2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest;
24 import java.io.FileInputStream;
25 import java.io.IOException;
26 import java.io.InputStream;
27 import java.io.OutputStream;
28 import java.io.UnsupportedEncodingException;
29 import java.net.ConnectException;
30 import java.net.HttpURLConnection;
31 import java.net.InetAddress;
32 import java.net.MalformedURLException;
33 import java.net.SocketTimeoutException;
35 import java.net.URLDecoder;
36 import java.net.UnknownHostException;
37 import java.nio.file.Files;
38 import java.nio.file.Path;
39 import java.nio.file.Paths;
40 import java.util.ArrayList;
41 import java.util.HashMap;
42 import java.util.HashSet;
43 import java.util.Iterator;
44 import java.util.List;
45 import java.util.Properties;
47 import java.util.UUID;
48 import java.util.concurrent.CopyOnWriteArrayList;
50 import javax.persistence.EntityManagerFactory;
51 import javax.persistence.Persistence;
52 import javax.persistence.PersistenceException;
53 import javax.servlet.Servlet;
54 import javax.servlet.ServletConfig;
55 import javax.servlet.ServletException;
56 import javax.servlet.annotation.WebInitParam;
57 import javax.servlet.annotation.WebServlet;
58 import javax.servlet.http.HttpServlet;
59 import javax.servlet.http.HttpServletRequest;
60 import javax.servlet.http.HttpServletResponse;
62 import org.apache.commons.io.IOUtils;
63 import org.onap.policy.common.ia.IntegrityAudit;
64 import org.onap.policy.common.im.AdministrativeStateException;
65 import org.onap.policy.common.im.ForwardProgressException;
66 import org.onap.policy.common.im.IntegrityMonitor;
67 import org.onap.policy.common.im.IntegrityMonitorProperties;
68 import org.onap.policy.common.im.StandbyStatusException;
69 import org.onap.policy.common.logging.ONAPLoggingContext;
70 import org.onap.policy.common.logging.ONAPLoggingUtils;
71 import org.onap.policy.common.logging.eelf.MessageCodes;
72 import org.onap.policy.common.logging.eelf.PolicyLogger;
73 import org.onap.policy.common.logging.flexlogger.FlexLogger;
74 import org.onap.policy.common.logging.flexlogger.Logger;
75 import org.onap.policy.pap.xacml.rest.components.PolicyDBDao;
76 import org.onap.policy.pap.xacml.rest.components.PolicyDBDaoTransaction;
77 import org.onap.policy.pap.xacml.rest.handler.APIRequestHandler;
78 import org.onap.policy.pap.xacml.rest.handler.PushPolicyHandler;
79 import org.onap.policy.pap.xacml.rest.handler.SavePolicyHandler;
80 import org.onap.policy.pap.xacml.restAuth.CheckPDP;
81 import org.onap.policy.rest.XACMLRest;
82 import org.onap.policy.rest.XACMLRestProperties;
83 import org.onap.policy.utils.PolicyUtils;
84 import org.onap.policy.xacml.api.XACMLErrorConstants;
85 import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
86 import org.onap.policy.xacml.api.pap.OnapPDP;
87 import org.onap.policy.xacml.api.pap.OnapPDPGroup;
88 import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
89 import org.onap.policy.xacml.std.pap.StdPAPPolicy;
90 import org.onap.policy.xacml.std.pap.StdPDP;
91 import org.onap.policy.xacml.std.pap.StdPDPGroup;
92 import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener;
93 import org.onap.policy.xacml.std.pap.StdPDPPolicy;
94 import org.onap.policy.xacml.std.pap.StdPDPStatus;
96 import com.att.research.xacml.api.pap.PAPException;
97 import com.att.research.xacml.api.pap.PDPPolicy;
98 import com.att.research.xacml.api.pap.PDPStatus;
99 import com.att.research.xacml.util.FactoryException;
100 import com.att.research.xacml.util.XACMLProperties;
101 import com.fasterxml.jackson.databind.ObjectMapper;
102 import com.google.common.base.Splitter;
105 * Servlet implementation class XacmlPapServlet
108 description = "Implements the XACML PAP RESTful API.",
109 urlPatterns = { "/" },
112 @WebInitParam(name = "XACML_PROPERTIES_NAME", value = "xacml.pap.properties", description = "The location of the properties file holding configuration information.")
114 public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeListener, Runnable {
115 private static final long serialVersionUID = 1L;
116 private static final Logger LOGGER = FlexLogger.getLogger(XACMLPapServlet.class);
117 // audit (transaction) LOGGER
118 private static final Logger auditLogger = FlexLogger.getLogger("auditLogger");
119 //Persistence Unit for JPA
120 private static final String PERSISTENCE_UNIT = "XACML-PAP-REST";
121 private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
123 private static final String ENVIRONMENT_HEADER = "Environment";
125 * List of Admin Console URLs.
126 * Used to send notifications when configuration changes.
128 * The CopyOnWriteArrayList *should* protect from concurrency errors.
129 * This list is seldom changed but often read, so the costs of this approach make sense.
131 private static final CopyOnWriteArrayList<String> adminConsoleURLStringList = new CopyOnWriteArrayList<>();
133 private static String configHome;
134 private static String actionHome;
136 * This PAP instance's own URL.
137 * Need this when creating URLs to send to the PDPs so they can GET the Policy files from this process.
139 private static String papURL = null;
140 // The heartbeat thread.
141 private static Heartbeat heartbeat = null;
142 private static Thread heartbeatThread = null;
143 //The entity manager factory for JPA access
144 private static EntityManagerFactory emf;
145 private static PolicyDBDao policyDBDao;
147 * papEngine - This is our engine workhorse that manages the PDP Groups and Nodes.
149 private static PAPPolicyEngine papEngine = null;
151 * These are the parameters needed for DB access from the PAP
153 private static int papIntegrityAuditPeriodSeconds = -1;
154 private static String papDbDriver = null;
155 private static String papDbUrl = null;
156 private static String papDbUser = null;
157 private static String papDbPassword = null;
158 private static String papResourceName = null;
159 private static String[] papDependencyGroupsFlatArray = null;
160 private static String environment = null;
161 private static String pdpFile = null;
163 private transient IntegrityMonitor im;
164 private transient IntegrityAudit ia;
166 //MicroService Model Properties
167 private static String msOnapName;
168 private static String msPolicyName;
170 * This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when
171 * this servlet starts. Its configurable by the admin.
173 private transient static Thread initiateThread = null;
174 private transient ONAPLoggingContext baseLoggingContext = null;
177 * @see HttpServlet#HttpServlet()
179 public XACMLPapServlet() {
184 * @see Servlet#init(ServletConfig)
186 public void init(ServletConfig config) throws ServletException {
189 baseLoggingContext = new ONAPLoggingContext();
190 // fixed data that will be the same in all logging output goes here
192 String hostname = InetAddress.getLocalHost().getCanonicalHostName();
193 baseLoggingContext.setServer(hostname);
194 } catch (UnknownHostException e) {
195 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get hostname for logging", e);
198 XACMLRest.xacmlInit(config);
199 // Load the properties
200 XACMLRest.loadXacmlProperties(null, null);
202 * Retrieve the property values
204 setCommonProperties();
205 String papSiteName = XACMLProperties.getProperty(XACMLRestProperties.PAP_SITE_NAME);
206 if(papSiteName == null){
207 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papSiteName property entry");
208 throw new PAPException("papSiteName is null");
210 String papNodeType = XACMLProperties.getProperty(XACMLRestProperties.PAP_NODE_TYPE);
211 if(papNodeType == null){
212 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papNodeType property entry");
213 throw new PAPException("papNodeType is null");
215 //Integer will throw an exception of anything is missing or unrecognized
216 int papTransWait = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT));
217 int papTransTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT));
218 int papAuditTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_TIMEOUT));
219 //Boolean will default to false if anything is missing or unrecognized
220 boolean papAuditFlag = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG));
221 boolean papFileSystemAudit = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_FLAG));
222 String papDependencyGroups = XACMLProperties.getProperty(XACMLRestProperties.PAP_DEPENDENCY_GROUPS);
223 if(papDependencyGroups == null){
224 throw new PAPException("papDependencyGroups is null");
226 setPAPDependencyGroups(papDependencyGroups);
227 //Integer will throw an exception of anything is missing or unrecognized
228 int fpMonitorInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FP_MONITOR_INTERVAL));
229 int failedCounterThreshold = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FAILED_COUNTER_THRESHOLD));
230 int testTransInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.TEST_TRANS_INTERVAL));
231 int writeFpcInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.WRITE_FPC_INTERVAL));
232 LOGGER.debug("\n\n\n**************************************"
233 + "\n*************************************"
235 + "\n papDbDriver = " + papDbDriver
236 + "\n papDbUrl = " + papDbUrl
237 + "\n papDbUser = " + papDbUser
238 + "\n papDbPassword = " + papDbPassword
239 + "\n papTransWait = " + papTransWait
240 + "\n papTransTimeout = " + papTransTimeout
241 + "\n papAuditTimeout = " + papAuditTimeout
242 + "\n papAuditFlag = " + papAuditFlag
243 + "\n papFileSystemAudit = " + papFileSystemAudit
244 + "\n papResourceName = " + papResourceName
245 + "\n fpMonitorInterval = " + fpMonitorInterval
246 + "\n failedCounterThreshold = " + failedCounterThreshold
247 + "\n testTransInterval = " + testTransInterval
248 + "\n writeFpcInterval = " + writeFpcInterval
249 + "\n papSiteName = " + papSiteName
250 + "\n papNodeType = " + papNodeType
251 + "\n papDependencyGroupsList = " + papDependencyGroups
252 + "\n papIntegrityAuditPeriodSeconds = " + papIntegrityAuditPeriodSeconds
253 + "\n\n*************************************"
254 + "\n**************************************");
255 // Pull custom persistence settings
256 Properties properties;
258 properties = XACMLProperties.getProperties();
259 LOGGER.debug("\n\n\n**************************************"
260 + "\n**************************************"
262 + "properties = " + properties
263 + "\n\n**************************************");
264 } catch (IOException e) {
265 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " Error loading properties with: "
266 + "XACMLProperties.getProperties()");
267 throw new ServletException(e.getMessage(), e.getCause());
269 // Create an IntegrityMonitor
270 im = IntegrityMonitor.getInstance(papResourceName,properties);
271 // Create an IntegrityAudit
272 ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
273 ia.startAuditThread();
274 // Create the entity manager factory
276 // we are about to call the PDPs and give them their configuration.
