2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest;
24 import java.io.FileInputStream;
25 import java.io.IOException;
26 import java.io.InputStream;
27 import java.io.OutputStream;
28 import java.io.UnsupportedEncodingException;
29 import java.net.ConnectException;
30 import java.net.HttpURLConnection;
31 import java.net.InetAddress;
32 import java.net.MalformedURLException;
33 import java.net.SocketTimeoutException;
35 import java.net.URLDecoder;
36 import java.net.UnknownHostException;
37 import java.nio.file.Files;
38 import java.nio.file.Path;
39 import java.nio.file.Paths;
40 import java.util.ArrayList;
41 import java.util.HashMap;
42 import java.util.HashSet;
43 import java.util.List;
44 import java.util.Properties;
45 import java.util.Scanner;
47 import java.util.UUID;
48 import java.util.concurrent.CopyOnWriteArrayList;
50 import javax.persistence.EntityManagerFactory;
51 import javax.persistence.Persistence;
52 import javax.persistence.PersistenceException;
53 import javax.servlet.Servlet;
54 import javax.servlet.ServletConfig;
55 import javax.servlet.ServletException;
56 import javax.servlet.annotation.WebInitParam;
57 import javax.servlet.annotation.WebServlet;
58 import javax.servlet.http.HttpServlet;
59 import javax.servlet.http.HttpServletRequest;
60 import javax.servlet.http.HttpServletResponse;
62 import org.apache.commons.io.IOUtils;
63 import org.onap.policy.common.ia.IntegrityAudit;
64 import org.onap.policy.common.im.AdministrativeStateException;
65 import org.onap.policy.common.im.ForwardProgressException;
66 import org.onap.policy.common.im.IntegrityMonitor;
67 import org.onap.policy.common.im.IntegrityMonitorProperties;
68 import org.onap.policy.common.im.StandbyStatusException;
69 import org.onap.policy.common.logging.ONAPLoggingContext;
70 import org.onap.policy.common.logging.ONAPLoggingUtils;
71 import org.onap.policy.common.logging.eelf.MessageCodes;
72 import org.onap.policy.common.logging.eelf.PolicyLogger;
73 import org.onap.policy.common.logging.flexlogger.FlexLogger;
74 import org.onap.policy.common.logging.flexlogger.Logger;
75 import org.onap.policy.pap.xacml.rest.components.PolicyDBDao;
76 import org.onap.policy.pap.xacml.rest.components.PolicyDBDaoTransaction;
77 import org.onap.policy.pap.xacml.rest.handler.APIRequestHandler;
78 import org.onap.policy.pap.xacml.rest.handler.PushPolicyHandler;
79 import org.onap.policy.pap.xacml.rest.handler.SavePolicyHandler;
80 import org.onap.policy.pap.xacml.restAuth.CheckPDP;
81 import org.onap.policy.rest.XACMLRest;
82 import org.onap.policy.rest.XACMLRestProperties;
83 import org.onap.policy.rest.dao.PolicyDBException;
84 import org.onap.policy.utils.PolicyUtils;
85 import org.onap.policy.xacml.api.XACMLErrorConstants;
86 import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
87 import org.onap.policy.xacml.api.pap.OnapPDP;
88 import org.onap.policy.xacml.api.pap.OnapPDPGroup;
89 import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
90 import org.onap.policy.xacml.std.pap.StdPDP;
91 import org.onap.policy.xacml.std.pap.StdPDPGroup;
92 import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener;
93 import org.onap.policy.xacml.std.pap.StdPDPPolicy;
94 import org.onap.policy.xacml.std.pap.StdPDPStatus;
96 import com.att.research.xacml.api.pap.PAPException;
97 import com.att.research.xacml.api.pap.PDPPolicy;
98 import com.att.research.xacml.api.pap.PDPStatus;
99 import com.att.research.xacml.util.FactoryException;
100 import com.att.research.xacml.util.XACMLProperties;
101 import com.fasterxml.jackson.databind.ObjectMapper;
102 import com.google.common.base.Splitter;
105 * Servlet implementation class XacmlPapServlet
108 description = "Implements the XACML PAP RESTful API.",
109 urlPatterns = { "/" },
112 @WebInitParam(name = "XACML_PROPERTIES_NAME", value = "xacml.pap.properties", description = "The location of the properties file holding configuration information.")
114 public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeListener, Runnable {
115 private static final long serialVersionUID = 1L;
116 private static final Logger LOGGER = FlexLogger.getLogger(XACMLPapServlet.class);
117 // audit (transaction) LOGGER
118 private static final Logger auditLogger = FlexLogger.getLogger("auditLogger");
119 //Persistence Unit for JPA
120 private static final String PERSISTENCE_UNIT = "XACML-PAP-REST";
121 private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
123 private static final String ENVIRONMENT_HEADER = "Environment";
125 * List of Admin Console URLs.
126 * Used to send notifications when configuration changes.
128 * The CopyOnWriteArrayList *should* protect from concurrency errors.
129 * This list is seldom changed but often read, so the costs of this approach make sense.
131 private static final CopyOnWriteArrayList<String> adminConsoleURLStringList = new CopyOnWriteArrayList<>();
133 private static String configHome;
134 private static String actionHome;
136 * This PAP instance's own URL.
137 * Need this when creating URLs to send to the PDPs so they can GET the Policy files from this process.
139 private static String papURL = null;
140 // The heartbeat thread.
141 private static Heartbeat heartbeat = null;
142 private static Thread heartbeatThread = null;
143 //The entity manager factory for JPA access
144 private static EntityManagerFactory emf;
145 private static PolicyDBDao policyDBDao;
147 * papEngine - This is our engine workhorse that manages the PDP Groups and Nodes.
149 private static PAPPolicyEngine papEngine = null;
151 * These are the parameters needed for DB access from the PAP
153 private static int papIntegrityAuditPeriodSeconds = -1;
154 private static String papDbDriver = null;
155 private static String papDbUrl = null;
156 private static String papDbUser = null;
157 private static String papDbPassword = null;
158 private static String papResourceName = null;
159 private static String[] papDependencyGroupsFlatArray = null;
160 private static String environment = null;
161 private static String pdpFile = null;
163 private transient IntegrityMonitor im;
164 private transient IntegrityAudit ia;
166 //MicroService Model Properties
167 private static String msOnapName;
168 private static String msPolicyName;
170 * This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when
171 * this servlet starts. Its configurable by the admin.
173 private static transient Thread initiateThread = null;
174 private transient ONAPLoggingContext baseLoggingContext = null;
177 * @see HttpServlet#HttpServlet()
179 public XACMLPapServlet() {
184 * @see Servlet#init(ServletConfig)
186 public void init(ServletConfig config) throws ServletException {
189 baseLoggingContext = new ONAPLoggingContext();
190 // fixed data that will be the same in all logging output goes here
192 String hostname = InetAddress.getLocalHost().getCanonicalHostName();
193 baseLoggingContext.setServer(hostname);
194 } catch (UnknownHostException e) {
195 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get hostname for logging", e);
198 XACMLRest.xacmlInit(config);
199 // Load the properties
200 XACMLRest.loadXacmlProperties(null, null);
202 * Retrieve the property values
204 setCommonProperties();
205 String papSiteName = XACMLProperties.getProperty(XACMLRestProperties.PAP_SITE_NAME);
206 if(papSiteName == null){
207 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papSiteName property entry");
208 throw new PAPException("papSiteName is null");
210 String papNodeType = XACMLProperties.getProperty(XACMLRestProperties.PAP_NODE_TYPE);
211 if(papNodeType == null){
212 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papNodeType property entry");
213 throw new PAPException("papNodeType is null");
215 //Integer will throw an exception of anything is missing or unrecognized
216 int papTransWait = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT));
217 int papTransTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT));
218 int papAuditTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_TIMEOUT));
219 //Boolean will default to false if anything is missing or unrecognized
220 boolean papAuditFlag = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG));
221 boolean papFileSystemAudit = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_FLAG));
222 String papDependencyGroups = XACMLProperties.getProperty(XACMLRestProperties.PAP_DEPENDENCY_GROUPS);
223 if(papDependencyGroups == null){
224 throw new PAPException("papDependencyGroups is null");
226 setPAPDependencyGroups(papDependencyGroups);
227 //Integer will throw an exception of anything is missing or unrecognized
228 int fpMonitorInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FP_MONITOR_INTERVAL));
229 int failedCounterThreshold = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FAILED_COUNTER_THRESHOLD));
230 int testTransInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.TEST_TRANS_INTERVAL));
231 int writeFpcInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.WRITE_FPC_INTERVAL));
232 LOGGER.debug("\n\n\n**************************************"
233 + "\n*************************************"
235 + "\n papDbDriver = " + papDbDriver
236 + "\n papDbUrl = " + papDbUrl
237 + "\n papDbUser = " + papDbUser
238 + "\n papDbPassword = " + papDbPassword
239 + "\n papTransWait = " + papTransWait
240 + "\n papTransTimeout = " + papTransTimeout
241 + "\n papAuditTimeout = " + papAuditTimeout
242 + "\n papAuditFlag = " + papAuditFlag
243 + "\n papFileSystemAudit = " + papFileSystemAudit
244 + "\n papResourceName = " + papResourceName
245 + "\n fpMonitorInterval = " + fpMonitorInterval
246 + "\n failedCounterThreshold = " + failedCounterThreshold
247 + "\n testTransInterval = " + testTransInterval
248 + "\n writeFpcInterval = " + writeFpcInterval
249 + "\n papSiteName = " + papSiteName
250 + "\n papNodeType = " + papNodeType
251 + "\n papDependencyGroupsList = " + papDependencyGroups
252 + "\n papIntegrityAuditPeriodSeconds = " + papIntegrityAuditPeriodSeconds
253 + "\n\n*************************************"
254 + "\n**************************************");
255 // Pull custom persistence settings
256 Properties properties;
258 properties = XACMLProperties.getProperties();
259 LOGGER.debug("\n\n\n**************************************"
260 + "\n**************************************"
262 + "properties = " + properties
263 + "\n\n**************************************");
264 } catch (IOException e) {
265 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " Error loading properties with: "
266 + "XACMLProperties.getProperties()");
267 throw new ServletException(e.getMessage(), e.getCause());
269 // Create an IntegrityMonitor
270 im = IntegrityMonitor.getInstance(papResourceName,properties);
271 // Create an IntegrityAudit
272 ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
273 ia.startAuditThread();
274 // Create the entity manager factory
276 // we are about to call the PDPs and give them their configuration.
277 // To do that we need to have the URL of this PAP so we can construct the Policy file URLs
278 setPAPURL(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL));
279 //Create the policyDBDao
281 // Load our PAP engine, first create a factory
282 ONAPPapEngineFactory factory = ONAPPapEngineFactory.newInstance(XACMLProperties.getProperty(XACMLProperties.PROP_PAP_PAPENGINEFACTORY));
283 // The factory knows how to go about creating a PAP Engine
284 setPAPEngine((PAPPolicyEngine) factory.newEngine());
285 PolicyDBDaoTransaction addNewGroup = null;
286 if (((org.onap.policy.xacml.std.pap.StdEngine) papEngine).wasDefaultGroupJustAdded) {
288 addNewGroup = policyDBDao.getNewTransaction();
289 OnapPDPGroup group = papEngine.getDefaultGroup();
290 addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(),
291 "automaticallyAdded");
292 addNewGroup.commitTransaction();
293 addNewGroup = policyDBDao.getNewTransaction();
294 addNewGroup.changeDefaultGroup(group, "automaticallyAdded");
295 addNewGroup.commitTransaction();
296 } catch (Exception e) {
297 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet",
298 " Error creating new default group in the database");
299 if (addNewGroup != null) {
300 addNewGroup.rollbackTransaction();
304 policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine);
305 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){
307 * Auditing the local File System groups to be in sync with the Database
310 //get an AuditTransaction to lock out all other transactions
311 PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction();
313 LOGGER.info("PapServlet: calling auditLocalFileSystem for PDP group audit");
314 LOGGER.info("PapServlet: old group is " + papEngine.getDefaultGroup().toString());
315 //get the current filesystem group and update from the database if needed
316 StdPDPGroup group = (StdPDPGroup) papEngine.getDefaultGroup();
317 StdPDPGroup updatedGroup = policyDBDao.auditLocalFileSystem(group);
318 if(updatedGroup!=null) {
319 papEngine.updateGroup(updatedGroup);
321 LOGGER.info("PapServlet: updated group is " + papEngine.getDefaultGroup().toString());
323 //release the transaction lock
327 // Sanity check for URL.
