2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest;
24 import java.io.FileInputStream;
25 import java.io.IOException;
26 import java.io.InputStream;
27 import java.io.OutputStream;
28 import java.io.UnsupportedEncodingException;
29 import java.net.ConnectException;
30 import java.net.HttpURLConnection;
31 import java.net.InetAddress;
32 import java.net.MalformedURLException;
33 import java.net.SocketTimeoutException;
35 import java.net.URLDecoder;
36 import java.net.UnknownHostException;
37 import java.nio.file.Files;
38 import java.nio.file.Path;
39 import java.nio.file.Paths;
40 import java.util.ArrayList;
41 import java.util.HashMap;
42 import java.util.HashSet;
43 import java.util.Iterator;
44 import java.util.List;
45 import java.util.Properties;
47 import java.util.UUID;
48 import java.util.concurrent.CopyOnWriteArrayList;
50 import javax.persistence.EntityManagerFactory;
51 import javax.persistence.Persistence;
52 import javax.persistence.PersistenceException;
53 import javax.servlet.Servlet;
54 import javax.servlet.ServletConfig;
55 import javax.servlet.ServletException;
56 import javax.servlet.ServletOutputStream;
57 import javax.servlet.annotation.WebInitParam;
58 import javax.servlet.annotation.WebServlet;
59 import javax.servlet.http.HttpServlet;
60 import javax.servlet.http.HttpServletRequest;
61 import javax.servlet.http.HttpServletResponse;
63 import org.apache.commons.io.IOUtils;
64 import org.onap.policy.common.ia.IntegrityAudit;
65 import org.onap.policy.common.im.AdministrativeStateException;
66 import org.onap.policy.common.im.ForwardProgressException;
67 import org.onap.policy.common.im.IntegrityMonitor;
68 import org.onap.policy.common.im.IntegrityMonitorProperties;
69 import org.onap.policy.common.im.StandbyStatusException;
70 import org.onap.policy.common.logging.ONAPLoggingContext;
71 import org.onap.policy.common.logging.ONAPLoggingUtils;
72 import org.onap.policy.common.logging.eelf.MessageCodes;
73 import org.onap.policy.common.logging.eelf.PolicyLogger;
74 import org.onap.policy.common.logging.flexlogger.FlexLogger;
75 import org.onap.policy.common.logging.flexlogger.Logger;
76 import org.onap.policy.pap.xacml.rest.components.PolicyDBDao;
77 import org.onap.policy.pap.xacml.rest.components.PolicyDBDaoTransaction;
78 import org.onap.policy.pap.xacml.rest.handler.APIRequestHandler;
79 import org.onap.policy.pap.xacml.rest.handler.PushPolicyHandler;
80 import org.onap.policy.pap.xacml.rest.handler.SavePolicyHandler;
81 import org.onap.policy.pap.xacml.restAuth.CheckPDP;
82 import org.onap.policy.rest.XACMLRest;
83 import org.onap.policy.rest.XACMLRestProperties;
84 import org.onap.policy.utils.PolicyUtils;
85 import org.onap.policy.xacml.api.XACMLErrorConstants;
86 import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
87 import org.onap.policy.xacml.api.pap.OnapPDP;
88 import org.onap.policy.xacml.api.pap.OnapPDPGroup;
89 import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
90 import org.onap.policy.xacml.std.pap.StdPAPPolicy;
91 import org.onap.policy.xacml.std.pap.StdPDP;
92 import org.onap.policy.xacml.std.pap.StdPDPGroup;
93 import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener;
94 import org.onap.policy.xacml.std.pap.StdPDPPolicy;
95 import org.onap.policy.xacml.std.pap.StdPDPStatus;
97 import com.att.research.xacml.api.pap.PAPException;
98 import com.att.research.xacml.api.pap.PDPPolicy;
99 import com.att.research.xacml.api.pap.PDPStatus;
100 import com.att.research.xacml.util.FactoryException;
101 import com.att.research.xacml.util.XACMLProperties;
102 import com.fasterxml.jackson.databind.ObjectMapper;
103 import com.google.common.base.Splitter;
106 * Servlet implementation class XacmlPapServlet
109 description = "Implements the XACML PAP RESTful API.",
110 urlPatterns = { "/" },
113 @WebInitParam(name = "XACML_PROPERTIES_NAME", value = "xacml.pap.properties", description = "The location of the properties file holding configuration information.")
115 public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeListener, Runnable {
116 private static final long serialVersionUID = 1L;
117 private static final String localIp = "127.0.0.1";
118 private static final Logger LOGGER = FlexLogger.getLogger(XACMLPapServlet.class);
119 // audit (transaction) LOGGER
120 private static final Logger auditLogger = FlexLogger.getLogger("auditLogger");
121 //Persistence Unit for JPA
122 private static final String PERSISTENCE_UNIT = "XACML-PAP-REST";
123 private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
125 private static final String ENVIRONMENT_HEADER = "Environment";
127 * List of Admin Console URLs.
128 * Used to send notifications when configuration changes.
130 * The CopyOnWriteArrayList *should* protect from concurrency errors.
131 * This list is seldom changed but often read, so the costs of this approach make sense.
133 private static final CopyOnWriteArrayList<String> adminConsoleURLStringList = new CopyOnWriteArrayList<>();
135 private static String configHome;
136 private static String actionHome;
138 * This PAP instance's own URL.
139 * Need this when creating URLs to send to the PDPs so they can GET the Policy files from this process.
141 private static String papURL = null;
142 // The heartbeat thread.
143 private static Heartbeat heartbeat = null;
144 private static Thread heartbeatThread = null;
145 //The entity manager factory for JPA access
146 private static EntityManagerFactory emf;
147 private static PolicyDBDao policyDBDao;
149 * papEngine - This is our engine workhorse that manages the PDP Groups and Nodes.
151 private static PAPPolicyEngine papEngine = null;
153 * These are the parameters needed for DB access from the PAP
155 private static int papIntegrityAuditPeriodSeconds = -1;
156 private static String papDbDriver = null;
157 private static String papDbUrl = null;
158 private static String papDbUser = null;
159 private static String papDbPassword = null;
160 private static String papResourceName = null;
161 private static String[] papDependencyGroupsFlatArray = null;
162 private static String environment = null;
163 private static String pdpFile = null;
165 private transient IntegrityMonitor im;
166 private transient IntegrityAudit ia;
168 //MicroService Model Properties
169 private static String msOnapName;
170 private static String msPolicyName;
172 * This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when
173 * this servlet starts. Its configurable by the admin.
175 private transient static Thread initiateThread = null;
176 private transient ONAPLoggingContext baseLoggingContext = null;
179 * @see HttpServlet#HttpServlet()
181 public XACMLPapServlet() {
186 * @see Servlet#init(ServletConfig)
188 public void init(ServletConfig config) throws ServletException {
191 baseLoggingContext = new ONAPLoggingContext();
192 // fixed data that will be the same in all logging output goes here
194 String hostname = InetAddress.getLocalHost().getCanonicalHostName();
195 baseLoggingContext.setServer(hostname);
196 } catch (UnknownHostException e) {
197 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get hostname for logging", e);
200 XACMLRest.xacmlInit(config);
201 // Load the properties
202 XACMLRest.loadXacmlProperties(null, null);
204 * Retrieve the property values
206 setCommonProperties();
207 String papSiteName = XACMLProperties.getProperty(XACMLRestProperties.PAP_SITE_NAME);
208 if(papSiteName == null){
209 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papSiteName property entry");
210 throw new PAPException("papSiteName is null");
212 String papNodeType = XACMLProperties.getProperty(XACMLRestProperties.PAP_NODE_TYPE);
213 if(papNodeType == null){
214 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papNodeType property entry");
215 throw new PAPException("papNodeType is null");
217 //Integer will throw an exception of anything is missing or unrecognized
218 int papTransWait = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT));
219 int papTransTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT));
220 int papAuditTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_TIMEOUT));
221 //Boolean will default to false if anything is missing or unrecognized
222 boolean papAuditFlag = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG));
223 boolean papFileSystemAudit = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_FLAG));
224 String papDependencyGroups = XACMLProperties.getProperty(XACMLRestProperties.PAP_DEPENDENCY_GROUPS);
225 if(papDependencyGroups == null){
226 throw new PAPException("papDependencyGroups is null");
228 setPAPDependencyGroups(papDependencyGroups);
229 //Integer will throw an exception of anything is missing or unrecognized
230 int fpMonitorInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FP_MONITOR_INTERVAL));
231 int failedCounterThreshold = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FAILED_COUNTER_THRESHOLD));
232 int testTransInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.TEST_TRANS_INTERVAL));
233 int writeFpcInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.WRITE_FPC_INTERVAL));
234 LOGGER.debug("\n\n\n**************************************"
235 + "\n*************************************"
237 + "\n papDbDriver = " + papDbDriver
238 + "\n papDbUrl = " + papDbUrl
239 + "\n papDbUser = " + papDbUser
240 + "\n papDbPassword = " + papDbPassword
241 + "\n papTransWait = " + papTransWait
242 + "\n papTransTimeout = " + papTransTimeout
243 + "\n papAuditTimeout = " + papAuditTimeout
244 + "\n papAuditFlag = " + papAuditFlag
245 + "\n papFileSystemAudit = " + papFileSystemAudit
246 + "\n papResourceName = " + papResourceName
247 + "\n fpMonitorInterval = " + fpMonitorInterval
248 + "\n failedCounterThreshold = " + failedCounterThreshold
249 + "\n testTransInterval = " + testTransInterval
250 + "\n writeFpcInterval = " + writeFpcInterval
251 + "\n papSiteName = " + papSiteName
252 + "\n papNodeType = " + papNodeType
253 + "\n papDependencyGroupsList = " + papDependencyGroups
254 + "\n papIntegrityAuditPeriodSeconds = " + papIntegrityAuditPeriodSeconds
255 + "\n\n*************************************"
256 + "\n**************************************");
257 // Pull custom persistence settings
258 Properties properties;
260 properties = XACMLProperties.getProperties();
261 LOGGER.debug("\n\n\n**************************************"
262 + "\n**************************************"
264 + "properties = " + properties
265 + "\n\n**************************************");
266 } catch (IOException e) {
267 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " Error loading properties with: "
268 + "XACMLProperties.getProperties()");
269 throw new ServletException(e.getMessage(), e.getCause());
271 // Create an IntegrityMonitor
272 im = IntegrityMonitor.getInstance(papResourceName,properties);
273 // Create an IntegrityAudit
274 ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
275 ia.startAuditThread();
276 // Create the entity manager factory
278 // we are about to call the PDPs and give them their configuration.