277 // To do that we need to have the URL of this PAP so we can construct the Policy file URLs
278 setPAPURL(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL));
279 //Create the policyDBDao
281 // Load our PAP engine, first create a factory
282 ONAPPapEngineFactory factory = ONAPPapEngineFactory.newInstance(XACMLProperties.getProperty(XACMLProperties.PROP_PAP_PAPENGINEFACTORY));
283 // The factory knows how to go about creating a PAP Engine
284 setPAPEngine((PAPPolicyEngine) factory.newEngine());
285 PolicyDBDaoTransaction addNewGroup = null;
287 if(((org.onap.policy.xacml.std.pap.StdEngine)papEngine).wasDefaultGroupJustAdded){
288 addNewGroup = policyDBDao.getNewTransaction();
289 OnapPDPGroup group = papEngine.getDefaultGroup();
290 addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(), "automaticallyAdded");
291 addNewGroup.commitTransaction();
292 addNewGroup = policyDBDao.getNewTransaction();
293 addNewGroup.changeDefaultGroup(group, "automaticallyAdded");
294 addNewGroup.commitTransaction();
296 } catch(Exception e){
297 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " Error creating new default group in the database");
298 if(addNewGroup != null){
299 addNewGroup.rollbackTransaction();
302 policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine);
303 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){
304 //get an AuditTransaction to lock out all other transactions
305 PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction();
306 policyDBDao.auditLocalDatabase(XACMLPapServlet.papEngine);
307 //release the transaction lock
311 // Sanity check for URL.
312 if (XACMLPapServlet.papURL == null) {
313 throw new PAPException("The property " + XACMLRestProperties.PROP_PAP_URL + " is not valid: " + XACMLPapServlet.papURL);
315 // Configurable - have the PAP servlet initiate sending the latest PDP policy/pip configuration
316 // to all its known PDP nodes.
317 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_INITIATE_PDP_CONFIG))) {
318 startInitiateThreadService(new Thread(this));
320 // After startup, the PAP does Heartbeat's to each of the PDPs periodically
321 startHeartBeatService(new Heartbeat((PAPPolicyEngine) XACMLPapServlet.papEngine));
323 } catch (FactoryException | PAPException e) {
324 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine");
325 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; error: "+e);
326 } catch (Exception e) {
327 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine - unexpected error");
328 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; unexpected error: "+e);
332 private static void startInitiateThreadService(Thread thread) {
333 initiateThread = thread;
334 initiateThread.start();
337 private static void startHeartBeatService(Heartbeat heartbeat) {
338 XACMLPapServlet.heartbeat = heartbeat;
339 XACMLPapServlet.heartbeatThread = new Thread(XACMLPapServlet.heartbeat);
340 XACMLPapServlet.heartbeatThread.start();
343 private static void setPolicyDBDao() throws ServletException {
345 policyDBDao = PolicyDBDao.getPolicyDBDaoInstance(getEmf());
346 } catch (Exception e) {
347 throw new ServletException("Unable to Create Policy DBDao Instance",e);
351 private static void setEMF(Properties properties) throws ServletException {
352 emf = Persistence.createEntityManagerFactory(PERSISTENCE_UNIT, properties);
354 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager factory with persistence unit: "
356 throw new ServletException("Unable to create Entity Manager Factory");
360 private static void setPAPURL(String papURL) {
361 XACMLPapServlet.papURL = papURL;
364 private static void setPAPEngine(PAPPolicyEngine newEngine) {
365 XACMLPapServlet.papEngine = newEngine;
368 private static void setPAPDependencyGroups(String papDependencyGroups) throws PAPException {
370 //Now we have flattened the array into a simple comma-separated list
371 papDependencyGroupsFlatArray = papDependencyGroups.split("[;,]");
372 //clean up the entries
373 for (int i = 0 ; i < papDependencyGroupsFlatArray.length ; i ++){
374 papDependencyGroupsFlatArray[i] = papDependencyGroupsFlatArray[i].trim();
377 if(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS) != null){
378 papIntegrityAuditPeriodSeconds = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS).trim());
381 String msg = "integrity_audit_period_seconds ";
382 LOGGER.error("\n\nERROR: " + msg + "Bad property entry: " + e.getMessage() + "\n");
383 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: " + msg +"Bad property entry");
387 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry");
388 throw new PAPException(e);
392 private static void setCommonProperties() throws PAPException {
395 papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER);
396 if(papDbDriver == null){
397 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbDriver property entry");
398 throw new PAPException("papDbDriver is null");
400 setPapDbDriver(papDbDriver);
401 papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL);
402 if(papDbUrl == null){
403 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUrl property entry");
404 throw new PAPException("papDbUrl is null");
406 setPapDbUrl(papDbUrl);
407 papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER);
408 if(papDbUser == null){
409 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUser property entry");
410 throw new PAPException("papDbUser is null");
412 setPapDbUser(papDbUser);
413 papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD);
414 if(papDbPassword == null){
415 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
416 throw new PAPException("papDbPassword is null");
418 setPapDbPassword(papDbPassword);
419 papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME);
420 if(papResourceName == null){
421 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papResourceName property entry");
422 throw new PAPException("papResourceName is null");
424 environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
425 //Micro Service Properties
426 msOnapName=XACMLProperties.getProperty("xacml.policy.msOnapName");
427 setMsOnapName(msOnapName);
428 msPolicyName=XACMLProperties.getProperty("xacml.policy.msPolicyName");
429 setMsPolicyName(msPolicyName);
430 // PDPId File location
431 XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE);
432 if (XACMLPapServlet.pdpFile == null) {
433 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " The PDP Id Authentication File Property is not valid: "
434 + XACMLRestProperties.PROP_PDP_IDFILE);
435 throw new PAPException("The PDP Id Authentication File Property :"+ XACMLRestProperties.PROP_PDP_IDFILE+ " is not Valid. ");
440 * Thread used only during PAP startup to initiate change messages to all known PDPs.
441 * This must be on a separate thread so that any GET requests from the PDPs during this update can be serviced.
445 // send the current configuration to all the PDPs that we know about
450 * @see Servlet#destroy()
452 * Depending on how this servlet is run, we may or may not care about cleaning up the resources.
453 * For now we assume that we do care.
456 public void destroy() {
457 // Make sure our threads are destroyed
458 if (XACMLPapServlet.heartbeatThread != null) {
459 // stop the heartbeat
461 if (XACMLPapServlet.heartbeat != null) {
462 XACMLPapServlet.heartbeat.terminate();
464 XACMLPapServlet.heartbeatThread.interrupt();
465 XACMLPapServlet.heartbeatThread.join();
466 } catch (InterruptedException e) {
467 XACMLPapServlet.heartbeatThread.interrupt();
468 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping heartbeat");
471 if (initiateThread != null) {
473 initiateThread.interrupt();
474 initiateThread.join();
475 } catch (InterruptedException e) {
476 initiateThread.interrupt();
477 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping thread");
484 * - PDP nodes to register themselves with the PAP, and
485 * - Admin Console to make changes in the PDP Groups.
487 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
489 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
490 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
491 loggingContext.transactionStarted();
492 loggingContext.setServiceName("PAP.post");
493 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
494 UUID requestID = UUID.randomUUID();
495 loggingContext.setRequestID(requestID.toString());
496 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPost) so we generated one");
498 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)");
500 PolicyDBDaoTransaction pdpTransaction = null;
502 im.startTransaction();
503 } catch (AdministrativeStateException ae){
504 String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
505 + " state of " + im.getStateManager().getAdminState()
506 + "\n Exception Message: " + ae.getMessage();
507 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae);
508 loggingContext.transactionEnded();
509 PolicyLogger.audit("Transaction Failed - See Error.log");
510 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
512 }catch (StandbyStatusException se) {
513 String message = "POST interface called for PAP " + papResourceName + " but it has a Standby Status"
514 + " of " + im.getStateManager().getStandbyStatus()
515 + "\n Exception Message: " + se.getMessage();
516 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, se);
517 loggingContext.transactionEnded();
518 PolicyLogger.audit("Transaction Failed - See Error.log");
519 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
523 XACMLRest.dumpRequest(request);
524 // since getParameter reads the content string, explicitly get the content before doing that.
525 // Simply getting the inputStream seems to protect it against being consumed by getParameter.
526 request.getInputStream();
527 String groupId = request.getParameter("groupId");
528 String apiflag = request.getParameter("apiflag");
529 if(groupId != null) {
530 // Is this from the Admin Console or API?
531 if(apiflag!=null && apiflag.equalsIgnoreCase("api")) {
532 // this is from the API so we need to check the client credentials before processing the request
533 if(!authorizeRequest(request)){
534 String message = "PEP not Authorized for making this Request!!";
535 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
536 loggingContext.transactionEnded();
537 PolicyLogger.audit("Transaction Failed - See Error.log");
538 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
543 doACPost(request, response, groupId, loggingContext);
544 loggingContext.transactionEnded();
545 PolicyLogger.audit("Transaction Ended Successfully");
549 // Request is from a PDP asking for its config.
550 loggingContext.setServiceName("PDP:PAP.register");
552 String id = this.getPDPID(request);
553 String jmxport = this.getPDPJMX(request);
554 LOGGER.info("Request(doPost) from PDP coming up: " + id);
555 // Get the PDP Object
556 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
559 LOGGER.info("Unknown PDP: " + id);
561 if(CheckPDP.validateID(id)){
562 pdpTransaction = policyDBDao.getNewTransaction();
564 pdpTransaction.addPdpToGroup(id, XACMLPapServlet.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister");
565 XACMLPapServlet.papEngine.newPDP(id, XACMLPapServlet.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport));
566 } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException e) {
567 pdpTransaction.rollbackTransaction();
568 String message = "Failed to create new PDP for id: " + id;
569 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message);
570 loggingContext.transactionEnded();
571 PolicyLogger.audit("Transaction Failed - See Error.log");
572 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
576 // get the PDP we just created
577 pdp = XACMLPapServlet.papEngine.getPDP(id);
579 if(pdpTransaction != null){
580 pdpTransaction.rollbackTransaction();
582 String message = "Failed to create new PDP for id: " + id;
583 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
584 loggingContext.transactionEnded();
585 PolicyLogger.audit("Transaction Failed - See Error.log");
586 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
591 String message = "PDP is Unauthorized to Connect to PAP: "+ id;
592 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
593 loggingContext.transactionEnded();
594 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration.");
595 PolicyLogger.audit("Transaction Failed - See Error.log");
600 pdpTransaction.commitTransaction();
601 } catch(Exception e){
602 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database");
605 if (jmxport != null && jmxport != ""){
606 ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport));
608 // Get the PDP's Group
609 OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
611 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " PDP not associated with any group, even the default");
612 loggingContext.transactionEnded();
613 PolicyLogger.audit("Transaction Failed - See Error.log");
614 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "PDP not associated with any group, even the default");
618 // Determine what group the PDP node is in and get
619 // its policy/pip properties.
