2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest;
24 import java.io.FileInputStream;
25 import java.io.IOException;
26 import java.io.InputStream;
27 import java.io.OutputStream;
28 import java.io.UnsupportedEncodingException;
29 import java.net.ConnectException;
30 import java.net.HttpURLConnection;
31 import java.net.InetAddress;
32 import java.net.MalformedURLException;
33 import java.net.SocketTimeoutException;
35 import java.net.URLDecoder;
36 import java.net.UnknownHostException;
37 import java.nio.file.Files;
38 import java.nio.file.Path;
39 import java.nio.file.Paths;
40 import java.util.ArrayList;
41 import java.util.HashMap;
42 import java.util.HashSet;
43 import java.util.Iterator;
44 import java.util.List;
45 import java.util.Properties;
47 import java.util.UUID;
48 import java.util.concurrent.CopyOnWriteArrayList;
50 import javax.persistence.EntityManagerFactory;
51 import javax.persistence.Persistence;
52 import javax.persistence.PersistenceException;
53 import javax.servlet.Servlet;
54 import javax.servlet.ServletConfig;
55 import javax.servlet.ServletException;
56 import javax.servlet.annotation.WebInitParam;
57 import javax.servlet.annotation.WebServlet;
58 import javax.servlet.http.HttpServlet;
59 import javax.servlet.http.HttpServletRequest;
60 import javax.servlet.http.HttpServletResponse;
62 import org.apache.commons.io.IOUtils;
63 import org.onap.policy.common.ia.IntegrityAudit;
64 import org.onap.policy.common.im.AdministrativeStateException;
65 import org.onap.policy.common.im.ForwardProgressException;
66 import org.onap.policy.common.im.IntegrityMonitor;
67 import org.onap.policy.common.im.IntegrityMonitorProperties;
68 import org.onap.policy.common.im.StandbyStatusException;
69 import org.onap.policy.common.logging.ONAPLoggingContext;
70 import org.onap.policy.common.logging.ONAPLoggingUtils;
71 import org.onap.policy.common.logging.eelf.MessageCodes;
72 import org.onap.policy.common.logging.eelf.PolicyLogger;
73 import org.onap.policy.common.logging.flexlogger.FlexLogger;
74 import org.onap.policy.common.logging.flexlogger.Logger;
75 import org.onap.policy.pap.xacml.rest.components.PolicyDBDao;
76 import org.onap.policy.pap.xacml.rest.components.PolicyDBDaoTransaction;
77 import org.onap.policy.pap.xacml.rest.handler.APIRequestHandler;
78 import org.onap.policy.pap.xacml.rest.handler.PushPolicyHandler;
79 import org.onap.policy.pap.xacml.rest.handler.SavePolicyHandler;
80 import org.onap.policy.pap.xacml.restAuth.CheckPDP;
81 import org.onap.policy.rest.XACMLRest;
82 import org.onap.policy.rest.XACMLRestProperties;
83 import org.onap.policy.rest.dao.PolicyDBException;
84 import org.onap.policy.utils.PolicyUtils;
85 import org.onap.policy.xacml.api.XACMLErrorConstants;
86 import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
87 import org.onap.policy.xacml.api.pap.OnapPDP;
88 import org.onap.policy.xacml.api.pap.OnapPDPGroup;
89 import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
90 import org.onap.policy.xacml.std.pap.StdPAPPolicy;
91 import org.onap.policy.xacml.std.pap.StdPDP;
92 import org.onap.policy.xacml.std.pap.StdPDPGroup;
93 import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener;
94 import org.onap.policy.xacml.std.pap.StdPDPPolicy;
95 import org.onap.policy.xacml.std.pap.StdPDPStatus;
97 import com.att.research.xacml.api.pap.PAPException;
98 import com.att.research.xacml.api.pap.PDPPolicy;
99 import com.att.research.xacml.api.pap.PDPStatus;
100 import com.att.research.xacml.util.FactoryException;
101 import com.att.research.xacml.util.XACMLProperties;
102 import com.fasterxml.jackson.databind.ObjectMapper;
103 import com.google.common.base.Splitter;
106 * Servlet implementation class XacmlPapServlet
109 description = "Implements the XACML PAP RESTful API.",
110 urlPatterns = { "/" },
113 @WebInitParam(name = "XACML_PROPERTIES_NAME", value = "xacml.pap.properties", description = "The location of the properties file holding configuration information.")
115 public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeListener, Runnable {
116 private static final long serialVersionUID = 1L;
117 private static final Logger LOGGER = FlexLogger.getLogger(XACMLPapServlet.class);
118 // audit (transaction) LOGGER
119 private static final Logger auditLogger = FlexLogger.getLogger("auditLogger");
120 //Persistence Unit for JPA
121 private static final String PERSISTENCE_UNIT = "XACML-PAP-REST";
122 private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
124 private static final String ENVIRONMENT_HEADER = "Environment";
126 * List of Admin Console URLs.
127 * Used to send notifications when configuration changes.
129 * The CopyOnWriteArrayList *should* protect from concurrency errors.
130 * This list is seldom changed but often read, so the costs of this approach make sense.
132 private static final CopyOnWriteArrayList<String> adminConsoleURLStringList = new CopyOnWriteArrayList<>();
134 private static String configHome;
135 private static String actionHome;
137 * This PAP instance's own URL.
138 * Need this when creating URLs to send to the PDPs so they can GET the Policy files from this process.
140 private static String papURL = null;
141 // The heartbeat thread.
142 private static Heartbeat heartbeat = null;
143 private static Thread heartbeatThread = null;
144 //The entity manager factory for JPA access
145 private static EntityManagerFactory emf;
146 private static PolicyDBDao policyDBDao;
148 * papEngine - This is our engine workhorse that manages the PDP Groups and Nodes.
150 private static PAPPolicyEngine papEngine = null;
152 * These are the parameters needed for DB access from the PAP
154 private static int papIntegrityAuditPeriodSeconds = -1;
155 private static String papDbDriver = null;
156 private static String papDbUrl = null;
157 private static String papDbUser = null;
158 private static String papDbPassword = null;
159 private static String papResourceName = null;
160 private static String[] papDependencyGroupsFlatArray = null;
161 private static String environment = null;
162 private static String pdpFile = null;
164 private transient IntegrityMonitor im;
165 private transient IntegrityAudit ia;
167 //MicroService Model Properties
168 private static String msOnapName;
169 private static String msPolicyName;
171 * This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when
172 * this servlet starts. Its configurable by the admin.
174 private static transient Thread initiateThread = null;
175 private transient ONAPLoggingContext baseLoggingContext = null;
178 * @see HttpServlet#HttpServlet()
180 public XACMLPapServlet() {
185 * @see Servlet#init(ServletConfig)
187 public void init(ServletConfig config) throws ServletException {
190 baseLoggingContext = new ONAPLoggingContext();
191 // fixed data that will be the same in all logging output goes here
193 String hostname = InetAddress.getLocalHost().getCanonicalHostName();
194 baseLoggingContext.setServer(hostname);
195 } catch (UnknownHostException e) {
196 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get hostname for logging", e);
199 XACMLRest.xacmlInit(config);
200 // Load the properties
201 XACMLRest.loadXacmlProperties(null, null);
203 * Retrieve the property values
205 setCommonProperties();
206 String papSiteName = XACMLProperties.getProperty(XACMLRestProperties.PAP_SITE_NAME);
207 if(papSiteName == null){
208 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papSiteName property entry");
209 throw new PAPException("papSiteName is null");
211 String papNodeType = XACMLProperties.getProperty(XACMLRestProperties.PAP_NODE_TYPE);
212 if(papNodeType == null){
213 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papNodeType property entry");
214 throw new PAPException("papNodeType is null");
216 //Integer will throw an exception of anything is missing or unrecognized
217 int papTransWait = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT));
218 int papTransTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT));
219 int papAuditTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_TIMEOUT));
220 //Boolean will default to false if anything is missing or unrecognized
221 boolean papAuditFlag = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG));
222 boolean papFileSystemAudit = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_FLAG));
223 String papDependencyGroups = XACMLProperties.getProperty(XACMLRestProperties.PAP_DEPENDENCY_GROUPS);
224 if(papDependencyGroups == null){
225 throw new PAPException("papDependencyGroups is null");
227 setPAPDependencyGroups(papDependencyGroups);
228 //Integer will throw an exception of anything is missing or unrecognized
229 int fpMonitorInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FP_MONITOR_INTERVAL));
230 int failedCounterThreshold = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FAILED_COUNTER_THRESHOLD));
231 int testTransInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.TEST_TRANS_INTERVAL));
232 int writeFpcInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.WRITE_FPC_INTERVAL));
233 LOGGER.debug("\n\n\n**************************************"
234 + "\n*************************************"
236 + "\n papDbDriver = " + papDbDriver
237 + "\n papDbUrl = " + papDbUrl
238 + "\n papDbUser = " + papDbUser
239 + "\n papDbPassword = " + papDbPassword
240 + "\n papTransWait = " + papTransWait
241 + "\n papTransTimeout = " + papTransTimeout
242 + "\n papAuditTimeout = " + papAuditTimeout
243 + "\n papAuditFlag = " + papAuditFlag
244 + "\n papFileSystemAudit = " + papFileSystemAudit
245 + "\n papResourceName = " + papResourceName
246 + "\n fpMonitorInterval = " + fpMonitorInterval
247 + "\n failedCounterThreshold = " + failedCounterThreshold
248 + "\n testTransInterval = " + testTransInterval
249 + "\n writeFpcInterval = " + writeFpcInterval
250 + "\n papSiteName = " + papSiteName
251 + "\n papNodeType = " + papNodeType
252 + "\n papDependencyGroupsList = " + papDependencyGroups
253 + "\n papIntegrityAuditPeriodSeconds = " + papIntegrityAuditPeriodSeconds
254 + "\n\n*************************************"
255 + "\n**************************************");
256 // Pull custom persistence settings
257 Properties properties;
259 properties = XACMLProperties.getProperties();
260 LOGGER.debug("\n\n\n**************************************"
261 + "\n**************************************"
263 + "properties = " + properties
264 + "\n\n**************************************");
265 } catch (IOException e) {
266 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " Error loading properties with: "
267 + "XACMLProperties.getProperties()");
268 throw new ServletException(e.getMessage(), e.getCause());
270 // Create an IntegrityMonitor
271 im = IntegrityMonitor.getInstance(papResourceName,properties);
272 // Create an IntegrityAudit
273 ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
274 ia.startAuditThread();
275 // Create the entity manager factory
277 // we are about to call the PDPs and give them their configuration.