279 // To do that we need to have the URL of this PAP so we can construct the Policy file URLs
280 setPAPURL(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL));
281 //Create the policyDBDao
283 // Load our PAP engine, first create a factory
284 ONAPPapEngineFactory factory = ONAPPapEngineFactory.newInstance(XACMLProperties.getProperty(XACMLProperties.PROP_PAP_PAPENGINEFACTORY));
285 // The factory knows how to go about creating a PAP Engine
286 setPAPEngine((PAPPolicyEngine) factory.newEngine());
287 PolicyDBDaoTransaction addNewGroup = null;
289 if(((org.onap.policy.xacml.std.pap.StdEngine)papEngine).wasDefaultGroupJustAdded){
290 addNewGroup = policyDBDao.getNewTransaction();
291 OnapPDPGroup group = papEngine.getDefaultGroup();
292 addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(), "automaticallyAdded");
293 addNewGroup.commitTransaction();
294 addNewGroup = policyDBDao.getNewTransaction();
295 addNewGroup.changeDefaultGroup(group, "automaticallyAdded");
296 addNewGroup.commitTransaction();
298 } catch(Exception e){
299 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " Error creating new default group in the database");
300 if(addNewGroup != null){
301 addNewGroup.rollbackTransaction();
304 policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine);
305 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){
306 //get an AuditTransaction to lock out all other transactions
307 PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction();
308 policyDBDao.auditLocalDatabase(XACMLPapServlet.papEngine);
309 //release the transaction lock
313 // Sanity check for URL.
314 if (XACMLPapServlet.papURL == null) {
315 throw new PAPException("The property " + XACMLRestProperties.PROP_PAP_URL + " is not valid: " + XACMLPapServlet.papURL);
317 // Configurable - have the PAP servlet initiate sending the latest PDP policy/pip configuration
318 // to all its known PDP nodes.
319 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_INITIATE_PDP_CONFIG))) {
320 startInitiateThreadService(new Thread(this));
322 // After startup, the PAP does Heartbeat's to each of the PDPs periodically
323 startHeartBeatService(new Heartbeat((PAPPolicyEngine) XACMLPapServlet.papEngine));
325 } catch (FactoryException | PAPException e) {
326 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine");
327 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; error: "+e);
328 } catch (Exception e) {
329 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine - unexpected error");
330 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; unexpected error: "+e);
334 private static void startInitiateThreadService(Thread thread) {
335 initiateThread = thread;
336 initiateThread.start();
339 private static void mapperWriteValue(ObjectMapper mapper, ServletOutputStream out, Object value) {
341 mapper.writeValue(out, value);
342 } catch (Exception e) {
347 private static void startHeartBeatService(Heartbeat heartbeat) {
348 XACMLPapServlet.heartbeat = heartbeat;
349 XACMLPapServlet.heartbeatThread = new Thread(XACMLPapServlet.heartbeat);
350 XACMLPapServlet.heartbeatThread.start();
353 private static void setPolicyDBDao() throws ServletException {
355 policyDBDao = PolicyDBDao.getPolicyDBDaoInstance(getEmf());
356 } catch (Exception e) {
357 throw new ServletException("Unable to Create Policy DBDao Instance",e);
361 private static void setEMF(Properties properties) throws ServletException {
362 emf = Persistence.createEntityManagerFactory(PERSISTENCE_UNIT, properties);
364 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager factory with persistence unit: "
366 throw new ServletException("Unable to create Entity Manager Factory");
370 private static void setPAPURL(String papURL) {
371 XACMLPapServlet.papURL = papURL;
374 private static void setPAPEngine(PAPPolicyEngine newEngine) {
375 XACMLPapServlet.papEngine = newEngine;
378 private static void setPAPDependencyGroups(String papDependencyGroups) throws PAPException {
380 //Now we have flattened the array into a simple comma-separated list
381 papDependencyGroupsFlatArray = papDependencyGroups.split("[;,]");
382 //clean up the entries
383 for (int i = 0 ; i < papDependencyGroupsFlatArray.length ; i ++){
384 papDependencyGroupsFlatArray[i] = papDependencyGroupsFlatArray[i].trim();
387 if(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS) != null){
388 papIntegrityAuditPeriodSeconds = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS).trim());
391 String msg = "integrity_audit_period_seconds ";
392 LOGGER.error("\n\nERROR: " + msg + "Bad property entry: " + e.getMessage() + "\n");
393 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: " + msg +"Bad property entry");
397 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry");
398 throw new PAPException(e);
402 private static void setCommonProperties() throws PAPException {
405 papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER);
406 if(papDbDriver == null){
407 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbDriver property entry");
408 throw new PAPException("papDbDriver is null");
410 setPapDbDriver(papDbDriver);
411 papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL);
412 if(papDbUrl == null){
413 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUrl property entry");
414 throw new PAPException("papDbUrl is null");
416 setPapDbUrl(papDbUrl);
417 papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER);
418 if(papDbUser == null){
419 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUser property entry");
420 throw new PAPException("papDbUser is null");
422 setPapDbUser(papDbUser);
423 papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD);
424 if(papDbPassword == null){
425 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
426 throw new PAPException("papDbPassword is null");
428 setPapDbPassword(papDbPassword);
429 papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME);
430 if(papResourceName == null){
431 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papResourceName property entry");
432 throw new PAPException("papResourceName is null");
434 environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
435 //Micro Service Properties
436 msOnapName=XACMLProperties.getProperty("xacml.policy.msOnapName");
437 setMsOnapName(msOnapName);
438 msPolicyName=XACMLProperties.getProperty("xacml.policy.msPolicyName");
439 setMsPolicyName(msPolicyName);
440 // PDPId File location
441 XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE);
442 if (XACMLPapServlet.pdpFile == null) {
443 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " The PDP Id Authentication File Property is not valid: "
444 + XACMLRestProperties.PROP_PDP_IDFILE);
445 throw new PAPException("The PDP Id Authentication File Property :"+ XACMLRestProperties.PROP_PDP_IDFILE+ " is not Valid. ");
450 * Thread used only during PAP startup to initiate change messages to all known PDPs.
451 * This must be on a separate thread so that any GET requests from the PDPs during this update can be serviced.
455 // send the current configuration to all the PDPs that we know about
460 * @see Servlet#destroy()
462 * Depending on how this servlet is run, we may or may not care about cleaning up the resources.
463 * For now we assume that we do care.
466 public void destroy() {
467 // Make sure our threads are destroyed
468 if (XACMLPapServlet.heartbeatThread != null) {
469 // stop the heartbeat
471 if (XACMLPapServlet.heartbeat != null) {
472 XACMLPapServlet.heartbeat.terminate();
474 XACMLPapServlet.heartbeatThread.interrupt();
475 XACMLPapServlet.heartbeatThread.join();
476 } catch (InterruptedException e) {
477 XACMLPapServlet.heartbeatThread.interrupt();
478 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping heartbeat");
481 if (initiateThread != null) {
483 initiateThread.interrupt();
484 initiateThread.join();
485 } catch (InterruptedException e) {
486 initiateThread.interrupt();
487 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping thread");
494 * - PDP nodes to register themselves with the PAP, and
495 * - Admin Console to make changes in the PDP Groups.
497 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
499 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
500 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
501 loggingContext.transactionStarted();
502 loggingContext.setServiceName("PAP.post");
503 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
504 UUID requestID = UUID.randomUUID();
505 loggingContext.setRequestID(requestID.toString());
506 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPost) so we generated one");
508 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)");
510 PolicyDBDaoTransaction pdpTransaction = null;
512 im.startTransaction();
513 } catch (AdministrativeStateException ae){
514 String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
515 + " state of " + im.getStateManager().getAdminState()
516 + "\n Exception Message: " + ae.getMessage();
517 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae);
518 loggingContext.transactionEnded();
519 PolicyLogger.audit("Transaction Failed - See Error.log");
520 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
522 }catch (StandbyStatusException se) {
523 String message = "POST interface called for PAP " + papResourceName + " but it has a Standby Status"
524 + " of " + im.getStateManager().getStandbyStatus()
525 + "\n Exception Message: " + se.getMessage();
526 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, se);
527 loggingContext.transactionEnded();
528 PolicyLogger.audit("Transaction Failed - See Error.log");
529 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
533 XACMLRest.dumpRequest(request);
534 // since getParameter reads the content string, explicitly get the content before doing that.
535 // Simply getting the inputStream seems to protect it against being consumed by getParameter.
536 request.getInputStream();
537 String groupId = request.getParameter("groupId");
538 String apiflag = request.getParameter("apiflag");
539 if(groupId != null) {
540 // Is this from the Admin Console or API?
541 if(apiflag!=null && apiflag.equalsIgnoreCase("api")) {
542 // this is from the API so we need to check the client credentials before processing the request
543 if(!authorizeRequest(request)){
544 String message = "PEP not Authorized for making this Request!!";
545 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
546 loggingContext.transactionEnded();
547 PolicyLogger.audit("Transaction Failed - See Error.log");
548 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
553 doACPost(request, response, groupId, loggingContext);
554 loggingContext.transactionEnded();
555 PolicyLogger.audit("Transaction Ended Successfully");
559 // Request is from a PDP asking for its config.
560 loggingContext.setServiceName("PDP:PAP.register");
562 String id = this.getPDPID(request);
563 String jmxport = this.getPDPJMX(request);
564 LOGGER.info("Request(doPost) from PDP coming up: " + id);
565 // Get the PDP Object
566 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
569 LOGGER.info("Unknown PDP: " + id);
571 if(CheckPDP.validateID(id)){
572 pdpTransaction = policyDBDao.getNewTransaction();
574 pdpTransaction.addPdpToGroup(id, XACMLPapServlet.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister");
575 XACMLPapServlet.papEngine.newPDP(id, XACMLPapServlet.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport));
576 } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException e) {
577 pdpTransaction.rollbackTransaction();
578 String message = "Failed to create new PDP for id: " + id;
579 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message);
580 loggingContext.transactionEnded();
581 PolicyLogger.audit("Transaction Failed - See Error.log");
582 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
586 // get the PDP we just created
587 pdp = XACMLPapServlet.papEngine.getPDP(id);
589 if(pdpTransaction != null){
590 pdpTransaction.rollbackTransaction();
592 String message = "Failed to create new PDP for id: " + id;
593 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
594 loggingContext.transactionEnded();
595 PolicyLogger.audit("Transaction Failed - See Error.log");
596 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
601 String message = "PDP is Unauthorized to Connect to PAP: "+ id;
602 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
603 loggingContext.transactionEnded();
604 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration.");
605 PolicyLogger.audit("Transaction Failed - See Error.log");
610 pdpTransaction.commitTransaction();
611 } catch(Exception e){
612 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database");
615 if (jmxport != null && jmxport != ""){
616 ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport));
618 // Get the PDP's Group
619 OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
621 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " PDP not associated with any group, even the default");
622 loggingContext.transactionEnded();
623 PolicyLogger.audit("Transaction Failed - See Error.log");
624 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not associated with any group, even the default");
628 // Determine what group the PDP node is in and get
629 // its policy/pip properties.