620 Properties policies = group.getPolicyProperties();
621 Properties pipconfig = group.getPipConfigProperties();
622 // Get the current policy/pip configuration that the PDP has
623 Properties pdpProperties = new Properties();
624 pdpProperties.load(request.getInputStream());
625 LOGGER.info("PDP Current Properties: " + pdpProperties.toString());
626 LOGGER.info("Policies: " + (policies != null ? policies.toString() : "null"));
627 LOGGER.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null"));
628 // Validate the node's properties
629 boolean isCurrent = this.isPDPCurrent(policies, pipconfig, pdpProperties);
630 // Send back current configuration
631 if (isCurrent == false) {
632 // Tell the PDP we are sending back the current policies/pip config
633 LOGGER.info("PDP configuration NOT current.");
634 if (policies != null) {
635 // Put URL's into the properties in case the PDP needs to
637 this.populatePolicyURL(request.getRequestURL(), policies);
638 // Copy the properties to the output stream
639 policies.store(response.getOutputStream(), "");
641 if (pipconfig != null) {
642 // Copy the properties to the output stream
643 pipconfig.store(response.getOutputStream(), "");
645 // We are good - and we are sending them information
646 response.setStatus(HttpServletResponse.SC_OK);
647 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
649 // Tell them they are good
650 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
651 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
653 // tell the AC that something changed
655 loggingContext.transactionEnded();
656 auditLogger.info("Success");
657 PolicyLogger.audit("Transaction Ended Successfully");
658 } catch (PAPException e) {
659 if(pdpTransaction != null){
660 pdpTransaction.rollbackTransaction();
662 LOGGER.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e);
663 loggingContext.transactionEnded();
664 PolicyLogger.audit("Transaction Failed - See Error.log");
665 response.sendError(500, e.getMessage());
669 //Catch anything that fell through
670 loggingContext.transactionEnded();
671 PolicyLogger.audit("Transaction Ended");
675 private void setResponseError(HttpServletResponse response,int responseCode, String message) {
677 response.sendError(responseCode, message);
678 } catch (IOException e) {
679 LOGGER.error("Error setting Error response Header ", e);
685 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
687 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
688 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
689 loggingContext.transactionStarted();
690 loggingContext.setServiceName("PAP.get");
691 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
692 UUID requestID = UUID.randomUUID();
693 loggingContext.setRequestID(requestID.toString());
694 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doGet) so we generated one");
696 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)");
699 XACMLRest.dumpRequest(request);
700 String pathInfo = request.getRequestURI();
701 LOGGER.info("path info: " + pathInfo);
702 if (pathInfo != null){
703 //DO NOT do a im.startTransaction for the test request
704 if (pathInfo.equals("/pap/test")) {
705 testService(loggingContext, response);
709 //This im.startTransaction() covers all other Get transactions
711 im.startTransaction();
712 } catch (AdministrativeStateException ae){
713 String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative"
714 + " state of " + im.getStateManager().getAdminState()
715 + "\n Exception Message: " + ae.getMessage();
716 LOGGER.info(message);
717 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
718 loggingContext.transactionEnded();
719 PolicyLogger.audit("Transaction Failed - See Error.log");
720 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
722 }catch (StandbyStatusException se) {
723 String message = "GET interface called for PAP " + papResourceName + " but it has a Standby Status"
724 + " of " + im.getStateManager().getStandbyStatus()
725 + "\n Exception Message: " + se.getMessage();
726 LOGGER.info(message);
727 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
728 loggingContext.transactionEnded();
729 PolicyLogger.audit("Transaction Failed - See Error.log");
730 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
733 // Request from the API to get the gitPath
734 String apiflag = request.getParameter("apiflag");
736 if(authorizeRequest(request)){
737 APIRequestHandler apiRequestHandler = new APIRequestHandler();
738 apiRequestHandler.doGet(request,response, apiflag);
739 loggingContext.transactionEnded();
740 PolicyLogger.audit("Transaction Ended Successfully");
744 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
745 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
746 loggingContext.transactionEnded();
747 PolicyLogger.audit("Transaction Failed - See Error.log");
748 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
753 // Is this from the Admin Console?
754 String groupId = request.getParameter("groupId");
755 if (groupId != null) {
756 // this is from the Admin Console, so handle separately
757 doACGet(request, response, groupId, loggingContext);
758 loggingContext.transactionEnded();
759 PolicyLogger.audit("Transaction Ended Successfully");
764 String id = this.getPDPID(request);
765 LOGGER.info("doGet from: " + id);
766 // Get the PDP Object
767 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
770 // Check if request came from localhost
771 if (request.getRemoteHost().equals("localhost") ||
772 request.getRemoteHost().equals("127.0.0.1") ||
773 request.getRemoteHost().equals(request.getLocalAddr())) {
774 // Return status information - basically all the groups
775 loggingContext.setServiceName("PAP.getGroups");
776 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
777 // convert response object to JSON and include in the response
778 ObjectMapper mapper = new ObjectMapper();
779 mapper.writeValue(response.getOutputStream(), groups);
780 response.setHeader("content-type", "application/json");
781 response.setStatus(HttpServletResponse.SC_OK);
782 loggingContext.transactionEnded();
783 PolicyLogger.audit("Transaction Ended Successfully");
787 String message = "Unknown PDP: " + id + " from " + request.getRemoteHost() + " us: " + request.getLocalAddr();
788 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
789 loggingContext.transactionEnded();
790 PolicyLogger.audit("Transaction Failed - See Error.log");
791 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, message);
795 loggingContext.setServiceName("PAP.getPolicy");
796 // Get the PDP's Group
797 OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
799 String message = "No group associated with pdp " + pdp.getId();
800 LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message);
801 loggingContext.transactionEnded();
802 PolicyLogger.audit("Transaction Failed - See Error.log");
803 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, message);
807 // Which policy do they want?
808 String policyId = request.getParameter("id");
809 if (policyId == null) {
810 String message = "Did not specify an id for the policy";
811 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
812 loggingContext.transactionEnded();
813 PolicyLogger.audit("Transaction Failed - See Error.log");
814 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
818 PDPPolicy policy = group.getPolicy(policyId);
819 if (policy == null) {
820 String message = "Unknown policy: " + policyId;
821 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
822 loggingContext.transactionEnded();
823 PolicyLogger.audit("Transaction Failed - See Error.log");
824 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
828 LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n "
829 + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString());
830 try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) {
831 // Send the policy back
832 IOUtils.copy(is, os);
833 response.setStatus(HttpServletResponse.SC_OK);
834 loggingContext.transactionEnded();
835 auditLogger.info("Success");
836 PolicyLogger.audit("Transaction Ended Successfully");
837 } catch (IOException e) {
838 String message = "Failed to open policy id " + policyId;
839 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
840 loggingContext.transactionEnded();
841 PolicyLogger.audit("Transaction Failed - See Error.log");
842 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
844 } catch (PAPException e) {
845 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception");
846 loggingContext.transactionEnded();
847 PolicyLogger.audit("Transaction Failed - See Error.log");
848 response.sendError(500, e.getMessage());
852 loggingContext.transactionEnded();
853 PolicyLogger.audit("Transaction Ended");
858 * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
860 protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
861 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
862 loggingContext.transactionStarted();
863 loggingContext.setServiceName("PAP.put");
864 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
865 UUID requestID = UUID.randomUUID();
866 loggingContext.setRequestID(requestID.toString());
867 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPut) so we generated one");
869 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)");
872 im.startTransaction();
873 } catch (AdministrativeStateException ae){
874 String message = "PUT interface called for PAP " + papResourceName + " but it has an Administrative"
875 + " state of " + im.getStateManager().getAdminState()
876 + "\n Exception Message: " + ae.getMessage();
877 LOGGER.info(message +ae);
878 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
879 loggingContext.transactionEnded();
880 PolicyLogger.audit("Transaction Failed - See Error.log");
881 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
883 }catch (StandbyStatusException se) {
884 String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
885 + " of " + im.getStateManager().getStandbyStatus()
886 + "\n Exception Message: " + se.getMessage();
887 LOGGER.info(message +se);
888 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
889 loggingContext.transactionEnded();
890 PolicyLogger.audit("Transaction Failed - See Error.log");
891 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
894 XACMLRest.dumpRequest(request);
895 //need to check if request is from the API or Admin console
896 String apiflag = request.getParameter("apiflag");
897 //This would occur if a PolicyDBDao notification was received
898 String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
899 if(policyDBDaoRequestUrl != null){
900 String policyDBDaoRequestEntityId = request.getParameter("entityid");
901 //String policyDBDaoRequestEntityType = request.getParameter("entitytype");
902 String policyDBDaoRequestEntityType = request.getParameter("entitytype");
903 String policyDBDaoRequestExtraData = request.getParameter("extradata");
904 if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){
905 response.sendError(400, "entityid or entitytype not supplied");
906 loggingContext.transactionEnded();
907 PolicyLogger.audit("Transaction Ended Successfully");
911 policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
912 response.setStatus(200);
913 loggingContext.transactionEnded();
914 PolicyLogger.audit("Transaction Ended Successfully");
919 * Request for ImportService
921 String importService = request.getParameter("importService");
922 if (importService != null) {
923 if(authorizeRequest(request)){
924 APIRequestHandler apiRequestHandler = new APIRequestHandler();
925 apiRequestHandler.doPut(request, response, importService);
929 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
930 LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
931 loggingContext.transactionEnded();
932 PolicyLogger.audit("Transaction Failed - See Error.log");
933 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
937 //This would occur if we received a notification of a policy rename from AC
938 String oldPolicyName = request.getParameter("oldPolicyName");
939 String newPolicyName = request.getParameter("newPolicyName");
940 if(oldPolicyName != null && newPolicyName != null){
941 if(LOGGER.isDebugEnabled()){
942 LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding"
943 + "\npolicyToCreateUpdate = " + " ");
947 oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8");
948 newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8");
949 if(LOGGER.isDebugEnabled()){
950 LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding"
951 + "\npolicyToCreateUpdate = " + " ");
953 } catch(UnsupportedEncodingException e){
954 PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
955 + "\npolicyToCreateUpdate = " + " ");
956 response.sendError(500,"policyToCreateUpdate encoding not supported"
957 + "\nfailure with the following exception: " + e);
958 loggingContext.transactionEnded();
959 PolicyLogger.audit("Transaction Failed - See error.log");
963 //send it to PolicyDBDao
964 PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction();
966 renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
968 renameTransaction.rollbackTransaction();
969 response.sendError(500,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
970 + "\nfailure with the following exception: " + e);
971 loggingContext.transactionEnded();
972 PolicyLogger.audit("Transaction Failed - See error.log");
976 renameTransaction.commitTransaction();
977 response.setStatus(HttpServletResponse.SC_OK);
978 loggingContext.transactionEnded();
979 PolicyLogger.audit("Transaction Ended Successfully");
984 // See if this is Admin Console registering itself with us
986 String acURLString = request.getParameter("adminConsoleURL");
987 if (acURLString != null) {
988 loggingContext.setServiceName("AC:PAP.register");
989 // remember this Admin Console for future updates
990 if ( ! adminConsoleURLStringList.contains(acURLString)) {
991 adminConsoleURLStringList.add(acURLString);
993 if (LOGGER.isDebugEnabled()) {
994 LOGGER.debug("Admin Console registering with URL: " + acURLString);
996 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
997 loggingContext.transactionEnded();
998 auditLogger.info("Success");
999 PolicyLogger.audit("Transaction Ended Successfully");
1000 im.endTransaction();
1004 * This is to update the PDP Group with the policy/policies being pushed
1005 * Part of a 2 step process to push policies to the PDP that can now be done
1006 * From both the Admin Console and the PolicyEngine API
1008 String groupId = request.getParameter("groupId");
1009 if (groupId != null) {
1011 if(!authorizeRequest(request)){
1012 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1013 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1014 loggingContext.transactionEnded();
1015 PolicyLogger.audit("Transaction Failed - See Error.log");
1016 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
1019 if(apiflag.equalsIgnoreCase("addPolicyToGroup")){
1020 updateGroupsFromAPI(request, response, groupId, loggingContext);
1021 loggingContext.transactionEnded();
1022 PolicyLogger.audit("Transaction Ended Successfully");
1023 im.endTransaction();
1027 // this is from the Admin Console, so handle separately
1028 doACPut(request, response, groupId, loggingContext);
1029 loggingContext.transactionEnded();
1030 PolicyLogger.audit("Transaction Ended Successfully");
1031 im.endTransaction();
1035 // Request is for policy validation and creation
1037 if (apiflag != null && apiflag.equalsIgnoreCase("admin")){
1038 // this request is from the Admin Console
1039 SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance();
1040 savePolicyHandler.doPolicyAPIPut(request, response);
1041 loggingContext.transactionEnded();
1042 PolicyLogger.audit("Transaction Ended Successfully");
1043 im.endTransaction();
1045 } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) {
1046 // this request is from the Policy Creation API
1047 if(authorizeRequest(request)){
1048 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1049 apiRequestHandler.doPut(request, response, request.getHeader("ClientScope"));
1050 loggingContext.transactionEnded();
1051 PolicyLogger.audit("Transaction Ended Successfully");
1052 im.endTransaction();
1055 String message = "PEP not Authorized for making this Request!!";
1056 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1057 loggingContext.transactionEnded();
1058 PolicyLogger.audit("Transaction Failed - See Error.log");
1059 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
1060 im.endTransaction();
1064 // We do not expect anything from anywhere else.