328 if (XACMLPapServlet.papURL == null) {
329 throw new PAPException("The property " + XACMLRestProperties.PROP_PAP_URL + " is not valid: " + XACMLPapServlet.papURL);
331 // Configurable - have the PAP servlet initiate sending the latest PDP policy/pip configuration
332 // to all its known PDP nodes.
333 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_INITIATE_PDP_CONFIG))) {
334 startInitiateThreadService(new Thread(this));
336 // After startup, the PAP does Heartbeat's to each of the PDPs periodically
337 startHeartBeatService(new Heartbeat((PAPPolicyEngine) XACMLPapServlet.papEngine));
339 } catch (FactoryException | PAPException e) {
340 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine");
341 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; error: "+e);
342 } catch (Exception e) {
343 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine - unexpected error");
344 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; unexpected error: "+e);
348 private static void startInitiateThreadService(Thread thread) {
349 initiateThread = thread;
350 initiateThread.start();
353 private static void mapperWriteValue(ObjectMapper mapper, HttpServletResponse response, Object value) {
355 mapper.writeValue(response.getOutputStream(), value);
356 } catch (Exception e) {
361 private static void startHeartBeatService(Heartbeat heartbeat) {
362 XACMLPapServlet.heartbeat = heartbeat;
363 XACMLPapServlet.heartbeatThread = new Thread(XACMLPapServlet.heartbeat);
364 XACMLPapServlet.heartbeatThread.start();
367 private static void setPolicyDBDao() throws ServletException {
369 policyDBDao = PolicyDBDao.getPolicyDBDaoInstance(getEmf());
370 } catch (Exception e) {
371 throw new ServletException("Unable to Create Policy DBDao Instance",e);
375 private static void setEMF(Properties properties) throws ServletException {
376 emf = Persistence.createEntityManagerFactory(PERSISTENCE_UNIT, properties);
378 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager factory with persistence unit: "
380 throw new ServletException("Unable to create Entity Manager Factory");
384 private static void setPAPURL(String papURL) {
385 XACMLPapServlet.papURL = papURL;
388 private static void setPAPEngine(PAPPolicyEngine newEngine) {
389 XACMLPapServlet.papEngine = newEngine;
392 private static void setPAPDependencyGroups(String papDependencyGroups) throws PAPException {
394 //Now we have flattened the array into a simple comma-separated list
395 papDependencyGroupsFlatArray = papDependencyGroups.split("[;,]");
396 //clean up the entries
397 for (int i = 0 ; i < papDependencyGroupsFlatArray.length ; i ++){
398 papDependencyGroupsFlatArray[i] = papDependencyGroupsFlatArray[i].trim();
401 if(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS) != null){
402 papIntegrityAuditPeriodSeconds = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS).trim());
405 String msg = "integrity_audit_period_seconds ";
406 LOGGER.error("\n\nERROR: " + msg + "Bad property entry: " + e.getMessage() + "\n");
407 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: " + msg +"Bad property entry");
411 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry");
412 throw new PAPException(e);
416 private static void setCommonProperties() throws PAPException {
419 papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER);
420 if(papDbDriver == null){
421 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbDriver property entry");
422 throw new PAPException("papDbDriver is null");
424 setPapDbDriver(papDbDriver);
425 papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL);
426 if(papDbUrl == null){
427 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUrl property entry");
428 throw new PAPException("papDbUrl is null");
430 setPapDbUrl(papDbUrl);
431 papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER);
432 if(papDbUser == null){
433 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUser property entry");
434 throw new PAPException("papDbUser is null");
436 setPapDbUser(papDbUser);
437 papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD);
438 if(papDbPassword == null){
439 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
440 throw new PAPException("papDbPassword is null");
442 setPapDbPassword(papDbPassword);
443 papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME);
444 if(papResourceName == null){
445 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papResourceName property entry");
446 throw new PAPException("papResourceName is null");
448 environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
449 //Micro Service Properties
450 msOnapName=XACMLProperties.getProperty("xacml.policy.msOnapName");
451 setMsOnapName(msOnapName);
452 msPolicyName=XACMLProperties.getProperty("xacml.policy.msPolicyName");
453 setMsPolicyName(msPolicyName);
454 // PDPId File location
455 XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE);
456 if (XACMLPapServlet.pdpFile == null) {
457 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " The PDP Id Authentication File Property is not valid: "
458 + XACMLRestProperties.PROP_PDP_IDFILE);
459 throw new PAPException("The PDP Id Authentication File Property :"+ XACMLRestProperties.PROP_PDP_IDFILE+ " is not Valid. ");
464 * Thread used only during PAP startup to initiate change messages to all known PDPs.
465 * This must be on a separate thread so that any GET requests from the PDPs during this update can be serviced.
469 // send the current configuration to all the PDPs that we know about
474 * @see Servlet#destroy()
476 * Depending on how this servlet is run, we may or may not care about cleaning up the resources.
477 * For now we assume that we do care.
480 public void destroy() {
481 // Make sure our threads are destroyed
482 if (XACMLPapServlet.heartbeatThread != null) {
483 // stop the heartbeat
485 if (XACMLPapServlet.heartbeat != null) {
486 XACMLPapServlet.heartbeat.terminate();
488 XACMLPapServlet.heartbeatThread.interrupt();
489 XACMLPapServlet.heartbeatThread.join();
490 } catch (InterruptedException e) {
491 XACMLPapServlet.heartbeatThread.interrupt();
492 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping heartbeat");
495 if (initiateThread != null) {
497 initiateThread.interrupt();
498 initiateThread.join();
499 } catch (InterruptedException e) {
500 initiateThread.interrupt();
501 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping thread");
508 * - PDP nodes to register themselves with the PAP, and
509 * - Admin Console to make changes in the PDP Groups.
511 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
513 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
514 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
515 loggingContext.transactionStarted();
516 loggingContext.setServiceName("PAP.post");
517 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
518 UUID requestID = UUID.randomUUID();
519 loggingContext.setRequestID(requestID.toString());
520 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPost) so we generated one");
522 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)");
524 PolicyDBDaoTransaction pdpTransaction = null;
525 loggingContext.metricStarted();
527 im.startTransaction();
528 loggingContext.metricEnded();
529 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
530 } catch (AdministrativeStateException ae){
531 String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
532 + " state of " + im.getStateManager().getAdminState()
533 + "\n Exception Message: " + ae.getMessage();
534 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae);
535 loggingContext.metricEnded();
536 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
537 loggingContext.transactionEnded();
538 PolicyLogger.audit("Transaction Failed - See Error.log");
539 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
541 }catch (StandbyStatusException se) {
542 String message = "POST interface called for PAP " + papResourceName + " but it has a Standby Status"
543 + " of " + im.getStateManager().getStandbyStatus()
544 + "\n Exception Message: " + se.getMessage();
545 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, se);
546 loggingContext.metricEnded();
547 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
548 loggingContext.transactionEnded();
549 PolicyLogger.audit("Transaction Failed - See Error.log");
550 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
554 loggingContext.metricStarted();
555 XACMLRest.dumpRequest(request);
556 loggingContext.metricEnded();
557 PolicyLogger.metrics("XACMLPapServlet doPost dumpRequest");
558 // since getParameter reads the content string, explicitly get the content before doing that.
559 // Simply getting the inputStream seems to protect it against being consumed by getParameter.
560 request.getInputStream();
561 String groupId = request.getParameter("groupId");
562 String apiflag = request.getParameter("apiflag");
563 if(groupId != null) {
564 // Is this from the Admin Console or API?
565 if(apiflag!=null && apiflag.equalsIgnoreCase("api")) {
566 // this is from the API so we need to check the client credentials before processing the request
567 if(!authorizeRequest(request)){
568 String message = "PEP not Authorized for making this Request!!";
569 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
570 loggingContext.transactionEnded();
571 PolicyLogger.audit("Transaction Failed - See Error.log");
572 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
577 loggingContext.metricStarted();
578 doACPost(request, response, groupId, loggingContext);
579 loggingContext.metricEnded();
580 PolicyLogger.metrics("XACMLPapServlet doPost doACPost");
581 loggingContext.transactionEnded();
582 PolicyLogger.audit("Transaction Ended Successfully");
586 // Request is from a PDP asking for its config.
587 loggingContext.setServiceName("PDP:PAP.register");
589 String id = this.getPDPID(request);
590 String jmxport = this.getPDPJMX(request);
591 LOGGER.info("Request(doPost) from PDP coming up: " + id);
592 // Get the PDP Object
593 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
596 LOGGER.info("Unknown PDP: " + id);
598 if(CheckPDP.validateID(id)){
599 pdpTransaction = policyDBDao.getNewTransaction();
601 pdpTransaction.addPdpToGroup(id, XACMLPapServlet.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister");
602 XACMLPapServlet.papEngine.newPDP(id, XACMLPapServlet.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport));
603 } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException | PolicyDBException e) {
604 pdpTransaction.rollbackTransaction();
605 String message = "Failed to create new PDP for id: " + id;
606 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message);
607 loggingContext.transactionEnded();
608 PolicyLogger.audit("Transaction Failed - See Error.log");
609 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
613 // get the PDP we just created
615 pdp = XACMLPapServlet.papEngine.getPDP(id);
616 }catch(PAPException e){
620 if(pdpTransaction != null){
621 pdpTransaction.rollbackTransaction();
623 String message = "Failed to create new PDP for id: " + id;
624 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
625 loggingContext.transactionEnded();
626 PolicyLogger.audit("Transaction Failed - See Error.log");
627 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
632 String message = "PDP is Unauthorized to Connect to PAP: "+ id;
633 loggingContext.transactionEnded();
634 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
635 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration.");
636 PolicyLogger.audit("Transaction Failed - See Error.log");
641 loggingContext.metricStarted();
642 pdpTransaction.commitTransaction();
643 loggingContext.metricEnded();
644 PolicyLogger.metrics("XACMLPapServlet doPost commitTransaction");
645 } catch(Exception e){
646 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database");
649 if (jmxport != null && jmxport != ""){
651 ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport));
652 }catch(NumberFormatException e){
656 // Get the PDP's Group
657 OnapPDPGroup group =null;
659 group= XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
660 }catch(PAPException e){
664 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " PDP not associated with any group, even the default");
665 loggingContext.transactionEnded();
666 PolicyLogger.audit("Transaction Failed - See Error.log");
667 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not associated with any group, even the default");
671 // Determine what group the PDP node is in and get
672 // its policy/pip properties.