278 // To do that we need to have the URL of this PAP so we can construct the Policy file URLs
279 setPAPURL(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL));
280 //Create the policyDBDao
282 // Load our PAP engine, first create a factory
283 ONAPPapEngineFactory factory = ONAPPapEngineFactory.newInstance(XACMLProperties.getProperty(XACMLProperties.PROP_PAP_PAPENGINEFACTORY));
284 // The factory knows how to go about creating a PAP Engine
285 setPAPEngine((PAPPolicyEngine) factory.newEngine());
286 PolicyDBDaoTransaction addNewGroup = null;
287 if (((org.onap.policy.xacml.std.pap.StdEngine) papEngine).wasDefaultGroupJustAdded) {
289 addNewGroup = policyDBDao.getNewTransaction();
290 OnapPDPGroup group = papEngine.getDefaultGroup();
291 addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(),
292 "automaticallyAdded");
293 addNewGroup.commitTransaction();
294 addNewGroup = policyDBDao.getNewTransaction();
295 addNewGroup.changeDefaultGroup(group, "automaticallyAdded");
296 addNewGroup.commitTransaction();
297 } catch (Exception e) {
298 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet",
299 " Error creating new default group in the database");
300 if (addNewGroup != null) {
301 addNewGroup.rollbackTransaction();
305 policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine);
306 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){
307 //get an AuditTransaction to lock out all other transactions
308 PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction();
309 policyDBDao.auditLocalDatabase(XACMLPapServlet.papEngine);
310 //release the transaction lock
314 // Sanity check for URL.
315 if (XACMLPapServlet.papURL == null) {
316 throw new PAPException("The property " + XACMLRestProperties.PROP_PAP_URL + " is not valid: " + XACMLPapServlet.papURL);
318 // Configurable - have the PAP servlet initiate sending the latest PDP policy/pip configuration
319 // to all its known PDP nodes.
320 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_INITIATE_PDP_CONFIG))) {
321 startInitiateThreadService(new Thread(this));
323 // After startup, the PAP does Heartbeat's to each of the PDPs periodically
324 startHeartBeatService(new Heartbeat((PAPPolicyEngine) XACMLPapServlet.papEngine));
326 } catch (FactoryException | PAPException e) {
327 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine");
328 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; error: "+e);
329 } catch (Exception e) {
330 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine - unexpected error");
331 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; unexpected error: "+e);
335 private static void startInitiateThreadService(Thread thread) {
336 initiateThread = thread;
337 initiateThread.start();
340 private static void startHeartBeatService(Heartbeat heartbeat) {
341 XACMLPapServlet.heartbeat = heartbeat;
342 XACMLPapServlet.heartbeatThread = new Thread(XACMLPapServlet.heartbeat);
343 XACMLPapServlet.heartbeatThread.start();
346 private static void setPolicyDBDao() throws ServletException {
348 policyDBDao = PolicyDBDao.getPolicyDBDaoInstance(getEmf());
349 } catch (Exception e) {
350 throw new ServletException("Unable to Create Policy DBDao Instance",e);
354 private static void setEMF(Properties properties) throws ServletException {
355 emf = Persistence.createEntityManagerFactory(PERSISTENCE_UNIT, properties);
357 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager factory with persistence unit: "
359 throw new ServletException("Unable to create Entity Manager Factory");
363 private static void setPAPURL(String papURL) {
364 XACMLPapServlet.papURL = papURL;
367 private static void setPAPEngine(PAPPolicyEngine newEngine) {
368 XACMLPapServlet.papEngine = newEngine;
371 private static void setPAPDependencyGroups(String papDependencyGroups) throws PAPException {
373 //Now we have flattened the array into a simple comma-separated list
374 papDependencyGroupsFlatArray = papDependencyGroups.split("[;,]");
375 //clean up the entries
376 for (int i = 0 ; i < papDependencyGroupsFlatArray.length ; i ++){
377 papDependencyGroupsFlatArray[i] = papDependencyGroupsFlatArray[i].trim();
380 if(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS) != null){
381 papIntegrityAuditPeriodSeconds = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS).trim());
384 String msg = "integrity_audit_period_seconds ";
385 LOGGER.error("\n\nERROR: " + msg + "Bad property entry: " + e.getMessage() + "\n");
386 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: " + msg +"Bad property entry");
390 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry");
391 throw new PAPException(e);
395 private static void setCommonProperties() throws PAPException {
398 papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER);
399 if(papDbDriver == null){
400 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbDriver property entry");
401 throw new PAPException("papDbDriver is null");
403 setPapDbDriver(papDbDriver);
404 papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL);
405 if(papDbUrl == null){
406 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUrl property entry");
407 throw new PAPException("papDbUrl is null");
409 setPapDbUrl(papDbUrl);
410 papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER);
411 if(papDbUser == null){
412 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUser property entry");
413 throw new PAPException("papDbUser is null");
415 setPapDbUser(papDbUser);
416 papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD);
417 if(papDbPassword == null){
418 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
419 throw new PAPException("papDbPassword is null");
421 setPapDbPassword(papDbPassword);
422 papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME);
423 if(papResourceName == null){
424 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papResourceName property entry");
425 throw new PAPException("papResourceName is null");
427 environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
428 //Micro Service Properties
429 msOnapName=XACMLProperties.getProperty("xacml.policy.msOnapName");
430 setMsOnapName(msOnapName);
431 msPolicyName=XACMLProperties.getProperty("xacml.policy.msPolicyName");
432 setMsPolicyName(msPolicyName);
433 // PDPId File location
434 XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE);
435 if (XACMLPapServlet.pdpFile == null) {
436 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " The PDP Id Authentication File Property is not valid: "
437 + XACMLRestProperties.PROP_PDP_IDFILE);
438 throw new PAPException("The PDP Id Authentication File Property :"+ XACMLRestProperties.PROP_PDP_IDFILE+ " is not Valid. ");
443 * Thread used only during PAP startup to initiate change messages to all known PDPs.
444 * This must be on a separate thread so that any GET requests from the PDPs during this update can be serviced.
448 // send the current configuration to all the PDPs that we know about
453 * @see Servlet#destroy()
455 * Depending on how this servlet is run, we may or may not care about cleaning up the resources.
456 * For now we assume that we do care.
459 public void destroy() {
460 // Make sure our threads are destroyed
461 if (XACMLPapServlet.heartbeatThread != null) {
462 // stop the heartbeat
464 if (XACMLPapServlet.heartbeat != null) {
465 XACMLPapServlet.heartbeat.terminate();
467 XACMLPapServlet.heartbeatThread.interrupt();
468 XACMLPapServlet.heartbeatThread.join();
469 } catch (InterruptedException e) {
470 XACMLPapServlet.heartbeatThread.interrupt();
471 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping heartbeat");
474 if (initiateThread != null) {
476 initiateThread.interrupt();
477 initiateThread.join();
478 } catch (InterruptedException e) {
479 initiateThread.interrupt();
480 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping thread");
487 * - PDP nodes to register themselves with the PAP, and
488 * - Admin Console to make changes in the PDP Groups.
490 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
492 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
493 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
494 loggingContext.transactionStarted();
495 loggingContext.setServiceName("PAP.post");
496 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
497 UUID requestID = UUID.randomUUID();
498 loggingContext.setRequestID(requestID.toString());
499 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPost) so we generated one");
501 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)");
503 PolicyDBDaoTransaction pdpTransaction = null;
505 im.startTransaction();
506 } catch (AdministrativeStateException ae){
507 String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
508 + " state of " + im.getStateManager().getAdminState()
509 + "\n Exception Message: " + ae.getMessage();
510 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae);
511 loggingContext.transactionEnded();
512 PolicyLogger.audit("Transaction Failed - See Error.log");
513 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
515 }catch (StandbyStatusException se) {
516 String message = "POST interface called for PAP " + papResourceName + " but it has a Standby Status"
517 + " of " + im.getStateManager().getStandbyStatus()
518 + "\n Exception Message: " + se.getMessage();
519 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, se);
520 loggingContext.transactionEnded();
521 PolicyLogger.audit("Transaction Failed - See Error.log");
522 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
526 XACMLRest.dumpRequest(request);
527 // since getParameter reads the content string, explicitly get the content before doing that.
528 // Simply getting the inputStream seems to protect it against being consumed by getParameter.
529 request.getInputStream();
530 String groupId = request.getParameter("groupId");
531 String apiflag = request.getParameter("apiflag");
532 if(groupId != null) {
533 // Is this from the Admin Console or API?
534 if(apiflag!=null && apiflag.equalsIgnoreCase("api")) {
535 // this is from the API so we need to check the client credentials before processing the request
536 if(!authorizeRequest(request)){
537 String message = "PEP not Authorized for making this Request!!";
538 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
539 loggingContext.transactionEnded();
540 PolicyLogger.audit("Transaction Failed - See Error.log");
541 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
546 doACPost(request, response, groupId, loggingContext);
547 loggingContext.transactionEnded();
548 PolicyLogger.audit("Transaction Ended Successfully");
552 // Request is from a PDP asking for its config.
553 loggingContext.setServiceName("PDP:PAP.register");
555 String id = this.getPDPID(request);
556 String jmxport = this.getPDPJMX(request);
557 LOGGER.info("Request(doPost) from PDP coming up: " + id);
558 // Get the PDP Object
559 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
562 LOGGER.info("Unknown PDP: " + id);
564 if(CheckPDP.validateID(id)){
565 pdpTransaction = policyDBDao.getNewTransaction();
567 pdpTransaction.addPdpToGroup(id, XACMLPapServlet.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister");
568 XACMLPapServlet.papEngine.newPDP(id, XACMLPapServlet.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport));
569 } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException | PolicyDBException e) {
570 pdpTransaction.rollbackTransaction();
571 String message = "Failed to create new PDP for id: " + id;
572 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message);
573 loggingContext.transactionEnded();
574 PolicyLogger.audit("Transaction Failed - See Error.log");
575 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
579 // get the PDP we just created
581 pdp = XACMLPapServlet.papEngine.getPDP(id);
582 }catch(PAPException e){
586 if(pdpTransaction != null){
587 pdpTransaction.rollbackTransaction();
589 String message = "Failed to create new PDP for id: " + id;
590 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
591 loggingContext.transactionEnded();
592 PolicyLogger.audit("Transaction Failed - See Error.log");
593 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
598 String message = "PDP is Unauthorized to Connect to PAP: "+ id;
599 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
600 loggingContext.transactionEnded();
601 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration.");
602 PolicyLogger.audit("Transaction Failed - See Error.log");
607 pdpTransaction.commitTransaction();
608 } catch(Exception e){
609 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database");
612 if (jmxport != null && jmxport != ""){
614 ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport));
615 }catch(NumberFormatException e){
619 // Get the PDP's Group
620 OnapPDPGroup group =null;
622 group= XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
623 }catch(PAPException e){
627 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " PDP not associated with any group, even the default");
628 loggingContext.transactionEnded();
629 PolicyLogger.audit("Transaction Failed - See Error.log");
630 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not associated with any group, even the default");
634 // Determine what group the PDP node is in and get
635 // its policy/pip properties.