1065 // This method is here in case we ever need to support other operations.
1066 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag");
1067 loggingContext.transactionEnded();
1068 PolicyLogger.audit("Transaction Failed - See Error.log");
1069 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
1070 loggingContext.transactionEnded();
1071 PolicyLogger.audit("Transaction Failed - See error.log");
1072 im.endTransaction();
1076 * @see HttpServlet#doDelete(HttpServletRequest request, HttpServletResponse response)
1078 protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
1079 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
1080 loggingContext.transactionStarted();
1081 loggingContext.setServiceName("PAP.delete");
1082 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
1083 UUID requestID = UUID.randomUUID();
1084 loggingContext.setRequestID(requestID.toString());
1085 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doDelete) so we generated one");
1087 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)");
1090 im.startTransaction();
1091 } catch (AdministrativeStateException ae){
1092 String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative"
1093 + " state of " + im.getStateManager().getAdminState()
1094 + "\n Exception Message: " + ae.getMessage();
1095 LOGGER.info(message);
1096 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1097 loggingContext.transactionEnded();
1098 PolicyLogger.audit("Transaction Failed - See Error.log");
1099 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1101 }catch (StandbyStatusException se) {
1102 String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
1103 + " of " + im.getStateManager().getStandbyStatus()
1104 + "\n Exception Message: " + se.getMessage();
1105 LOGGER.info(message);
1106 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1107 loggingContext.transactionEnded();
1108 PolicyLogger.audit("Transaction Failed - See Error.log");
1109 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1112 XACMLRest.dumpRequest(request);
1113 String groupId = request.getParameter("groupId");
1114 String apiflag = request.getParameter("apiflag");
1115 if (groupId != null) {
1116 // Is this from the Admin Console or API?
1118 if(!authorizeRequest(request)){
1119 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1120 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1121 loggingContext.transactionEnded();
1122 PolicyLogger.audit("Transaction Failed - See Error.log");
1123 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
1126 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1128 apiRequestHandler.doDelete(request, response, loggingContext, apiflag);
1129 } catch (Exception e) {
1130 LOGGER.error("Exception Occured"+e);
1132 if(apiRequestHandler.getNewGroup()!=null){
1133 groupChanged(apiRequestHandler.getNewGroup());
1137 // this is from the Admin Console, so handle separately
1138 doACDelete(request, response, groupId, loggingContext);
1139 loggingContext.transactionEnded();
1140 PolicyLogger.audit("Transaction Ended Successfully");
1141 im.endTransaction();
1144 //Catch anything that fell through
1145 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId");
1146 loggingContext.transactionEnded();
1147 PolicyLogger.audit("Transaction Failed - See Error.log");
1148 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
1149 im.endTransaction();
1152 private boolean isPDPCurrent(Properties policies, Properties pipconfig, Properties pdpProperties) {
1153 String localRootPolicies = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1154 String localReferencedPolicies = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1155 if (localRootPolicies == null || localReferencedPolicies == null) {
1156 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing property on PAP server: RootPolicies="+localRootPolicies+" ReferencedPolicies="+localReferencedPolicies);
1159 // Compare the policies and pipconfig properties to the pdpProperties
1161 // the policy properties includes only xacml.rootPolicies and
1162 // xacml.referencedPolicies without any .url entries
1163 Properties pdpPolicies = XACMLProperties.getPolicyProperties(pdpProperties, false);
1164 Properties pdpPipConfig = XACMLProperties.getPipProperties(pdpProperties);
1165 if (localRootPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_ROOTPOLICIES)) &&
1166 localReferencedPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)) &&
1167 pdpPipConfig.equals(pipconfig)) {
1168 // The PDP is current
1171 } catch (Exception e) {
1172 // we get here if the PDP did not include either xacml.rootPolicies or xacml.pip.engines,
1173 // or if there are policies that do not have a corresponding ".url" property.
1174 // Either of these cases means that the PDP is not up-to-date, so just drop-through to return false.
1175 PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPapServlet", " PDP Error");
1180 private void populatePolicyURL(StringBuffer urlPath, Properties policies) {
1181 String lists[] = new String[2];
1182 lists[0] = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1183 lists[1] = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1184 for (String list : lists) {
1185 if (list != null && list.isEmpty() == false) {
1186 for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(list)) {
1187 String url = urlPath + "?id=" + id;
1188 LOGGER.info("Policy URL for " + id + ": " + url);
1189 policies.setProperty(id + ".url", url);
1195 protected String getPDPID(HttpServletRequest request) {
1196 String pdpURL = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_ID);
1197 if (pdpURL == null || pdpURL.isEmpty()) {
1198 // Should send back its port for identification
1199 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header");
1205 protected String getPDPJMX(HttpServletRequest request) {
1206 String pdpJMMX = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_JMX_PORT);
1207 if (pdpJMMX == null || pdpJMMX.isEmpty()) {
1208 // Should send back its port for identification
1209 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header for JMX Port so the value of 0 is assigned");
1216 * Requests from the PolicyEngine API to update the PDP Group with pushed policy
1221 * @param loggingContext
1222 * @throws ServletException
1223 * @throws IOException
1225 public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1226 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1228 // for PUT operations the group may or may not need to exist before the operation can be done
1229 StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId);
1230 // get the request input stream content into a String
1232 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1233 scanner.useDelimiter("\\A");
1234 json = scanner.hasNext() ? scanner.next() : "";
1236 PolicyLogger.info("JSON request from PolicyEngine API: " + json);
1237 // convert Object sent as JSON into local object
1238 StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class);
1239 Set<PDPPolicy> policies = new HashSet<>();
1241 policies.add(policy);
1243 //Get the current policies from the Group and Add the new one
1244 Set<PDPPolicy> currentPoliciesInGroup = new HashSet<>();
1245 currentPoliciesInGroup = group.getPolicies();
1246 //If the selected policy is in the group we must remove it because the name is default
1247 Iterator<PDPPolicy> policyIterator = policies.iterator();
1248 LOGGER.debug("policyIterator....." + policies);
1249 while (policyIterator.hasNext()) {
1250 PDPPolicy selPolicy = policyIterator.next();
1251 for (PDPPolicy existingPolicy : currentPoliciesInGroup) {
1252 if (existingPolicy.getId().equals(selPolicy.getId())) {
1253 group.removePolicyFromGroup(existingPolicy);
1254 LOGGER.debug("Removing policy: " + existingPolicy);
1259 //Update the PDP Group after removing old version of policy
1260 Set<PDPPolicy> updatedPoliciesInGroup = new HashSet<>();
1261 updatedPoliciesInGroup = group.getPolicies();
1262 //need to remove the policy with default name from group
1263 for (PDPPolicy updatedPolicy : currentPoliciesInGroup) {
1264 if (updatedPolicy.getName().equalsIgnoreCase("default")) {
1265 group.removePolicyFromGroup(updatedPolicy);
1269 if(updatedPoliciesInGroup!=null){
1270 policies.addAll(updatedPoliciesInGroup);
1272 group.setPolicies(policies);
1273 // Assume that this is an update of an existing PDP Group
1274 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1276 acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut");
1277 } catch(Exception e){
1278 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: "
1279 +"group="+group.getId());
1280 throw new PAPException(e.getMessage());
1282 papEngine.updateGroup(group);
1283 String policyId = "empty";
1285 policyId = policy.getId();
1287 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1288 response.addHeader("operation", "push");
1289 response.addHeader("policyId", policyId);
1290 response.addHeader("groupId", groupId);
1291 if (LOGGER.isDebugEnabled()) {
1292 LOGGER.debug("Group '" + group.getId() + "' updated");
1294 acPutTransaction.commitTransaction();
1296 // Group changed, which might include changing the policies
1297 groupChanged(group);
1298 loggingContext.transactionEnded();
1299 auditLogger.info("Success");
1301 if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1302 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1303 if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
1304 LOGGER.debug("Precheck Successful.");
1308 PolicyLogger.audit("Transaction Ended Successfully");
1310 } catch (PAPException e) {
1311 acPutTransaction.rollbackTransaction();
1312 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1313 loggingContext.transactionEnded();
1314 PolicyLogger.audit("Transaction Failed - See Error.log");
1315 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
1316 response.sendError(500, e.getMessage());
1317 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1318 response.addHeader("error","addGroupError");
1319 response.addHeader("message", message);
1325 * Requests from the Admin Console for operations not on single specific objects
1330 * @param loggingContext
1331 * @throws ServletException
1332 * @throws IOException
1334 private void doACPost(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1335 PolicyDBDaoTransaction doACPostTransaction = null;
1337 String groupName = request.getParameter("groupName");
1338 String groupDescription = request.getParameter("groupDescription");
1339 String apiflag = request.getParameter("apiflag");
1340 if (groupName != null && groupDescription != null) {
1341 // Args: group=<groupId> groupName=<name> groupDescription=<description> <= create a new group
1342 loggingContext.setServiceName("AC:PAP.createGroup");
1343 String unescapedName = URLDecoder.decode(groupName, "UTF-8");
1344 String unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8");
1345 PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction();
1347 newGroupTransaction.createGroup(PolicyDBDao.createNewPDPGroupId(unescapedName), unescapedName, unescapedDescription,"XACMLPapServlet.doACPost");
1348 papEngine.newGroup(unescapedName, unescapedDescription);
1349 newGroupTransaction.commitTransaction();
1350 } catch (Exception e) {
1351 newGroupTransaction.rollbackTransaction();
1352 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group");
1353 loggingContext.transactionEnded();
1355 PolicyLogger.audit("Transaction Failed - See Error.log");
1356 response.sendError(500, "Unable to create new group '" + groupId + "'");
1359 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1360 if (LOGGER.isDebugEnabled()) {
1361 LOGGER.debug("New Group '" + groupId + "' created");
1363 // tell the Admin Consoles there is a change
1365 // new group by definition has no PDPs, so no need to notify them of changes
1366 loggingContext.transactionEnded();
1367 PolicyLogger.audit("Transaction Failed - See Error.log");
1368 auditLogger.info("Success");
1369 PolicyLogger.audit("Transaction Ended Successfully");
1372 // for all remaining POST operations the group must exist before the operation can be done