630 Properties policies = group.getPolicyProperties();
631 Properties pipconfig = group.getPipConfigProperties();
632 // Get the current policy/pip configuration that the PDP has
633 Properties pdpProperties = new Properties();
634 pdpProperties.load(request.getInputStream());
635 LOGGER.info("PDP Current Properties: " + pdpProperties.toString());
636 LOGGER.info("Policies: " + (policies != null ? policies.toString() : "null"));
637 LOGGER.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null"));
638 // Validate the node's properties
639 boolean isCurrent = this.isPDPCurrent(policies, pipconfig, pdpProperties);
640 // Send back current configuration
641 if (isCurrent == false) {
642 // Tell the PDP we are sending back the current policies/pip config
643 LOGGER.info("PDP configuration NOT current.");
644 if (policies != null) {
645 // Put URL's into the properties in case the PDP needs to
647 this.populatePolicyURL(request.getRequestURL(), policies);
648 // Copy the properties to the output stream
649 policies.store(response.getOutputStream(), "");
651 if (pipconfig != null) {
652 // Copy the properties to the output stream
653 pipconfig.store(response.getOutputStream(), "");
655 // We are good - and we are sending them information
656 response.setStatus(HttpServletResponse.SC_OK);
657 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
659 // Tell them they are good
660 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
661 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
663 // tell the AC that something changed
665 loggingContext.transactionEnded();
666 auditLogger.info("Success");
667 PolicyLogger.audit("Transaction Ended Successfully");
668 } catch (PAPException | IOException | NumberFormatException e) {
669 if(pdpTransaction != null){
670 pdpTransaction.rollbackTransaction();
672 LOGGER.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e);
673 loggingContext.transactionEnded();
674 PolicyLogger.audit("Transaction Failed - See Error.log");
675 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
679 //Catch anything that fell through
680 loggingContext.transactionEnded();
681 PolicyLogger.audit("Transaction Ended");
685 private void setResponseError(HttpServletResponse response,int responseCode, String message) {
687 response.sendError(responseCode, message);
688 } catch (IOException e) {
689 LOGGER.error("Error setting Error response Header ", e);
695 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
697 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
698 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
699 loggingContext.transactionStarted();
700 loggingContext.setServiceName("PAP.get");
701 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
702 UUID requestID = UUID.randomUUID();
703 loggingContext.setRequestID(requestID.toString());
704 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doGet) so we generated one");
706 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)");
709 XACMLRest.dumpRequest(request);
710 String pathInfo = request.getRequestURI();
711 LOGGER.info("path info: " + pathInfo);
712 if (pathInfo != null){
713 //DO NOT do a im.startTransaction for the test request
714 if (pathInfo.equals("/pap/test")) {
716 testService(loggingContext, response);
717 } catch (IOException e) {
723 //This im.startTransaction() covers all other Get transactions
725 im.startTransaction();
726 } catch (AdministrativeStateException ae){
727 String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative"
728 + " state of " + im.getStateManager().getAdminState()
729 + "\n Exception Message: " + ae.getMessage();
730 LOGGER.info(message, ae);
731 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
732 loggingContext.transactionEnded();
733 PolicyLogger.audit("Transaction Failed - See Error.log");
734 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
736 }catch (StandbyStatusException se) {
737 String message = "GET interface called for PAP " + papResourceName + " but it has a Standby Status"
738 + " of " + im.getStateManager().getStandbyStatus()
739 + "\n Exception Message: " + se.getMessage();
740 LOGGER.info(message, se);
741 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
742 loggingContext.transactionEnded();
743 PolicyLogger.audit("Transaction Failed - See Error.log");
744 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
747 // Request from the API to get the gitPath
748 String apiflag = request.getParameter("apiflag");
750 if(authorizeRequest(request)){
751 APIRequestHandler apiRequestHandler = new APIRequestHandler();
752 apiRequestHandler.doGet(request,response, apiflag);
753 loggingContext.transactionEnded();
754 PolicyLogger.audit("Transaction Ended Successfully");
758 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
759 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
760 loggingContext.transactionEnded();
761 PolicyLogger.audit("Transaction Failed - See Error.log");
762 setResponseError(response, HttpServletResponse.SC_FORBIDDEN, message);
767 // Is this from the Admin Console?
768 String groupId = request.getParameter("groupId");
769 if (groupId != null) {
770 // this is from the Admin Console, so handle separately
771 doACGet(request, response, groupId, loggingContext);
772 loggingContext.transactionEnded();
773 PolicyLogger.audit("Transaction Ended Successfully");
778 String id = this.getPDPID(request);
779 LOGGER.info("doGet from: " + id);
780 // Get the PDP Object
781 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
784 // Check if request came from localhost
785 if (request.getRemoteHost().equals("localhost") ||
786 request.getRemoteHost().equals(localIp) ||
787 request.getRemoteHost().equals(request.getLocalAddr())) {
788 // Return status information - basically all the groups
789 loggingContext.setServiceName("PAP.getGroups");
790 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
791 // convert response object to JSON and include in the response
792 mapperWriteValue(new ObjectMapper(), response.getOutputStream(), groups);
793 response.setHeader("content-type", "application/json");
794 response.setStatus(HttpServletResponse.SC_OK);
795 loggingContext.transactionEnded();
796 PolicyLogger.audit("Transaction Ended Successfully");
800 String message = "Unknown PDP: " + id + " from " + request.getRemoteHost() + " us: " + request.getLocalAddr();
801 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
802 loggingContext.transactionEnded();
803 PolicyLogger.audit("Transaction Failed - See Error.log");
804 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
808 loggingContext.setServiceName("PAP.getPolicy");
809 // Get the PDP's Group
810 OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
812 String message = "No group associated with pdp " + pdp.getId();
813 LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message);
814 loggingContext.transactionEnded();
815 PolicyLogger.audit("Transaction Failed - See Error.log");
816 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
820 // Which policy do they want?
821 String policyId = request.getParameter("id");
822 if (policyId == null) {
823 String message = "Did not specify an id for the policy";
824 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
825 loggingContext.transactionEnded();
826 PolicyLogger.audit("Transaction Failed - See Error.log");
827 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
831 PDPPolicy policy = group.getPolicy(policyId);
832 if (policy == null) {
833 String message = "Unknown policy: " + policyId;
834 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
835 loggingContext.transactionEnded();
836 PolicyLogger.audit("Transaction Failed - See Error.log");
837 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
841 LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n "
842 + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString());
843 try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) {
844 // Send the policy back
845 IOUtils.copy(is, os);
846 response.setStatus(HttpServletResponse.SC_OK);
847 loggingContext.transactionEnded();
848 auditLogger.info("Success");
849 PolicyLogger.audit("Transaction Ended Successfully");
850 } catch (IOException e) {
851 String message = "Failed to open policy id " + policyId;
853 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
854 loggingContext.transactionEnded();
855 PolicyLogger.audit("Transaction Failed - See Error.log");
856 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
858 } catch (PAPException | IOException e) {
860 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception");
861 loggingContext.transactionEnded();
862 PolicyLogger.audit("Transaction Failed - See Error.log");
863 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
867 loggingContext.transactionEnded();
868 PolicyLogger.audit("Transaction Ended");
873 * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
875 protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
876 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
877 loggingContext.transactionStarted();
878 loggingContext.setServiceName("PAP.put");
879 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
880 UUID requestID = UUID.randomUUID();
881 loggingContext.setRequestID(requestID.toString());
882 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPut) so we generated one");
884 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)");
887 im.startTransaction();
888 } catch (AdministrativeStateException | StandbyStatusException e) {
889 String message = "PUT interface called for PAP " + papResourceName;
890 if (e instanceof AdministrativeStateException) {
891 message += " but it has an Administrative state of "
892 + im.getStateManager().getAdminState();
893 } else if (e instanceof StandbyStatusException) {
894 message += " but it has a Standby Status of "
895 + im.getStateManager().getStandbyStatus();
898 message += "\n Exception Message: " + e.getMessage();
900 LOGGER.info(message, e);
901 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
902 loggingContext.transactionEnded();
903 PolicyLogger.audit("Transaction Failed - See Error.log");
904 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
908 XACMLRest.dumpRequest(request);
909 //need to check if request is from the API or Admin console
910 String apiflag = request.getParameter("apiflag");
911 //This would occur if a PolicyDBDao notification was received
912 String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
913 if(policyDBDaoRequestUrl != null){
914 String policyDBDaoRequestEntityId = request.getParameter("entityid");
915 //String policyDBDaoRequestEntityType = request.getParameter("entitytype");
916 String policyDBDaoRequestEntityType = request.getParameter("entitytype");
917 String policyDBDaoRequestExtraData = request.getParameter("extradata");
918 if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){
919 setResponseError(response,400, "entityid or entitytype not supplied");
920 loggingContext.transactionEnded();
921 PolicyLogger.audit("Transaction Ended Successfully");
925 policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
926 response.setStatus(200);
927 loggingContext.transactionEnded();
928 PolicyLogger.audit("Transaction Ended Successfully");
933 * Request for ImportService
935 String importService = request.getParameter("importService");
936 if (importService != null) {
937 if(authorizeRequest(request)){
938 APIRequestHandler apiRequestHandler = new APIRequestHandler();
939 apiRequestHandler.doPut(request, response, importService);
943 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
944 LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
945 loggingContext.transactionEnded();
946 PolicyLogger.audit("Transaction Failed - See Error.log");
947 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
951 //This would occur if we received a notification of a policy rename from AC
952 String oldPolicyName = request.getParameter("oldPolicyName");
953 String newPolicyName = request.getParameter("newPolicyName");
954 if(oldPolicyName != null && newPolicyName != null){
955 if(LOGGER.isDebugEnabled()){
956 LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding"
957 + "\npolicyToCreateUpdate = " + " ");
961 oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8");
962 newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8");
963 if(LOGGER.isDebugEnabled()){
964 LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding"
965 + "\npolicyToCreateUpdate = " + " ");
967 } catch(UnsupportedEncodingException e){
968 PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
969 + "\npolicyToCreateUpdate = " + " ");
970 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToCreateUpdate encoding not supported"
971 + "\nfailure with the following exception: " + e);
972 loggingContext.transactionEnded();
973 PolicyLogger.audit("Transaction Failed - See error.log");
977 //send it to PolicyDBDao
978 PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction();
980 renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
982 renameTransaction.rollbackTransaction();
983 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
984 + "\nfailure with the following exception: " + e);
985 loggingContext.transactionEnded();
986 PolicyLogger.audit("Transaction Failed - See error.log");
990 renameTransaction.commitTransaction();
991 response.setStatus(HttpServletResponse.SC_OK);
992 loggingContext.transactionEnded();
993 PolicyLogger.audit("Transaction Ended Successfully");
998 // See if this is Admin Console registering itself with us
1000 String acURLString = request.getParameter("adminConsoleURL");
1001 if (acURLString != null) {
1002 loggingContext.setServiceName("AC:PAP.register");
1003 // remember this Admin Console for future updates
1004 if ( ! adminConsoleURLStringList.contains(acURLString)) {
1005 adminConsoleURLStringList.add(acURLString);
1007 if (LOGGER.isDebugEnabled()) {
1008 LOGGER.debug("Admin Console registering with URL: " + acURLString);
1010 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1011 loggingContext.transactionEnded();
1012 auditLogger.info("Success");
1013 PolicyLogger.audit("Transaction Ended Successfully");
1014 im.endTransaction();
1018 * This is to update the PDP Group with the policy/policies being pushed
1019 * Part of a 2 step process to push policies to the PDP that can now be done
1020 * From both the Admin Console and the PolicyEngine API
1022 String groupId = request.getParameter("groupId");
1023 if (groupId != null) {
1025 if(!authorizeRequest(request)){
1026 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1027 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1028 loggingContext.transactionEnded();
1029 PolicyLogger.audit("Transaction Failed - See Error.log");
1030 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1033 if(apiflag.equalsIgnoreCase("addPolicyToGroup")){
1034 updateGroupsFromAPI(request, response, groupId, loggingContext);
1035 loggingContext.transactionEnded();
1036 PolicyLogger.audit("Transaction Ended Successfully");
1037 im.endTransaction();
1041 // this is from the Admin Console, so handle separately
1042 doACPut(request, response, groupId, loggingContext);
1043 loggingContext.transactionEnded();
1044 PolicyLogger.audit("Transaction Ended Successfully");
1045 im.endTransaction();
1049 // Request is for policy validation and creation
1051 if (apiflag != null && apiflag.equalsIgnoreCase("admin")){
1052 // this request is from the Admin Console
1053 SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance();
1054 savePolicyHandler.doPolicyAPIPut(request, response);
1055 loggingContext.transactionEnded();
1056 PolicyLogger.audit("Transaction Ended Successfully");
1057 im.endTransaction();
1059 } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) {
1060 // this request is from the Policy Creation API
1061 if(authorizeRequest(request)){
1062 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1063 apiRequestHandler.doPut(request, response, request.getHeader("ClientScope"));
1064 loggingContext.transactionEnded();
1065 PolicyLogger.audit("Transaction Ended Successfully");
1066 im.endTransaction();
1069 String message = "PEP not Authorized for making this Request!!";
1070 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1071 loggingContext.transactionEnded();
1072 PolicyLogger.audit("Transaction Failed - See Error.log");
1073 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1074 im.endTransaction();
1078 // We do not expect anything from anywhere else.
