778 loggingContext.metricEnded();
2779 PolicyLogger.metrics("XACMLPapServlet UpdatePDPThread connection connect");
2780 if (connection.getResponseCode() == 204) {
2781 LOGGER.info("Success. We are configured correctly.");
2782 loggingContext.transactionEnded();
2783 auditLogger.info("Success. PDP is configured correctly.");
2784 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2785 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
2786 } else if (connection.getResponseCode() == 200) {
2787 LOGGER.info("Success. PDP needs to update its configuration.");
2788 loggingContext.transactionEnded();
2789 auditLogger.info("Success. PDP needs to update its configuration.");
2790 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2791 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
2793 LOGGER.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2794 loggingContext.transactionEnded();
2795 auditLogger.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2796 PolicyLogger.audit("Transaction Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2797 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2799 } catch (Exception e) {
2801 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config with PDP '" + pdp.getId() + "'");
2802 loggingContext.transactionEnded();
2803 PolicyLogger.audit("Transaction Failed: Unable to sync config with PDP '" + pdp.getId() + "': " + e);
2805 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2806 } catch (PAPException e1) {
2808 PolicyLogger.audit("Transaction Failed: Unable to set status of PDP " + pdp.getId() + " to UNKNOWN: " + e);
2809 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to set status of PDP '" + pdp.getId() + "' to UNKNOWN");
2812 // cleanup the connection
2813 if(connection != null){
2814 connection.disconnect();
2816 // tell the AC to update it's status info
2823 * RESTful Interface from PAP to ACs notifying them of changes
2825 private void notifyAC() {
2826 // kick off a thread to do one event notification for all registered ACs
2827 // This needs to be on a separate thread so that ACs can make calls back to PAP to get the updated Group data
2828 // as part of processing this message on their end.
2829 Thread t = new Thread(new NotifyACThread());
2833 private class NotifyACThread implements Runnable {
2835 List<String> disconnectedACs = new ArrayList<>();
2836 // There should be no Concurrent exception here because the list is a CopyOnWriteArrayList.
2837 // The "for each" loop uses the collection's iterator under the covers, so it should be correct.
2838 for (String acURL : adminConsoleURLStringList) {
2839 HttpURLConnection connection = null;
2841 acURL += "?PAPNotification=true";
2842 //TODO - Currently we just tell AC that "Something changed" without being specific. Do we want to tell it which group/pdp changed?
2843 //TODO - If so, put correct parameters into the Query string here
2844 acURL += "&objectType=all" + "&action=update";
2845 if (LOGGER.isDebugEnabled()) {
2846 LOGGER.debug("creating url for id '" + acURL + "'");
2848 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2849 //TODO (need to change "cache=", implying getting some input saying which to change)
2850 URL url = new URL(acURL );
2851 // Open up the connection
2852 connection = (HttpURLConnection)url.openConnection();
2853 // Setup our method and headers
2854 connection.setRequestMethod("PUT");
2855 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2856 // Adding this in. It seems the HttpUrlConnection class does NOT
2857 // properly forward our headers for POST re-direction. It does so
2858 // for a GET re-direction.
2859 // So we need to handle this ourselves.
2860 //TODO - is this needed for a PUT? seems better to leave in for now?
2861 connection.setInstanceFollowRedirects(false);
2862 // Do not include any data in the PUT because this is just a
2863 // notification to the AC.
2864 // The AC will use GETs back to the PAP to get what it needs
2865 // to fill in the screens.
2867 connection.connect();
2868 if (connection.getResponseCode() == 204) {
2869 LOGGER.info("Success. We updated correctly.");
2871 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2874 } catch (Exception e) {
2875 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config AC '" + acURL + "'");
2876 disconnectedACs.add(acURL);
2878 // cleanup the connection
2879 if(connection != null)
2880 connection.disconnect();
2883 // remove any ACs that are no longer connected
2884 if (disconnectedACs.size() > 0) {
2885 adminConsoleURLStringList.removeAll(disconnectedACs);
2890 private void testService(ONAPLoggingContext loggingContext, HttpServletResponse response) throws IOException{
2891 LOGGER.info("Test request received");
2893 im.evaluateSanity();
2894 //If we make it this far, all is well
2895 String message = "GET:/pap/test called and PAP " + papResourceName + " is OK";
2896 LOGGER.info(message);
2897 loggingContext.transactionEnded();
2898 PolicyLogger.audit("Transaction Failed - See Error.log");
2899 response.setStatus(HttpServletResponse.SC_OK);
2901 }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){
2903 if (e instanceof ForwardProgressException) {
2904 submsg = " is not making forward progress.";
2905 } else if (e instanceof AdministrativeStateException) {
2906 submsg = " Administrative State is LOCKED.";
2908 submsg = " Standby Status is NOT PROVIDING SERVICE.";
2911 String message = "GET:/pap/test called and PAP " + papResourceName + submsg
2912 + " Exception Message: " + e.getMessage();
2913 LOGGER.info(message, e);
2914 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2915 loggingContext.transactionEnded();
2916 PolicyLogger.audit("Transaction Failed - See Error.log");
2917 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2919 }catch (Exception e) {
2920 //A subsystem is not making progress, is locked, standby or is not responding
2921 String eMsg = e.getMessage();
2923 eMsg = "No Exception Message";