636 Properties policies = group.getPolicyProperties();
637 Properties pipconfig = group.getPipConfigProperties();
638 // Get the current policy/pip configuration that the PDP has
639 Properties pdpProperties = new Properties();
641 pdpProperties.load(request.getInputStream());
642 }catch(IOException e){
645 LOGGER.info("PDP Current Properties: " + pdpProperties.toString());
646 LOGGER.info("Policies: " + (policies != null ? policies.toString() : "null"));
647 LOGGER.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null"));
648 // Validate the node's properties
649 boolean isCurrent = this.isPDPCurrent(policies, pipconfig, pdpProperties);
650 // Send back current configuration
651 if (isCurrent == false) {
652 // Tell the PDP we are sending back the current policies/pip config
653 LOGGER.info("PDP configuration NOT current.");
654 if (policies != null) {
655 // Put URL's into the properties in case the PDP needs to
657 this.populatePolicyURL(request.getRequestURL(), policies);
658 // Copy the properties to the output stream
660 policies.store(response.getOutputStream(), "");
661 }catch(IOException e){
665 if (pipconfig != null) {
666 // Copy the properties to the output stream
668 pipconfig.store(response.getOutputStream(), "");
669 }catch(IOException e){
673 // We are good - and we are sending them information
674 response.setStatus(HttpServletResponse.SC_OK);
676 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
677 }catch(PAPException e){
681 // Tell them they are good
682 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
684 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
685 }catch(PAPException e){
689 // tell the AC that something changed
691 loggingContext.transactionEnded();
692 auditLogger.info("Success");
693 PolicyLogger.audit("Transaction Ended Successfully");
694 } catch (PAPException | IOException | NumberFormatException e) {
695 if(pdpTransaction != null){
696 pdpTransaction.rollbackTransaction();
698 LOGGER.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e);
699 loggingContext.transactionEnded();
700 PolicyLogger.audit("Transaction Failed - See Error.log");
701 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
705 //Catch anything that fell through
706 loggingContext.transactionEnded();
707 PolicyLogger.audit("Transaction Ended");
711 private void setResponseError(HttpServletResponse response,int responseCode, String message) {
713 response.sendError(responseCode, message);
714 } catch (IOException e) {
715 LOGGER.error("Error setting Error response Header ", e);
721 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
723 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
724 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
725 loggingContext.transactionStarted();
726 loggingContext.setServiceName("PAP.get");
727 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
728 UUID requestID = UUID.randomUUID();
729 loggingContext.setRequestID(requestID.toString());
730 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doGet) so we generated one");
732 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)");
735 XACMLRest.dumpRequest(request);
736 String pathInfo = request.getRequestURI();
737 LOGGER.info("path info: " + pathInfo);
738 if (pathInfo != null){
739 //DO NOT do a im.startTransaction for the test request
740 if (pathInfo.equals("/pap/test")) {
742 testService(loggingContext, response);
743 } catch (IOException e) {
749 //This im.startTransaction() covers all other Get transactions
751 im.startTransaction();
752 } catch (AdministrativeStateException ae){
753 String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative"
754 + " state of " + im.getStateManager().getAdminState()
755 + "\n Exception Message: " + ae.getMessage();
756 LOGGER.info(message, ae);
757 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
758 loggingContext.transactionEnded();
759 PolicyLogger.audit("Transaction Failed - See Error.log");
760 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
762 }catch (StandbyStatusException se) {
763 String message = "GET interface called for PAP " + papResourceName + " but it has a Standby Status"
764 + " of " + im.getStateManager().getStandbyStatus()
765 + "\n Exception Message: " + se.getMessage();
766 LOGGER.info(message, se);
767 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
768 loggingContext.transactionEnded();
769 PolicyLogger.audit("Transaction Failed - See Error.log");
770 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
773 // Request from the API to get the gitPath
774 String apiflag = request.getParameter("apiflag");
776 if(authorizeRequest(request)){
777 APIRequestHandler apiRequestHandler = new APIRequestHandler();
778 apiRequestHandler.doGet(request,response, apiflag);
779 loggingContext.transactionEnded();
780 PolicyLogger.audit("Transaction Ended Successfully");
784 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
785 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
786 loggingContext.transactionEnded();
787 PolicyLogger.audit("Transaction Failed - See Error.log");
788 setResponseError(response, HttpServletResponse.SC_FORBIDDEN, message);
793 // Is this from the Admin Console?
794 String groupId = request.getParameter("groupId");
795 if (groupId != null) {
796 // this is from the Admin Console, so handle separately
797 doACGet(request, response, groupId, loggingContext);
798 loggingContext.transactionEnded();
799 PolicyLogger.audit("Transaction Ended Successfully");
804 String id = this.getPDPID(request);
805 LOGGER.info("doGet from: " + id);
806 // Get the PDP Object
809 pdp = XACMLPapServlet.papEngine.getPDP(id);
810 }catch(PAPException e){
815 // Check if request came from localhost
816 if (request.getRemoteHost().equals("localhost") ||
817 request.getRemoteHost().equals(request.getLocalAddr())) {
818 // Return status information - basically all the groups
819 loggingContext.setServiceName("PAP.getGroups");
820 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
821 // convert response object to JSON and include in the response
822 ObjectMapper mapper = new ObjectMapper();
823 mapper.writeValue(response.getOutputStream(), groups);
824 response.setHeader("content-type", "application/json");
825 response.setStatus(HttpServletResponse.SC_OK);
826 loggingContext.transactionEnded();
827 PolicyLogger.audit("Transaction Ended Successfully");
831 String message = "Unknown PDP: " + id + " from " + request.getRemoteHost() + " us: " + request.getLocalAddr();
832 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
833 loggingContext.transactionEnded();
834 PolicyLogger.audit("Transaction Failed - See Error.log");
835 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
839 loggingContext.setServiceName("PAP.getPolicy");
840 // Get the PDP's Group
841 OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
843 String message = "No group associated with pdp " + pdp.getId();
844 LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message);
845 loggingContext.transactionEnded();
846 PolicyLogger.audit("Transaction Failed - See Error.log");
847 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
851 // Which policy do they want?
852 String policyId = request.getParameter("id");
853 if (policyId == null) {
854 String message = "Did not specify an id for the policy";
855 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
856 loggingContext.transactionEnded();
857 PolicyLogger.audit("Transaction Failed - See Error.log");
858 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
862 PDPPolicy policy = group.getPolicy(policyId);
863 if (policy == null) {
864 String message = "Unknown policy: " + policyId;
865 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
866 loggingContext.transactionEnded();
867 PolicyLogger.audit("Transaction Failed - See Error.log");
868 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
872 LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n "
873 + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString());
874 try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) {
875 // Send the policy back
876 IOUtils.copy(is, os);
877 response.setStatus(HttpServletResponse.SC_OK);
878 loggingContext.transactionEnded();
879 auditLogger.info("Success");
880 PolicyLogger.audit("Transaction Ended Successfully");
881 } catch (IOException e) {
882 String message = "Failed to open policy id " + policyId;
884 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
885 loggingContext.transactionEnded();
886 PolicyLogger.audit("Transaction Failed - See Error.log");
887 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
889 } catch (PAPException | IOException e) {
891 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception");
892 loggingContext.transactionEnded();
893 PolicyLogger.audit("Transaction Failed - See Error.log");
894 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
898 loggingContext.transactionEnded();
899 PolicyLogger.audit("Transaction Ended");
904 * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
906 protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
907 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
908 loggingContext.transactionStarted();
909 loggingContext.setServiceName("PAP.put");
910 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
911 UUID requestID = UUID.randomUUID();
912 loggingContext.setRequestID(requestID.toString());
913 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPut) so we generated one");
915 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)");
918 im.startTransaction();
919 } catch (AdministrativeStateException | StandbyStatusException e) {
920 String message = "PUT interface called for PAP " + papResourceName;
921 if (e instanceof AdministrativeStateException) {
922 message += " but it has an Administrative state of "
923 + im.getStateManager().getAdminState();
924 } else if (e instanceof StandbyStatusException) {
925 message += " but it has a Standby Status of "
926 + im.getStateManager().getStandbyStatus();
929 message += "\n Exception Message: " + e.getMessage();
931 LOGGER.info(message, e);
932 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
933 loggingContext.transactionEnded();
934 PolicyLogger.audit("Transaction Failed - See Error.log");
935 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
939 XACMLRest.dumpRequest(request);
940 //need to check if request is from the API or Admin console
941 String apiflag = request.getParameter("apiflag");
942 //This would occur if a PolicyDBDao notification was received
943 String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
944 if(policyDBDaoRequestUrl != null){
945 String policyDBDaoRequestEntityId = request.getParameter("entityid");
946 //String policyDBDaoRequestEntityType = request.getParameter("entitytype");
947 String policyDBDaoRequestEntityType = request.getParameter("entitytype");
948 String policyDBDaoRequestExtraData = request.getParameter("extradata");
949 if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){
950 setResponseError(response,400, "entityid or entitytype not supplied");
951 loggingContext.transactionEnded();
952 PolicyLogger.audit("Transaction Ended Successfully");
956 policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
957 response.setStatus(200);
958 loggingContext.transactionEnded();
959 PolicyLogger.audit("Transaction Ended Successfully");
964 * Request for ImportService
966 String importService = request.getParameter("importService");
967 if (importService != null) {
968 if(authorizeRequest(request)){
969 APIRequestHandler apiRequestHandler = new APIRequestHandler();
970 apiRequestHandler.doPut(request, response, importService);
974 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
975 LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
976 loggingContext.transactionEnded();
977 PolicyLogger.audit("Transaction Failed - See Error.log");
978 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
982 //This would occur if we received a notification of a policy rename from AC
983 String oldPolicyName = request.getParameter("oldPolicyName");
984 String newPolicyName = request.getParameter("newPolicyName");
985 if(oldPolicyName != null && newPolicyName != null){
986 if(LOGGER.isDebugEnabled()){
987 LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding"
988 + "\npolicyToCreateUpdate = " + " ");
992 oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8");
993 newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8");
994 if(LOGGER.isDebugEnabled()){
995 LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding"
996 + "\npolicyToCreateUpdate = " + " ");
998 } catch(UnsupportedEncodingException e){
999 PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
1000 + "\npolicyToCreateUpdate = " + " ");
1001 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToCreateUpdate encoding not supported"
1002 + "\nfailure with the following exception: " + e);
1003 loggingContext.transactionEnded();
1004 PolicyLogger.audit("Transaction Failed - See error.log");
1005 im.endTransaction();
1008 //send it to PolicyDBDao
1009 PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction();
1011 renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
1012 }catch(Exception e){
1013 renameTransaction.rollbackTransaction();
1014 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
1015 + "\nfailure with the following exception: " + e);
1016 loggingContext.transactionEnded();
1017 PolicyLogger.audit("Transaction Failed - See error.log");
1018 im.endTransaction();
1021 renameTransaction.commitTransaction();
1022 response.setStatus(HttpServletResponse.SC_OK);
1023 loggingContext.transactionEnded();
1024 PolicyLogger.audit("Transaction Ended Successfully");
1025 im.endTransaction();
1029 // See if this is Admin Console registering itself with us
1031 String acURLString = request.getParameter("adminConsoleURL");
1032 if (acURLString != null) {
1033 loggingContext.setServiceName("AC:PAP.register");
1034 // remember this Admin Console for future updates
1035 if ( ! adminConsoleURLStringList.contains(acURLString)) {
1036 adminConsoleURLStringList.add(acURLString);
1038 if (LOGGER.isDebugEnabled()) {
1039 LOGGER.debug("Admin Console registering with URL: " + acURLString);
1041 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1042 loggingContext.transactionEnded();
1043 auditLogger.info("Success");
1044 PolicyLogger.audit("Transaction Ended Successfully");
1045 im.endTransaction();
1049 * This is to update the PDP Group with the policy/policies being pushed
1050 * Part of a 2 step process to push policies to the PDP that can now be done
1051 * From both the Admin Console and the PolicyEngine API
1053 String groupId = request.getParameter("groupId");
1054 if (groupId != null) {
1056 if(!authorizeRequest(request)){
1057 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1058 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1059 loggingContext.transactionEnded();
1060 PolicyLogger.audit("Transaction Failed - See Error.log");
1061 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1064 if(apiflag.equalsIgnoreCase("addPolicyToGroup")){
1065 updateGroupsFromAPI(request, response, groupId, loggingContext);
1066 loggingContext.transactionEnded();
1067 PolicyLogger.audit("Transaction Ended Successfully");
1068 im.endTransaction();
1072 // this is from the Admin Console, so handle separately
1073 doACPut(request, response, groupId, loggingContext);
1074 loggingContext.transactionEnded();
1075 PolicyLogger.audit("Transaction Ended Successfully");
1076 im.endTransaction();
1080 // Request is for policy validation and creation
1082 if (apiflag != null && apiflag.equalsIgnoreCase("admin")){
1083 // this request is from the Admin Console
1084 SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance();
1085 savePolicyHandler.doPolicyAPIPut(request, response);
1086 loggingContext.transactionEnded();
1087 PolicyLogger.audit("Transaction Ended Successfully");
1088 im.endTransaction();
1090 } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) {
1091 // this request is from the Policy Creation API
1092 if(authorizeRequest(request)){
1093 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1094 apiRequestHandler.doPut(request, response, request.getHeader("ClientScope"));
1095 loggingContext.transactionEnded();
1096 PolicyLogger.audit("Transaction Ended Successfully");
1097 im.endTransaction();
1100 String message = "PEP not Authorized for making this Request!!";
1101 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1102 loggingContext.transactionEnded();
1103 PolicyLogger.audit("Transaction Failed - See Error.log");
1104 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1105 im.endTransaction();
1109 // We do not expect anything from anywhere else.