1079 // This method is here in case we ever need to support other operations.
1080 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag");
1081 loggingContext.transactionEnded();
1082 PolicyLogger.audit("Transaction Failed - See Error.log");
1083 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
1084 loggingContext.transactionEnded();
1085 PolicyLogger.audit("Transaction Failed - See error.log");
1086 im.endTransaction();
1090 * @see HttpServlet#doDelete(HttpServletRequest request, HttpServletResponse response)
1092 protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
1093 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
1094 loggingContext.transactionStarted();
1095 loggingContext.setServiceName("PAP.delete");
1096 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
1097 UUID requestID = UUID.randomUUID();
1098 loggingContext.setRequestID(requestID.toString());
1099 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doDelete) so we generated one");
1101 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)");
1104 im.startTransaction();
1105 } catch (AdministrativeStateException ae){
1106 String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative"
1107 + " state of " + im.getStateManager().getAdminState()
1108 + "\n Exception Message: " + ae.getMessage();
1109 LOGGER.info(message, ae);
1110 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1111 loggingContext.transactionEnded();
1112 PolicyLogger.audit("Transaction Failed - See Error.log");
1113 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1115 }catch (StandbyStatusException se) {
1116 String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
1117 + " of " + im.getStateManager().getStandbyStatus()
1118 + "\n Exception Message: " + se.getMessage();
1119 LOGGER.info(message, se);
1120 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1121 loggingContext.transactionEnded();
1122 PolicyLogger.audit("Transaction Failed - See Error.log");
1123 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1126 XACMLRest.dumpRequest(request);
1127 String groupId = request.getParameter("groupId");
1128 String apiflag = request.getParameter("apiflag");
1129 if (groupId != null) {
1130 // Is this from the Admin Console or API?
1132 if(!authorizeRequest(request)){
1133 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1134 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1135 loggingContext.transactionEnded();
1136 PolicyLogger.audit("Transaction Failed - See Error.log");
1137 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1140 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1142 apiRequestHandler.doDelete(request, response, loggingContext, apiflag);
1143 } catch (Exception e) {
1144 LOGGER.error("Exception Occured"+e);
1146 if(apiRequestHandler.getNewGroup()!=null){
1147 groupChanged(apiRequestHandler.getNewGroup());
1151 // this is from the Admin Console, so handle separately
1152 doACDelete(request, response, groupId, loggingContext);
1153 loggingContext.transactionEnded();
1154 PolicyLogger.audit("Transaction Ended Successfully");
1155 im.endTransaction();
1158 //Catch anything that fell through
1159 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId");
1160 loggingContext.transactionEnded();
1161 PolicyLogger.audit("Transaction Failed - See Error.log");
1162 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
1163 im.endTransaction();
1166 private boolean isPDPCurrent(Properties policies, Properties pipconfig, Properties pdpProperties) {
1167 String localRootPolicies = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1168 String localReferencedPolicies = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1169 if (localRootPolicies == null || localReferencedPolicies == null) {
1170 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing property on PAP server: RootPolicies="+localRootPolicies+" ReferencedPolicies="+localReferencedPolicies);
1173 // Compare the policies and pipconfig properties to the pdpProperties
1175 // the policy properties includes only xacml.rootPolicies and
1176 // xacml.referencedPolicies without any .url entries
1177 Properties pdpPolicies = XACMLProperties.getPolicyProperties(pdpProperties, false);
1178 Properties pdpPipConfig = XACMLProperties.getPipProperties(pdpProperties);
1179 if (localRootPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_ROOTPOLICIES)) &&
1180 localReferencedPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)) &&
1181 pdpPipConfig.equals(pipconfig)) {
1182 // The PDP is current
1185 } catch (Exception e) {
1186 // we get here if the PDP did not include either xacml.rootPolicies or xacml.pip.engines,
1187 // or if there are policies that do not have a corresponding ".url" property.
1188 // Either of these cases means that the PDP is not up-to-date, so just drop-through to return false.
1189 PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPapServlet", " PDP Error");
1194 private void populatePolicyURL(StringBuffer urlPath, Properties policies) {
1195 String lists[] = new String[2];
1196 lists[0] = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1197 lists[1] = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1198 for (String list : lists) {
1199 if (list != null && list.isEmpty() == false) {
1200 for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(list)) {
1201 String url = urlPath + "?id=" + id;
1202 LOGGER.info("Policy URL for " + id + ": " + url);
1203 policies.setProperty(id + ".url", url);
1209 protected String getPDPID(HttpServletRequest request) {
1210 String pdpURL = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_ID);
1211 if (pdpURL == null || pdpURL.isEmpty()) {
1212 // Should send back its port for identification
1213 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header");
1219 protected String getPDPJMX(HttpServletRequest request) {
1220 String pdpJMMX = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_JMX_PORT);
1221 if (pdpJMMX == null || pdpJMMX.isEmpty()) {
1222 // Should send back its port for identification
1223 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header for JMX Port so the value of 0 is assigned");
1230 * Requests from the PolicyEngine API to update the PDP Group with pushed policy
1235 * @param loggingContext
1236 * @throws ServletException
1237 * @throws IOException
1239 public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1240 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1242 // for PUT operations the group may or may not need to exist before the operation can be done
1243 StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId);
1244 // get the request input stream content into a String
1246 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1247 scanner.useDelimiter("\\A");
1248 json = scanner.hasNext() ? scanner.next() : "";
1250 PolicyLogger.info("JSON request from PolicyEngine API: " + json);
1251 // convert Object sent as JSON into local object
1252 StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class);
1253 Set<PDPPolicy> policies = new HashSet<>();
1255 policies.add(policy);
1257 //Get the current policies from the Group and Add the new one
1258 Set<PDPPolicy> currentPoliciesInGroup = new HashSet<>();
1259 currentPoliciesInGroup = group.getPolicies();
1260 //If the selected policy is in the group we must remove it because the name is default
1261 Iterator<PDPPolicy> policyIterator = policies.iterator();
1262 LOGGER.debug("policyIterator....." + policies);
1263 while (policyIterator.hasNext()) {
1264 PDPPolicy selPolicy = policyIterator.next();
1265 for (PDPPolicy existingPolicy : currentPoliciesInGroup) {
1266 if (existingPolicy.getId().equals(selPolicy.getId())) {
1267 group.removePolicyFromGroup(existingPolicy);
1268 LOGGER.debug("Removing policy: " + existingPolicy);
1273 //Update the PDP Group after removing old version of policy
1274 Set<PDPPolicy> updatedPoliciesInGroup = new HashSet<>();
1275 updatedPoliciesInGroup = group.getPolicies();
1276 //need to remove the policy with default name from group
1277 for (PDPPolicy updatedPolicy : currentPoliciesInGroup) {
1278 if (updatedPolicy.getName().equalsIgnoreCase("default")) {
1279 group.removePolicyFromGroup(updatedPolicy);
1283 if(updatedPoliciesInGroup!=null){
1284 policies.addAll(updatedPoliciesInGroup);
1286 group.setPolicies(policies);
1287 // Assume that this is an update of an existing PDP Group
1288 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1290 acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut");
1291 } catch(Exception e){
1292 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: "
1293 +"group="+group.getId());
1294 throw new PAPException(e.getMessage());
1296 papEngine.updateGroup(group);
1297 String policyId = "empty";
1299 policyId = policy.getId();
1301 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1302 response.addHeader("operation", "push");
1303 response.addHeader("policyId", policyId);
1304 response.addHeader("groupId", groupId);
1305 if (LOGGER.isDebugEnabled()) {
1306 LOGGER.debug("Group '" + group.getId() + "' updated");
1308 acPutTransaction.commitTransaction();
1310 // Group changed, which might include changing the policies
1311 groupChanged(group);
1312 loggingContext.transactionEnded();
1313 auditLogger.info("Success");
1315 if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1316 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1317 if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
1318 LOGGER.debug("Precheck Successful.");
1322 PolicyLogger.audit("Transaction Ended Successfully");
1324 } catch (PAPException e) {
1325 acPutTransaction.rollbackTransaction();
1326 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1327 loggingContext.transactionEnded();
1328 PolicyLogger.audit("Transaction Failed - See Error.log");
1329 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
1330 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1331 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1332 response.addHeader("error","addGroupError");
1333 response.addHeader("message", message);
1339 * Requests from the Admin Console for operations not on single specific objects
1344 * @param loggingContext
1345 * @throws ServletException
1346 * @throws IOException
1348 private void doACPost(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1349 PolicyDBDaoTransaction doACPostTransaction = null;
1351 String groupName = request.getParameter("groupName");
1352 String groupDescription = request.getParameter("groupDescription");
1353 String apiflag = request.getParameter("apiflag");
1354 if (groupName != null && groupDescription != null) {
1355 // Args: group=<groupId> groupName=<name> groupDescription=<description> <= create a new group
1356 loggingContext.setServiceName("AC:PAP.createGroup");
1357 String unescapedName = URLDecoder.decode(groupName, "UTF-8");
1358 String unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8");
1359 PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction();
1361 newGroupTransaction.createGroup(PolicyDBDao.createNewPDPGroupId(unescapedName), unescapedName, unescapedDescription,"XACMLPapServlet.doACPost");
1362 papEngine.newGroup(unescapedName, unescapedDescription);
1363 newGroupTransaction.commitTransaction();
1364 } catch (Exception e) {
1365 newGroupTransaction.rollbackTransaction();
1366 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group");
1367 loggingContext.transactionEnded();
1369 PolicyLogger.audit("Transaction Failed - See Error.log");
1370 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to create new group '" + groupId + "'");
1373 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1374 if (LOGGER.isDebugEnabled()) {
1375 LOGGER.debug("New Group '" + groupId + "' created");
1377 // tell the Admin Consoles there is a change
1379 // new group by definition has no PDPs, so no need to notify them of changes
1380 loggingContext.transactionEnded();
1381 PolicyLogger.audit("Transaction Failed - See Error.log");
1382 auditLogger.info("Success");
1383 PolicyLogger.audit("Transaction Ended Successfully");
1386 // for all remaining POST operations the group must exist before the operation can be done