1373 OnapPDPGroup group = papEngine.getGroup(groupId);
1374 if (group == null) {
1375 String message = "Unknown groupId '" + groupId + "'";
1376 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1377 loggingContext.transactionEnded();
1378 PolicyLogger.audit("Transaction Failed - See Error.log");
1380 response.addHeader("error", "unknownGroupId");
1381 response.addHeader("operation", "push");
1382 response.addHeader("message", message);
1383 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
1385 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
1389 // determine the operation needed based on the parameters in the request
1390 if (request.getParameter("policyId") != null) {
1391 // Args: group=<groupId> policy=<policyId> <= copy file
1392 // copy a policy from the request contents into a file in the group's directory on this machine
1394 loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy");
1396 loggingContext.setServiceName("AC:PAP.postPolicy");
1398 String policyId = request.getParameter("policyId");
1399 PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction();
1401 InputStream is = null;
1403 if (apiflag != null){
1404 // get the request content into a String if the request is from API
1406 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1407 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1408 scanner.useDelimiter("\\A");
1409 json = scanner.hasNext() ? scanner.next() : "";
1411 LOGGER.info("JSON request from API: " + json);
1412 // convert Object sent as JSON into local object
1413 ObjectMapper mapper = new ObjectMapper();
1414 Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class);
1415 StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON;
1416 temp = new File(policy.getLocation());
1417 is = new FileInputStream(temp);
1419 is = request.getInputStream();
1421 addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost");
1422 if (apiflag != null){
1423 ((StdPDPGroup) group).copyPolicyToFile(policyId,"API", is);
1426 if (policyId.endsWith(".xml")) {
1427 name = policyId.replace(".xml", "");
1428 name = name.substring(0, name.lastIndexOf("."));
1430 ((StdPDPGroup) group).copyPolicyToFile(policyId, name, is);
1432 if(is!=null && temp!=null){
1436 addPolicyToGroupTransaction.commitTransaction();
1437 } catch (Exception e) {
1438 addPolicyToGroupTransaction.rollbackTransaction();
1439 String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
1440 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
1441 loggingContext.transactionEnded();
1442 PolicyLogger.audit("Transaction Failed - See Error.log");
1444 response.addHeader("error", "policyCopyError");
1445 response.addHeader("message", message);
1446 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1448 response.sendError(500, message);
1452 // policy file copied ok and the Group was updated on the PDP
1453 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1454 response.addHeader("operation", "push");
1455 response.addHeader("policyId", policyId);
1456 response.addHeader("groupId", groupId);
1457 if (LOGGER.isDebugEnabled()) {
1458 LOGGER.debug("policy '" + policyId + "' copied to directory for group '" + groupId + "'");
1460 loggingContext.transactionEnded();
1461 auditLogger.info("Success");
1462 PolicyLogger.audit("Transaction Ended Successfully");
1464 } else if (request.getParameter("default") != null) {
1465 // Args: group=<groupId> default=true <= make default
1466 // change the current default group to be the one identified in the request.
1467 loggingContext.setServiceName("AC:PAP.setDefaultGroup");
1468 // This is a POST operation rather than a PUT "update group" because of the side-effect that the current default group is also changed.
1469 // It should never be the case that multiple groups are currently marked as the default, but protect against that anyway.
1470 PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction();
1472 setDefaultGroupTransaction.changeDefaultGroup(group, "XACMLPapServlet.doACPost");
1473 papEngine.SetDefaultGroup(group);
1474 setDefaultGroupTransaction.commitTransaction();
1475 } catch (Exception e) {
1476 setDefaultGroupTransaction.rollbackTransaction();
1477 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group");
1478 loggingContext.transactionEnded();
1480 PolicyLogger.audit("Transaction Failed - See Error.log");
1481 response.sendError(500, "Unable to set group '" + groupId + "' to default");
1484 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1485 if (LOGGER.isDebugEnabled()) {
1486 LOGGER.debug("Group '" + groupId + "' set to be default");
1488 // Notify the Admin Consoles that something changed
1489 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1490 //TODO - Future: FIGURE OUT WHAT LEVEL TO NOTIFY: 2 groups or entire set - currently notify AC to update whole configuration of all groups
1492 // This does not affect any PDPs in the existing groups, so no need to notify them of this change
1493 loggingContext.transactionEnded();
1494 auditLogger.info("Success");
1495 PolicyLogger.audit("Transaction Ended Successfully");
1497 } else if (request.getParameter("pdpId") != null) {
1498 doACPostTransaction = policyDBDao.getNewTransaction();
1499 // Args: group=<groupId> pdpId=<pdpId> <= move PDP to group
1500 loggingContext.setServiceName("AC:PAP.movePDP");
1501 String pdpId = request.getParameter("pdpId");
1502 OnapPDP pdp = papEngine.getPDP(pdpId);
1503 OnapPDPGroup originalGroup = papEngine.getPDPGroup((OnapPDP) pdp);
1505 doACPostTransaction.movePdp(pdp, group, "XACMLPapServlet.doACPost");
1506 }catch(Exception e){
1507 doACPostTransaction.rollbackTransaction();
1508 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet",
1509 " Error while moving pdp in the database: "
1510 +"pdp="+pdp.getId()+",to group="+group.getId());
1511 throw new PAPException(e.getMessage());
1513 papEngine.movePDP((OnapPDP) pdp, group);
1514 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1515 if (LOGGER.isDebugEnabled()) {
1516 LOGGER.debug("PDP '" + pdp.getId() +"' moved to group '" + group.getId() + "' set to be default");
1518 // update the status of both the original group and the new one
1519 ((StdPDPGroup)originalGroup).resetStatus();
1520 ((StdPDPGroup)group).resetStatus();
1521 // Notify the Admin Consoles that something changed
1522 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1524 // Need to notify the PDP that it's config may have changed
1526 doACPostTransaction.commitTransaction();
1527 loggingContext.transactionEnded();
1528 auditLogger.info("Success");
1529 PolicyLogger.audit("Transaction Ended Successfully");
1532 } catch (PAPException e) {
1533 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception");
1534 loggingContext.transactionEnded();
1535 PolicyLogger.audit("Transaction Failed - See Error.log");
1536 response.sendError(500, e.getMessage());
1542 * Requests from the Admin Console to GET info about the Groups and PDPs
1547 * @param loggingContext
1548 * @throws ServletException
1549 * @throws IOException
1551 private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1553 String parameterDefault = request.getParameter("default");
1554 String pdpId = request.getParameter("pdpId");
1555 String pdpGroup = request.getParameter("getPDPGroup");
1556 if ("".equals(groupId)) {
1557 // request IS from AC but does not identify a group by name
1558 if (parameterDefault != null) {
1559 // Request is for the Default group (whatever its id)
1560 loggingContext.setServiceName("AC:PAP.getDefaultGroup");
1561 OnapPDPGroup group = papEngine.getDefaultGroup();
1562 // convert response object to JSON and include in the response
1563 ObjectMapper mapper = new ObjectMapper();
1564 mapper.writeValue(response.getOutputStream(), group);
1565 if (LOGGER.isDebugEnabled()) {
1566 LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'");
1568 response.setStatus(HttpServletResponse.SC_OK);
1569 response.setHeader("content-type", "application/json");
1570 response.getOutputStream().close();
1571 loggingContext.transactionEnded();
1572 auditLogger.info("Success");
1573 PolicyLogger.audit("Transaction Ended Successfully");
1575 } else if (pdpId != null) {
1576 // Request is related to a PDP
1577 if (pdpGroup == null) {
1578 // Request is for the (unspecified) group containing a given PDP
1579 loggingContext.setServiceName("AC:PAP.getPDP");
1580 OnapPDP pdp = papEngine.getPDP(pdpId);
1581 // convert response object to JSON and include in the response
1582 ObjectMapper mapper = new ObjectMapper();
1583 mapper.writeValue(response.getOutputStream(), pdp);
1584 if (LOGGER.isDebugEnabled()) {
1585 LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'");
1587 response.setStatus(HttpServletResponse.SC_OK);
1588 response.setHeader("content-type", "application/json");
1589 response.getOutputStream().close();
1590 loggingContext.transactionEnded();
1591 auditLogger.info("Success");
1592 PolicyLogger.audit("Transaction Ended Successfully");
1595 // Request is for the group containing a given PDP
1596 loggingContext.setServiceName("AC:PAP.getGroupForPDP");
1597 OnapPDP pdp = papEngine.getPDP(pdpId);
1598 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
1599 // convert response object to JSON and include in the response
1600 ObjectMapper mapper = new ObjectMapper();
1601 mapper.writeValue(response.getOutputStream(), group);
1602 if (LOGGER.isDebugEnabled()) {
1603 LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'");
1605 response.setStatus(HttpServletResponse.SC_OK);
1606 response.setHeader("content-type", "application/json");
1607 response.getOutputStream().close();
1608 loggingContext.transactionEnded();
1609 auditLogger.info("Success");
1610 PolicyLogger.audit("Transaction Ended Successfully");
1614 // request is for top-level properties about all groups
1615 loggingContext.setServiceName("AC:PAP.getAllGroups");
1616 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
1617 // convert response object to JSON and include in the response
1618 ObjectMapper mapper = new ObjectMapper();
1619 mapper.writeValue(response.getOutputStream(), groups);
1620 if (LOGGER.isDebugEnabled()) {
1621 LOGGER.debug("GET All groups req");
1623 response.setStatus(HttpServletResponse.SC_OK);
1624 response.setHeader("content-type", "application/json");
1625 response.getOutputStream().close();
1626 loggingContext.transactionEnded();
1627 auditLogger.info("Success");
1628 PolicyLogger.audit("Transaction Ended Successfully");
1632 // for all other GET operations the group must exist before the operation can be done
1633 OnapPDPGroup group = papEngine.getGroup(groupId);
1634 if (group == null) {
1635 String message = "Unknown groupId '" + groupId + "'";
1636 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1637 loggingContext.transactionEnded();
1639 PolicyLogger.audit("Transaction Failed - See Error.log");
1640 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
1643 // Figure out which request this is based on the parameters
1644 String policyId = request.getParameter("policyId");
1645 if (policyId != null) {
1646 // retrieve a policy
1647 loggingContext.setServiceName("AC:PAP.getPolicy");
1648 // convert response object to JSON and include in the response
1649 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented");
1650 loggingContext.transactionEnded();
1651 PolicyLogger.audit("Transaction Failed - See Error.log");
1652 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
1654 // No other parameters, so return the identified Group
1655 loggingContext.setServiceName("AC:PAP.getGroup");
1656 // convert response object to JSON and include in the response
1657 ObjectMapper mapper = new ObjectMapper();
1658 mapper.writeValue(response.getOutputStream(), group);
1659 if (LOGGER.isDebugEnabled()) {
1660 LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'");
1662 response.setStatus(HttpServletResponse.SC_OK);
1663 response.setHeader("content-type", "application/json");
1664 response.getOutputStream().close();
1665 loggingContext.transactionEnded();
1666 auditLogger.info("Success");
1667 PolicyLogger.audit("Transaction Ended Successfully");
1670 // Currently there are no other GET calls from the AC.