1110 // This method is here in case we ever need to support other operations.
1111 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag");
1112 loggingContext.transactionEnded();
1113 PolicyLogger.audit("Transaction Failed - See Error.log");
1114 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
1115 loggingContext.transactionEnded();
1116 PolicyLogger.audit("Transaction Failed - See error.log");
1117 im.endTransaction();
1121 * @see HttpServlet#doDelete(HttpServletRequest request, HttpServletResponse response)
1123 protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
1124 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
1125 loggingContext.transactionStarted();
1126 loggingContext.setServiceName("PAP.delete");
1127 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
1128 UUID requestID = UUID.randomUUID();
1129 loggingContext.setRequestID(requestID.toString());
1130 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doDelete) so we generated one");
1132 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)");
1135 im.startTransaction();
1136 } catch (AdministrativeStateException ae){
1137 String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative"
1138 + " state of " + im.getStateManager().getAdminState()
1139 + "\n Exception Message: " + ae.getMessage();
1140 LOGGER.info(message, ae);
1141 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1142 loggingContext.transactionEnded();
1143 PolicyLogger.audit("Transaction Failed - See Error.log");
1144 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1146 }catch (StandbyStatusException se) {
1147 String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
1148 + " of " + im.getStateManager().getStandbyStatus()
1149 + "\n Exception Message: " + se.getMessage();
1150 LOGGER.info(message, se);
1151 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1152 loggingContext.transactionEnded();
1153 PolicyLogger.audit("Transaction Failed - See Error.log");
1154 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1157 XACMLRest.dumpRequest(request);
1158 String groupId = request.getParameter("groupId");
1159 String apiflag = request.getParameter("apiflag");
1160 if (groupId != null) {
1161 // Is this from the Admin Console or API?
1163 if(!authorizeRequest(request)){
1164 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1165 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1166 loggingContext.transactionEnded();
1167 PolicyLogger.audit("Transaction Failed - See Error.log");
1168 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1171 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1173 apiRequestHandler.doDelete(request, response, loggingContext, apiflag);
1174 } catch (Exception e) {
1175 LOGGER.error("Exception Occured"+e);
1177 if(apiRequestHandler.getNewGroup()!=null){
1178 groupChanged(apiRequestHandler.getNewGroup());
1182 // this is from the Admin Console, so handle separately
1183 doACDelete(request, response, groupId, loggingContext);
1184 loggingContext.transactionEnded();
1185 PolicyLogger.audit("Transaction Ended Successfully");
1186 im.endTransaction();
1189 //Catch anything that fell through
1190 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId");
1191 loggingContext.transactionEnded();
1192 PolicyLogger.audit("Transaction Failed - See Error.log");
1193 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
1194 im.endTransaction();
1197 private boolean isPDPCurrent(Properties policies, Properties pipconfig, Properties pdpProperties) {
1198 String localRootPolicies = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1199 String localReferencedPolicies = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1200 if (localRootPolicies == null || localReferencedPolicies == null) {
1201 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing property on PAP server: RootPolicies="+localRootPolicies+" ReferencedPolicies="+localReferencedPolicies);
1204 // Compare the policies and pipconfig properties to the pdpProperties
1206 // the policy properties includes only xacml.rootPolicies and
1207 // xacml.referencedPolicies without any .url entries
1208 Properties pdpPolicies = XACMLProperties.getPolicyProperties(pdpProperties, false);
1209 Properties pdpPipConfig = XACMLProperties.getPipProperties(pdpProperties);
1210 if (localRootPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_ROOTPOLICIES)) &&
1211 localReferencedPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)) &&
1212 pdpPipConfig.equals(pipconfig)) {
1213 // The PDP is current
1216 } catch (Exception e) {
1217 // we get here if the PDP did not include either xacml.rootPolicies or xacml.pip.engines,
1218 // or if there are policies that do not have a corresponding ".url" property.
1219 // Either of these cases means that the PDP is not up-to-date, so just drop-through to return false.
1220 PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPapServlet", " PDP Error");
1225 private void populatePolicyURL(StringBuffer urlPath, Properties policies) {
1226 String lists[] = new String[2];
1227 lists[0] = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1228 lists[1] = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1229 for (String list : lists) {
1230 if (list != null && list.isEmpty() == false) {
1231 for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(list)) {
1232 String url = urlPath + "?id=" + id;
1233 LOGGER.info("Policy URL for " + id + ": " + url);
1234 policies.setProperty(id + ".url", url);
1240 protected String getPDPID(HttpServletRequest request) {
1241 String pdpURL = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_ID);
1242 if (pdpURL == null || pdpURL.isEmpty()) {
1243 // Should send back its port for identification
1244 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header");
1250 protected String getPDPJMX(HttpServletRequest request) {
1251 String pdpJMMX = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_JMX_PORT);
1252 if (pdpJMMX == null || pdpJMMX.isEmpty()) {
1253 // Should send back its port for identification
1254 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header for JMX Port so the value of 0 is assigned");
1261 * Requests from the PolicyEngine API to update the PDP Group with pushed policy
1266 * @param loggingContext
1267 * @throws ServletException
1268 * @throws IOException
1270 public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1271 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1273 // for PUT operations the group may or may not need to exist before the operation can be done
1274 StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId);
1275 // get the request input stream content into a String
1277 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1278 scanner.useDelimiter("\\A");
1279 json = scanner.hasNext() ? scanner.next() : "";
1281 PolicyLogger.info("JSON request from PolicyEngine API: " + json);
1282 // convert Object sent as JSON into local object
1283 StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class);
1284 Set<PDPPolicy> policies = new HashSet<>();
1286 policies.add(policy);
1288 //Get the current policies from the Group and Add the new one
1289 Set<PDPPolicy> currentPoliciesInGroup = new HashSet<>();
1290 currentPoliciesInGroup = group.getPolicies();
1291 //If the selected policy is in the group we must remove it because the name is default
1292 Iterator<PDPPolicy> policyIterator = policies.iterator();
1293 LOGGER.debug("policyIterator....." + policies);
1294 while (policyIterator.hasNext()) {
1295 PDPPolicy selPolicy = policyIterator.next();
1296 for (PDPPolicy existingPolicy : currentPoliciesInGroup) {
1297 if (existingPolicy.getId().equals(selPolicy.getId())) {
1298 group.removePolicyFromGroup(existingPolicy);
1299 LOGGER.debug("Removing policy: " + existingPolicy);
1304 //Update the PDP Group after removing old version of policy
1305 Set<PDPPolicy> updatedPoliciesInGroup = new HashSet<>();
1306 updatedPoliciesInGroup = group.getPolicies();
1307 //need to remove the policy with default name from group
1308 for (PDPPolicy updatedPolicy : currentPoliciesInGroup) {
1309 if (updatedPolicy.getName().equalsIgnoreCase("default")) {
1310 group.removePolicyFromGroup(updatedPolicy);
1314 if(updatedPoliciesInGroup!=null){
1315 policies.addAll(updatedPoliciesInGroup);
1317 group.setPolicies(policies);
1318 // Assume that this is an update of an existing PDP Group
1319 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1321 acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut");
1322 } catch(Exception e){
1323 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: "
1324 +"group="+group.getId());
1325 throw new PAPException(e.getMessage());
1327 papEngine.updateGroup(group);
1328 String policyId = "empty";
1330 policyId = policy.getId();
1332 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1333 response.addHeader("operation", "push");
1334 response.addHeader("policyId", policyId);
1335 response.addHeader("groupId", groupId);
1336 if (LOGGER.isDebugEnabled()) {
1337 LOGGER.debug("Group '" + group.getId() + "' updated");
1339 acPutTransaction.commitTransaction();
1341 // Group changed, which might include changing the policies
1342 groupChanged(group);
1343 loggingContext.transactionEnded();
1344 auditLogger.info("Success");
1346 if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1347 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1348 if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
1349 LOGGER.debug("Precheck Successful.");
1353 PolicyLogger.audit("Transaction Ended Successfully");
1355 } catch (PAPException e) {
1356 acPutTransaction.rollbackTransaction();
1357 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1358 loggingContext.transactionEnded();
1359 PolicyLogger.audit("Transaction Failed - See Error.log");
1360 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
1361 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1362 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1363 response.addHeader("error","addGroupError");
1364 response.addHeader("message", message);
1370 * Requests from the Admin Console for operations not on single specific objects
1375 * @param loggingContext
1376 * @throws ServletException
1377 * @throws IOException
1379 private void doACPost(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1380 PolicyDBDaoTransaction doACPostTransaction = null;
1382 String groupName = request.getParameter("groupName");
1383 String groupDescription = request.getParameter("groupDescription");
1384 String apiflag = request.getParameter("apiflag");
1385 if (groupName != null && groupDescription != null) {
1386 // Args: group=<groupId> groupName=<name> groupDescription=<description> <= create a new group
1387 loggingContext.setServiceName("AC:PAP.createGroup");
1388 String unescapedName = URLDecoder.decode(groupName, "UTF-8");
1389 String unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8");
1390 PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction();
1392 newGroupTransaction.createGroup(PolicyDBDao.createNewPDPGroupId(unescapedName), unescapedName, unescapedDescription,"XACMLPapServlet.doACPost");
1393 papEngine.newGroup(unescapedName, unescapedDescription);
1394 newGroupTransaction.commitTransaction();
1395 } catch (Exception e) {
1396 newGroupTransaction.rollbackTransaction();
1397 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group");
1398 loggingContext.transactionEnded();
1400 PolicyLogger.audit("Transaction Failed - See Error.log");
1401 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to create new group '" + groupId + "'");
1404 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1405 if (LOGGER.isDebugEnabled()) {
1406 LOGGER.debug("New Group '" + groupId + "' created");
1408 // tell the Admin Consoles there is a change
1410 // new group by definition has no PDPs, so no need to notify them of changes
1411 loggingContext.transactionEnded();
1412 PolicyLogger.audit("Transaction Failed - See Error.log");
1413 auditLogger.info("Success");
1414 PolicyLogger.audit("Transaction Ended Successfully");
1417 // for all remaining POST operations the group must exist before the operation can be done
1418 OnapPDPGroup group = papEngine.getGroup(groupId);