1387 OnapPDPGroup group = papEngine.getGroup(groupId);
1388 if (group == null) {
1389 String message = "Unknown groupId '" + groupId + "'";
1390 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1391 loggingContext.transactionEnded();
1392 PolicyLogger.audit("Transaction Failed - See Error.log");
1394 response.addHeader("error", "unknownGroupId");
1395 response.addHeader("operation", "push");
1396 response.addHeader("message", message);
1397 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
1399 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1403 // determine the operation needed based on the parameters in the request
1404 if (request.getParameter("policyId") != null) {
1405 // Args: group=<groupId> policy=<policyId> <= copy file
1406 // copy a policy from the request contents into a file in the group's directory on this machine
1408 loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy");
1410 loggingContext.setServiceName("AC:PAP.postPolicy");
1412 String policyId = request.getParameter("policyId");
1413 PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction();
1415 InputStream is = null;
1417 if (apiflag != null){
1418 // get the request content into a String if the request is from API
1420 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1421 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1422 scanner.useDelimiter("\\A");
1423 json = scanner.hasNext() ? scanner.next() : "";
1425 LOGGER.info("JSON request from API: " + json);
1426 // convert Object sent as JSON into local object
1427 ObjectMapper mapper = new ObjectMapper();
1428 Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class);
1429 StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON;
1430 temp = new File(policy.getLocation());
1431 is = new FileInputStream(temp);
1433 is = request.getInputStream();
1435 addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost");
1436 if (apiflag != null){
1437 ((StdPDPGroup) group).copyPolicyToFile(policyId,"API", is);
1440 if (policyId.endsWith(".xml")) {
1441 name = policyId.replace(".xml", "");
1442 name = name.substring(0, name.lastIndexOf("."));
1444 ((StdPDPGroup) group).copyPolicyToFile(policyId, name, is);
1446 if(is!=null && temp!=null){
1450 addPolicyToGroupTransaction.commitTransaction();
1451 } catch (Exception e) {
1452 addPolicyToGroupTransaction.rollbackTransaction();
1453 String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
1454 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
1455 loggingContext.transactionEnded();
1456 PolicyLogger.audit("Transaction Failed - See Error.log");
1458 response.addHeader("error", "policyCopyError");
1459 response.addHeader("message", message);
1460 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1462 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1466 // policy file copied ok and the Group was updated on the PDP
1467 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1468 response.addHeader("operation", "push");
1469 response.addHeader("policyId", policyId);
1470 response.addHeader("groupId", groupId);
1471 if (LOGGER.isDebugEnabled()) {
1472 LOGGER.debug("policy '" + policyId + "' copied to directory for group '" + groupId + "'");
1474 loggingContext.transactionEnded();
1475 auditLogger.info("Success");
1476 PolicyLogger.audit("Transaction Ended Successfully");
1478 } else if (request.getParameter("default") != null) {
1479 // Args: group=<groupId> default=true <= make default
1480 // change the current default group to be the one identified in the request.
1481 loggingContext.setServiceName("AC:PAP.setDefaultGroup");
1482 // This is a POST operation rather than a PUT "update group" because of the side-effect that the current default group is also changed.
1483 // It should never be the case that multiple groups are currently marked as the default, but protect against that anyway.
1484 PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction();
1486 setDefaultGroupTransaction.changeDefaultGroup(group, "XACMLPapServlet.doACPost");
1487 papEngine.SetDefaultGroup(group);
1488 setDefaultGroupTransaction.commitTransaction();
1489 } catch (Exception e) {
1490 setDefaultGroupTransaction.rollbackTransaction();
1491 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group");
1492 loggingContext.transactionEnded();
1494 PolicyLogger.audit("Transaction Failed - See Error.log");
1495 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to set group '" + groupId + "' to default");
1498 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1499 if (LOGGER.isDebugEnabled()) {
1500 LOGGER.debug("Group '" + groupId + "' set to be default");
1502 // Notify the Admin Consoles that something changed
1503 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1504 //TODO - Future: FIGURE OUT WHAT LEVEL TO NOTIFY: 2 groups or entire set - currently notify AC to update whole configuration of all groups
1506 // This does not affect any PDPs in the existing groups, so no need to notify them of this change
1507 loggingContext.transactionEnded();
1508 auditLogger.info("Success");
1509 PolicyLogger.audit("Transaction Ended Successfully");
1511 } else if (request.getParameter("pdpId") != null) {
1512 doACPostTransaction = policyDBDao.getNewTransaction();
1513 // Args: group=<groupId> pdpId=<pdpId> <= move PDP to group
1514 loggingContext.setServiceName("AC:PAP.movePDP");
1515 String pdpId = request.getParameter("pdpId");
1516 OnapPDP pdp = papEngine.getPDP(pdpId);
1517 OnapPDPGroup originalGroup = papEngine.getPDPGroup((OnapPDP) pdp);
1519 doACPostTransaction.movePdp(pdp, group, "XACMLPapServlet.doACPost");
1520 }catch(Exception e){
1521 doACPostTransaction.rollbackTransaction();
1522 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet",
1523 " Error while moving pdp in the database: "
1524 +"pdp="+pdp.getId()+",to group="+group.getId());
1525 throw new PAPException(e.getMessage());
1527 papEngine.movePDP((OnapPDP) pdp, group);
1528 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1529 if (LOGGER.isDebugEnabled()) {
1530 LOGGER.debug("PDP '" + pdp.getId() +"' moved to group '" + group.getId() + "' set to be default");
1532 // update the status of both the original group and the new one
1533 ((StdPDPGroup)originalGroup).resetStatus();
1534 ((StdPDPGroup)group).resetStatus();
1535 // Notify the Admin Consoles that something changed
1536 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1538 // Need to notify the PDP that it's config may have changed
1540 doACPostTransaction.commitTransaction();
1541 loggingContext.transactionEnded();
1542 auditLogger.info("Success");
1543 PolicyLogger.audit("Transaction Ended Successfully");
1546 } catch (PAPException e) {
1547 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception");
1548 loggingContext.transactionEnded();
1549 PolicyLogger.audit("Transaction Failed - See Error.log");
1550 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1556 * Requests from the Admin Console to GET info about the Groups and PDPs
1561 * @param loggingContext
1562 * @throws ServletException
1563 * @throws IOException
1565 private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1567 String parameterDefault = request.getParameter("default");
1568 String pdpId = request.getParameter("pdpId");
1569 String pdpGroup = request.getParameter("getPDPGroup");
1570 if ("".equals(groupId)) {
1571 // request IS from AC but does not identify a group by name
1572 if (parameterDefault != null) {
1573 // Request is for the Default group (whatever its id)
1574 loggingContext.setServiceName("AC:PAP.getDefaultGroup");
1575 OnapPDPGroup group = papEngine.getDefaultGroup();
1576 // convert response object to JSON and include in the response
1577 mapperWriteValue(new ObjectMapper(), response.getOutputStream(), group);
1578 if (LOGGER.isDebugEnabled()) {
1579 LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'");
1581 response.setStatus(HttpServletResponse.SC_OK);
1582 response.setHeader("content-type", "application/json");
1583 response.getOutputStream().close();
1584 loggingContext.transactionEnded();
1585 auditLogger.info("Success");
1586 PolicyLogger.audit("Transaction Ended Successfully");
1588 } else if (pdpId != null) {
1589 // Request is related to a PDP
1590 if (pdpGroup == null) {
1591 // Request is for the (unspecified) group containing a given PDP
1592 loggingContext.setServiceName("AC:PAP.getPDP");
1593 OnapPDP pdp = papEngine.getPDP(pdpId);
1594 // convert response object to JSON and include in the response
1595 mapperWriteValue(new ObjectMapper(), response.getOutputStream(), pdp);
1596 if (LOGGER.isDebugEnabled()) {
1597 LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'");
1599 response.setStatus(HttpServletResponse.SC_OK);
1600 response.setHeader("content-type", "application/json");
1601 response.getOutputStream().close();
1602 loggingContext.transactionEnded();
1603 auditLogger.info("Success");
1604 PolicyLogger.audit("Transaction Ended Successfully");
1607 // Request is for the group containing a given PDP
1608 loggingContext.setServiceName("AC:PAP.getGroupForPDP");
1609 OnapPDP pdp = papEngine.getPDP(pdpId);
1610 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
1611 // convert response object to JSON and include in the response
1612 mapperWriteValue(new ObjectMapper(), response.getOutputStream(), group);
1613 if (LOGGER.isDebugEnabled()) {
1614 LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'");
1616 response.setStatus(HttpServletResponse.SC_OK);
1617 response.setHeader("content-type", "application/json");
1618 response.getOutputStream().close();
1619 loggingContext.transactionEnded();
1620 auditLogger.info("Success");
1621 PolicyLogger.audit("Transaction Ended Successfully");
1625 // request is for top-level properties about all groups
1626 loggingContext.setServiceName("AC:PAP.getAllGroups");
1627 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
1628 // convert response object to JSON and include in the response
1629 mapperWriteValue(new ObjectMapper(), response.getOutputStream(), groups);
1630 if (LOGGER.isDebugEnabled()) {
1631 LOGGER.debug("GET All groups req");
1633 response.setStatus(HttpServletResponse.SC_OK);
1634 response.setHeader("content-type", "application/json");
1635 response.getOutputStream().close();
1636 loggingContext.transactionEnded();
1637 auditLogger.info("Success");
1638 PolicyLogger.audit("Transaction Ended Successfully");
1642 // for all other GET operations the group must exist before the operation can be done
1643 OnapPDPGroup group = papEngine.getGroup(groupId);
1644 if (group == null) {
1645 String message = "Unknown groupId '" + groupId + "'";
1646 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1647 loggingContext.transactionEnded();
1649 PolicyLogger.audit("Transaction Failed - See Error.log");
1650 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1653 // Figure out which request this is based on the parameters
1654 String policyId = request.getParameter("policyId");
1655 if (policyId != null) {
1656 // retrieve a policy
1657 loggingContext.setServiceName("AC:PAP.getPolicy");
1658 // convert response object to JSON and include in the response
1659 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented");
1660 loggingContext.transactionEnded();
1661 PolicyLogger.audit("Transaction Failed - See Error.log");
1662 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
1664 // No other parameters, so return the identified Group
1665 loggingContext.setServiceName("AC:PAP.getGroup");
1666 // convert response object to JSON and include in the response
1667 mapperWriteValue(new ObjectMapper(), response.getOutputStream(), group);
1668 if (LOGGER.isDebugEnabled()) {
1669 LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'");
1671 response.setStatus(HttpServletResponse.SC_OK);
1672 response.setHeader("content-type", "application/json");
1673 response.getOutputStream().close();
1674 loggingContext.transactionEnded();
1675 auditLogger.info("Success");
1676 PolicyLogger.audit("Transaction Ended Successfully");
1679 // Currently there are no other GET calls from the AC.