1671 // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP.
1672 // Other GETs that could be called:
1673 // Specific Group (groupId=<groupId>)
1674 // A Policy (groupId=<groupId> policyId=<policyId>)
1675 // A PDP (groupId=<groupId> pdpId=<pdpId>)
1676 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED ");
1677 loggingContext.transactionEnded();
1678 PolicyLogger.audit("Transaction Failed - See Error.log");
1679 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1680 } catch (PAPException e) {
1681 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception");
1682 loggingContext.transactionEnded();
1683 PolicyLogger.audit("Transaction Failed - See Error.log");
1684 response.sendError(500, e.getMessage());
1690 * Requests from the Admin Console to create new items or update existing ones
1695 * @param loggingContext
1696 * @throws ServletException
1697 * @throws IOException
1699 private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1700 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1702 // for PUT operations the group may or may not need to exist before the operation can be done
1703 OnapPDPGroup group = papEngine.getGroup(groupId);
1704 // determine the operation needed based on the parameters in the request
1705 // for remaining operations the group must exist before the operation can be done
1706 if (group == null) {
1707 String message = "Unknown groupId '" + groupId + "'";
1708 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1709 loggingContext.transactionEnded();
1710 PolicyLogger.audit("Transaction Failed - See Error.log");
1711 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
1714 if (request.getParameter("policy") != null) {
1715 // group=<groupId> policy=<policyId> contents=policy file <= Create new policy file in group dir, or replace it if it already exists (do not touch properties)
1716 loggingContext.setServiceName("AC:PAP.putPolicy");
1717 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PARTIALLY IMPLEMENTED!!! ACTUAL CHANGES SHOULD BE MADE BY PAP SERVLET!!! ");
1718 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1719 loggingContext.transactionEnded();
1720 PolicyLogger.audit("Transaction Failed - See Error.log");
1721 auditLogger.info("Success");
1722 PolicyLogger.audit("Transaction Ended Successfully");
1724 } else if (request.getParameter("pdpId") != null) {
1725 // ARGS: group=<groupId> pdpId=<pdpId/URL> <= create a new PDP or Update an Existing one
1726 String pdpId = request.getParameter("pdpId");
1727 if (papEngine.getPDP(pdpId) == null) {
1728 loggingContext.setServiceName("AC:PAP.createPDP");
1730 loggingContext.setServiceName("AC:PAP.updatePDP");
1732 // get the request content into a String
1734 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1735 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1736 scanner.useDelimiter("\\A");
1737 json = scanner.hasNext() ? scanner.next() : "";
1739 LOGGER.info("JSON request from AC: " + json);
1740 // convert Object sent as JSON into local object
1741 ObjectMapper mapper = new ObjectMapper();
1742 Object objectFromJSON = mapper.readValue(json, StdPDP.class);
1743 if (pdpId == null ||
1744 objectFromJSON == null ||
1745 ! (objectFromJSON instanceof StdPDP) ||
1746 ((StdPDP)objectFromJSON).getId() == null ||
1747 ! ((StdPDP)objectFromJSON).getId().equals(pdpId)) {
1748 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
1749 loggingContext.transactionEnded();
1750 PolicyLogger.audit("Transaction Failed - See Error.log");
1751 response.sendError(500, "Bad input, pdpid="+pdpId+" object="+objectFromJSON);
1753 StdPDP pdp = (StdPDP) objectFromJSON;
1755 if (papEngine.getPDP(pdpId) == null) {
1756 // this is a request to create a new PDP object
1758 acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(),
1759 pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut");
1760 } catch(Exception e){
1761 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: "
1762 +"pdp="+ (pdp.getId()) +",to group="+group.getId());
1763 throw new PAPException(e.getMessage());
1765 papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
1768 acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
1769 } catch(Exception e){
1770 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: "
1771 +"pdp="+ pdp.getId());
1772 throw new PAPException(e.getMessage());
1774 // this is a request to update the pdp
1775 papEngine.updatePDP(pdp);
1777 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1778 if (LOGGER.isDebugEnabled()) {
1779 LOGGER.debug("PDP '" + pdpId + "' created/updated");
1781 // adjust the group's state including the new PDP
1782 ((StdPDPGroup)group).resetStatus();
1783 // tell the Admin Consoles there is a change
1785 // this might affect the PDP, so notify it of the change
1787 acPutTransaction.commitTransaction();
1788 loggingContext.transactionEnded();
1789 auditLogger.info("Success");
1790 PolicyLogger.audit("Transaction Ended Successfully");
1794 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "XACMLPapServlet", " Error while adding pdp to group in the database: "
1795 +"pdp=null" + ",to group="+group.getId());
1796 throw new PAPException("PDP is null");
1797 } catch(Exception e){
1798 throw new PAPException("PDP is null" + e.getMessage() +e);
1801 } else if (request.getParameter("pipId") != null) {
1802 // group=<groupId> pipId=<pipEngineId> contents=pip properties <= add a PIP to pip config, or replace it if it already exists (lenient operation)
1803 loggingContext.setServiceName("AC:PAP.putPIP");
1804 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1805 loggingContext.transactionEnded();
1806 PolicyLogger.audit("Transaction Failed - See Error.log");
1807 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1810 // Assume that this is an update of an existing PDP Group
1811 // ARGS: group=<groupId> <= Update an Existing Group
1812 loggingContext.setServiceName("AC:PAP.updateGroup");
1813 // get the request content into a String
1815 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1816 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1817 scanner.useDelimiter("\\A");
1818 json = scanner.hasNext() ? scanner.next() : "";
1820 LOGGER.info("JSON request from AC: " + json);
1821 // convert Object sent as JSON into local object
1822 ObjectMapper mapper = new ObjectMapper();
1823 Object objectFromJSON = mapper.readValue(json, StdPDPGroup.class);
1824 if (objectFromJSON == null || ! (objectFromJSON instanceof StdPDPGroup) ||
1825 ! ((StdPDPGroup)objectFromJSON).getId().equals(group.getId())) {
1826 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
1827 loggingContext.transactionEnded();
1828 PolicyLogger.audit("Transaction Failed - See Error.log");
1829 response.sendError(500, "Bad input, id="+group.getId() +" object="+objectFromJSON);
1831 // The Path on the PAP side is not carried on the RESTful interface with the AC
1832 // (because it is local to the PAP)
1833 // so we need to fill that in before submitting the group for update
1834 if(objectFromJSON != null){
1835 ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
1838 acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
1839 } catch(Exception e){
1840 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: "
1841 +"group="+group.getId());
1842 throw new PAPException(e.getMessage());
1845 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1846 OnapPDPGroup updatedGroup = (StdPDPGroup)objectFromJSON;
1847 if (pushPolicyHandler.preSafetyCheck(updatedGroup, configHome)) {
1848 LOGGER.debug("Precheck Successful.");
1851 papEngine.updateGroup((StdPDPGroup)objectFromJSON);
1853 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1854 if (LOGGER.isDebugEnabled()) {
1855 LOGGER.debug("Group '" + group.getId() + "' updated");
1857 acPutTransaction.commitTransaction();
1858 // tell the Admin Consoles there is a change
1860 // Group changed, which might include changing the policies
1861 groupChanged(group);
1862 loggingContext.transactionEnded();
1863 auditLogger.info("Success");
1864 PolicyLogger.audit("Transaction Ended Successfully");
1867 } catch (PAPException e) {
1868 acPutTransaction.rollbackTransaction();
1869 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
1870 loggingContext.transactionEnded();
1871 PolicyLogger.audit("Transaction Failed - See Error.log");
1872 response.sendError(500, e.getMessage());
1878 * Requests from the Admin Console to delete/remove items
1883 * @param loggingContext
1884 * @throws ServletException
1885 * @throws IOException
1887 private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1888 //This code is to allow deletes to propagate to the database since delete is not implemented
1889 String isDeleteNotify = request.getParameter("isDeleteNotify");
1890 if(isDeleteNotify != null){
1891 String policyToDelete = request.getParameter("policyToDelete");
1893 policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8");
1894 } catch(UnsupportedEncodingException e){
1895 PolicyLogger.error("Unsupported URL encoding of policyToDelete (UTF-8");
1896 response.sendError(500,"policyToDelete encoding not supported");
1899 PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction();
1901 deleteTransaction.deletePolicy(policyToDelete);
1902 } catch(Exception e){
1903 deleteTransaction.rollbackTransaction();
1904 response.sendError(500,"deleteTransaction.deleteTransaction(policyToDelete) "
1905 + "\nfailure with the following exception: " + e);
1908 deleteTransaction.commitTransaction();
1909 response.setStatus(HttpServletResponse.SC_OK);
1912 PolicyDBDaoTransaction removePdpOrGroupTransaction = policyDBDao.getNewTransaction();
1914 // for all DELETE operations the group must exist before the operation can be done
1915 loggingContext.setServiceName("AC:PAP.delete");
1916 OnapPDPGroup group = papEngine.getGroup(groupId);
1917 if (group == null) {
1918 String message = "Unknown groupId '" + groupId + "'";
1919 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1920 loggingContext.transactionEnded();
1921 PolicyLogger.audit("Transaction Failed - See Error.log");
1922 response.sendError(HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'");
1925 // determine the operation needed based on the parameters in the request
1926 if (request.getParameter("policy") != null) {
1927 // group=<groupId> policy=<policyId> [delete=<true|false>] <= delete policy file from group
1928 loggingContext.setServiceName("AC:PAP.deletePolicy");
1929 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1930 loggingContext.transactionEnded();
1931 PolicyLogger.audit("Transaction Failed - See Error.log");
1932 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1934 } else if (request.getParameter("pdpId") != null) {
1935 // ARGS: group=<groupId> pdpId=<pdpId> <= delete PDP
1936 String pdpId = request.getParameter("pdpId");
1937 OnapPDP pdp = papEngine.getPDP(pdpId);
1939 removePdpOrGroupTransaction.removePdpFromGroup(pdp.getId(),"XACMLPapServlet.doACDelete");
1940 } catch(Exception e){
1941 throw new PAPException();
1943 papEngine.removePDP((OnapPDP) pdp);
1944 // adjust the status of the group, which may have changed when we removed this PDP
1945 ((StdPDPGroup)group).resetStatus();
1946 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1948 // update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests)
1950 removePdpOrGroupTransaction.commitTransaction();
1951 loggingContext.transactionEnded();
1952 auditLogger.info("Success");
1953 PolicyLogger.audit("Transaction Ended Successfully");
1955 } else if (request.getParameter("pipId") != null) {
1956 // group=<groupId> pipId=<pipEngineId> <= delete PIP config for given engine
1957 loggingContext.setServiceName("AC:PAP.deletePIPConfig");
1958 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1959 loggingContext.transactionEnded();
1960 PolicyLogger.audit("Transaction Failed - See Error.log");
1961 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1964 // ARGS: group=<groupId> movePDPsToGroupId=<movePDPsToGroupId> <= delete a group and move all its PDPs to the given group
1965 String moveToGroupId = request.getParameter("movePDPsToGroupId");
1966 OnapPDPGroup moveToGroup = null;
1967 if (moveToGroupId != null) {
1968 moveToGroup = papEngine.getGroup(moveToGroupId);
1970 // get list of PDPs in the group being deleted so we can notify them that they got changed
1971 Set<OnapPDP> movedPDPs = new HashSet<>();
1972 movedPDPs.addAll(group.getOnapPdps());
1973 // do the move/remove
1975 removePdpOrGroupTransaction.deleteGroup(group, moveToGroup,"XACMLPapServlet.doACDelete");
1976 } catch(Exception e){
1977 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception");
1978 throw new PAPException(e.getMessage());
1980 papEngine.removeGroup(group, moveToGroup);
1981 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1983 // notify any PDPs in the removed set that their config may have changed
1984 for (OnapPDP pdp : movedPDPs) {
1987 removePdpOrGroupTransaction.commitTransaction();
1988 loggingContext.transactionEnded();
1989 auditLogger.info("Success");
1990 PolicyLogger.audit("Transaction Ended Successfully");
1993 } catch (PAPException e) {
1994 removePdpOrGroupTransaction.rollbackTransaction();
1995 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC DELETE exception");
1996 loggingContext.transactionEnded();
1997 PolicyLogger.audit("Transaction Failed - See Error.log");
1998 response.sendError(500, e.getMessage());
2004 * Heartbeat thread - periodically check on PDPs' status
2006 * Heartbeat with all known PDPs.