1419 if (group == null) {
1420 String message = "Unknown groupId '" + groupId + "'";
1421 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1422 loggingContext.transactionEnded();
1423 PolicyLogger.audit("Transaction Failed - See Error.log");
1425 response.addHeader("error", "unknownGroupId");
1426 response.addHeader("operation", "push");
1427 response.addHeader("message", message);
1428 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
1430 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1434 // determine the operation needed based on the parameters in the request
1435 if (request.getParameter("policyId") != null) {
1436 // Args: group=<groupId> policy=<policyId> <= copy file
1437 // copy a policy from the request contents into a file in the group's directory on this machine
1439 loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy");
1441 loggingContext.setServiceName("AC:PAP.postPolicy");
1443 String policyId = request.getParameter("policyId");
1444 PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction();
1446 InputStream is = null;
1448 if (apiflag != null){
1449 // get the request content into a String if the request is from API
1451 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1452 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1453 scanner.useDelimiter("\\A");
1454 json = scanner.hasNext() ? scanner.next() : "";
1456 LOGGER.info("JSON request from API: " + json);
1457 // convert Object sent as JSON into local object
1458 ObjectMapper mapper = new ObjectMapper();
1459 Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class);
1460 StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON;
1461 temp = new File(policy.getLocation());
1462 is = new FileInputStream(temp);
1464 is = request.getInputStream();
1466 addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost");
1467 if (apiflag != null){
1468 ((StdPDPGroup) group).copyPolicyToFile(policyId,"API", is);
1471 if (policyId.endsWith(".xml")) {
1472 name = policyId.replace(".xml", "");
1473 name = name.substring(0, name.lastIndexOf("."));
1475 ((StdPDPGroup) group).copyPolicyToFile(policyId, name, is);
1477 if(is!=null && temp!=null){
1481 addPolicyToGroupTransaction.commitTransaction();
1482 } catch (Exception e) {
1483 addPolicyToGroupTransaction.rollbackTransaction();
1484 String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
1485 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
1486 loggingContext.transactionEnded();
1487 PolicyLogger.audit("Transaction Failed - See Error.log");
1489 response.addHeader("error", "policyCopyError");
1490 response.addHeader("message", message);
1491 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1493 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1497 // policy file copied ok and the Group was updated on the PDP
1498 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1499 response.addHeader("operation", "push");
1500 response.addHeader("policyId", policyId);
1501 response.addHeader("groupId", groupId);
1502 if (LOGGER.isDebugEnabled()) {
1503 LOGGER.debug("policy '" + policyId + "' copied to directory for group '" + groupId + "'");
1505 loggingContext.transactionEnded();
1506 auditLogger.info("Success");
1507 PolicyLogger.audit("Transaction Ended Successfully");
1509 } else if (request.getParameter("default") != null) {
1510 // Args: group=<groupId> default=true <= make default
1511 // change the current default group to be the one identified in the request.
1512 loggingContext.setServiceName("AC:PAP.setDefaultGroup");
1513 // This is a POST operation rather than a PUT "update group" because of the side-effect that the current default group is also changed.
1514 // It should never be the case that multiple groups are currently marked as the default, but protect against that anyway.
1515 PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction();
1517 setDefaultGroupTransaction.changeDefaultGroup(group, "XACMLPapServlet.doACPost");
1518 papEngine.SetDefaultGroup(group);
1519 setDefaultGroupTransaction.commitTransaction();
1520 } catch (Exception e) {
1521 setDefaultGroupTransaction.rollbackTransaction();
1522 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group");
1523 loggingContext.transactionEnded();
1525 PolicyLogger.audit("Transaction Failed - See Error.log");
1526 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to set group '" + groupId + "' to default");
1529 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1530 if (LOGGER.isDebugEnabled()) {
1531 LOGGER.debug("Group '" + groupId + "' set to be default");
1533 // Notify the Admin Consoles that something changed
1534 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1535 //TODO - Future: FIGURE OUT WHAT LEVEL TO NOTIFY: 2 groups or entire set - currently notify AC to update whole configuration of all groups
1537 // This does not affect any PDPs in the existing groups, so no need to notify them of this change
1538 loggingContext.transactionEnded();
1539 auditLogger.info("Success");
1540 PolicyLogger.audit("Transaction Ended Successfully");
1542 } else if (request.getParameter("pdpId") != null) {
1543 doACPostTransaction = policyDBDao.getNewTransaction();
1544 // Args: group=<groupId> pdpId=<pdpId> <= move PDP to group
1545 loggingContext.setServiceName("AC:PAP.movePDP");
1546 String pdpId = request.getParameter("pdpId");
1547 OnapPDP pdp = papEngine.getPDP(pdpId);
1548 OnapPDPGroup originalGroup = papEngine.getPDPGroup((OnapPDP) pdp);
1550 doACPostTransaction.movePdp(pdp, group, "XACMLPapServlet.doACPost");
1551 }catch(Exception e){
1552 doACPostTransaction.rollbackTransaction();
1553 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet",
1554 " Error while moving pdp in the database: "
1555 +"pdp="+pdp.getId()+",to group="+group.getId());
1556 throw new PAPException(e.getMessage());
1558 papEngine.movePDP((OnapPDP) pdp, group);
1559 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1560 if (LOGGER.isDebugEnabled()) {
1561 LOGGER.debug("PDP '" + pdp.getId() +"' moved to group '" + group.getId() + "' set to be default");
1563 // update the status of both the original group and the new one
1564 ((StdPDPGroup)originalGroup).resetStatus();
1565 ((StdPDPGroup)group).resetStatus();
1566 // Notify the Admin Consoles that something changed
1567 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1569 // Need to notify the PDP that it's config may have changed
1571 doACPostTransaction.commitTransaction();
1572 loggingContext.transactionEnded();
1573 auditLogger.info("Success");
1574 PolicyLogger.audit("Transaction Ended Successfully");
1577 } catch (PAPException e) {
1578 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception");
1579 loggingContext.transactionEnded();
1580 PolicyLogger.audit("Transaction Failed - See Error.log");
1581 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1587 * Requests from the Admin Console to GET info about the Groups and PDPs
1592 * @param loggingContext
1593 * @throws ServletException
1594 * @throws IOException
1596 private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1598 String parameterDefault = request.getParameter("default");
1599 String pdpId = request.getParameter("pdpId");
1600 String pdpGroup = request.getParameter("getPDPGroup");
1601 if ("".equals(groupId)) {
1602 // request IS from AC but does not identify a group by name
1603 if (parameterDefault != null) {
1604 // Request is for the Default group (whatever its id)
1605 loggingContext.setServiceName("AC:PAP.getDefaultGroup");
1606 OnapPDPGroup group = papEngine.getDefaultGroup();
1607 // convert response object to JSON and include in the response
1608 ObjectMapper mapper = new ObjectMapper();
1609 mapper.writeValue(response.getOutputStream(), group);
1610 if (LOGGER.isDebugEnabled()) {
1611 LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'");
1613 response.setStatus(HttpServletResponse.SC_OK);
1614 response.setHeader("content-type", "application/json");
1615 response.getOutputStream().close();
1616 loggingContext.transactionEnded();
1617 auditLogger.info("Success");
1618 PolicyLogger.audit("Transaction Ended Successfully");
1620 } else if (pdpId != null) {
1621 // Request is related to a PDP
1622 if (pdpGroup == null) {
1623 // Request is for the (unspecified) group containing a given PDP
1624 loggingContext.setServiceName("AC:PAP.getPDP");
1625 OnapPDP pdp = papEngine.getPDP(pdpId);
1626 // convert response object to JSON and include in the response
1627 ObjectMapper mapper = new ObjectMapper();
1628 mapper.writeValue(response.getOutputStream(), pdp);
1629 if (LOGGER.isDebugEnabled()) {
1630 LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'");
1632 response.setStatus(HttpServletResponse.SC_OK);
1633 response.setHeader("content-type", "application/json");
1634 response.getOutputStream().close();
1635 loggingContext.transactionEnded();
1636 auditLogger.info("Success");
1637 PolicyLogger.audit("Transaction Ended Successfully");
1640 // Request is for the group containing a given PDP
1641 loggingContext.setServiceName("AC:PAP.getGroupForPDP");
1642 OnapPDP pdp = papEngine.getPDP(pdpId);
1643 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
1644 // convert response object to JSON and include in the response
1645 ObjectMapper mapper = new ObjectMapper();
1646 mapper.writeValue(response.getOutputStream(), group);
1647 if (LOGGER.isDebugEnabled()) {
1648 LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'");
1650 response.setStatus(HttpServletResponse.SC_OK);
1651 response.setHeader("content-type", "application/json");
1652 response.getOutputStream().close();
1653 loggingContext.transactionEnded();
1654 auditLogger.info("Success");
1655 PolicyLogger.audit("Transaction Ended Successfully");
1659 // request is for top-level properties about all groups
1660 loggingContext.setServiceName("AC:PAP.getAllGroups");
1661 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
1662 // convert response object to JSON and include in the response
1663 ObjectMapper mapper = new ObjectMapper();
1664 mapper.writeValue(response.getOutputStream(), groups);
1665 if (LOGGER.isDebugEnabled()) {
1666 LOGGER.debug("GET All groups req");
1668 response.setStatus(HttpServletResponse.SC_OK);
1669 response.setHeader("content-type", "application/json");
1670 response.getOutputStream().close();
1671 loggingContext.transactionEnded();
1672 auditLogger.info("Success");
1673 PolicyLogger.audit("Transaction Ended Successfully");
1677 // for all other GET operations the group must exist before the operation can be done
1678 OnapPDPGroup group = papEngine.getGroup(groupId);
1679 if (group == null) {
1680 String message = "Unknown groupId '" + groupId + "'";
1681 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1682 loggingContext.transactionEnded();
1684 PolicyLogger.audit("Transaction Failed - See Error.log");
1685 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1688 // Figure out which request this is based on the parameters
1689 String policyId = request.getParameter("policyId");
1690 if (policyId != null) {
1691 // retrieve a policy
1692 loggingContext.setServiceName("AC:PAP.getPolicy");
1693 // convert response object to JSON and include in the response
1694 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented");
1695 loggingContext.transactionEnded();
1696 PolicyLogger.audit("Transaction Failed - See Error.log");
1697 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
1699 // No other parameters, so return the identified Group
1700 loggingContext.setServiceName("AC:PAP.getGroup");
1701 // convert response object to JSON and include in the response
1702 ObjectMapper mapper = new ObjectMapper();
1703 mapper.writeValue(response.getOutputStream(), group);
1704 if (LOGGER.isDebugEnabled()) {
1705 LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'");
1707 response.setStatus(HttpServletResponse.SC_OK);
1708 response.setHeader("content-type", "application/json");
1709 response.getOutputStream().close();
1710 loggingContext.transactionEnded();
1711 auditLogger.info("Success");
1712 PolicyLogger.audit("Transaction Ended Successfully");
1715 // Currently there are no other GET calls from the AC.