1680 // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP.
1681 // Other GETs that could be called:
1682 // Specific Group (groupId=<groupId>)
1683 // A Policy (groupId=<groupId> policyId=<policyId>)
1684 // A PDP (groupId=<groupId> pdpId=<pdpId>)
1685 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED ");
1686 loggingContext.transactionEnded();
1687 PolicyLogger.audit("Transaction Failed - See Error.log");
1688 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1689 } catch (PAPException e) {
1690 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception");
1691 loggingContext.transactionEnded();
1692 PolicyLogger.audit("Transaction Failed - See Error.log");
1693 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1699 * Requests from the Admin Console to create new items or update existing ones
1704 * @param loggingContext
1705 * @throws ServletException
1706 * @throws IOException
1708 private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1709 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1711 // for PUT operations the group may or may not need to exist before the operation can be done
1712 OnapPDPGroup group = papEngine.getGroup(groupId);
1713 // determine the operation needed based on the parameters in the request
1714 // for remaining operations the group must exist before the operation can be done
1715 if (group == null) {
1716 String message = "Unknown groupId '" + groupId + "'";
1717 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1718 loggingContext.transactionEnded();
1719 PolicyLogger.audit("Transaction Failed - See Error.log");
1720 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1723 if (request.getParameter("policy") != null) {
1724 // group=<groupId> policy=<policyId> contents=policy file <= Create new policy file in group dir, or replace it if it already exists (do not touch properties)
1725 loggingContext.setServiceName("AC:PAP.putPolicy");
1726 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PARTIALLY IMPLEMENTED!!! ACTUAL CHANGES SHOULD BE MADE BY PAP SERVLET!!! ");
1727 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1728 loggingContext.transactionEnded();
1729 PolicyLogger.audit("Transaction Failed - See Error.log");
1730 auditLogger.info("Success");
1731 PolicyLogger.audit("Transaction Ended Successfully");
1733 } else if (request.getParameter("pdpId") != null) {
1734 // ARGS: group=<groupId> pdpId=<pdpId/URL> <= create a new PDP or Update an Existing one
1735 String pdpId = request.getParameter("pdpId");
1736 if (papEngine.getPDP(pdpId) == null) {
1737 loggingContext.setServiceName("AC:PAP.createPDP");
1739 loggingContext.setServiceName("AC:PAP.updatePDP");
1741 // get the request content into a String
1743 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1744 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1745 scanner.useDelimiter("\\A");
1746 json = scanner.hasNext() ? scanner.next() : "";
1748 LOGGER.info("JSON request from AC: " + json);
1749 // convert Object sent as JSON into local object
1750 ObjectMapper mapper = new ObjectMapper();
1751 Object objectFromJSON = mapper.readValue(json, StdPDP.class);
1752 if (pdpId == null ||
1753 objectFromJSON == null ||
1754 ! (objectFromJSON instanceof StdPDP) ||
1755 ((StdPDP)objectFromJSON).getId() == null ||
1756 ! ((StdPDP)objectFromJSON).getId().equals(pdpId)) {
1757 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
1758 loggingContext.transactionEnded();
1759 PolicyLogger.audit("Transaction Failed - See Error.log");
1760 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, pdpid="+pdpId+" object="+objectFromJSON);
1762 StdPDP pdp = (StdPDP) objectFromJSON;
1764 if (papEngine.getPDP(pdpId) == null) {
1765 // this is a request to create a new PDP object
1767 acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(),
1768 pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut");
1769 } catch(Exception e){
1770 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: "
1771 +"pdp="+ (pdp.getId()) +",to group="+group.getId());
1772 throw new PAPException(e.getMessage());
1774 papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
1777 acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
1778 } catch(Exception e){
1779 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: "
1780 +"pdp="+ pdp.getId());
1781 throw new PAPException(e.getMessage());
1783 // this is a request to update the pdp
1784 papEngine.updatePDP(pdp);
1786 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1787 if (LOGGER.isDebugEnabled()) {
1788 LOGGER.debug("PDP '" + pdpId + "' created/updated");
1790 // adjust the group's state including the new PDP
1791 ((StdPDPGroup)group).resetStatus();
1792 // tell the Admin Consoles there is a change
1794 // this might affect the PDP, so notify it of the change
1796 acPutTransaction.commitTransaction();
1797 loggingContext.transactionEnded();
1798 auditLogger.info("Success");
1799 PolicyLogger.audit("Transaction Ended Successfully");
1803 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "XACMLPapServlet", " Error while adding pdp to group in the database: "
1804 +"pdp=null" + ",to group="+group.getId());
1805 throw new PAPException("PDP is null");
1806 } catch(Exception e){
1807 throw new PAPException("PDP is null" + e.getMessage() +e);
1810 } else if (request.getParameter("pipId") != null) {
1811 // group=<groupId> pipId=<pipEngineId> contents=pip properties <= add a PIP to pip config, or replace it if it already exists (lenient operation)
1812 loggingContext.setServiceName("AC:PAP.putPIP");
1813 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1814 loggingContext.transactionEnded();
1815 PolicyLogger.audit("Transaction Failed - See Error.log");
1816 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1819 // Assume that this is an update of an existing PDP Group
1820 // ARGS: group=<groupId> <= Update an Existing Group
1821 loggingContext.setServiceName("AC:PAP.updateGroup");
1822 // get the request content into a String
1824 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1825 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1826 scanner.useDelimiter("\\A");
1827 json = scanner.hasNext() ? scanner.next() : "";
1829 LOGGER.info("JSON request from AC: " + json);
1830 // convert Object sent as JSON into local object
1831 ObjectMapper mapper = new ObjectMapper();
1832 Object objectFromJSON = mapper.readValue(json, StdPDPGroup.class);
1833 if (objectFromJSON == null || ! (objectFromJSON instanceof StdPDPGroup) ||
1834 ! ((StdPDPGroup)objectFromJSON).getId().equals(group.getId())) {
1835 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
1836 loggingContext.transactionEnded();
1837 PolicyLogger.audit("Transaction Failed - See Error.log");
1838 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, id="+group.getId() +" object="+objectFromJSON);
1840 // The Path on the PAP side is not carried on the RESTful interface with the AC
1841 // (because it is local to the PAP)
1842 // so we need to fill that in before submitting the group for update
1843 if(objectFromJSON != null){
1844 ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
1847 acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
1848 } catch(Exception e){
1849 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: "
1850 +"group="+group.getId());
1851 throw new PAPException(e.getMessage());
1854 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1855 OnapPDPGroup updatedGroup = (StdPDPGroup)objectFromJSON;
1856 if (pushPolicyHandler.preSafetyCheck(updatedGroup, configHome)) {
1857 LOGGER.debug("Precheck Successful.");
1860 papEngine.updateGroup((StdPDPGroup)objectFromJSON);
1862 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1863 if (LOGGER.isDebugEnabled()) {
1864 LOGGER.debug("Group '" + group.getId() + "' updated");
1866 acPutTransaction.commitTransaction();
1867 // tell the Admin Consoles there is a change
1869 // Group changed, which might include changing the policies
1870 groupChanged(group);
1871 loggingContext.transactionEnded();
1872 auditLogger.info("Success");
1873 PolicyLogger.audit("Transaction Ended Successfully");
1876 } catch (PAPException e) {
1878 acPutTransaction.rollbackTransaction();
1879 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
1880 loggingContext.transactionEnded();
1881 PolicyLogger.audit("Transaction Failed - See Error.log");
1882 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1888 * Requests from the Admin Console to delete/remove items
1893 * @param loggingContext
1894 * @throws ServletException
1895 * @throws IOException
1897 private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1898 //This code is to allow deletes to propagate to the database since delete is not implemented
1899 String isDeleteNotify = request.getParameter("isDeleteNotify");
1900 if(isDeleteNotify != null){
1901 String policyToDelete = request.getParameter("policyToDelete");
1903 policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8");
1904 } catch(UnsupportedEncodingException e){
1905 PolicyLogger.error("Unsupported URL encoding of policyToDelete (UTF-8");
1906 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToDelete encoding not supported");
1909 PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction();
1911 deleteTransaction.deletePolicy(policyToDelete);
1912 } catch(Exception e){
1913 deleteTransaction.rollbackTransaction();
1914 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"deleteTransaction.deleteTransaction(policyToDelete) "
1915 + "\nfailure with the following exception: " + e);
1918 deleteTransaction.commitTransaction();
1919 response.setStatus(HttpServletResponse.SC_OK);
1922 PolicyDBDaoTransaction removePdpOrGroupTransaction = policyDBDao.getNewTransaction();
1924 // for all DELETE operations the group must exist before the operation can be done
1925 loggingContext.setServiceName("AC:PAP.delete");
1926 OnapPDPGroup group = papEngine.getGroup(groupId);
1927 if (group == null) {
1928 String message = "Unknown groupId '" + groupId + "'";
1929 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1930 loggingContext.transactionEnded();
1931 PolicyLogger.audit("Transaction Failed - See Error.log");
1932 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'");
1935 // determine the operation needed based on the parameters in the request
1936 if (request.getParameter("policy") != null) {
1937 // group=<groupId> policy=<policyId> [delete=<true|false>] <= delete policy file from group
1938 loggingContext.setServiceName("AC:PAP.deletePolicy");
1939 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1940 loggingContext.transactionEnded();
1941 PolicyLogger.audit("Transaction Failed - See Error.log");
1942 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1944 } else if (request.getParameter("pdpId") != null) {
1945 // ARGS: group=<groupId> pdpId=<pdpId> <= delete PDP
1946 String pdpId = request.getParameter("pdpId");
1947 OnapPDP pdp = papEngine.getPDP(pdpId);
1949 removePdpOrGroupTransaction.removePdpFromGroup(pdp.getId(),"XACMLPapServlet.doACDelete");
1950 } catch(Exception e){
1951 throw new PAPException();
1953 papEngine.removePDP((OnapPDP) pdp);
1954 // adjust the status of the group, which may have changed when we removed this PDP
1955 ((StdPDPGroup)group).resetStatus();
1956 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1958 // update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests)
1960 removePdpOrGroupTransaction.commitTransaction();
1961 loggingContext.transactionEnded();
1962 auditLogger.info("Success");
1963 PolicyLogger.audit("Transaction Ended Successfully");
1965 } else if (request.getParameter("pipId") != null) {
1966 // group=<groupId> pipId=<pipEngineId> <= delete PIP config for given engine
1967 loggingContext.setServiceName("AC:PAP.deletePIPConfig");
1968 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1969 loggingContext.transactionEnded();
1970 PolicyLogger.audit("Transaction Failed - See Error.log");
1971 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1974 // ARGS: group=<groupId> movePDPsToGroupId=<movePDPsToGroupId> <= delete a group and move all its PDPs to the given group
1975 String moveToGroupId = request.getParameter("movePDPsToGroupId");
1976 OnapPDPGroup moveToGroup = null;
1977 if (moveToGroupId != null) {
1978 moveToGroup = papEngine.getGroup(moveToGroupId);
1980 // get list of PDPs in the group being deleted so we can notify them that they got changed
1981 Set<OnapPDP> movedPDPs = new HashSet<>();
1982 movedPDPs.addAll(group.getOnapPdps());
1983 // do the move/remove
1985 removePdpOrGroupTransaction.deleteGroup(group, moveToGroup,"XACMLPapServlet.doACDelete");
1986 } catch(Exception e){
1987 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception");
1988 throw new PAPException(e.getMessage());
1990 papEngine.removeGroup(group, moveToGroup);
1991 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1993 // notify any PDPs in the removed set that their config may have changed
1994 for (OnapPDP pdp : movedPDPs) {
1997 removePdpOrGroupTransaction.commitTransaction();
1998 loggingContext.transactionEnded();
1999 auditLogger.info("Success");
2000 PolicyLogger.audit("Transaction Ended Successfully");
2003 } catch (PAPException e) {
2004 removePdpOrGroupTransaction.rollbackTransaction();
2005 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC DELETE exception");
2006 loggingContext.transactionEnded();
2007 PolicyLogger.audit("Transaction Failed - See Error.log");
2008 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2014 * Heartbeat thread - periodically check on PDPs' status
2016 * Heartbeat with all known PDPs.