673 Properties policies = group.getPolicyProperties();
674 Properties pipconfig = group.getPipConfigProperties();
675 // Get the current policy/pip configuration that the PDP has
676 Properties pdpProperties = new Properties();
678 pdpProperties.load(request.getInputStream());
679 }catch(IOException e){
682 LOGGER.info("PDP Current Properties: " + pdpProperties.toString());
683 LOGGER.info("Policies: " + (policies != null ? policies.toString() : "null"));
684 LOGGER.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null"));
685 // Validate the node's properties
686 boolean isCurrent = this.isPDPCurrent(policies, pipconfig, pdpProperties);
687 // Send back current configuration
688 if (isCurrent == false) {
689 // Tell the PDP we are sending back the current policies/pip config
690 LOGGER.info("PDP configuration NOT current.");
691 if (policies != null) {
692 // Put URL's into the properties in case the PDP needs to
694 this.populatePolicyURL(request.getRequestURL(), policies);
695 // Copy the properties to the output stream
697 policies.store(response.getOutputStream(), "");
698 }catch(IOException e){
702 if (pipconfig != null) {
703 // Copy the properties to the output stream
705 pipconfig.store(response.getOutputStream(), "");
706 }catch(IOException e){
710 // We are good - and we are sending them information
711 response.setStatus(HttpServletResponse.SC_OK);
713 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
714 }catch(PAPException e){
718 // Tell them they are good
719 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
721 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
722 }catch(PAPException e){
726 // tell the AC that something changed
727 loggingContext.metricStarted();
729 loggingContext.metricEnded();
730 PolicyLogger.metrics("XACMLPapServlet doPost notifyAC");
731 loggingContext.transactionEnded();
732 auditLogger.info("Success");
733 PolicyLogger.audit("Transaction Ended Successfully");
734 } catch (PAPException | IOException | NumberFormatException e) {
735 if(pdpTransaction != null){
736 pdpTransaction.rollbackTransaction();
738 LOGGER.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e);
739 loggingContext.transactionEnded();
740 PolicyLogger.audit("Transaction Failed - See Error.log");
741 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
745 //Catch anything that fell through
746 loggingContext.transactionEnded();
747 PolicyLogger.audit("Transaction Ended");
751 private void setResponseError(HttpServletResponse response,int responseCode, String message) {
753 response.sendError(responseCode, message);
754 } catch (IOException e) {
755 LOGGER.error("Error setting Error response Header ", e);
761 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
763 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
764 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
765 loggingContext.transactionStarted();
766 loggingContext.setServiceName("PAP.get");
767 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
768 UUID requestID = UUID.randomUUID();
769 loggingContext.setRequestID(requestID.toString());
770 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doGet) so we generated one");
772 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)");
775 loggingContext.metricStarted();
776 XACMLRest.dumpRequest(request);
777 loggingContext.metricEnded();
778 PolicyLogger.metrics("XACMLPapServlet doGet dumpRequest");
779 String pathInfo = request.getRequestURI();
780 LOGGER.info("path info: " + pathInfo);
781 if (pathInfo != null){
782 //DO NOT do a im.startTransaction for the test request
783 if (pathInfo.equals("/pap/test")) {
785 testService(loggingContext, response);
786 } catch (IOException e) {
792 //This im.startTransaction() covers all other Get transactions
794 loggingContext.metricStarted();
795 im.startTransaction();
796 loggingContext.metricEnded();
797 PolicyLogger.metrics("XACMLPapServlet doGet im startTransaction");
798 } catch (AdministrativeStateException ae){
799 String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative"
800 + " state of " + im.getStateManager().getAdminState()
801 + "\n Exception Message: " + ae.getMessage();
802 LOGGER.info(message, ae);
803 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
804 loggingContext.transactionEnded();
805 PolicyLogger.audit("Transaction Failed - See Error.log");
806 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
808 }catch (StandbyStatusException se) {
809 String message = "GET interface called for PAP " + papResourceName + " but it has a Standby Status"
810 + " of " + im.getStateManager().getStandbyStatus()
811 + "\n Exception Message: " + se.getMessage();
812 LOGGER.info(message, se);
813 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
814 loggingContext.transactionEnded();
815 PolicyLogger.audit("Transaction Failed - See Error.log");
816 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
819 // Request from the API to get the gitPath
820 String apiflag = request.getParameter("apiflag");
822 if(authorizeRequest(request)){
823 APIRequestHandler apiRequestHandler = new APIRequestHandler();
825 loggingContext.metricStarted();
826 apiRequestHandler.doGet(request,response, apiflag);
827 loggingContext.metricEnded();
828 PolicyLogger.metrics("XACMLPapServlet doGet apiRequestHandler doGet");
829 }catch(IOException e){
832 loggingContext.transactionEnded();
833 PolicyLogger.audit("Transaction Ended Successfully");
837 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
838 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
839 loggingContext.transactionEnded();
840 PolicyLogger.audit("Transaction Failed - See Error.log");
841 setResponseError(response, HttpServletResponse.SC_FORBIDDEN, message);
846 // Is this from the Admin Console?
847 String groupId = request.getParameter("groupId");
848 if (groupId != null) {
849 // this is from the Admin Console, so handle separately
851 loggingContext.metricStarted();
852 doACGet(request, response, groupId, loggingContext);
853 loggingContext.metricEnded();
854 PolicyLogger.metrics("XACMLPapServlet doGet doACGet");
855 } catch(IOException e){
858 loggingContext.transactionEnded();
859 PolicyLogger.audit("Transaction Ended Successfully");
864 String id = this.getPDPID(request);
865 LOGGER.info("doGet from: " + id);
866 // Get the PDP Object
869 pdp = XACMLPapServlet.papEngine.getPDP(id);
870 }catch(PAPException e){
875 // Check if request came from localhost
876 if (request.getRemoteHost().equals("localhost") ||
877 request.getRemoteHost().equals(request.getLocalAddr())) {
878 // Return status information - basically all the groups
879 loggingContext.setServiceName("PAP.getGroups");
880 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
881 // convert response object to JSON and include in the response
882 mapperWriteValue(new ObjectMapper(), response, groups);
883 response.setHeader("content-type", "application/json");
884 response.setStatus(HttpServletResponse.SC_OK);
885 loggingContext.transactionEnded();
886 PolicyLogger.audit("Transaction Ended Successfully");
890 String message = "Unknown PDP: " + id + " from " + request.getRemoteHost() + " us: " + request.getLocalAddr();
891 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
892 loggingContext.transactionEnded();
893 PolicyLogger.audit("Transaction Failed - See Error.log");
894 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
898 loggingContext.setServiceName("PAP.getPolicy");
899 // Get the PDP's Group
900 OnapPDPGroup group = null;
902 group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
903 } catch (PAPException e) {
907 String message = "No group associated with pdp " + pdp.getId();
908 LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message);
909 loggingContext.transactionEnded();
910 PolicyLogger.audit("Transaction Failed - See Error.log");
911 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
915 // Which policy do they want?
916 String policyId = request.getParameter("id");
917 if (policyId == null) {
918 String message = "Did not specify an id for the policy";
919 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
920 loggingContext.transactionEnded();
921 PolicyLogger.audit("Transaction Failed - See Error.log");
922 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
926 PDPPolicy policy = group.getPolicy(policyId);
927 if (policy == null) {
928 String message = "Unknown policy: " + policyId;
929 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
930 loggingContext.transactionEnded();
931 PolicyLogger.audit("Transaction Failed - See Error.log");
932 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
937 LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n "
938 + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString());
939 } catch (PAPException| IOException e){
942 try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) {
943 // Send the policy back
944 IOUtils.copy(is, os);
945 response.setStatus(HttpServletResponse.SC_OK);
946 loggingContext.transactionEnded();
947 auditLogger.info("Success");
948 PolicyLogger.audit("Transaction Ended Successfully");
949 } catch (IOException e) {
950 String message = "Failed to open policy id " + policyId;
952 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
953 loggingContext.transactionEnded();
954 PolicyLogger.audit("Transaction Failed - See Error.log");
955 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
957 } catch (PAPException e) {
959 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception");
960 loggingContext.transactionEnded();
961 PolicyLogger.audit("Transaction Failed - See Error.log");
962 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
966 loggingContext.transactionEnded();
967 PolicyLogger.audit("Transaction Ended");
972 * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
974 protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
975 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
976 loggingContext.transactionStarted();
977 loggingContext.setServiceName("PAP.put");
978 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
979 UUID requestID = UUID.randomUUID();
980 loggingContext.setRequestID(requestID.toString());
981 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPut) so we generated one");
983 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)");
986 loggingContext.metricStarted();
987 im.startTransaction();
988 loggingContext.metricEnded();
989 PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction");
990 } catch (AdministrativeStateException | StandbyStatusException e) {
991 String message = "PUT interface called for PAP " + papResourceName;
992 if (e instanceof AdministrativeStateException) {
993 message += " but it has an Administrative state of "
994 + im.getStateManager().getAdminState();
995 } else if (e instanceof StandbyStatusException) {
996 message += " but it has a Standby Status of "
997 + im.getStateManager().getStandbyStatus();
1000 message += "\n Exception Message: " + e.getMessage();
1002 LOGGER.info(message, e);
1003 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1004 loggingContext.transactionEnded();
1005 PolicyLogger.audit("Transaction Failed - See Error.log");
1006 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1010 loggingContext.metricStarted();
1011 XACMLRest.dumpRequest(request);
1012 loggingContext.metricEnded();
1013 PolicyLogger.metrics("XACMLPapServlet doPut dumpRequest");
1014 //need to check if request is from the API or Admin console
1015 String apiflag = request.getParameter("apiflag");
1016 //This would occur if a PolicyDBDao notification was received
1017 String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
1018 if(policyDBDaoRequestUrl != null){
1019 String policyDBDaoRequestEntityId = request.getParameter("entityid");
1020 String policyDBDaoRequestEntityType = request.getParameter("entitytype");
1021 String policyDBDaoRequestExtraData = request.getParameter("extradata");
1022 if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){
1023 setResponseError(response,400, "entityid or entitytype not supplied");
1024 loggingContext.transactionEnded();
1025 PolicyLogger.audit("Transaction Ended Successfully");
1026 im.endTransaction();
1029 loggingContext.metricStarted();
1030 policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
1031 loggingContext.metricEnded();
1032 PolicyLogger.metrics("XACMLPapServlet doPut handle incoming http notification");
1033 response.setStatus(200);
1034 loggingContext.transactionEnded();
1035 PolicyLogger.audit("Transaction Ended Successfully");
1036 im.endTransaction();
1040 * Request for ImportService
1042 String importService = request.getParameter("importService");
1043 if (importService != null) {
1044 if(authorizeRequest(request)){
1045 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1047 loggingContext.metricStarted();
1048 apiRequestHandler.doPut(request, response, importService);
1049 loggingContext.metricEnded();
1050 PolicyLogger.metrics("XACMLPapServlet doPut apiRequestHandler doPut");
1051 }catch(IOException e){
1054 im.endTransaction();
1057 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1058 LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
1059 loggingContext.transactionEnded();
1060 PolicyLogger.audit("Transaction Failed - See Error.log");
1061 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1065 //This would occur if we received a notification of a policy rename from AC
1066 String oldPolicyName = request.getParameter("oldPolicyName");
1067 String newPolicyName = request.getParameter("newPolicyName");
1068 if(oldPolicyName != null && newPolicyName != null){
1069 if(LOGGER.isDebugEnabled()){
1070 LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding"
1071 + "\npolicyToCreateUpdate = " + " ");
1075 oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8");
1076 newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8");
1077 if(LOGGER.isDebugEnabled()){
1078 LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding"
1079 + "\npolicyToCreateUpdate = " + " ");
1081 } catch(UnsupportedEncodingException e){
1082 PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
1083 + "\npolicyToCreateUpdate = " + " ");
1084 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToCreateUpdate encoding not supported"
1085 + "\nfailure with the following exception: " + e);
1086 loggingContext.transactionEnded();
1087 PolicyLogger.audit("Transaction Failed - See error.log");
1088 im.endTransaction();
1091 //send it to PolicyDBDao
1092 PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction();
1094 renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
1095 }catch(Exception e){
1096 renameTransaction.rollbackTransaction();
1097 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
1098 + "\nfailure with the following exception: " + e);
1099 loggingContext.transactionEnded();
1100 PolicyLogger.audit("Transaction Failed - See error.log");
1101 im.endTransaction();
1104 loggingContext.metricStarted();
1105 renameTransaction.commitTransaction();
1106 loggingContext.metricEnded();
1107 PolicyLogger.metrics("XACMLPapServlet goPut commitTransaction");
1108 response.setStatus(HttpServletResponse.SC_OK);
1109 loggingContext.transactionEnded();
1110 PolicyLogger.audit("Transaction Ended Successfully");
1111 im.endTransaction();
1115 // See if this is Admin Console registering itself with us
1117 String acURLString = request.getParameter("adminConsoleURL");
1118 if (acURLString != null) {
1119 loggingContext.setServiceName("AC:PAP.register");
1120 // remember this Admin Console for future updates
1121 if ( ! adminConsoleURLStringList.contains(acURLString)) {
1122 adminConsoleURLStringList.add(acURLString);
1124 if (LOGGER.isDebugEnabled()) {
1125 LOGGER.debug("Admin Console registering with URL: " + acURLString);
1127 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1128 loggingContext.transactionEnded();
1129 auditLogger.info("Success");
1130 PolicyLogger.audit("Transaction Ended Successfully");
1131 im.endTransaction();
1135 * This is to update the PDP Group with the policy/policies being pushed
1136 * Part of a 2 step process to push policies to the PDP that can now be done
1137 * From both the Admin Console and the PolicyEngine API
1139 String groupId = request.getParameter("groupId");
1140 if (groupId != null) {
1142 if(!authorizeRequest(request)){
1143 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1144 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1145 loggingContext.transactionEnded();
1146 PolicyLogger.audit("Transaction Failed - See Error.log");
1147 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1150 if(apiflag.equalsIgnoreCase("addPolicyToGroup")){
1152 updateGroupsFromAPI(request, response, groupId, loggingContext);
1153 }catch(IOException e){
1156 loggingContext.transactionEnded();
1157 PolicyLogger.audit("Transaction Ended Successfully");
1158 im.endTransaction();
1162 // this is from the Admin Console, so handle separately
1164 loggingContext.metricEnded();
1165 doACPut(request, response, groupId, loggingContext);
1166 loggingContext.metricEnded();
1167 PolicyLogger.metrics("XACMLPapServlet goPut doACPut");
1168 } catch (IOException e) {
1171 loggingContext.transactionEnded();
1172 PolicyLogger.audit("Transaction Ended Successfully");
1173 im.endTransaction();
1177 // Request is for policy validation and creation
1179 if (apiflag != null && apiflag.equalsIgnoreCase("admin")){
1180 // this request is from the Admin Console
1181 SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance();
1183 loggingContext.metricStarted();
1184 savePolicyHandler.doPolicyAPIPut(request, response);
1185 loggingContext.metricEnded();
1186 PolicyLogger.metrics("XACMLPapServlet goPut savePolicyHandler");
1187 } catch (IOException e) {
1190 loggingContext.transactionEnded();
1191 PolicyLogger.audit("Transaction Ended Successfully");
1192 im.endTransaction();
1194 } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) {
1195 // this request is from the Policy Creation API
1196 if(authorizeRequest(request)){
1197 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1199 loggingContext.metricStarted();
1200 apiRequestHandler.doPut(request, response, request.getHeader("ClientScope"));
1201 loggingContext.metricEnded();
1202 PolicyLogger.metrics("XACMLPapServlet goPut apiRequestHandler doPut");
1203 } catch (IOException e) {
1206 loggingContext.transactionEnded();
1207 PolicyLogger.audit("Transaction Ended Successfully");
1208 im.endTransaction();
1211 String message = "PEP not Authorized for making this Request!!";
1212 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1213 loggingContext.transactionEnded();
1214 PolicyLogger.audit("Transaction Failed - See Error.log");
1215 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1216 im.endTransaction();
1220 // We do not expect anything from anywhere else.