1716 // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP.
1717 // Other GETs that could be called:
1718 // Specific Group (groupId=<groupId>)
1719 // A Policy (groupId=<groupId> policyId=<policyId>)
1720 // A PDP (groupId=<groupId> pdpId=<pdpId>)
1721 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED ");
1722 loggingContext.transactionEnded();
1723 PolicyLogger.audit("Transaction Failed - See Error.log");
1724 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1725 } catch (PAPException e) {
1726 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception");
1727 loggingContext.transactionEnded();
1728 PolicyLogger.audit("Transaction Failed - See Error.log");
1729 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1735 * Requests from the Admin Console to create new items or update existing ones
1740 * @param loggingContext
1741 * @throws ServletException
1742 * @throws IOException
1744 private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1745 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1747 // for PUT operations the group may or may not need to exist before the operation can be done
1748 OnapPDPGroup group = papEngine.getGroup(groupId);
1749 // determine the operation needed based on the parameters in the request
1750 // for remaining operations the group must exist before the operation can be done
1751 if (group == null) {
1752 String message = "Unknown groupId '" + groupId + "'";
1753 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1754 loggingContext.transactionEnded();
1755 PolicyLogger.audit("Transaction Failed - See Error.log");
1756 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1759 if (request.getParameter("policy") != null) {
1760 // group=<groupId> policy=<policyId> contents=policy file <= Create new policy file in group dir, or replace it if it already exists (do not touch properties)
1761 loggingContext.setServiceName("AC:PAP.putPolicy");
1762 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PARTIALLY IMPLEMENTED!!! ACTUAL CHANGES SHOULD BE MADE BY PAP SERVLET!!! ");
1763 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1764 loggingContext.transactionEnded();
1765 PolicyLogger.audit("Transaction Failed - See Error.log");
1766 auditLogger.info("Success");
1767 PolicyLogger.audit("Transaction Ended Successfully");
1769 } else if (request.getParameter("pdpId") != null) {
1770 // ARGS: group=<groupId> pdpId=<pdpId/URL> <= create a new PDP or Update an Existing one
1771 String pdpId = request.getParameter("pdpId");
1772 if (papEngine.getPDP(pdpId) == null) {
1773 loggingContext.setServiceName("AC:PAP.createPDP");
1775 loggingContext.setServiceName("AC:PAP.updatePDP");
1777 // get the request content into a String
1779 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1780 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1781 scanner.useDelimiter("\\A");
1782 json = scanner.hasNext() ? scanner.next() : "";
1784 LOGGER.info("JSON request from AC: " + json);
1785 // convert Object sent as JSON into local object
1786 ObjectMapper mapper = new ObjectMapper();
1787 Object objectFromJSON = mapper.readValue(json, StdPDP.class);
1788 if (pdpId == null ||
1789 objectFromJSON == null ||
1790 ! (objectFromJSON instanceof StdPDP) ||
1791 ((StdPDP)objectFromJSON).getId() == null ||
1792 ! ((StdPDP)objectFromJSON).getId().equals(pdpId)) {
1793 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
1794 loggingContext.transactionEnded();
1795 PolicyLogger.audit("Transaction Failed - See Error.log");
1796 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, pdpid="+pdpId+" object="+objectFromJSON);
1798 StdPDP pdp = (StdPDP) objectFromJSON;
1800 if (papEngine.getPDP(pdpId) == null) {
1801 // this is a request to create a new PDP object
1803 acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(),
1804 pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut");
1805 } catch(Exception e){
1806 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: "
1807 +"pdp="+ (pdp.getId()) +",to group="+group.getId());
1808 throw new PAPException(e.getMessage());
1810 papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
1813 acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
1814 } catch(Exception e){
1815 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: "
1816 +"pdp="+ pdp.getId());
1817 throw new PAPException(e.getMessage());
1819 // this is a request to update the pdp
1820 papEngine.updatePDP(pdp);
1822 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1823 if (LOGGER.isDebugEnabled()) {
1824 LOGGER.debug("PDP '" + pdpId + "' created/updated");
1826 // adjust the group's state including the new PDP
1827 ((StdPDPGroup)group).resetStatus();
1828 // tell the Admin Consoles there is a change
1830 // this might affect the PDP, so notify it of the change
1832 acPutTransaction.commitTransaction();
1833 loggingContext.transactionEnded();
1834 auditLogger.info("Success");
1835 PolicyLogger.audit("Transaction Ended Successfully");
1839 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "XACMLPapServlet", " Error while adding pdp to group in the database: "
1840 +"pdp=null" + ",to group="+group.getId());
1841 throw new PAPException("PDP is null");
1842 } catch(Exception e){
1843 throw new PAPException("PDP is null" + e.getMessage() +e);
1846 } else if (request.getParameter("pipId") != null) {
1847 // group=<groupId> pipId=<pipEngineId> contents=pip properties <= add a PIP to pip config, or replace it if it already exists (lenient operation)
1848 loggingContext.setServiceName("AC:PAP.putPIP");
1849 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1850 loggingContext.transactionEnded();
1851 PolicyLogger.audit("Transaction Failed - See Error.log");
1852 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1855 // Assume that this is an update of an existing PDP Group
1856 // ARGS: group=<groupId> <= Update an Existing Group
1857 loggingContext.setServiceName("AC:PAP.updateGroup");
1858 // get the request content into a String
1860 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1861 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1862 scanner.useDelimiter("\\A");
1863 json = scanner.hasNext() ? scanner.next() : "";
1865 LOGGER.info("JSON request from AC: " + json);
1866 // convert Object sent as JSON into local object
1867 ObjectMapper mapper = new ObjectMapper();
1868 Object objectFromJSON = mapper.readValue(json, StdPDPGroup.class);
1869 if (objectFromJSON == null || ! (objectFromJSON instanceof StdPDPGroup) ||
1870 ! ((StdPDPGroup)objectFromJSON).getId().equals(group.getId())) {
1871 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
1872 loggingContext.transactionEnded();
1873 PolicyLogger.audit("Transaction Failed - See Error.log");
1874 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, id="+group.getId() +" object="+objectFromJSON);
1876 // The Path on the PAP side is not carried on the RESTful interface with the AC
1877 // (because it is local to the PAP)
1878 // so we need to fill that in before submitting the group for update
1879 if(objectFromJSON != null){
1880 ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
1883 acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
1884 } catch(Exception e){
1885 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: "
1886 +"group="+group.getId());
1888 throw new PAPException(e.getMessage());
1891 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1892 OnapPDPGroup updatedGroup = (StdPDPGroup)objectFromJSON;
1893 if (pushPolicyHandler.preSafetyCheck(updatedGroup, configHome)) {
1894 LOGGER.debug("Precheck Successful.");
1897 papEngine.updateGroup((StdPDPGroup)objectFromJSON);
1899 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1900 if (LOGGER.isDebugEnabled()) {
1901 LOGGER.debug("Group '" + group.getId() + "' updated");
1903 acPutTransaction.commitTransaction();
1904 // tell the Admin Consoles there is a change
1906 // Group changed, which might include changing the policies
1907 groupChanged(group);
1908 loggingContext.transactionEnded();
1909 auditLogger.info("Success");
1910 PolicyLogger.audit("Transaction Ended Successfully");
1913 } catch (PAPException e) {
1915 acPutTransaction.rollbackTransaction();
1916 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
1917 loggingContext.transactionEnded();
1918 PolicyLogger.audit("Transaction Failed - See Error.log");
1919 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1925 * Requests from the Admin Console to delete/remove items
1930 * @param loggingContext
1931 * @throws ServletException
1932 * @throws IOException
1934 private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1935 //This code is to allow deletes to propagate to the database since delete is not implemented
1936 String isDeleteNotify = request.getParameter("isDeleteNotify");
1937 if(isDeleteNotify != null){
1938 String policyToDelete = request.getParameter("policyToDelete");
1940 policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8");
1941 } catch(UnsupportedEncodingException e){
1942 LOGGER.error("Unsupported URL encoding of policyToDelete (UTF-8", e);
1943 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToDelete encoding not supported");
1946 PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction();
1948 deleteTransaction.deletePolicy(policyToDelete);
1949 } catch(Exception e){
1950 deleteTransaction.rollbackTransaction();
1951 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"deleteTransaction.deleteTransaction(policyToDelete) "
1952 + "\nfailure with the following exception: " + e);
1955 deleteTransaction.commitTransaction();
1956 response.setStatus(HttpServletResponse.SC_OK);
1959 PolicyDBDaoTransaction removePdpOrGroupTransaction = policyDBDao.getNewTransaction();
1961 // for all DELETE operations the group must exist before the operation can be done
1962 loggingContext.setServiceName("AC:PAP.delete");
1963 OnapPDPGroup group = papEngine.getGroup(groupId);
1964 if (group == null) {
1965 String message = "Unknown groupId '" + groupId + "'";
1966 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1967 loggingContext.transactionEnded();
1968 PolicyLogger.audit("Transaction Failed - See Error.log");
1969 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'");
1972 // determine the operation needed based on the parameters in the request
1973 if (request.getParameter("policy") != null) {
1974 // group=<groupId> policy=<policyId> [delete=<true|false>] <= delete policy file from group
1975 loggingContext.setServiceName("AC:PAP.deletePolicy");
1976 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1977 loggingContext.transactionEnded();
1978 PolicyLogger.audit("Transaction Failed - See Error.log");
1979 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1981 } else if (request.getParameter("pdpId") != null) {
1982 // ARGS: group=<groupId> pdpId=<pdpId> <= delete PDP
1983 String pdpId = request.getParameter("pdpId");
1984 OnapPDP pdp = papEngine.getPDP(pdpId);
1986 removePdpOrGroupTransaction.removePdpFromGroup(pdp.getId(),"XACMLPapServlet.doACDelete");
1987 } catch(Exception e){
1988 throw new PAPException(e);
1990 papEngine.removePDP((OnapPDP) pdp);
1991 // adjust the status of the group, which may have changed when we removed this PDP
1992 ((StdPDPGroup)group).resetStatus();
1993 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1995 // update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests)
1997 removePdpOrGroupTransaction.commitTransaction();
1998 loggingContext.transactionEnded();
1999 auditLogger.info("Success");
2000 PolicyLogger.audit("Transaction Ended Successfully");
2002 } else if (request.getParameter("pipId") != null) {
2003 // group=<groupId> pipId=<pipEngineId> <= delete PIP config for given engine
2004 loggingContext.setServiceName("AC:PAP.deletePIPConfig");
2005 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2006 loggingContext.transactionEnded();
2007 PolicyLogger.audit("Transaction Failed - See Error.log");
2008 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2011 // ARGS: group=<groupId> movePDPsToGroupId=<movePDPsToGroupId> <= delete a group and move all its PDPs to the given group
2012 String moveToGroupId = request.getParameter("movePDPsToGroupId");
2013 OnapPDPGroup moveToGroup = null;
2014 if (moveToGroupId != null) {
2015 moveToGroup = papEngine.getGroup(moveToGroupId);
2017 // get list of PDPs in the group being deleted so we can notify them that they got changed
2018 Set<OnapPDP> movedPDPs = new HashSet<>();
2019 movedPDPs.addAll(group.getOnapPdps());
2020 // do the move/remove
2022 removePdpOrGroupTransaction.deleteGroup(group, moveToGroup,"XACMLPapServlet.doACDelete");
2023 } catch(Exception e){
2024 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception");
2025 throw new PAPException(e.getMessage());
2027 papEngine.removeGroup(group, moveToGroup);
2028 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2030 // notify any PDPs in the removed set that their config may have changed
2031 for (OnapPDP pdp : movedPDPs) {
2034 removePdpOrGroupTransaction.commitTransaction();
2035 loggingContext.transactionEnded();
2036 auditLogger.info("Success");
2037 PolicyLogger.audit("Transaction Ended Successfully");
2040 } catch (PAPException e) {
2041 removePdpOrGroupTransaction.rollbackTransaction();
2042 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC DELETE exception");
2043 loggingContext.transactionEnded();
2044 PolicyLogger.audit("Transaction Failed - See Error.log");
2045 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2051 * Heartbeat thread - periodically check on PDPs' status
2053 * Heartbeat with all known PDPs.