2008 * Implementation note:
2010 * The PDPs are contacted Sequentially, not in Parallel.
2012 * If we did this in parallel using multiple threads we would simultaneously use
2016 * This could become a resource problem since we already use multiple threads and connections for updating the PDPs
2017 * when user changes occur.
2018 * Using separate threads can also make it tricky dealing with timeouts on PDPs that are non-responsive.
2020 * The Sequential operation does a heartbeat request to each PDP one at a time.
2021 * This has the flaw that any PDPs that do not respond will hold up the entire heartbeat sequence until they timeout.
2022 * If there are a lot of non-responsive PDPs and the timeout is large-ish (the default is 20 seconds)
2023 * it could take a long time to cycle through all of the PDPs.
2024 * That means that this may not notice a PDP being down in a predictable time.
2026 private class Heartbeat implements Runnable {
2027 private PAPPolicyEngine papEngine;
2028 private Set<OnapPDP> pdps = new HashSet<>();
2029 private int heartbeatInterval;
2030 private int heartbeatTimeout;
2032 public volatile boolean isRunning = false;
2034 public synchronized boolean isRunning() {
2035 return this.isRunning;
2038 public synchronized void terminate() {
2039 this.isRunning = false;
2042 public Heartbeat(PAPPolicyEngine papEngine2) {
2043 papEngine = papEngine2;
2044 this.heartbeatInterval = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_INTERVAL, "10000"));
2045 this.heartbeatTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_TIMEOUT, "10000"));
2050 // Set ourselves as running
2051 synchronized(this) {
2052 this.isRunning = true;
2054 HashMap<String, URL> idToURLMap = new HashMap<>();
2056 while (this.isRunning()) {
2057 // Wait the given time
2058 Thread.sleep(heartbeatInterval);
2059 // get the list of PDPs (may have changed since last time)
2061 synchronized(papEngine) {
2063 for (OnapPDPGroup g : papEngine.getOnapPDPGroups()) {
2064 for (OnapPDP p : g.getOnapPdps()) {
2068 } catch (PAPException e) {
2069 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat unable to read PDPs from PAPEngine");
2072 // Check for shutdown
2073 if (this.isRunning() == false) {
2074 LOGGER.info("isRunning is false, getting out of loop.");
2077 // try to get the summary status from each PDP
2078 boolean changeSeen = false;
2079 for (OnapPDP pdp : pdps) {
2080 // Check for shutdown
2081 if (this.isRunning() == false) {
2082 LOGGER.info("isRunning is false, getting out of loop.");
2085 // the id of the PDP is its url (though we add a query parameter)
2086 URL pdpURL = idToURLMap.get(pdp.getId());
2087 if (pdpURL == null) {
2088 // haven't seen this PDP before
2089 String fullURLString = null;
2092 if(CheckPDP.validateID(pdp.getId())){
2093 fullURLString = pdp.getId() + "?type=hb";
2094 pdpURL = new URL(fullURLString);
2095 idToURLMap.put(pdp.getId(), pdpURL);
2097 } catch (MalformedURLException e) {
2098 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " PDP id '" + fullURLString + "' is not a valid URL");
2102 // Do a GET with type HeartBeat
2103 String newStatus = "";
2104 HttpURLConnection connection = null;
2106 // Open up the connection
2108 connection = (HttpURLConnection)pdpURL.openConnection();
2109 // Setup our method and headers
2110 connection.setRequestMethod("GET");
2111 connection.setConnectTimeout(heartbeatTimeout);
2113 String encoding = CheckPDP.getEncoding(pdp.getId());
2114 if(encoding !=null){
2115 connection.setRequestProperty("Authorization", "Basic " + encoding);
2118 connection.connect();
2119 if (connection.getResponseCode() == 204) {
2120 newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB);
2121 if (LOGGER.isDebugEnabled()) {
2122 LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'");
2125 // anything else is an unexpected result
2126 newStatus = PDPStatus.Status.UNKNOWN.toString();
2127 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId());
2130 } catch (UnknownHostException e) {
2131 newStatus = PDPStatus.Status.NO_SUCH_HOST.toString();
2132 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' NO_SUCH_HOST");
2133 } catch (SocketTimeoutException e) {
2134 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2135 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' connection timeout");
2136 } catch (ConnectException e) {
2137 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2138 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' cannot connect");
2139 } catch (Exception e) {
2140 newStatus = PDPStatus.Status.UNKNOWN.toString();
2141 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat '" + pdp.getId() + "' connect exception");
2143 // cleanup the connection
2144 if(connection != null)
2145 connection.disconnect();
2147 if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) {
2148 if (LOGGER.isDebugEnabled()) {
2149 LOGGER.debug("previous status='" + pdp.getStatus().getStatus()+"' new Status='" + newStatus + "'");
2152 setPDPSummaryStatus(pdp, newStatus);
2153 } catch (PAPException e) {
2154 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Unable to set state for PDP '" + pdp.getId());
2159 // Check for shutdown
2160 if (this.isRunning() == false) {
2161 LOGGER.info("isRunning is false, getting out of loop.");
2164 // if any of the PDPs changed state, tell the ACs to update
2169 } catch (InterruptedException e) {
2170 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat interrupted. Shutting down");
2177 * HELPER to change Group status when PDP status is changed
2178 * (Must NOT be called from a method that is synchronized on the papEngine or it may deadlock)
2180 private void setPDPSummaryStatus(OnapPDP pdp, PDPStatus.Status newStatus) throws PAPException {
2181 setPDPSummaryStatus(pdp, newStatus.toString());
2184 private void setPDPSummaryStatus(OnapPDP pdp, String newStatus) throws PAPException {
2185 synchronized(papEngine) {
2186 StdPDPStatus status = new StdPDPStatus();
2187 status.setStatus(PDPStatus.Status.valueOf(newStatus));
2188 ((StdPDP)pdp).setStatus(status);
2189 // now adjust the group
2190 StdPDPGroup group = (StdPDPGroup)papEngine.getPDPGroup((OnapPDP) pdp);
2191 // if the PDP was just deleted it may transiently exist but not be in a group
2192 if (group != null) {
2193 group.resetStatus();
2199 * Callback methods telling this servlet to notify PDPs of changes made by the PAP StdEngine
2200 * in the PDP group directories
2203 public void changed() {
2204 // all PDPs in all groups need to be updated/sync'd
2205 Set<OnapPDPGroup> groups;
2207 groups = papEngine.getOnapPDPGroups();
2208 } catch (PAPException e) {
2209 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2210 throw new RuntimeException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2212 for (OnapPDPGroup group : groups) {
2213 groupChanged(group);
2218 public void groupChanged(OnapPDPGroup group) {
2219 // all PDPs within one group need to be updated/sync'd
2220 for (OnapPDP pdp : group.getOnapPdps()) {
2226 public void pdpChanged(OnapPDP pdp) {
2227 // kick off a thread to do an event notification for each PDP.
2228 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2229 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2230 Thread t = new Thread(new UpdatePDPThread(pdp));
2231 if(CheckPDP.validateID(pdp.getId())){
2236 private class UpdatePDPThread implements Runnable {
2237 private OnapPDP pdp;
2238 private String requestId;
2240 public UpdatePDPThread(OnapPDP pdp) {
2245 // send the current configuration to one PDP
2246 HttpURLConnection connection = null;
2247 // get a new logging context for the thread
2248 ONAPLoggingContext loggingContext = new ONAPLoggingContext(baseLoggingContext);
2250 loggingContext.setServiceName("PAP:PDP.putConfig");
2251 // If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP
2252 if ((requestId == null) || (requestId == "")) {
2253 UUID requestID = UUID.randomUUID();
2254 loggingContext.setRequestID(requestID.toString());
2255 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (UpdatePDPThread) so we generated one: " + loggingContext.getRequestID());
2257 loggingContext.setRequestID(requestId);
2258 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (UpdatePDPThread): " + loggingContext.getRequestID());
2260 loggingContext.transactionStarted();
2261 // the Id of the PDP is its URL
2262 if (LOGGER.isDebugEnabled()) {
2263 LOGGER.debug("creating url for id '" + pdp.getId() + "'");
2265 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2266 //TODO (need to change "cache=", implying getting some input saying which to change)
2267 URL url = new URL(pdp.getId() + "?cache=all");
2268 // Open up the connection
2269 connection = (HttpURLConnection)url.openConnection();
2270 // Setup our method and headers
2271 connection.setRequestMethod("PUT");
2273 String encoding = CheckPDP.getEncoding(pdp.getId());
2274 if(encoding !=null){
2275 connection.setRequestProperty("Authorization", "Basic " + encoding);
2277 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2278 connection.setRequestProperty("X-ECOMP-RequestID", loggingContext.getRequestID());
2279 connection.setInstanceFollowRedirects(true);
2280 connection.setDoOutput(true);
2281 try (OutputStream os = connection.getOutputStream()) {
2282 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
2283 // if the PDP was just deleted, there is no group, but we want to send an update anyway
2284 if (group == null) {
2285 // create blank properties files
2286 Properties policyProperties = new Properties();
2287 policyProperties.put(XACMLProperties.PROP_ROOTPOLICIES, "");
2288 policyProperties.put(XACMLProperties.PROP_REFERENCEDPOLICIES, "");
2289 policyProperties.store(os, "");
2290 Properties pipProps = new Properties();
2291 pipProps.setProperty(XACMLProperties.PROP_PIP_ENGINES, "");
2292 pipProps.store(os, "");
2294 // send properties from the current group
2295 group.getPolicyProperties().store(os, "");
2296 Properties policyLocations = new Properties();
2297 for (PDPPolicy policy : group.getPolicies()) {
2298 policyLocations.put(policy.getId() + ".url", XACMLPapServlet.papURL + "?id=" + policy.getId());
2300 policyLocations.store(os, "");
2301 group.getPipConfigProperties().store(os, "");
2303 } catch (Exception e) {
2304 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2305 // Since this is a server-side error, it probably does not reflect a problem on the client,
2306 // so do not change the PDP status.