1221 // This method is here in case we ever need to support other operations.
1222 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag");
1223 loggingContext.transactionEnded();
1224 PolicyLogger.audit("Transaction Failed - See Error.log");
1225 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
1226 loggingContext.transactionEnded();
1227 PolicyLogger.audit("Transaction Failed - See error.log");
1228 im.endTransaction();
1232 * @see HttpServlet#doDelete(HttpServletRequest request, HttpServletResponse response)
1234 protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
1235 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
1236 loggingContext.transactionStarted();
1237 loggingContext.setServiceName("PAP.delete");
1238 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
1239 UUID requestID = UUID.randomUUID();
1240 loggingContext.setRequestID(requestID.toString());
1241 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doDelete) so we generated one");
1243 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)");
1246 loggingContext.metricStarted();
1247 im.startTransaction();
1248 loggingContext.metricEnded();
1249 PolicyLogger.metrics("XACMLPapServlet doDelete im startTransaction");
1250 } catch (AdministrativeStateException ae){
1251 String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative"
1252 + " state of " + im.getStateManager().getAdminState()
1253 + "\n Exception Message: " + ae.getMessage();
1254 LOGGER.info(message, ae);
1255 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1256 loggingContext.transactionEnded();
1257 PolicyLogger.audit("Transaction Failed - See Error.log");
1258 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1260 }catch (StandbyStatusException se) {
1261 String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
1262 + " of " + im.getStateManager().getStandbyStatus()
1263 + "\n Exception Message: " + se.getMessage();
1264 LOGGER.info(message, se);
1265 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1266 loggingContext.transactionEnded();
1267 PolicyLogger.audit("Transaction Failed - See Error.log");
1268 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1271 loggingContext.metricStarted();
1272 XACMLRest.dumpRequest(request);
1273 loggingContext.metricEnded();
1274 PolicyLogger.metrics("XACMLPapServlet doDelete dumpRequest");
1275 String groupId = request.getParameter("groupId");
1276 String apiflag = request.getParameter("apiflag");
1277 if (groupId != null) {
1278 // Is this from the Admin Console or API?
1280 if(!authorizeRequest(request)){
1281 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1282 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1283 loggingContext.transactionEnded();
1284 PolicyLogger.audit("Transaction Failed - See Error.log");
1285 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1288 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1290 loggingContext.metricStarted();
1291 apiRequestHandler.doDelete(request, response, loggingContext, apiflag);
1292 loggingContext.metricEnded();
1293 PolicyLogger.metrics("XACMLPapServlet doDelete apiRequestHandler doDelete");
1294 } catch (Exception e) {
1295 LOGGER.error("Exception Occured"+e);
1297 if(apiRequestHandler.getNewGroup()!=null){
1298 groupChanged(apiRequestHandler.getNewGroup(), loggingContext);
1302 // this is from the Admin Console, so handle separately
1304 loggingContext.metricStarted();
1305 doACDelete(request, response, groupId, loggingContext);
1306 loggingContext.metricEnded();
1307 PolicyLogger.metrics("XACMLPapServlet doDelete doACDelete");
1308 } catch (IOException e) {
1311 loggingContext.transactionEnded();
1312 PolicyLogger.audit("Transaction Ended Successfully");
1313 im.endTransaction();
1316 //Catch anything that fell through
1317 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId");
1318 loggingContext.transactionEnded();
1319 PolicyLogger.audit("Transaction Failed - See Error.log");
1320 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
1321 im.endTransaction();
1324 private boolean isPDPCurrent(Properties policies, Properties pipconfig, Properties pdpProperties) {
1325 String localRootPolicies = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1326 String localReferencedPolicies = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1327 if (localRootPolicies == null || localReferencedPolicies == null) {
1328 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing property on PAP server: RootPolicies="+localRootPolicies+" ReferencedPolicies="+localReferencedPolicies);
1331 // Compare the policies and pipconfig properties to the pdpProperties
1333 // the policy properties includes only xacml.rootPolicies and
1334 // xacml.referencedPolicies without any .url entries
1335 Properties pdpPolicies = XACMLProperties.getPolicyProperties(pdpProperties, false);
1336 Properties pdpPipConfig = XACMLProperties.getPipProperties(pdpProperties);
1337 if (localRootPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_ROOTPOLICIES)) &&
1338 localReferencedPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)) &&
1339 pdpPipConfig.equals(pipconfig)) {
1340 // The PDP is current
1343 } catch (Exception e) {
1344 // we get here if the PDP did not include either xacml.rootPolicies or xacml.pip.engines,
1345 // or if there are policies that do not have a corresponding ".url" property.
1346 // Either of these cases means that the PDP is not up-to-date, so just drop-through to return false.
1347 PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPapServlet", " PDP Error");
1352 private void populatePolicyURL(StringBuffer urlPath, Properties policies) {
1353 String lists[] = new String[2];
1354 lists[0] = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1355 lists[1] = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1356 for (String list : lists) {
1357 if (list != null && list.isEmpty() == false) {
1358 for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(list)) {
1359 String url = urlPath + "?id=" + id;
1360 LOGGER.info("Policy URL for " + id + ": " + url);
1361 policies.setProperty(id + ".url", url);
1367 protected String getPDPID(HttpServletRequest request) {
1368 String pdpURL = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_ID);
1369 if (pdpURL == null || pdpURL.isEmpty()) {
1370 // Should send back its port for identification
1371 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header");
1377 protected String getPDPJMX(HttpServletRequest request) {
1378 String pdpJMMX = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_JMX_PORT);
1379 if (pdpJMMX == null || pdpJMMX.isEmpty()) {
1380 // Should send back its port for identification
1381 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header for JMX Port so the value of 0 is assigned");
1388 * Requests from the PolicyEngine API to update the PDP Group with pushed policy
1393 * @param loggingContext
1394 * @throws ServletException
1395 * @throws IOException
1397 public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1398 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1399 PolicyLogger.audit("PolicyDBDaoTransaction started for updateGroupsFromAPI");
1401 // for PUT operations the group may or may not need to exist before the operation can be done
1402 StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId);
1404 // get the request input stream content into a String
1406 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1407 scanner.useDelimiter("\\A");
1408 json = scanner.hasNext() ? scanner.next() : "";
1411 PolicyLogger.info("pushPolicy request from API: " + json);
1413 // convert Object sent as JSON into local object
1414 StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class);
1416 //Get the current policies from the Group and Add the new one
1417 Set<PDPPolicy> currentPoliciesInGroup = new HashSet<>();
1418 currentPoliciesInGroup = group.getPolicies();
1419 //If the selected policy is in the group we must remove the old version of it
1420 LOGGER.info("Removing old version of the policy");
1421 for(PDPPolicy existingPolicy : currentPoliciesInGroup) {
1422 if (existingPolicy.getName().equals(policy.getName()) && !existingPolicy.getId().equals(policy.getId())){
1423 group.removePolicy(existingPolicy);
1424 LOGGER.info("Removing policy: " + existingPolicy);
1429 // Assume that this is an update of an existing PDP Group
1430 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1432 acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut");
1433 } catch(Exception e){
1434 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: "
1435 +"group="+group.getId());
1436 throw new PAPException(e.getMessage());
1439 LOGGER.info("Calling updatGroup() with new group");
1440 papEngine.updateGroup(group);
1442 String policyId = "empty";
1444 policyId = policy.getId();
1446 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1447 response.addHeader("operation", "push");
1448 response.addHeader("policyId", policyId);
1449 response.addHeader("groupId", groupId);
1451 LOGGER.info("Group '" + group.getId() + "' updated");
1453 loggingContext.metricStarted();
1454 acPutTransaction.commitTransaction();
1455 loggingContext.metricEnded();
1456 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction");
1457 loggingContext.metricStarted();
1459 loggingContext.metricEnded();
1460 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC");
1462 // Group changed, which might include changing the policies
1463 groupChanged(group, loggingContext);
1464 loggingContext.transactionEnded();
1465 LOGGER.info("Success");
1467 if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1468 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1469 if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
1470 LOGGER.debug("Precheck Successful.");
1474 PolicyLogger.audit("Transaction Ended Successfully");
1476 } catch (PAPException e) {
1477 acPutTransaction.rollbackTransaction();
1478 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1479 loggingContext.transactionEnded();
1480 PolicyLogger.audit("Transaction Failed - See Error.log");
1481 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
1482 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1483 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1484 response.addHeader("error","addGroupError");
1485 response.addHeader("message", message);
1491 * Requests from the Admin Console for operations not on single specific objects
1496 * @param loggingContext
1497 * @throws ServletException
1498 * @throws IOException
1500 private void doACPost(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1501 PolicyDBDaoTransaction doACPostTransaction = null;
1503 String groupName = request.getParameter("groupName");
1504 String groupDescription = request.getParameter("groupDescription");
1505 String apiflag = request.getParameter("apiflag");
1506 if (groupName != null && groupDescription != null) {
1507 // Args: group=<groupId> groupName=<name> groupDescription=<description> <= create a new group
1508 loggingContext.setServiceName("AC:PAP.createGroup");
1509 String unescapedName = null;
1510 String unescapedDescription = null;
1512 unescapedName = URLDecoder.decode(groupName, "UTF-8");
1513 unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8");
1514 } catch (UnsupportedEncodingException e) {
1517 PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction();
1519 newGroupTransaction.createGroup(PolicyDBDao.createNewPDPGroupId(unescapedName), unescapedName, unescapedDescription,"XACMLPapServlet.doACPost");
1520 papEngine.newGroup(unescapedName, unescapedDescription);
1521 loggingContext.metricStarted();
1522 newGroupTransaction.commitTransaction();
1523 loggingContext.metricEnded();
1524 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1525 } catch (Exception e) {
1526 newGroupTransaction.rollbackTransaction();
1527 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group");
1528 loggingContext.transactionEnded();
1529 PolicyLogger.audit("Transaction Failed - See Error.log");
1530 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to create new group '" + groupId + "'");
1533 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1534 if (LOGGER.isDebugEnabled()) {
1535 LOGGER.debug("New Group '" + groupId + "' created");
1537 // tell the Admin Consoles there is a change
1538 loggingContext.metricStarted();
1540 loggingContext.metricEnded();
1541 PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
1542 // new group by definition has no PDPs, so no need to notify them of changes
1543 loggingContext.transactionEnded();
1544 PolicyLogger.audit("Transaction Failed - See Error.log");
1545 auditLogger.info("Success");
1546 PolicyLogger.audit("Transaction Ended Successfully");
1549 // for all remaining POST operations the group must exist before the operation can be done
1550 OnapPDPGroup group = null;
1552 group = papEngine.getGroup(groupId);
1553 } catch (PAPException e){
1556 if (group == null) {
1557 String message = "Unknown groupId '" + groupId + "'";
1558 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1559 loggingContext.transactionEnded();
1560 PolicyLogger.audit("Transaction Failed - See Error.log");
1562 response.addHeader("error", "unknownGroupId");
1563 response.addHeader("operation", "push");
1564 response.addHeader("message", message);
1565 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
1567 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1572 // If the request contains a policyId then we know we are pushing the policy to PDP
1573 if (request.getParameter("policyId") != null) {
1576 loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy");
1578 loggingContext.setServiceName("AC:PAP.postPolicy");
1581 String policyId = request.getParameter("policyId");
1582 PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction();
1583 StdPDPGroup updatedGroup = null;
1585 //Copying the policy to the file system and updating groups in database
1586 LOGGER.info("PapServlet: calling PolicyDBDao.addPolicyToGroup()");
1587 updatedGroup = addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost");
1588 loggingContext.metricStarted();
1589 addPolicyToGroupTransaction.commitTransaction();
1590 loggingContext.metricEnded();
1591 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1592 LOGGER.info("PapServlet: addPolicyToGroup() succeeded, transaction was committed");
1594 } catch (Exception e) {
1595 addPolicyToGroupTransaction.rollbackTransaction();
1596 String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
1597 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
1598 loggingContext.transactionEnded();
1599 PolicyLogger.audit("Transaction Failed - See Error.log");
1601 response.addHeader("error", "policyCopyError");
1602 response.addHeader("message", message);
1603 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1605 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1610 // Get new transaction to perform updateGroup()
1611 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1614 * If request comes from the API we need to run the PolicyDBDao updateGroup() to notify other paps of the change.