2055 * Implementation note:
2057 * The PDPs are contacted Sequentially, not in Parallel.
2059 * If we did this in parallel using multiple threads we would simultaneously use
2063 * This could become a resource problem since we already use multiple threads and connections for updating the PDPs
2064 * when user changes occur.
2065 * Using separate threads can also make it tricky dealing with timeouts on PDPs that are non-responsive.
2067 * The Sequential operation does a heartbeat request to each PDP one at a time.
2068 * This has the flaw that any PDPs that do not respond will hold up the entire heartbeat sequence until they timeout.
2069 * If there are a lot of non-responsive PDPs and the timeout is large-ish (the default is 20 seconds)
2070 * it could take a long time to cycle through all of the PDPs.
2071 * That means that this may not notice a PDP being down in a predictable time.
2073 private class Heartbeat implements Runnable {
2074 private PAPPolicyEngine papEngine;
2075 private Set<OnapPDP> pdps = new HashSet<>();
2076 private int heartbeatInterval;
2077 private int heartbeatTimeout;
2079 public volatile boolean isRunning = false;
2081 public synchronized boolean isRunning() {
2082 return this.isRunning;
2085 public synchronized void terminate() {
2086 this.isRunning = false;
2089 public Heartbeat(PAPPolicyEngine papEngine2) {
2090 papEngine = papEngine2;
2091 this.heartbeatInterval = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_INTERVAL, "10000"));
2092 this.heartbeatTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_TIMEOUT, "10000"));
2097 // Set ourselves as running
2098 synchronized(this) {
2099 this.isRunning = true;
2101 HashMap<String, URL> idToURLMap = new HashMap<>();
2103 while (this.isRunning()) {
2104 // Wait the given time
2105 Thread.sleep(heartbeatInterval);
2106 // get the list of PDPs (may have changed since last time)
2108 synchronized(papEngine) {
2110 for (OnapPDPGroup g : papEngine.getOnapPDPGroups()) {
2111 for (OnapPDP p : g.getOnapPdps()) {
2115 } catch (PAPException e) {
2116 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat unable to read PDPs from PAPEngine");
2119 // Check for shutdown
2120 if (this.isRunning() == false) {
2121 LOGGER.info("isRunning is false, getting out of loop.");
2124 // try to get the summary status from each PDP
2125 boolean changeSeen = false;
2126 for (OnapPDP pdp : pdps) {
2127 // Check for shutdown
2128 if (this.isRunning() == false) {
2129 LOGGER.info("isRunning is false, getting out of loop.");
2132 // the id of the PDP is its url (though we add a query parameter)
2133 URL pdpURL = idToURLMap.get(pdp.getId());
2134 if (pdpURL == null) {
2135 // haven't seen this PDP before
2136 String fullURLString = null;
2139 if(CheckPDP.validateID(pdp.getId())){
2140 fullURLString = pdp.getId() + "?type=hb";
2141 pdpURL = new URL(fullURLString);
2142 idToURLMap.put(pdp.getId(), pdpURL);
2144 } catch (MalformedURLException e) {
2145 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " PDP id '" + fullURLString + "' is not a valid URL");
2149 // Do a GET with type HeartBeat
2150 String newStatus = "";
2151 HttpURLConnection connection = null;
2153 // Open up the connection
2155 connection = (HttpURLConnection)pdpURL.openConnection();
2156 // Setup our method and headers
2157 connection.setRequestMethod("GET");
2158 connection.setConnectTimeout(heartbeatTimeout);
2160 String encoding = CheckPDP.getEncoding(pdp.getId());
2161 if(encoding !=null){
2162 connection.setRequestProperty("Authorization", "Basic " + encoding);
2165 connection.connect();
2166 if (connection.getResponseCode() == 204) {
2167 newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB);
2168 if (LOGGER.isDebugEnabled()) {
2169 LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'");
2172 // anything else is an unexpected result
2173 newStatus = PDPStatus.Status.UNKNOWN.toString();
2174 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId());
2177 } catch (UnknownHostException e) {
2178 newStatus = PDPStatus.Status.NO_SUCH_HOST.toString();
2179 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' NO_SUCH_HOST");
2180 } catch (SocketTimeoutException e) {
2181 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2182 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' connection timeout");
2183 } catch (ConnectException e) {
2184 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2185 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' cannot connect");
2186 } catch (Exception e) {
2187 newStatus = PDPStatus.Status.UNKNOWN.toString();
2188 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat '" + pdp.getId() + "' connect exception");
2190 // cleanup the connection
2191 if(connection != null)
2192 connection.disconnect();
2194 if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) {
2195 if (LOGGER.isDebugEnabled()) {
2196 LOGGER.debug("previous status='" + pdp.getStatus().getStatus()+"' new Status='" + newStatus + "'");
2199 setPDPSummaryStatus(pdp, newStatus);
2200 } catch (PAPException e) {
2201 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Unable to set state for PDP '" + pdp.getId());
2206 // Check for shutdown
2207 if (this.isRunning() == false) {
2208 LOGGER.info("isRunning is false, getting out of loop.");
2211 // if any of the PDPs changed state, tell the ACs to update
2216 } catch (InterruptedException e) {
2217 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat interrupted. Shutting down");
2219 Thread.currentThread().interrupt();
2225 * HELPER to change Group status when PDP status is changed
2226 * (Must NOT be called from a method that is synchronized on the papEngine or it may deadlock)
2228 private void setPDPSummaryStatus(OnapPDP pdp, PDPStatus.Status newStatus) throws PAPException {
2229 setPDPSummaryStatus(pdp, newStatus.toString());
2232 private void setPDPSummaryStatus(OnapPDP pdp, String newStatus) throws PAPException {
2233 synchronized(papEngine) {
2234 StdPDPStatus status = new StdPDPStatus();
2235 status.setStatus(PDPStatus.Status.valueOf(newStatus));
2236 ((StdPDP)pdp).setStatus(status);
2237 // now adjust the group
2238 StdPDPGroup group = (StdPDPGroup)papEngine.getPDPGroup((OnapPDP) pdp);
2239 // if the PDP was just deleted it may transiently exist but not be in a group
2240 if (group != null) {
2241 group.resetStatus();
2247 * Callback methods telling this servlet to notify PDPs of changes made by the PAP StdEngine
2248 * in the PDP group directories
2251 public void changed() {
2252 // all PDPs in all groups need to be updated/sync'd
2253 Set<OnapPDPGroup> groups;
2255 groups = papEngine.getOnapPDPGroups();
2256 } catch (PAPException e) {
2257 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2258 throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2260 for (OnapPDPGroup group : groups) {
2261 groupChanged(group);
2266 public void groupChanged(OnapPDPGroup group) {
2267 // all PDPs within one group need to be updated/sync'd
2268 for (OnapPDP pdp : group.getOnapPdps()) {
2274 public void pdpChanged(OnapPDP pdp) {
2275 // kick off a thread to do an event notification for each PDP.