2018 * Implementation note:
2020 * The PDPs are contacted Sequentially, not in Parallel.
2022 * If we did this in parallel using multiple threads we would simultaneously use
2026 * This could become a resource problem since we already use multiple threads and connections for updating the PDPs
2027 * when user changes occur.
2028 * Using separate threads can also make it tricky dealing with timeouts on PDPs that are non-responsive.
2030 * The Sequential operation does a heartbeat request to each PDP one at a time.
2031 * This has the flaw that any PDPs that do not respond will hold up the entire heartbeat sequence until they timeout.
2032 * If there are a lot of non-responsive PDPs and the timeout is large-ish (the default is 20 seconds)
2033 * it could take a long time to cycle through all of the PDPs.
2034 * That means that this may not notice a PDP being down in a predictable time.
2036 private class Heartbeat implements Runnable {
2037 private PAPPolicyEngine papEngine;
2038 private Set<OnapPDP> pdps = new HashSet<>();
2039 private int heartbeatInterval;
2040 private int heartbeatTimeout;
2042 public volatile boolean isRunning = false;
2044 public synchronized boolean isRunning() {
2045 return this.isRunning;
2048 public synchronized void terminate() {
2049 this.isRunning = false;
2052 public Heartbeat(PAPPolicyEngine papEngine2) {
2053 papEngine = papEngine2;
2054 this.heartbeatInterval = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_INTERVAL, "10000"));
2055 this.heartbeatTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_TIMEOUT, "10000"));
2060 // Set ourselves as running
2061 synchronized(this) {
2062 this.isRunning = true;
2064 HashMap<String, URL> idToURLMap = new HashMap<>();
2066 while (this.isRunning()) {
2067 // Wait the given time
2068 Thread.sleep(heartbeatInterval);
2069 // get the list of PDPs (may have changed since last time)
2071 synchronized(papEngine) {
2073 for (OnapPDPGroup g : papEngine.getOnapPDPGroups()) {
2074 for (OnapPDP p : g.getOnapPdps()) {
2078 } catch (PAPException e) {
2079 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat unable to read PDPs from PAPEngine");
2082 // Check for shutdown
2083 if (this.isRunning() == false) {
2084 LOGGER.info("isRunning is false, getting out of loop.");
2087 // try to get the summary status from each PDP
2088 boolean changeSeen = false;
2089 for (OnapPDP pdp : pdps) {
2090 // Check for shutdown
2091 if (this.isRunning() == false) {
2092 LOGGER.info("isRunning is false, getting out of loop.");
2095 // the id of the PDP is its url (though we add a query parameter)
2096 URL pdpURL = idToURLMap.get(pdp.getId());
2097 if (pdpURL == null) {
2098 // haven't seen this PDP before
2099 String fullURLString = null;
2102 if(CheckPDP.validateID(pdp.getId())){
2103 fullURLString = pdp.getId() + "?type=hb";
2104 pdpURL = new URL(fullURLString);
2105 idToURLMap.put(pdp.getId(), pdpURL);
2107 } catch (MalformedURLException e) {
2108 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " PDP id '" + fullURLString + "' is not a valid URL");
2112 // Do a GET with type HeartBeat
2113 String newStatus = "";
2114 HttpURLConnection connection = null;
2116 // Open up the connection
2118 connection = (HttpURLConnection)pdpURL.openConnection();
2119 // Setup our method and headers
2120 connection.setRequestMethod("GET");
2121 connection.setConnectTimeout(heartbeatTimeout);
2123 String encoding = CheckPDP.getEncoding(pdp.getId());
2124 if(encoding !=null){
2125 connection.setRequestProperty("Authorization", "Basic " + encoding);
2128 connection.connect();
2129 if (connection.getResponseCode() == 204) {
2130 newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB);
2131 if (LOGGER.isDebugEnabled()) {
2132 LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'");
2135 // anything else is an unexpected result
2136 newStatus = PDPStatus.Status.UNKNOWN.toString();
2137 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId());
2140 } catch (UnknownHostException e) {
2141 newStatus = PDPStatus.Status.NO_SUCH_HOST.toString();
2142 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' NO_SUCH_HOST");
2143 } catch (SocketTimeoutException e) {
2144 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2145 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' connection timeout");
2146 } catch (ConnectException e) {
2147 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2148 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' cannot connect");
2149 } catch (Exception e) {
2150 newStatus = PDPStatus.Status.UNKNOWN.toString();
2151 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat '" + pdp.getId() + "' connect exception");
2153 // cleanup the connection
2154 if(connection != null)
2155 connection.disconnect();
2157 if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) {
2158 if (LOGGER.isDebugEnabled()) {
2159 LOGGER.debug("previous status='" + pdp.getStatus().getStatus()+"' new Status='" + newStatus + "'");
2162 setPDPSummaryStatus(pdp, newStatus);
2163 } catch (PAPException e) {
2164 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Unable to set state for PDP '" + pdp.getId());
2169 // Check for shutdown
2170 if (this.isRunning() == false) {
2171 LOGGER.info("isRunning is false, getting out of loop.");
2174 // if any of the PDPs changed state, tell the ACs to update
2179 } catch (InterruptedException e) {
2180 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat interrupted. Shutting down");
2182 Thread.currentThread().interrupt();
2188 * HELPER to change Group status when PDP status is changed
2189 * (Must NOT be called from a method that is synchronized on the papEngine or it may deadlock)
2191 private void setPDPSummaryStatus(OnapPDP pdp, PDPStatus.Status newStatus) throws PAPException {
2192 setPDPSummaryStatus(pdp, newStatus.toString());
2195 private void setPDPSummaryStatus(OnapPDP pdp, String newStatus) throws PAPException {
2196 synchronized(papEngine) {
2197 StdPDPStatus status = new StdPDPStatus();
2198 status.setStatus(PDPStatus.Status.valueOf(newStatus));
2199 ((StdPDP)pdp).setStatus(status);
2200 // now adjust the group
2201 StdPDPGroup group = (StdPDPGroup)papEngine.getPDPGroup((OnapPDP) pdp);
2202 // if the PDP was just deleted it may transiently exist but not be in a group
2203 if (group != null) {
2204 group.resetStatus();
2210 * Callback methods telling this servlet to notify PDPs of changes made by the PAP StdEngine
2211 * in the PDP group directories
2214 public void changed() {
2215 // all PDPs in all groups need to be updated/sync'd
2216 Set<OnapPDPGroup> groups;
2218 groups = papEngine.getOnapPDPGroups();
2219 } catch (PAPException e) {
2220 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2221 throw new RuntimeException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2223 for (OnapPDPGroup group : groups) {
2224 groupChanged(group);
2229 public void groupChanged(OnapPDPGroup group) {
2230 // all PDPs within one group need to be updated/sync'd
2231 for (OnapPDP pdp : group.getOnapPdps()) {
2237 public void pdpChanged(OnapPDP pdp) {
2238 // kick off a thread to do an event notification for each PDP.