1615 * The GUI does this from the POLICY-SDK-APP code.
1617 if(apiflag != null){
1619 // read the inputStream into a buffer
1620 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1621 scanner.useDelimiter("\\A");
1622 String json = scanner.hasNext() ? scanner.next() : "";
1624 LOGGER.info("PushPolicy API request: " + json);
1626 // convert Object sent as JSON into local object
1627 ObjectMapper mapper = new ObjectMapper();
1628 Object objectFromJSON = mapper.readValue(json, StdPDPPolicy.class);
1629 StdPDPPolicy policy = (StdPDPPolicy) objectFromJSON;
1631 // Assume that this is an update of an existing PDP Group
1632 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1634 acPutTransaction.updateGroup(updatedGroup, "XACMLPapServlet.doACPut");
1635 } catch(Exception e){
1636 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error occurred when notifying PAPs of a group change: "
1638 throw new PAPException(e.getMessage());
1641 LOGGER.info("Calling updatGroup() with new group");
1642 papEngine.updateGroup(updatedGroup);
1644 LOGGER.info("Group '" + updatedGroup.getId() + "' updated");
1646 // Commit transaction to send notification to other PAPs
1647 loggingContext.metricStarted();
1648 acPutTransaction.commitTransaction();
1649 loggingContext.metricEnded();
1650 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction");
1651 loggingContext.metricStarted();
1654 loggingContext.metricEnded();
1655 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC");
1657 // Group changed to send notification to PDPs, which might include changing the policies
1658 groupChanged(updatedGroup,loggingContext);
1659 loggingContext.transactionEnded();
1660 LOGGER.info("Success");
1662 if (policy != null && ((policy.getName().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1663 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1664 if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
1665 LOGGER.debug("Precheck Successful.");
1669 //delete temporary policy file from the bin directory
1670 if(policy != null) {
1671 Files.deleteIfExists(Paths.get(policy.getId()));
1675 } catch (Exception e) {
1676 acPutTransaction.rollbackTransaction();
1677 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1678 loggingContext.transactionEnded();
1679 PolicyLogger.audit("Transaction Failed - See Error.log");
1680 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception occurred when updating the group from API.";
1681 LOGGER.error(message);
1682 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1683 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1684 response.addHeader("error","addGroupError");
1685 response.addHeader("message", message);
1691 // policy file copied ok and the Group was updated on the PDP
1692 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1693 response.addHeader("operation", "push");
1694 response.addHeader("policyId", policyId);
1695 response.addHeader("groupId", groupId);
1697 LOGGER.info("policy '" + policyId + "' copied to directory for group '" + groupId + "'");
1698 loggingContext.transactionEnded();
1699 auditLogger.info("Success");
1700 LOGGER.info("Transaction Ended Successfully");
1703 } else if (request.getParameter("default") != null) {
1704 // Args: group=<groupId> default=true <= make default
1705 // change the current default group to be the one identified in the request.
1706 loggingContext.setServiceName("AC:PAP.setDefaultGroup");
1707 // This is a POST operation rather than a PUT "update group" because of the side-effect that the current default group is also changed.
1708 // It should never be the case that multiple groups are currently marked as the default, but protect against that anyway.
1709 PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction();
1711 setDefaultGroupTransaction.changeDefaultGroup(group, "XACMLPapServlet.doACPost");
1712 papEngine.setDefaultGroup(group);
1713 loggingContext.metricStarted();
1714 setDefaultGroupTransaction.commitTransaction();
1715 loggingContext.metricEnded();
1716 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1717 } catch (Exception e) {
1718 setDefaultGroupTransaction.rollbackTransaction();
1719 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group");
1720 loggingContext.transactionEnded();
1721 PolicyLogger.audit("Transaction Failed - See Error.log");
1722 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to set group '" + groupId + "' to default");
1725 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1726 if (LOGGER.isDebugEnabled()) {
1727 LOGGER.debug("Group '" + groupId + "' set to be default");
1729 // Notify the Admin Consoles that something changed
1730 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1731 //TODO - Future: FIGURE OUT WHAT LEVEL TO NOTIFY: 2 groups or entire set - currently notify AC to update whole configuration of all groups
1732 loggingContext.metricStarted();
1734 // This does not affect any PDPs in the existing groups, so no need to notify them of this change
1735 loggingContext.metricEnded();
1736 PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
1737 loggingContext.transactionEnded();
1738 auditLogger.info("Success");
1739 LOGGER.info("Transaction Ended Successfully");
1741 } else if (request.getParameter("pdpId") != null) {
1742 doACPostTransaction = policyDBDao.getNewTransaction();
1743 // Args: group=<groupId> pdpId=<pdpId> <= move PDP to group
1744 loggingContext.setServiceName("AC:PAP.movePDP");
1745 String pdpId = request.getParameter("pdpId");
1746 OnapPDP pdp = papEngine.getPDP(pdpId);
1747 OnapPDPGroup originalGroup = papEngine.getPDPGroup((OnapPDP) pdp);
1749 doACPostTransaction.movePdp(pdp, group, "XACMLPapServlet.doACPost");
1750 }catch(Exception e){
1751 doACPostTransaction.rollbackTransaction();
1752 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet",
1753 " Error while moving pdp in the database: "
1754 +"pdp="+pdp.getId()+",to group="+group.getId());
1755 throw new PAPException(e.getMessage());
1757 papEngine.movePDP((OnapPDP) pdp, group);
1758 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1759 if (LOGGER.isDebugEnabled()) {
1760 LOGGER.debug("PDP '" + pdp.getId() +"' moved to group '" + group.getId() + "' set to be default");
1762 // update the status of both the original group and the new one
1763 ((StdPDPGroup)originalGroup).resetStatus();
1764 ((StdPDPGroup)group).resetStatus();
1765 // Notify the Admin Consoles that something changed
1766 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1767 loggingContext.metricStarted();
1769 loggingContext.metricEnded();
1770 PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
1771 // Need to notify the PDP that it's config may have changed
1772 pdpChanged(pdp, loggingContext);
1773 loggingContext.metricStarted();
1774 doACPostTransaction.commitTransaction();
1775 loggingContext.metricEnded();
1776 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1777 loggingContext.transactionEnded();
1778 auditLogger.info("Success");
1779 PolicyLogger.audit("Transaction Ended Successfully");
1782 } catch (PAPException e) {
1783 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception");
1784 loggingContext.transactionEnded();
1785 PolicyLogger.audit("Transaction Failed - See Error.log");
1786 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1792 * Requests from the Admin Console to GET info about the Groups and PDPs
1797 * @param loggingContext
1798 * @throws ServletException
1799 * @throws IOException
1801 private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1803 String parameterDefault = request.getParameter("default");
1804 String pdpId = request.getParameter("pdpId");
1805 String pdpGroup = request.getParameter("getPDPGroup");
1806 if ("".equals(groupId)) {
1807 // request IS from AC but does not identify a group by name
1808 if (parameterDefault != null) {
1809 // Request is for the Default group (whatever its id)
1810 loggingContext.setServiceName("AC:PAP.getDefaultGroup");
1811 OnapPDPGroup group = papEngine.getDefaultGroup();
1812 // convert response object to JSON and include in the response
1813 mapperWriteValue(new ObjectMapper(), response, group);
1814 if (LOGGER.isDebugEnabled()) {
1815 LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'");
1817 response.setStatus(HttpServletResponse.SC_OK);
1818 response.setHeader("content-type", "application/json");
1820 response.getOutputStream().close();
1821 } catch (IOException e){
1824 loggingContext.transactionEnded();
1825 auditLogger.info("Success");
1826 PolicyLogger.audit("Transaction Ended Successfully");
1828 } else if (pdpId != null) {
1829 // Request is related to a PDP
1830 if (pdpGroup == null) {
1831 // Request is for the (unspecified) group containing a given PDP
1832 loggingContext.setServiceName("AC:PAP.getPDP");
1835 pdp = papEngine.getPDP(pdpId);
1836 }catch(PAPException e){
1839 // convert response object to JSON and include in the response
1840 mapperWriteValue(new ObjectMapper(), response, pdp);
1841 if (LOGGER.isDebugEnabled()) {
1842 LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'");
1844 response.setStatus(HttpServletResponse.SC_OK);
1845 response.setHeader("content-type", "application/json");
1847 response.getOutputStream().close();
1848 } catch (IOException e){
1851 loggingContext.transactionEnded();
1852 auditLogger.info("Success");
1853 PolicyLogger.audit("Transaction Ended Successfully");
1856 // Request is for the group containing a given PDP
1857 loggingContext.setServiceName("AC:PAP.getGroupForPDP");
1858 OnapPDPGroup group =null;
1860 OnapPDP pdp = papEngine.getPDP(pdpId);
1861 group = papEngine.getPDPGroup((OnapPDP) pdp);
1862 }catch(PAPException e){
1865 // convert response object to JSON and include in the response
1866 mapperWriteValue(new ObjectMapper(), response, group);
1867 if (LOGGER.isDebugEnabled()) {
1868 LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'");
1870 response.setStatus(HttpServletResponse.SC_OK);
1871 response.setHeader("content-type", "application/json");
1873 response.getOutputStream().close();
1874 } catch (IOException e){
1877 loggingContext.transactionEnded();
1878 auditLogger.info("Success");
1879 PolicyLogger.audit("Transaction Ended Successfully");
1883 // request is for top-level properties about all groups
1884 loggingContext.setServiceName("AC:PAP.getAllGroups");
1885 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
1886 // convert response object to JSON and include in the response
1887 mapperWriteValue(new ObjectMapper(), response, groups);
1888 if (LOGGER.isDebugEnabled()) {
1889 LOGGER.debug("GET All groups req");
1891 response.setStatus(HttpServletResponse.SC_OK);
1892 response.setHeader("content-type", "application/json");
1894 response.getOutputStream().close();
1895 } catch (IOException e){
1898 loggingContext.transactionEnded();
1899 auditLogger.info("Success");
1900 PolicyLogger.audit("Transaction Ended Successfully");
1904 // for all other GET operations the group must exist before the operation can be done
1905 OnapPDPGroup group = null;
1907 group = papEngine.getGroup(groupId);
1908 } catch(PAPException e){
1911 if (group == null) {
1912 String message = "Unknown groupId '" + groupId + "'";
1913 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1914 loggingContext.transactionEnded();
1915 PolicyLogger.audit("Transaction Failed - See Error.log");
1916 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1919 // Figure out which request this is based on the parameters
1920 String policyId = request.getParameter("policyId");
1921 if (policyId != null) {
1922 // retrieve a policy
1923 loggingContext.setServiceName("AC:PAP.getPolicy");
1924 // convert response object to JSON and include in the response
1925 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented");
1926 loggingContext.transactionEnded();
1927 PolicyLogger.audit("Transaction Failed - See Error.log");
1928 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
1930 // No other parameters, so return the identified Group
1931 loggingContext.setServiceName("AC:PAP.getGroup");
1932 // convert response object to JSON and include in the response
1933 mapperWriteValue(new ObjectMapper(), response, group);
1934 if (LOGGER.isDebugEnabled()) {
1935 LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'");
1937 response.setStatus(HttpServletResponse.SC_OK);
1938 response.setHeader("content-type", "application/json");
1940 response.getOutputStream().close();
1941 } catch (IOException e){
1944 loggingContext.transactionEnded();
1945 auditLogger.info("Success");
1946 PolicyLogger.audit("Transaction Ended Successfully");
1949 // Currently there are no other GET calls from the AC.