2925 String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure."
2926 + " Exception Message: " + eMsg;
2927 LOGGER.info(message, e);
2928 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2929 loggingContext.transactionEnded();
2930 PolicyLogger.audit("Transaction Failed - See Error.log");
2931 //Get the specific list of subsystems that failed
2932 String ssFailureList = null;
2933 for(String failedSS : papDependencyGroupsFlatArray){
2934 if(eMsg.contains(failedSS)){
2935 if(ssFailureList == null){
2936 ssFailureList = failedSS;
2938 ssFailureList = ssFailureList.concat(","+failedSS);
2942 if(ssFailureList == null){
2943 ssFailureList = "UnknownSubSystem";
2945 response.addHeader("X-ONAP-SubsystemFailure", ssFailureList);
2946 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2952 * Authorizing the PEP Requests.
2954 private boolean authorizeRequest(HttpServletRequest request) {
2955 String clientCredentials = request.getHeader(ENVIRONMENT_HEADER);
2956 // Check if the Client is Authorized.
2957 if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){
2964 private static void loadWebapps() throws PAPException{
2965 if(actionHome == null || configHome == null){
2966 Path webappsPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS));
2968 if (webappsPath == null) {
2969 PolicyLogger.error("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2970 throw new PAPException("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2972 Path webappsPathConfig = Paths.get(webappsPath.toString()+File.separator+"Config");
2973 Path webappsPathAction = Paths.get(webappsPath.toString()+File.separator+"Action");
2974 if (Files.notExists(webappsPathConfig)) {
2976 Files.createDirectories(webappsPathConfig);
2977 } catch (IOException e) {
2978 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Failed to create config directory: "
2979 + webappsPathConfig.toAbsolutePath().toString());
2982 if (Files.notExists(webappsPathAction)) {
2984 Files.createDirectories(webappsPathAction);
2985 } catch (IOException e) {
2986 LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create action directory: "
2987 + webappsPathAction.toAbsolutePath().toString(), e);
2990 actionHome = webappsPathAction.toString();
2991 configHome = webappsPathConfig.toString();
2995 public static String getConfigHome(){
2998 } catch (PAPException e) {
3005 private static void setConfigHome(){
3006 configHome = getConfigHome();
3009 public static String getActionHome(){
3012 } catch (PAPException e) {
3019 private static void setActionHome(){
3020 actionHome = getActionHome();
3023 public static EntityManagerFactory getEmf() {
3027 public IntegrityAudit getIa() {
3031 public static String getPDPFile(){
3032 return XACMLPapServlet.pdpFile;
3035 public static String getPersistenceUnit(){
3036 return PERSISTENCE_UNIT;
3039 public static PAPPolicyEngine getPAPEngine(){
3043 public static PolicyDBDaoTransaction getDbDaoTransaction(){
3044 return policyDBDao.getNewTransaction();
3046 public static String getPapDbDriver() {
3050 public static void setPapDbDriver(String papDbDriver) {
3051 XACMLPapServlet.papDbDriver = papDbDriver;
3054 public static String getPapDbUrl() {
3058 public static void setPapDbUrl(String papDbUrl) {
3059 XACMLPapServlet.papDbUrl = papDbUrl;
3062 public static String getPapDbUser() {
3066 public static void setPapDbUser(String papDbUser) {
3067 XACMLPapServlet.papDbUser = papDbUser;
3070 public static String getPapDbPassword() {
3071 return papDbPassword;
3074 public static void setPapDbPassword(String papDbPassword) {
3075 XACMLPapServlet.papDbPassword = papDbPassword;
3078 public static String getMsOnapName() {
3082 public static void setMsOnapName(String msOnapName) {
3083 XACMLPapServlet.msOnapName = msOnapName;
3086 public static String getMsPolicyName() {
3087 return msPolicyName;
3090 public static void setMsPolicyName(String msPolicyName) {
3091 XACMLPapServlet.msPolicyName = msPolicyName;
Code Review / policy / engine.git / blob