2239 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2240 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2241 Thread t = new Thread(new UpdatePDPThread(pdp));
2242 if(CheckPDP.validateID(pdp.getId())){
2247 private class UpdatePDPThread implements Runnable {
2248 private OnapPDP pdp;
2249 private String requestId;
2251 public UpdatePDPThread(OnapPDP pdp) {
2256 // send the current configuration to one PDP
2257 HttpURLConnection connection = null;
2258 // get a new logging context for the thread
2259 ONAPLoggingContext loggingContext = new ONAPLoggingContext(baseLoggingContext);
2261 loggingContext.setServiceName("PAP:PDP.putConfig");
2262 // If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP
2263 if ((requestId == null) || (requestId == "")) {
2264 UUID requestID = UUID.randomUUID();
2265 loggingContext.setRequestID(requestID.toString());
2266 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (UpdatePDPThread) so we generated one: " + loggingContext.getRequestID());
2268 loggingContext.setRequestID(requestId);
2269 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (UpdatePDPThread): " + loggingContext.getRequestID());
2271 loggingContext.transactionStarted();
2272 // the Id of the PDP is its URL
2273 if (LOGGER.isDebugEnabled()) {
2274 LOGGER.debug("creating url for id '" + pdp.getId() + "'");
2276 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2277 //TODO (need to change "cache=", implying getting some input saying which to change)
2278 URL url = new URL(pdp.getId() + "?cache=all");
2279 // Open up the connection
2280 connection = (HttpURLConnection)url.openConnection();
2281 // Setup our method and headers
2282 connection.setRequestMethod("PUT");
2284 String encoding = CheckPDP.getEncoding(pdp.getId());
2285 if(encoding !=null){
2286 connection.setRequestProperty("Authorization", "Basic " + encoding);
2288 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2289 connection.setRequestProperty("X-ECOMP-RequestID", loggingContext.getRequestID());
2290 connection.setInstanceFollowRedirects(true);
2291 connection.setDoOutput(true);
2292 try (OutputStream os = connection.getOutputStream()) {
2293 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
2294 // if the PDP was just deleted, there is no group, but we want to send an update anyway
2295 if (group == null) {
2296 // create blank properties files
2297 Properties policyProperties = new Properties();
2298 policyProperties.put(XACMLProperties.PROP_ROOTPOLICIES, "");
2299 policyProperties.put(XACMLProperties.PROP_REFERENCEDPOLICIES, "");
2300 policyProperties.store(os, "");
2301 Properties pipProps = new Properties();
2302 pipProps.setProperty(XACMLProperties.PROP_PIP_ENGINES, "");
2303 pipProps.store(os, "");
2305 // send properties from the current group
2306 group.getPolicyProperties().store(os, "");
2307 Properties policyLocations = new Properties();
2308 for (PDPPolicy policy : group.getPolicies()) {
2309 policyLocations.put(policy.getId() + ".url", XACMLPapServlet.papURL + "?id=" + policy.getId());
2311 policyLocations.store(os, "");
2312 group.getPipConfigProperties().store(os, "");
2314 } catch (Exception e) {
2315 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2316 // Since this is a server-side error, it probably does not reflect a problem on the client,
2317 // so do not change the PDP status.
2321 connection.connect();
2322 if (connection.getResponseCode() == 204) {
2323 LOGGER.info("Success. We are configured correctly.");
2324 loggingContext.transactionEnded();
2325 auditLogger.info("Success. PDP is configured correctly.");
2326 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2327 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
2328 } else if (connection.getResponseCode() == 200) {
2329 LOGGER.info("Success. PDP needs to update its configuration.");
2330 loggingContext.transactionEnded();
2331 auditLogger.info("Success. PDP needs to update its configuration.");
2332 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2333 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
2335 LOGGER.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2336 loggingContext.transactionEnded();
2337 auditLogger.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2338 PolicyLogger.audit("Transaction Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2339 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2341 } catch (Exception e) {
2343 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config with PDP '" + pdp.getId() + "'");
2344 loggingContext.transactionEnded();
2345 PolicyLogger.audit("Transaction Failed: Unable to sync config with PDP '" + pdp.getId() + "': " + e);
2347 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2348 } catch (PAPException e1) {
2350 PolicyLogger.audit("Transaction Failed: Unable to set status of PDP " + pdp.getId() + " to UNKNOWN: " + e);
2351 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to set status of PDP '" + pdp.getId() + "' to UNKNOWN");
2354 // cleanup the connection
2355 if(connection != null){
2356 connection.disconnect();
2358 // tell the AC to update it's status info
2365 * RESTful Interface from PAP to ACs notifying them of changes
2367 private void notifyAC() {
2368 // kick off a thread to do one event notification for all registered ACs
2369 // This needs to be on a separate thread so that ACs can make calls back to PAP to get the updated Group data
2370 // as part of processing this message on their end.
2371 Thread t = new Thread(new NotifyACThread());
2375 private class NotifyACThread implements Runnable {
2377 List<String> disconnectedACs = new ArrayList<>();
2378 // There should be no Concurrent exception here because the list is a CopyOnWriteArrayList.
2379 // The "for each" loop uses the collection's iterator under the covers, so it should be correct.
2380 for (String acURL : adminConsoleURLStringList) {
2381 HttpURLConnection connection = null;
2383 acURL += "?PAPNotification=true";
2384 //TODO - Currently we just tell AC that "Something changed" without being specific. Do we want to tell it which group/pdp changed?
2385 //TODO - If so, put correct parameters into the Query string here
2386 acURL += "&objectType=all" + "&action=update";
2387 if (LOGGER.isDebugEnabled()) {
2388 LOGGER.debug("creating url for id '" + acURL + "'");
2390 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2391 //TODO (need to change "cache=", implying getting some input saying which to change)
2392 URL url = new URL(acURL );
2393 // Open up the connection
2394 connection = (HttpURLConnection)url.openConnection();
2395 // Setup our method and headers
2396 connection.setRequestMethod("PUT");
2397 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2398 // Adding this in. It seems the HttpUrlConnection class does NOT
2399 // properly forward our headers for POST re-direction. It does so
2400 // for a GET re-direction.
2401 // So we need to handle this ourselves.
2402 //TODO - is this needed for a PUT? seems better to leave in for now?
2403 connection.setInstanceFollowRedirects(false);
2404 // Do not include any data in the PUT because this is just a
2405 // notification to the AC.
2406 // The AC will use GETs back to the PAP to get what it needs
2407 // to fill in the screens.
2409 connection.connect();
2410 if (connection.getResponseCode() == 204) {
2411 LOGGER.info("Success. We updated correctly.");
2413 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2416 } catch (Exception e) {
2417 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config AC '" + acURL + "'");
2418 disconnectedACs.add(acURL);
2420 // cleanup the connection
2421 if(connection != null)
2422 connection.disconnect();
2425 // remove any ACs that are no longer connected
2426 if (disconnectedACs.size() > 0) {
2427 adminConsoleURLStringList.removeAll(disconnectedACs);
2432 private void testService(ONAPLoggingContext loggingContext, HttpServletResponse response) throws IOException{
2433 LOGGER.info("Test request received");
2435 im.evaluateSanity();
2436 //If we make it this far, all is well
2437 String message = "GET:/pap/test called and PAP " + papResourceName + " is OK";
2438 LOGGER.info(message);
2439 loggingContext.transactionEnded();
2440 PolicyLogger.audit("Transaction Failed - See Error.log");
2441 response.setStatus(HttpServletResponse.SC_OK);
2443 }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){
2445 if (e instanceof ForwardProgressException) {
2446 submsg = " is not making forward progress.";
2447 } else if (e instanceof AdministrativeStateException) {
2448 submsg = " Administrative State is LOCKED.";
2450 submsg = " Standby Status is NOT PROVIDING SERVICE.";
2453 String message = "GET:/pap/test called and PAP " + papResourceName + submsg
2454 + " Exception Message: " + e.getMessage();
2455 LOGGER.info(message, e);
2456 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2457 loggingContext.transactionEnded();
2458 PolicyLogger.audit("Transaction Failed - See Error.log");
2459 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2461 }catch (Exception e) {
2462 //A subsystem is not making progress, is locked, standby or is not responding
2463 String eMsg = e.getMessage();
2465 eMsg = "No Exception Message";
2467 String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure."
2468 + " Exception Message: " + eMsg;
2469 LOGGER.info(message);
2470 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2471 loggingContext.transactionEnded();
2472 PolicyLogger.audit("Transaction Failed - See Error.log");
2473 //Get the specific list of subsystems that failed
2474 String ssFailureList = null;
2475 for(String failedSS : papDependencyGroupsFlatArray){
2476 if(eMsg.contains(failedSS)){
2477 if(ssFailureList == null){
2478 ssFailureList = failedSS;
2480 ssFailureList = ssFailureList.concat(","+failedSS);
2484 if(ssFailureList == null){
2485 ssFailureList = "UnknownSubSystem";
2487 response.addHeader("X-ONAP-SubsystemFailure", ssFailureList);
2488 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2494 * Authorizing the PEP Requests.
2496 private boolean authorizeRequest(HttpServletRequest request) {
2497 String clientCredentials = request.getHeader(ENVIRONMENT_HEADER);
2498 // Check if the Client is Authorized.
2499 if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){
2506 private static void loadWebapps() throws PAPException{
2507 if(actionHome == null || configHome == null){
2508 Path webappsPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS));
2510 if (webappsPath == null) {
2511 PolicyLogger.error("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2512 throw new PAPException("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2514 Path webappsPathConfig = Paths.get(webappsPath.toString()+File.separator+"Config");
2515 Path webappsPathAction = Paths.get(webappsPath.toString()+File.separator+"Action");
2516 if (Files.notExists(webappsPathConfig)) {
2518 Files.createDirectories(webappsPathConfig);
2519 } catch (IOException e) {
2520 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Failed to create config directory: "
2521 + webappsPathConfig.toAbsolutePath().toString());
2524 if (Files.notExists(webappsPathAction)) {
2526 Files.createDirectories(webappsPathAction);
2527 } catch (IOException e) {
2528 LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create config directory: "
2529 + webappsPathAction.toAbsolutePath().toString(), e);
2532 actionHome = webappsPathAction.toString();
2533 configHome = webappsPathConfig.toString();
2537 public static String getConfigHome(){
2540 } catch (PAPException e) {
2547 private static void setConfigHome(){
2548 configHome = getConfigHome();
2551 public static String getActionHome(){
2554 } catch (PAPException e) {
2561 private static void setActionHome(){
2562 actionHome = getActionHome();
2565 public static EntityManagerFactory getEmf() {
2569 public IntegrityAudit getIa() {
2573 public static String getPDPFile(){
2574 return XACMLPapServlet.pdpFile;
2577 public static String getPersistenceUnit(){
2578 return PERSISTENCE_UNIT;
2581 public static PAPPolicyEngine getPAPEngine(){
2585 public static PolicyDBDaoTransaction getDbDaoTransaction(){
2586 return policyDBDao.getNewTransaction();
2588 public static String getPapDbDriver() {
2592 public static void setPapDbDriver(String papDbDriver) {
2593 XACMLPapServlet.papDbDriver = papDbDriver;
2596 public static String getPapDbUrl() {
2600 public static void setPapDbUrl(String papDbUrl) {
2601 XACMLPapServlet.papDbUrl = papDbUrl;
2604 public static String getPapDbUser() {
2608 public static void setPapDbUser(String papDbUser) {
2609 XACMLPapServlet.papDbUser = papDbUser;
2612 public static String getPapDbPassword() {
2613 return papDbPassword;
2616 public static void setPapDbPassword(String papDbPassword) {
2617 XACMLPapServlet.papDbPassword = papDbPassword;
2620 public static String getMsOnapName() {
2624 public static void setMsOnapName(String msOnapName) {
2625 XACMLPapServlet.msOnapName = msOnapName;
2628 public static String getMsPolicyName() {
2629 return msPolicyName;
2632 public static void setMsPolicyName(String msPolicyName) {
2633 XACMLPapServlet.msPolicyName = msPolicyName;
Code Review / policy / engine.git / blob