1950 // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP.
1951 // Other GETs that could be called:
1952 // Specific Group (groupId=<groupId>)
1953 // A Policy (groupId=<groupId> policyId=<policyId>)
1954 // A PDP (groupId=<groupId> pdpId=<pdpId>)
1955 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED ");
1956 loggingContext.transactionEnded();
1957 PolicyLogger.audit("Transaction Failed - See Error.log");
1958 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1959 } catch (PAPException e) {
1960 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception");
1961 loggingContext.transactionEnded();
1962 PolicyLogger.audit("Transaction Failed - See Error.log");
1963 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1969 * Requests from the Admin Console to create new items or update existing ones
1974 * @param loggingContext
1975 * @throws ServletException
1976 * @throws IOException
1978 private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1979 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1981 // for PUT operations the group may or may not need to exist before the operation can be done
1982 OnapPDPGroup group = papEngine.getGroup(groupId);
1983 // determine the operation needed based on the parameters in the request
1984 // for remaining operations the group must exist before the operation can be done
1985 if (group == null) {
1986 String message = "Unknown groupId '" + groupId + "'";
1987 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1988 loggingContext.transactionEnded();
1989 PolicyLogger.audit("Transaction Failed - See Error.log");
1990 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1993 if (request.getParameter("policy") != null) {
1994 // group=<groupId> policy=<policyId> contents=policy file <= Create new policy file in group dir, or replace it if it already exists (do not touch properties)
1995 loggingContext.setServiceName("AC:PAP.putPolicy");
1996 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PARTIALLY IMPLEMENTED!!! ACTUAL CHANGES SHOULD BE MADE BY PAP SERVLET!!! ");
1997 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1998 loggingContext.transactionEnded();
1999 PolicyLogger.audit("Transaction Failed - See Error.log");
2000 auditLogger.info("Success");
2001 PolicyLogger.audit("Transaction Ended Successfully");
2003 } else if (request.getParameter("pdpId") != null) {
2004 // ARGS: group=<groupId> pdpId=<pdpId/URL> <= create a new PDP or Update an Existing one
2005 String pdpId = request.getParameter("pdpId");
2006 if (papEngine.getPDP(pdpId) == null) {
2007 loggingContext.setServiceName("AC:PAP.createPDP");
2009 loggingContext.setServiceName("AC:PAP.updatePDP");
2011 // get the request content into a String
2013 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
2015 Scanner scanner = new Scanner(request.getInputStream());
2016 scanner.useDelimiter("\\A");
2017 json = scanner.hasNext() ? scanner.next() : "";
2019 }catch(IOException e){
2022 LOGGER.info("JSON request from AC: " + json);
2023 // convert Object sent as JSON into local object
2024 ObjectMapper mapper = new ObjectMapper();
2025 Object objectFromJSON = mapper.readValue(json, StdPDP.class);
2026 if (pdpId == null ||
2027 objectFromJSON == null ||
2028 ! (objectFromJSON instanceof StdPDP) ||
2029 ((StdPDP)objectFromJSON).getId() == null ||
2030 ! ((StdPDP)objectFromJSON).getId().equals(pdpId)) {
2031 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
2032 loggingContext.transactionEnded();
2033 PolicyLogger.audit("Transaction Failed - See Error.log");
2034 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, pdpid="+pdpId+" object="+objectFromJSON);
2036 StdPDP pdp = (StdPDP) objectFromJSON;
2038 OnapPDP oPDP = null;
2040 oPDP = papEngine.getPDP(pdpId);
2041 }catch (PAPException e){
2045 // this is a request to create a new PDP object
2047 acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(),
2048 pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut");
2049 } catch(Exception e){
2050 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: "
2051 +"pdp="+ (pdp.getId()) +",to group="+group.getId());
2052 throw new PAPException(e.getMessage());
2055 papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
2056 }catch(PAPException e){
2061 acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
2062 } catch(Exception e){
2063 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: "
2064 +"pdp="+ pdp.getId());
2065 throw new PAPException(e.getMessage());
2067 // this is a request to update the pdp
2069 papEngine.updatePDP(pdp);
2070 }catch(PAPException e){
2074 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2075 if (LOGGER.isDebugEnabled()) {
2076 LOGGER.debug("PDP '" + pdpId + "' created/updated");
2078 // adjust the group's state including the new PDP
2079 ((StdPDPGroup)group).resetStatus();
2080 // tell the Admin Consoles there is a change
2081 loggingContext.metricStarted();
2083 loggingContext.metricEnded();
2084 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2085 // this might affect the PDP, so notify it of the change
2086 pdpChanged(pdp, loggingContext);
2087 loggingContext.metricStarted();
2088 acPutTransaction.commitTransaction();
2089 loggingContext.metricEnded();
2090 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2091 loggingContext.transactionEnded();
2092 auditLogger.info("Success");
2093 PolicyLogger.audit("Transaction Ended Successfully");
2097 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "XACMLPapServlet", " Error while adding pdp to group in the database: "
2098 +"pdp=null" + ",to group="+group.getId());
2099 throw new PAPException("PDP is null");
2100 } catch(Exception e){
2101 throw new PAPException("PDP is null" + e.getMessage() +e);
2104 } else if (request.getParameter("pipId") != null) {
2105 // group=<groupId> pipId=<pipEngineId> contents=pip properties <= add a PIP to pip config, or replace it if it already exists (lenient operation)
2106 loggingContext.setServiceName("AC:PAP.putPIP");
2107 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2108 loggingContext.transactionEnded();
2109 PolicyLogger.audit("Transaction Failed - See Error.log");
2110 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2113 // Assume that this is an update of an existing PDP Group
2114 // ARGS: group=<groupId> <= Update an Existing Group
2115 loggingContext.setServiceName("AC:PAP.updateGroup");
2116 // get the request content into a String
2118 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
2120 Scanner scanner = new Scanner(request.getInputStream());
2121 scanner.useDelimiter("\\A");
2122 json = scanner.hasNext() ? scanner.next() : "";
2124 }catch(IOException e){
2127 LOGGER.info("JSON request from AC: " + json);
2128 // convert Object sent as JSON into local object
2129 ObjectMapper mapper = new ObjectMapper();
2130 Object objectFromJSON = mapper.readValue(json, StdPDPGroup.class);
2131 if (objectFromJSON == null || ! (objectFromJSON instanceof StdPDPGroup) ||
2132 ! ((StdPDPGroup)objectFromJSON).getId().equals(group.getId())) {
2133 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
2134 loggingContext.transactionEnded();
2135 PolicyLogger.audit("Transaction Failed - See Error.log");
2136 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, id="+group.getId() +" object="+objectFromJSON);
2138 // The Path on the PAP side is not carried on the RESTful interface with the AC
2139 // (because it is local to the PAP)
2140 // so we need to fill that in before submitting the group for update
2141 if(objectFromJSON != null){
2142 ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
2145 acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
2146 } catch(Exception e){
2147 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: "
2148 +"group="+group.getId());
2150 throw new PAPException(e.getMessage());
2153 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
2154 OnapPDPGroup updatedGroup = (StdPDPGroup)objectFromJSON;
2155 if (pushPolicyHandler.preSafetyCheck(updatedGroup, configHome)) {
2156 LOGGER.debug("Precheck Successful.");
2159 papEngine.updateGroup((StdPDPGroup)objectFromJSON);
2160 }catch(PAPException e){
2163 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2164 if (LOGGER.isDebugEnabled()) {
2165 LOGGER.debug("Group '" + group.getId() + "' updated");
2167 loggingContext.metricStarted();
2168 acPutTransaction.commitTransaction();
2169 loggingContext.metricEnded();
2170 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2171 // tell the Admin Consoles there is a change
2172 loggingContext.metricStarted();
2174 loggingContext.metricEnded();
2175 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2176 // Group changed, which might include changing the policies
2177 groupChanged(group, loggingContext);
2178 loggingContext.transactionEnded();
2179 auditLogger.info("Success");
2180 PolicyLogger.audit("Transaction Ended Successfully");
2183 } catch (PAPException e) {
2185 acPutTransaction.rollbackTransaction();
2186 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
2187 loggingContext.transactionEnded();
2188 PolicyLogger.audit("Transaction Failed - See Error.log");
2189 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2195 * Requests from the Admin Console to delete/remove items
2200 * @param loggingContext
2201 * @throws ServletException
2202 * @throws IOException
2204 private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
2205 //This code is to allow deletes to propagate to the database since delete is not implemented
2206 String isDeleteNotify = request.getParameter("isDeleteNotify");
2207 if(isDeleteNotify != null){
2208 String policyToDelete = request.getParameter("policyToDelete");
2210 policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8");
2211 } catch(UnsupportedEncodingException e){
2212 LOGGER.error("Unsupported URL encoding of policyToDelete (UTF-8", e);
2213 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToDelete encoding not supported");
2216 PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction();
2218 deleteTransaction.deletePolicy(policyToDelete);
2219 } catch(Exception e){
2220 deleteTransaction.rollbackTransaction();
2221 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"deleteTransaction.deleteTransaction(policyToDelete) "
2222 + "\nfailure with the following exception: " + e);
2225 loggingContext.metricStarted();
2226 deleteTransaction.commitTransaction();
2227 loggingContext.metricEnded();
2228 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2229 response.setStatus(HttpServletResponse.SC_OK);
2232 PolicyDBDaoTransaction removePdpOrGroupTransaction = policyDBDao.getNewTransaction();
2234 // for all DELETE operations the group must exist before the operation can be done
2235 loggingContext.setServiceName("AC:PAP.delete");
2236 OnapPDPGroup group = papEngine.getGroup(groupId);
2237 if (group == null) {
2238 String message = "Unknown groupId '" + groupId + "'";
2239 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
2240 loggingContext.transactionEnded();
2241 PolicyLogger.audit("Transaction Failed - See Error.log");
2242 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'");
2245 // determine the operation needed based on the parameters in the request
2246 if (request.getParameter("policy") != null) {
2247 // group=<groupId> policy=<policyId> [delete=<true|false>] <= delete policy file from group
2248 loggingContext.setServiceName("AC:PAP.deletePolicy");
2249 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2250 loggingContext.transactionEnded();
2251 PolicyLogger.audit("Transaction Failed - See Error.log");
2252 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2254 } else if (request.getParameter("pdpId") != null) {
2255 // ARGS: group=<groupId> pdpId=<pdpId> <= delete PDP
2256 String pdpId = request.getParameter("pdpId");
2257 OnapPDP pdp = papEngine.getPDP(pdpId);
2259 removePdpOrGroupTransaction.removePdpFromGroup(pdp.getId(),"XACMLPapServlet.doACDelete");
2260 } catch(Exception e){
2261 throw new PAPException(e);
2264 papEngine.removePDP((OnapPDP) pdp);
2265 }catch(PAPException e){
2268 // adjust the status of the group, which may have changed when we removed this PDP
2269 ((StdPDPGroup)group).resetStatus();
2270 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2271 loggingContext.metricStarted();