2310 connection.connect();
2311 if (connection.getResponseCode() == 204) {
2312 LOGGER.info("Success. We are configured correctly.");
2313 loggingContext.transactionEnded();
2314 auditLogger.info("Success. PDP is configured correctly.");
2315 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2316 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
2317 } else if (connection.getResponseCode() == 200) {
2318 LOGGER.info("Success. PDP needs to update its configuration.");
2319 loggingContext.transactionEnded();
2320 auditLogger.info("Success. PDP needs to update its configuration.");
2321 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2322 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
2324 LOGGER.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2325 loggingContext.transactionEnded();
2326 auditLogger.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2327 PolicyLogger.audit("Transaction Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2328 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2330 } catch (Exception e) {
2331 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config with PDP '" + pdp.getId() + "'");
2332 loggingContext.transactionEnded();
2333 PolicyLogger.audit("Transaction Failed: Unable to sync config with PDP '" + pdp.getId() + "': " + e);
2335 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2336 } catch (PAPException e1) {
2337 PolicyLogger.audit("Transaction Failed: Unable to set status of PDP " + pdp.getId() + " to UNKNOWN: " + e);
2338 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to set status of PDP '" + pdp.getId() + "' to UNKNOWN");
2341 // cleanup the connection
2342 if(connection != null){
2343 connection.disconnect();
2345 // tell the AC to update it's status info
2352 * RESTful Interface from PAP to ACs notifying them of changes
2354 private void notifyAC() {
2355 // kick off a thread to do one event notification for all registered ACs
2356 // This needs to be on a separate thread so that ACs can make calls back to PAP to get the updated Group data
2357 // as part of processing this message on their end.
2358 Thread t = new Thread(new NotifyACThread());
2362 private class NotifyACThread implements Runnable {
2364 List<String> disconnectedACs = new ArrayList<>();
2365 // There should be no Concurrent exception here because the list is a CopyOnWriteArrayList.
2366 // The "for each" loop uses the collection's iterator under the covers, so it should be correct.
2367 for (String acURL : adminConsoleURLStringList) {
2368 HttpURLConnection connection = null;
2370 acURL += "?PAPNotification=true";
2371 //TODO - Currently we just tell AC that "Something changed" without being specific. Do we want to tell it which group/pdp changed?
2372 //TODO - If so, put correct parameters into the Query string here
2373 acURL += "&objectType=all" + "&action=update";
2374 if (LOGGER.isDebugEnabled()) {
2375 LOGGER.debug("creating url for id '" + acURL + "'");
2377 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2378 //TODO (need to change "cache=", implying getting some input saying which to change)
2379 URL url = new URL(acURL );
2380 // Open up the connection
2381 connection = (HttpURLConnection)url.openConnection();
2382 // Setup our method and headers
2383 connection.setRequestMethod("PUT");
2384 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2385 // Adding this in. It seems the HttpUrlConnection class does NOT
2386 // properly forward our headers for POST re-direction. It does so
2387 // for a GET re-direction.
2388 // So we need to handle this ourselves.
2389 //TODO - is this needed for a PUT? seems better to leave in for now?
2390 connection.setInstanceFollowRedirects(false);
2391 // Do not include any data in the PUT because this is just a
2392 // notification to the AC.
2393 // The AC will use GETs back to the PAP to get what it needs
2394 // to fill in the screens.
2396 connection.connect();
2397 if (connection.getResponseCode() == 204) {
2398 LOGGER.info("Success. We updated correctly.");
2400 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2403 } catch (Exception e) {
2404 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config AC '" + acURL + "'");
2405 disconnectedACs.add(acURL);
2407 // cleanup the connection
2408 if(connection != null)
2409 connection.disconnect();
2412 // remove any ACs that are no longer connected
2413 if (disconnectedACs.size() > 0) {
2414 adminConsoleURLStringList.removeAll(disconnectedACs);
2419 private void testService(ONAPLoggingContext loggingContext, HttpServletResponse response) throws IOException{
2420 LOGGER.info("Test request received");
2422 im.evaluateSanity();
2423 //If we make it this far, all is well
2424 String message = "GET:/pap/test called and PAP " + papResourceName + " is OK";
2425 LOGGER.info(message);
2426 loggingContext.transactionEnded();
2427 PolicyLogger.audit("Transaction Failed - See Error.log");
2428 response.setStatus(HttpServletResponse.SC_OK);
2430 }catch (ForwardProgressException fpe){
2431 //No forward progress is being made
2432 String message = "GET:/pap/test called and PAP " + papResourceName + " is not making forward progress."
2433 + " Exception Message: " + fpe.getMessage();
2434 LOGGER.info(message);
2435 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2436 loggingContext.transactionEnded();
2437 PolicyLogger.audit("Transaction Failed - See Error.log");
2438 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2440 }catch (AdministrativeStateException ase){
2441 //Administrative State is locked
2442 String message = "GET:/pap/test called and PAP " + papResourceName + " Administrative State is LOCKED "
2443 + " Exception Message: " + ase.getMessage();
2444 LOGGER.info(message);
2445 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2446 loggingContext.transactionEnded();
2447 PolicyLogger.audit("Transaction Failed - See Error.log");
2448 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2450 }catch (StandbyStatusException sse){
2451 //Administrative State is locked
2452 String message = "GET:/pap/test called and PAP " + papResourceName + " Standby Status is NOT PROVIDING SERVICE "
2453 + " Exception Message: " + sse.getMessage();
2454 LOGGER.info(message);
2455 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2456 loggingContext.transactionEnded();
2457 PolicyLogger.audit("Transaction Failed - See Error.log");
2458 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2460 }catch (Exception e) {
2461 //A subsystem is not making progress, is locked, standby or is not responding
2462 String eMsg = e.getMessage();
2464 eMsg = "No Exception Message";
2466 String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure."
2467 + " Exception Message: " + eMsg;
2468 LOGGER.info(message);
2469 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2470 loggingContext.transactionEnded();
2471 PolicyLogger.audit("Transaction Failed - See Error.log");
2472 //Get the specific list of subsystems that failed
2473 String ssFailureList = null;
2474 for(String failedSS : papDependencyGroupsFlatArray){
2475 if(eMsg.contains(failedSS)){
2476 if(ssFailureList == null){
2477 ssFailureList = failedSS;
2479 ssFailureList = ssFailureList.concat(","+failedSS);
2483 if(ssFailureList == null){
2484 ssFailureList = "UnknownSubSystem";
2486 response.addHeader("X-ONAP-SubsystemFailure", ssFailureList);
2487 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2493 * Authorizing the PEP Requests.
2495 private boolean authorizeRequest(HttpServletRequest request) {
2496 String clientCredentials = request.getHeader(ENVIRONMENT_HEADER);
2497 // Check if the Client is Authorized.
2498 if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){
2505 private static void loadWebapps() throws PAPException{
2506 if(actionHome == null || configHome == null){
2507 Path webappsPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS));
2509 if (webappsPath == null) {
2510 PolicyLogger.error("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2511 throw new PAPException("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2513 Path webappsPathConfig = Paths.get(webappsPath.toString()+File.separator+"Config");
2514 Path webappsPathAction = Paths.get(webappsPath.toString()+File.separator+"Action");
2515 if (Files.notExists(webappsPathConfig)) {
2517 Files.createDirectories(webappsPathConfig);
2518 } catch (IOException e) {
2519 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Failed to create config directory: "
2520 + webappsPathConfig.toAbsolutePath().toString());
2523 if (Files.notExists(webappsPathAction)) {
2525 Files.createDirectories(webappsPathAction);
2526 } catch (IOException e) {
2527 LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create config directory: "
2528 + webappsPathAction.toAbsolutePath().toString(), e);
2531 actionHome = webappsPathAction.toString();
2532 configHome = webappsPathConfig.toString();
2536 public static String getConfigHome(){
2539 } catch (PAPException e) {
2545 private static void setConfigHome(){
2546 configHome = getConfigHome();
2549 public static String getActionHome(){
2552 } catch (PAPException e) {
2558 private static void setActionHome(){
2559 actionHome = getActionHome();
2562 public static EntityManagerFactory getEmf() {
2566 public IntegrityAudit getIa() {
2570 public static String getPDPFile(){
2571 return XACMLPapServlet.pdpFile;
2574 public static String getPersistenceUnit(){
2575 return PERSISTENCE_UNIT;
2578 public static PAPPolicyEngine getPAPEngine(){
2582 public static PolicyDBDaoTransaction getDbDaoTransaction(){
2583 return policyDBDao.getNewTransaction();
2585 public static String getPapDbDriver() {
2589 public static void setPapDbDriver(String papDbDriver) {
2590 XACMLPapServlet.papDbDriver = papDbDriver;
2593 public static String getPapDbUrl() {
2597 public static void setPapDbUrl(String papDbUrl) {
2598 XACMLPapServlet.papDbUrl = papDbUrl;
2601 public static String getPapDbUser() {
2605 public static void setPapDbUser(String papDbUser) {
2606 XACMLPapServlet.papDbUser = papDbUser;
2609 public static String getPapDbPassword() {
2610 return papDbPassword;
2613 public static void setPapDbPassword(String papDbPassword) {
2614 XACMLPapServlet.papDbPassword = papDbPassword;
2617 public static String getMsOnapName() {
2621 public static void setMsOnapName(String msOnapName) {
2622 XACMLPapServlet.msOnapName = msOnapName;
2625 public static String getMsPolicyName() {
2626 return msPolicyName;
2629 public static void setMsPolicyName(String msPolicyName) {
2630 XACMLPapServlet.msPolicyName = msPolicyName;
Code Review / policy / engine.git / blob