2276 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2277 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2278 Thread t = new Thread(new UpdatePDPThread(pdp));
2279 if(CheckPDP.validateID(pdp.getId())){
2284 private class UpdatePDPThread implements Runnable {
2285 private OnapPDP pdp;
2286 private String requestId;
2288 public UpdatePDPThread(OnapPDP pdp) {
2293 // send the current configuration to one PDP
2294 HttpURLConnection connection = null;
2295 // get a new logging context for the thread
2296 ONAPLoggingContext loggingContext = new ONAPLoggingContext(baseLoggingContext);
2298 loggingContext.setServiceName("PAP:PDP.putConfig");
2299 // If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP
2300 if ((requestId == null) || (requestId == "")) {
2301 UUID requestID = UUID.randomUUID();
2302 loggingContext.setRequestID(requestID.toString());
2303 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (UpdatePDPThread) so we generated one: " + loggingContext.getRequestID());
2305 loggingContext.setRequestID(requestId);
2306 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (UpdatePDPThread): " + loggingContext.getRequestID());
2308 loggingContext.transactionStarted();
2309 // the Id of the PDP is its URL
2310 if (LOGGER.isDebugEnabled()) {
2311 LOGGER.debug("creating url for id '" + pdp.getId() + "'");
2313 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2314 //TODO (need to change "cache=", implying getting some input saying which to change)
2315 URL url = new URL(pdp.getId() + "?cache=all");
2316 // Open up the connection
2317 connection = (HttpURLConnection)url.openConnection();
2318 // Setup our method and headers
2319 connection.setRequestMethod("PUT");
2321 String encoding = CheckPDP.getEncoding(pdp.getId());
2322 if(encoding !=null){
2323 connection.setRequestProperty("Authorization", "Basic " + encoding);
2325 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2326 connection.setRequestProperty("X-ECOMP-RequestID", loggingContext.getRequestID());
2327 connection.setInstanceFollowRedirects(true);
2328 connection.setDoOutput(true);
2329 try (OutputStream os = connection.getOutputStream()) {
2330 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
2331 // if the PDP was just deleted, there is no group, but we want to send an update anyway
2332 if (group == null) {
2333 // create blank properties files
2334 Properties policyProperties = new Properties();
2335 policyProperties.put(XACMLProperties.PROP_ROOTPOLICIES, "");
2336 policyProperties.put(XACMLProperties.PROP_REFERENCEDPOLICIES, "");
2337 policyProperties.store(os, "");
2338 Properties pipProps = new Properties();
2339 pipProps.setProperty(XACMLProperties.PROP_PIP_ENGINES, "");
2340 pipProps.store(os, "");
2342 // send properties from the current group
2343 group.getPolicyProperties().store(os, "");
2344 Properties policyLocations = new Properties();
2345 for (PDPPolicy policy : group.getPolicies()) {
2346 policyLocations.put(policy.getId() + ".url", XACMLPapServlet.papURL + "?id=" + policy.getId());
2348 policyLocations.store(os, "");
2349 group.getPipConfigProperties().store(os, "");
2351 } catch (Exception e) {
2352 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2353 // Since this is a server-side error, it probably does not reflect a problem on the client,
2354 // so do not change the PDP status.
2358 connection.connect();
2359 if (connection.getResponseCode() == 204) {
2360 LOGGER.info("Success. We are configured correctly.");
2361 loggingContext.transactionEnded();
2362 auditLogger.info("Success. PDP is configured correctly.");
2363 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2364 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
2365 } else if (connection.getResponseCode() == 200) {
2366 LOGGER.info("Success. PDP needs to update its configuration.");
2367 loggingContext.transactionEnded();
2368 auditLogger.info("Success. PDP needs to update its configuration.");
2369 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2370 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
2372 LOGGER.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2373 loggingContext.transactionEnded();
2374 auditLogger.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2375 PolicyLogger.audit("Transaction Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2376 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2378 } catch (Exception e) {
2380 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config with PDP '" + pdp.getId() + "'");
2381 loggingContext.transactionEnded();
2382 PolicyLogger.audit("Transaction Failed: Unable to sync config with PDP '" + pdp.getId() + "': " + e);
2384 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2385 } catch (PAPException e1) {
2387 PolicyLogger.audit("Transaction Failed: Unable to set status of PDP " + pdp.getId() + " to UNKNOWN: " + e);
2388 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to set status of PDP '" + pdp.getId() + "' to UNKNOWN");
2391 // cleanup the connection
2392 if(connection != null){
2393 connection.disconnect();
2395 // tell the AC to update it's status info
2402 * RESTful Interface from PAP to ACs notifying them of changes
2404 private void notifyAC() {
2405 // kick off a thread to do one event notification for all registered ACs
2406 // This needs to be on a separate thread so that ACs can make calls back to PAP to get the updated Group data
2407 // as part of processing this message on their end.
2408 Thread t = new Thread(new NotifyACThread());
2412 private class NotifyACThread implements Runnable {
2414 List<String> disconnectedACs = new ArrayList<>();
2415 // There should be no Concurrent exception here because the list is a CopyOnWriteArrayList.
2416 // The "for each" loop uses the collection's iterator under the covers, so it should be correct.
2417 for (String acURL : adminConsoleURLStringList) {
2418 HttpURLConnection connection = null;
2420 acURL += "?PAPNotification=true";
2421 //TODO - Currently we just tell AC that "Something changed" without being specific. Do we want to tell it which group/pdp changed?
2422 //TODO - If so, put correct parameters into the Query string here
2423 acURL += "&objectType=all" + "&action=update";
2424 if (LOGGER.isDebugEnabled()) {
2425 LOGGER.debug("creating url for id '" + acURL + "'");
2427 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2428 //TODO (need to change "cache=", implying getting some input saying which to change)
2429 URL url = new URL(acURL );
2430 // Open up the connection
2431 connection = (HttpURLConnection)url.openConnection();
2432 // Setup our method and headers
2433 connection.setRequestMethod("PUT");
2434 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2435 // Adding this in. It seems the HttpUrlConnection class does NOT
2436 // properly forward our headers for POST re-direction. It does so
2437 // for a GET re-direction.
2438 // So we need to handle this ourselves.
2439 //TODO - is this needed for a PUT? seems better to leave in for now?
2440 connection.setInstanceFollowRedirects(false);
2441 // Do not include any data in the PUT because this is just a
2442 // notification to the AC.
2443 // The AC will use GETs back to the PAP to get what it needs
2444 // to fill in the screens.
2446 connection.connect();
2447 if (connection.getResponseCode() == 204) {
2448 LOGGER.info("Success. We updated correctly.");
2450 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2453 } catch (Exception e) {
2454 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config AC '" + acURL + "'");
2455 disconnectedACs.add(acURL);
2457 // cleanup the connection
2458 if(connection != null)
2459 connection.disconnect();
2462 // remove any ACs that are no longer connected
2463 if (disconnectedACs.size() > 0) {
2464 adminConsoleURLStringList.removeAll(disconnectedACs);
2469 private void testService(ONAPLoggingContext loggingContext, HttpServletResponse response) throws IOException{
2470 LOGGER.info("Test request received");
2472 im.evaluateSanity();
2473 //If we make it this far, all is well
2474 String message = "GET:/pap/test called and PAP " + papResourceName + " is OK";
2475 LOGGER.info(message);
2476 loggingContext.transactionEnded();
2477 PolicyLogger.audit("Transaction Failed - See Error.log");
2478 response.setStatus(HttpServletResponse.SC_OK);
2480 }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){
2482 if (e instanceof ForwardProgressException) {
2483 submsg = " is not making forward progress.";
2484 } else if (e instanceof AdministrativeStateException) {
2485 submsg = " Administrative State is LOCKED.";
2487 submsg = " Standby Status is NOT PROVIDING SERVICE.";
2490 String message = "GET:/pap/test called and PAP " + papResourceName + submsg
2491 + " Exception Message: " + e.getMessage();
2492 LOGGER.info(message, e);
2493 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2494 loggingContext.transactionEnded();
2495 PolicyLogger.audit("Transaction Failed - See Error.log");
2496 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2498 }catch (Exception e) {
2499 //A subsystem is not making progress, is locked, standby or is not responding
2500 String eMsg = e.getMessage();
2502 eMsg = "No Exception Message";
2504 String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure."
2505 + " Exception Message: " + eMsg;
2506 LOGGER.info(message, e);
2507 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2508 loggingContext.transactionEnded();
2509 PolicyLogger.audit("Transaction Failed - See Error.log");
2510 //Get the specific list of subsystems that failed
2511 String ssFailureList = null;
2512 for(String failedSS : papDependencyGroupsFlatArray){
2513 if(eMsg.contains(failedSS)){
2514 if(ssFailureList == null){
2515 ssFailureList = failedSS;
2517 ssFailureList = ssFailureList.concat(","+failedSS);
2521 if(ssFailureList == null){
2522 ssFailureList = "UnknownSubSystem";
2524 response.addHeader("X-ONAP-SubsystemFailure", ssFailureList);
2525 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2531 * Authorizing the PEP Requests.
2533 private boolean authorizeRequest(HttpServletRequest request) {
2534 String clientCredentials = request.getHeader(ENVIRONMENT_HEADER);
2535 // Check if the Client is Authorized.
2536 if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){
2543 private static void loadWebapps() throws PAPException{
2544 if(actionHome == null || configHome == null){
2545 Path webappsPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS));
2547 if (webappsPath == null) {
2548 PolicyLogger.error("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2549 throw new PAPException("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2551 Path webappsPathConfig = Paths.get(webappsPath.toString()+File.separator+"Config");
2552 Path webappsPathAction = Paths.get(webappsPath.toString()+File.separator+"Action");
2553 if (Files.notExists(webappsPathConfig)) {
2555 Files.createDirectories(webappsPathConfig);
2556 } catch (IOException e) {
2557 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Failed to create config directory: "
2558 + webappsPathConfig.toAbsolutePath().toString());
2561 if (Files.notExists(webappsPathAction)) {
2563 Files.createDirectories(webappsPathAction);
2564 } catch (IOException e) {
2565 LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create action directory: "
2566 + webappsPathAction.toAbsolutePath().toString(), e);
2569 actionHome = webappsPathAction.toString();
2570 configHome = webappsPathConfig.toString();
2574 public static String getConfigHome(){
2577 } catch (PAPException e) {
2584 private static void setConfigHome(){
2585 configHome = getConfigHome();
2588 public static String getActionHome(){
2591 } catch (PAPException e) {
2598 private static void setActionHome(){
2599 actionHome = getActionHome();
2602 public static EntityManagerFactory getEmf() {
2606 public IntegrityAudit getIa() {
2610 public static String getPDPFile(){
2611 return XACMLPapServlet.pdpFile;
2614 public static String getPersistenceUnit(){
2615 return PERSISTENCE_UNIT;
2618 public static PAPPolicyEngine getPAPEngine(){
2622 public static PolicyDBDaoTransaction getDbDaoTransaction(){
2623 return policyDBDao.getNewTransaction();
2625 public static String getPapDbDriver() {
2629 public static void setPapDbDriver(String papDbDriver) {
2630 XACMLPapServlet.papDbDriver = papDbDriver;
2633 public static String getPapDbUrl() {
2637 public static void setPapDbUrl(String papDbUrl) {
2638 XACMLPapServlet.papDbUrl = papDbUrl;
2641 public static String getPapDbUser() {
2645 public static void setPapDbUser(String papDbUser) {
2646 XACMLPapServlet.papDbUser = papDbUser;
2649 public static String getPapDbPassword() {
2650 return papDbPassword;
2653 public static void setPapDbPassword(String papDbPassword) {
2654 XACMLPapServlet.papDbPassword = papDbPassword;
2657 public static String getMsOnapName() {
2661 public static void setMsOnapName(String msOnapName) {
2662 XACMLPapServlet.msOnapName = msOnapName;
2665 public static String getMsPolicyName() {
2666 return msPolicyName;
2669 public static void setMsPolicyName(String msPolicyName) {
2670 XACMLPapServlet.msPolicyName = msPolicyName;