2273 loggingContext.metricEnded();
2274 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2275 // update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests)
2276 pdpChanged(pdp, loggingContext);
2277 loggingContext.metricStarted();
2278 removePdpOrGroupTransaction.commitTransaction();
2279 loggingContext.metricEnded();
2280 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2281 loggingContext.transactionEnded();
2282 auditLogger.info("Success");
2283 PolicyLogger.audit("Transaction Ended Successfully");
2285 } else if (request.getParameter("pipId") != null) {
2286 // group=<groupId> pipId=<pipEngineId> <= delete PIP config for given engine
2287 loggingContext.setServiceName("AC:PAP.deletePIPConfig");
2288 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2289 loggingContext.transactionEnded();
2290 PolicyLogger.audit("Transaction Failed - See Error.log");
2291 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2294 // ARGS: group=<groupId> movePDPsToGroupId=<movePDPsToGroupId> <= delete a group and move all its PDPs to the given group
2295 String moveToGroupId = request.getParameter("movePDPsToGroupId");
2296 OnapPDPGroup moveToGroup = null;
2297 if (moveToGroupId != null) {
2299 moveToGroup = papEngine.getGroup(moveToGroupId);
2300 }catch(PAPException e){
2304 // get list of PDPs in the group being deleted so we can notify them that they got changed
2305 Set<OnapPDP> movedPDPs = new HashSet<>();
2306 movedPDPs.addAll(group.getOnapPdps());
2307 // do the move/remove
2309 removePdpOrGroupTransaction.deleteGroup(group, moveToGroup,"XACMLPapServlet.doACDelete");
2310 } catch(Exception e){
2311 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception");
2312 throw new PAPException(e.getMessage());
2315 papEngine.removeGroup(group, moveToGroup);
2316 }catch(PAPException e){
2319 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2320 loggingContext.metricStarted();
2322 loggingContext.metricEnded();
2323 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2324 // notify any PDPs in the removed set that their config may have changed
2325 for (OnapPDP pdp : movedPDPs) {
2326 pdpChanged(pdp, loggingContext);
2328 loggingContext.metricStarted();
2329 removePdpOrGroupTransaction.commitTransaction();
2330 loggingContext.metricEnded();
2331 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2332 loggingContext.transactionEnded();
2333 auditLogger.info("Success");
2334 PolicyLogger.audit("Transaction Ended Successfully");
2337 } catch (PAPException e) {
2338 removePdpOrGroupTransaction.rollbackTransaction();
2339 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC DELETE exception");
2340 loggingContext.transactionEnded();
2341 PolicyLogger.audit("Transaction Failed - See Error.log");
2342 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2348 * Heartbeat thread - periodically check on PDPs' status
2350 * Heartbeat with all known PDPs.
2352 * Implementation note:
2354 * The PDPs are contacted Sequentially, not in Parallel.
2356 * If we did this in parallel using multiple threads we would simultaneously use
2360 * This could become a resource problem since we already use multiple threads and connections for updating the PDPs
2361 * when user changes occur.
2362 * Using separate threads can also make it tricky dealing with timeouts on PDPs that are non-responsive.
2364 * The Sequential operation does a heartbeat request to each PDP one at a time.
2365 * This has the flaw that any PDPs that do not respond will hold up the entire heartbeat sequence until they timeout.
2366 * If there are a lot of non-responsive PDPs and the timeout is large-ish (the default is 20 seconds)
2367 * it could take a long time to cycle through all of the PDPs.
2368 * That means that this may not notice a PDP being down in a predictable time.
2370 private class Heartbeat implements Runnable {
2371 private PAPPolicyEngine papEngine;
2372 private Set<OnapPDP> pdps = new HashSet<>();
2373 private int heartbeatInterval;
2374 private int heartbeatTimeout;
2376 public volatile boolean isRunning = false;
2378 public synchronized boolean isRunning() {
2379 return this.isRunning;
2382 public synchronized void terminate() {
2383 this.isRunning = false;
2386 public Heartbeat(PAPPolicyEngine papEngine2) {
2387 papEngine = papEngine2;
2388 this.heartbeatInterval = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_INTERVAL, "10000"));
2389 this.heartbeatTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_TIMEOUT, "10000"));
2394 // Set ourselves as running
2395 synchronized(this) {
2396 this.isRunning = true;
2398 HashMap<String, URL> idToURLMap = new HashMap<>();
2400 while (this.isRunning()) {
2401 // Wait the given time
2402 Thread.sleep(heartbeatInterval);
2403 // get the list of PDPs (may have changed since last time)
2405 synchronized(papEngine) {
2407 for (OnapPDPGroup g : papEngine.getOnapPDPGroups()) {
2408 for (OnapPDP p : g.getOnapPdps()) {
2412 } catch (PAPException e) {
2413 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat unable to read PDPs from PAPEngine");
2416 // Check for shutdown
2417 if (this.isRunning() == false) {
2418 LOGGER.info("isRunning is false, getting out of loop.");
2421 // try to get the summary status from each PDP
2422 boolean changeSeen = false;
2423 for (OnapPDP pdp : pdps) {
2424 // Check for shutdown
2425 if (this.isRunning() == false) {
2426 LOGGER.info("isRunning is false, getting out of loop.");
2429 // the id of the PDP is its url (though we add a query parameter)
2430 URL pdpURL = idToURLMap.get(pdp.getId());
2431 if (pdpURL == null) {
2432 // haven't seen this PDP before
2433 String fullURLString = null;
2436 if(CheckPDP.validateID(pdp.getId())){
2437 fullURLString = pdp.getId() + "?type=hb";
2438 pdpURL = new URL(fullURLString);
2439 idToURLMap.put(pdp.getId(), pdpURL);
2441 } catch (MalformedURLException e) {
2442 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " PDP id '" + fullURLString + "' is not a valid URL");
2446 // Do a GET with type HeartBeat
2447 String newStatus = "";
2448 HttpURLConnection connection = null;
2450 // Open up the connection
2452 connection = (HttpURLConnection)pdpURL.openConnection();
2453 // Setup our method and headers
2454 connection.setRequestMethod("GET");
2455 connection.setConnectTimeout(heartbeatTimeout);
2457 String encoding = CheckPDP.getEncoding(pdp.getId());
2458 if(encoding !=null){
2459 connection.setRequestProperty("Authorization", "Basic " + encoding);
2462 connection.connect();
2463 if (connection.getResponseCode() == 204) {
2464 newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB);
2465 if (LOGGER.isDebugEnabled()) {
2466 LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'");
2469 // anything else is an unexpected result
2470 newStatus = PDPStatus.Status.UNKNOWN.toString();
2471 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId());
2474 } catch (UnknownHostException e) {
2475 newStatus = PDPStatus.Status.NO_SUCH_HOST.toString();
2476 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' NO_SUCH_HOST");
2477 } catch (SocketTimeoutException e) {
2478 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2479 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' connection timeout");
2480 } catch (ConnectException e) {
2481 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2482 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' cannot connect");
2483 } catch (Exception e) {
2484 newStatus = PDPStatus.Status.UNKNOWN.toString();
2485 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat '" + pdp.getId() + "' connect exception");
2487 // cleanup the connection
2488 if(connection != null)
2489 connection.disconnect();
2491 if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) {
2492 if (LOGGER.isDebugEnabled()) {
2493 LOGGER.debug("previous status='" + pdp.getStatus().getStatus()+"' new Status='" + newStatus + "'");
2496 setPDPSummaryStatus(pdp, newStatus);
2497 } catch (PAPException e) {
2498 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Unable to set state for PDP '" + pdp.getId());
2503 // Check for shutdown
2504 if (this.isRunning() == false) {
2505 LOGGER.info("isRunning is false, getting out of loop.");
2508 // if any of the PDPs changed state, tell the ACs to update
2513 } catch (InterruptedException e) {
2514 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat interrupted. Shutting down");
2516 Thread.currentThread().interrupt();
2522 * HELPER to change Group status when PDP status is changed
2523 * (Must NOT be called from a method that is synchronized on the papEngine or it may deadlock)
2525 private void setPDPSummaryStatus(OnapPDP pdp, PDPStatus.Status newStatus) throws PAPException {
2526 setPDPSummaryStatus(pdp, newStatus.toString());
2529 private void setPDPSummaryStatus(OnapPDP pdp, String newStatus) throws PAPException {
2530 synchronized(papEngine) {
2531 StdPDPStatus status = new StdPDPStatus();
2532 status.setStatus(PDPStatus.Status.valueOf(newStatus));
2533 ((StdPDP)pdp).setStatus(status);
2534 // now adjust the group
2535 StdPDPGroup group = (StdPDPGroup)papEngine.getPDPGroup((OnapPDP) pdp);
2536 // if the PDP was just deleted it may transiently exist but not be in a group
2537 if (group != null) {
2538 group.resetStatus();
2544 * Callback methods telling this servlet to notify PDPs of changes made by the PAP StdEngine
2545 * in the PDP group directories
2548 public void changed() {
2549 // all PDPs in all groups need to be updated/sync'd
2550 Set<OnapPDPGroup> groups;
2552 groups = papEngine.getOnapPDPGroups();
2553 } catch (PAPException e) {
2554 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2555 throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2557 for (OnapPDPGroup group : groups) {
2558 groupChanged(group);
2562 public void changed(ONAPLoggingContext loggingContext) {
2563 // all PDPs in all groups need to be updated/sync'd
2564 Set<OnapPDPGroup> groups;
2566 groups = papEngine.getOnapPDPGroups();
2567 } catch (PAPException e) {
2568 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2569 throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2571 for (OnapPDPGroup group : groups) {
2572 groupChanged(group, loggingContext);
2577 public void groupChanged(OnapPDPGroup group) {
2578 // all PDPs within one group need to be updated/sync'd
2579 for (OnapPDP pdp : group.getOnapPdps()) {
2584 public void groupChanged(OnapPDPGroup group, ONAPLoggingContext loggingContext) {
2585 // all PDPs within one group need to be updated/sync'd
2586 for (OnapPDP pdp : group.getOnapPdps()) {
2587 pdpChanged(pdp, loggingContext);
2592 public void pdpChanged(OnapPDP pdp) {
2593 // kick off a thread to do an event notification for each PDP.
2594 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2595 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2596 Thread t = new Thread(new UpdatePDPThread(pdp));
2597 if(CheckPDP.validateID(pdp.getId())){
2602 public void pdpChanged(OnapPDP pdp, ONAPLoggingContext loggingContext) {
2603 // kick off a thread to do an event notification for each PDP.
2604 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2605 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2606 Thread t = new Thread(new UpdatePDPThread(pdp, loggingContext));
2607 if(CheckPDP.validateID(pdp.getId())){
2612 private class UpdatePDPThread implements Runnable {
2613 private OnapPDP pdp;
2614 private String requestId;
2615 private ONAPLoggingContext loggingContext;
2617 public UpdatePDPThread(OnapPDP pdp) {
2621 public UpdatePDPThread(OnapPDP pdp, ONAPLoggingContext loggingContext) {
2623 if ((loggingContext != null) && (loggingContext.getRequestID() != null || loggingContext.getRequestID() == "")) {
2624 this.requestId = loggingContext.getRequestID();
2626 this.loggingContext = loggingContext;
2630 // send the current configuration to one PDP
2631 HttpURLConnection connection = null;
2632 // get a new logging context for the thread
2634 if (this.loggingContext == null) {
2635 loggingContext = new ONAPLoggingContext(baseLoggingContext);
2637 } catch (Exception e) {
2638 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2639 // Since this is a server-side error, it probably does not reflect a problem on the client,
2640 // so do not change the PDP status.
2644 loggingContext.setServiceName("PAP:PDP.putConfig");
2645 // If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP
2646 if ((requestId == null) || (requestId == "")) {
2647 UUID requestID = UUID.randomUUID();
2648 loggingContext.setRequestID(requestID.toString());
2649 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (UpdatePDPThread) so we generated one: " + loggingContext.getRequestID());
2651 loggingContext.setRequestID(requestId);
2652 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (UpdatePDPThread): " + loggingContext.getRequestID());
2654 loggingContext.transactionStarted();
2655 // the Id of the PDP is its URL
2656 if (LOGGER.isDebugEnabled()) {
2657 LOGGER.debug("creating url for id '" + pdp.getId() + "'");
2659 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2660 //TODO (need to change "cache=", implying getting some input saying which to change)
2661 URL url = new URL(pdp.getId() + "?cache=all");
2662 // Open up the connection
2663 connection = (HttpURLConnection)url.openConnection();
2664 // Setup our method and headers
2665 connection.setRequestMethod("PUT");
2667 String encoding = CheckPDP.getEncoding(pdp.getId());
2668 if(encoding !=null){
2669 connection.setRequestProperty("Authorization", "Basic " + encoding);
2671 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2672 connection.setRequestProperty("X-ECOMP-RequestID", loggingContext.getRequestID());
2673 connection.setInstanceFollowRedirects(true);
2674 connection.setDoOutput(true);
2675 try (OutputStream os = connection.getOutputStream()) {
2676 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
2677 // if the PDP was just deleted, there is no group, but we want to send an update anyway
2678 if (group == null) {
2679 // create blank properties files
2680 Properties policyProperties = new Properties();
2681 policyProperties.put(XACMLProperties.PROP_ROOTPOLICIES, "");
2682 policyProperties.put(XACMLProperties.PROP_REFERENCEDPOLICIES, "");
2683 policyProperties.store(os, "");
2684 Properties pipProps = new Properties();
2685 pipProps.setProperty(XACMLProperties.PROP_PIP_ENGINES, "");
2686 pipProps.store(os, "");
2688 // send properties from the current group
2689 group.getPolicyProperties().store(os, "");
2690 Properties policyLocations = new Properties();
2691 for (PDPPolicy policy : group.getPolicies()) {
2692 policyLocations.put(policy.getId() + ".url", XACMLPapServlet.papURL + "?id=" + policy.getId());
2694 policyLocations.store(os, "");
2695 group.getPipConfigProperties().store(os, "");
2697 } catch (Exception e) {
2698 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2699 // Since this is a server-side error, it probably does not reflect a problem on the client,
2700 // so do not change the PDP status.
2704 loggingContext.metricStarted();
2705 connection.connect();
2706 loggingContext.metricEnded();
2707 PolicyLogger.metrics("XACMLPapServlet UpdatePDPThread connection connect");
2708 if (connection.getResponseCode() == 204) {
2709 LOGGER.info("Success. We are configured correctly.");
2710 loggingContext.transactionEnded();
2711 auditLogger.info("Success. PDP is configured correctly.");
2712 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2713 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
2714 } else if (connection.getResponseCode() == 200) {
2715 LOGGER.info("Success. PDP needs to update its configuration.");
2716 loggingContext.transactionEnded();
2717 auditLogger.info("Success. PDP needs to update its configuration.");
2718 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2719 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
2721 LOGGER.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2722 loggingContext.transactionEnded();
2723 auditLogger.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2724 PolicyLogger.audit("Transaction Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2725 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2727 } catch (Exception e) {
2729 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config with PDP '" + pdp.getId() + "'");
2730 loggingContext.transactionEnded();
2731 PolicyLogger.audit("Transaction Failed: Unable to sync config with PDP '" + pdp.getId() + "': " + e);
2733 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2734 } catch (PAPException e1) {
2736 PolicyLogger.audit("Transaction Failed: Unable to set status of PDP " + pdp.getId() + " to UNKNOWN: " + e);
2737 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to set status of PDP '" + pdp.getId() + "' to UNKNOWN");
2740 // cleanup the connection
2741 if(connection != null){
2742 connection.disconnect();
2744 // tell the AC to update it's status info
2751 * RESTful Interface from PAP to ACs notifying them of changes
2753 private void notifyAC() {
2754 // kick off a thread to do one event notification for all registered ACs
2755 // This needs to be on a separate thread so that ACs can make calls back to PAP to get the updated Group data
2756 // as part of processing this message on their end.
2757 Thread t = new Thread(new NotifyACThread());
2761 private class NotifyACThread implements Runnable {
2763 List<String> disconnectedACs = new ArrayList<>();
2764 // There should be no Concurrent exception here because the list is a CopyOnWriteArrayList.
2765 // The "for each" loop uses the collection's iterator under the covers, so it should be correct.
2766 for (String acURL : adminConsoleURLStringList) {
2767 HttpURLConnection connection = null;
2769 acURL += "?PAPNotification=true";
2770 //TODO - Currently we just tell AC that "Something changed" without being specific. Do we want to tell it which group/pdp changed?
2771 //TODO - If so, put correct parameters into the Query string here
2772 acURL += "&objectType=all" + "&action=update";
2773 if (LOGGER.isDebugEnabled()) {
2774 LOGGER.debug("creating url for id '" + acURL + "'");
2776 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2777 //TODO (need to change "cache=", implying getting some input saying which to change)
2778 URL url = new URL(acURL );
2779 // Open up the connection
2780 connection = (HttpURLConnection)url.openConnection();
2781 // Setup our method and headers
2782 connection.setRequestMethod("PUT");
2783 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2784 // Adding this in. It seems the HttpUrlConnection class does NOT
2785 // properly forward our headers for POST re-direction. It does so
2786 // for a GET re-direction.
2787 // So we need to handle this ourselves.
2788 //TODO - is this needed for a PUT? seems better to leave in for now?
2789 connection.setInstanceFollowRedirects(false);
2790 // Do not include any data in the PUT because this is just a
2791 // notification to the AC.
2792 // The AC will use GETs back to the PAP to get what it needs
2793 // to fill in the screens.
2795 connection.connect();
2796 if (connection.getResponseCode() == 204) {
2797 LOGGER.info("Success. We updated correctly.");
2799 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2802 } catch (Exception e) {
2803 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config AC '" + acURL + "'");
2804 disconnectedACs.add(acURL);
2806 // cleanup the connection
2807 if(connection != null)
2808 connection.disconnect();
2811 // remove any ACs that are no longer connected
2812 if (disconnectedACs.size() > 0) {
2813 adminConsoleURLStringList.removeAll(disconnectedACs);
2818 private void testService(ONAPLoggingContext loggingContext, HttpServletResponse response) throws IOException{
2819 LOGGER.info("Test request received");
2821 im.evaluateSanity();
2822 //If we make it this far, all is well
2823 String message = "GET:/pap/test called and PAP " + papResourceName + " is OK";
2824 LOGGER.info(message);
2825 loggingContext.transactionEnded();
2826 PolicyLogger.audit("Transaction Failed - See Error.log");
2827 response.setStatus(HttpServletResponse.SC_OK);
2829 }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){
2831 if (e instanceof ForwardProgressException) {
2832 submsg = " is not making forward progress.";
2833 } else if (e instanceof AdministrativeStateException) {
2834 submsg = " Administrative State is LOCKED.";
2836 submsg = " Standby Status is NOT PROVIDING SERVICE.";
2839 String message = "GET:/pap/test called and PAP " + papResourceName + submsg
2840 + " Exception Message: " + e.getMessage();
2841 LOGGER.info(message, e);
2842 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2843 loggingContext.transactionEnded();
2844 PolicyLogger.audit("Transaction Failed - See Error.log");
2845 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2847 }catch (Exception e) {
2848 //A subsystem is not making progress, is locked, standby or is not responding
2849 String eMsg = e.getMessage();
2851 eMsg = "No Exception Message";
2853 String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure."
2854 + " Exception Message: " + eMsg;
2855 LOGGER.info(message, e);
2856 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2857 loggingContext.transactionEnded();
2858 PolicyLogger.audit("Transaction Failed - See Error.log");
2859 //Get the specific list of subsystems that failed
2860 String ssFailureList = null;
2861 for(String failedSS : papDependencyGroupsFlatArray){
2862 if(eMsg.contains(failedSS)){
2863 if(ssFailureList == null){
2864 ssFailureList = failedSS;
2866 ssFailureList = ssFailureList.concat(","+failedSS);
2870 if(ssFailureList == null){
2871 ssFailureList = "UnknownSubSystem";
2873 response.addHeader("X-ONAP-SubsystemFailure", ssFailureList);
2874 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2880 * Authorizing the PEP Requests.
2882 private boolean authorizeRequest(HttpServletRequest request) {
2883 String clientCredentials = request.getHeader(ENVIRONMENT_HEADER);
2884 // Check if the Client is Authorized.
2885 if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){
2892 private static void loadWebapps() throws PAPException{
2893 if(actionHome == null || configHome == null){
2894 Path webappsPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS));
2896 if (webappsPath == null) {
2897 PolicyLogger.error("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2898 throw new PAPException("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2900 Path webappsPathConfig = Paths.get(webappsPath.toString()+File.separator+"Config");
2901 Path webappsPathAction = Paths.get(webappsPath.toString()+File.separator+"Action");
2902 if (Files.notExists(webappsPathConfig)) {
2904 Files.createDirectories(webappsPathConfig);
2905 } catch (IOException e) {
2906 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Failed to create config directory: "
2907 + webappsPathConfig.toAbsolutePath().toString());
2910 if (Files.notExists(webappsPathAction)) {
2912 Files.createDirectories(webappsPathAction);
2913 } catch (IOException e) {
2914 LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create action directory: "
2915 + webappsPathAction.toAbsolutePath().toString(), e);
2918 actionHome = webappsPathAction.toString();
2919 configHome = webappsPathConfig.toString();
2923 public static String getConfigHome(){
2926 } catch (PAPException e) {
2933 private static void setConfigHome(){
2934 configHome = getConfigHome();
2937 public static String getActionHome(){
2940 } catch (PAPException e) {
2947 private static void setActionHome(){
2948 actionHome = getActionHome();
2951 public static EntityManagerFactory getEmf() {
2955 public IntegrityAudit getIa() {
2959 public static String getPDPFile(){
2960 return XACMLPapServlet.pdpFile;
2963 public static String getPersistenceUnit(){
2964 return PERSISTENCE_UNIT;
2967 public static PAPPolicyEngine getPAPEngine(){
2971 public static PolicyDBDaoTransaction getDbDaoTransaction(){
2972 return policyDBDao.getNewTransaction();
2974 public static String getPapDbDriver() {
2978 public static void setPapDbDriver(String papDbDriver) {
2979 XACMLPapServlet.papDbDriver = papDbDriver;
2982 public static String getPapDbUrl() {
2986 public static void setPapDbUrl(String papDbUrl) {
2987 XACMLPapServlet.papDbUrl = papDbUrl;
2990 public static String getPapDbUser() {
2994 public static void setPapDbUser(String papDbUser) {
2995 XACMLPapServlet.papDbUser = papDbUser;
2998 public static String getPapDbPassword() {
2999 return papDbPassword;
3002 public static void setPapDbPassword(String papDbPassword) {
3003 XACMLPapServlet.papDbPassword = papDbPassword;
3006 public static String getMsOnapName() {
3010 public static void setMsOnapName(String msOnapName) {
3011 XACMLPapServlet.msOnapName = msOnapName;
3014 public static String getMsPolicyName() {
3015 return msPolicyName;
3018 public static void setMsPolicyName(String msPolicyName) {
3019 XACMLPapServlet.msPolicyName = msPolicyName;