2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest;
24 import java.io.FileInputStream;
25 import java.io.IOException;
26 import java.io.InputStream;
27 import java.io.OutputStream;
28 import java.io.UnsupportedEncodingException;
29 import java.net.ConnectException;
30 import java.net.HttpURLConnection;
31 import java.net.InetAddress;
32 import java.net.MalformedURLException;
33 import java.net.SocketTimeoutException;
35 import java.net.URLDecoder;
36 import java.net.UnknownHostException;
37 import java.nio.file.Files;
38 import java.nio.file.Path;
39 import java.nio.file.Paths;
40 import java.util.ArrayList;
41 import java.util.HashMap;
42 import java.util.HashSet;
43 import java.util.Iterator;
44 import java.util.List;
45 import java.util.Properties;
47 import java.util.UUID;
48 import java.util.concurrent.CopyOnWriteArrayList;
50 import javax.persistence.EntityManagerFactory;
51 import javax.persistence.Persistence;
52 import javax.persistence.PersistenceException;
53 import javax.servlet.Servlet;
54 import javax.servlet.ServletConfig;
55 import javax.servlet.ServletException;
56 import javax.servlet.annotation.WebInitParam;
57 import javax.servlet.annotation.WebServlet;
58 import javax.servlet.http.HttpServlet;
59 import javax.servlet.http.HttpServletRequest;
60 import javax.servlet.http.HttpServletResponse;
62 import org.apache.commons.io.IOUtils;
63 import org.onap.policy.common.ia.IntegrityAudit;
64 import org.onap.policy.common.im.AdministrativeStateException;
65 import org.onap.policy.common.im.ForwardProgressException;
66 import org.onap.policy.common.im.IntegrityMonitor;
67 import org.onap.policy.common.im.IntegrityMonitorProperties;
68 import org.onap.policy.common.im.StandbyStatusException;
69 import org.onap.policy.common.logging.ONAPLoggingContext;
70 import org.onap.policy.common.logging.ONAPLoggingUtils;
71 import org.onap.policy.common.logging.eelf.MessageCodes;
72 import org.onap.policy.common.logging.eelf.PolicyLogger;
73 import org.onap.policy.common.logging.flexlogger.FlexLogger;
74 import org.onap.policy.common.logging.flexlogger.Logger;
75 import org.onap.policy.pap.xacml.rest.components.PolicyDBDao;
76 import org.onap.policy.pap.xacml.rest.components.PolicyDBDaoTransaction;
77 import org.onap.policy.pap.xacml.rest.handler.APIRequestHandler;
78 import org.onap.policy.pap.xacml.rest.handler.PushPolicyHandler;
79 import org.onap.policy.pap.xacml.rest.handler.SavePolicyHandler;
80 import org.onap.policy.pap.xacml.restAuth.CheckPDP;
81 import org.onap.policy.rest.XACMLRest;
82 import org.onap.policy.rest.XACMLRestProperties;
83 import org.onap.policy.utils.PolicyUtils;
84 import org.onap.policy.xacml.api.XACMLErrorConstants;
85 import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
86 import org.onap.policy.xacml.api.pap.OnapPDP;
87 import org.onap.policy.xacml.api.pap.OnapPDPGroup;
88 import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
89 import org.onap.policy.xacml.std.pap.StdPAPPolicy;
90 import org.onap.policy.xacml.std.pap.StdPDP;
91 import org.onap.policy.xacml.std.pap.StdPDPGroup;
92 import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener;
93 import org.onap.policy.xacml.std.pap.StdPDPPolicy;
94 import org.onap.policy.xacml.std.pap.StdPDPStatus;
96 import com.att.research.xacml.api.pap.PAPException;
97 import com.att.research.xacml.api.pap.PDPPolicy;
98 import com.att.research.xacml.api.pap.PDPStatus;
99 import com.att.research.xacml.util.FactoryException;
100 import com.att.research.xacml.util.XACMLProperties;
101 import com.fasterxml.jackson.databind.ObjectMapper;
102 import com.google.common.base.Splitter;
105 * Servlet implementation class XacmlPapServlet
108 description = "Implements the XACML PAP RESTful API.",
109 urlPatterns = { "/" },
112 @WebInitParam(name = "XACML_PROPERTIES_NAME", value = "xacml.pap.properties", description = "The location of the properties file holding configuration information.")
114 public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeListener, Runnable {
115 private static final long serialVersionUID = 1L;
116 private static final Logger LOGGER = FlexLogger.getLogger(XACMLPapServlet.class);
117 // audit (transaction) LOGGER
118 private static final Logger auditLogger = FlexLogger.getLogger("auditLogger");
119 //Persistence Unit for JPA
120 private static final String PERSISTENCE_UNIT = "XACML-PAP-REST";
121 private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
123 private static final String ENVIRONMENT_HEADER = "Environment";
125 * List of Admin Console URLs.
126 * Used to send notifications when configuration changes.
128 * The CopyOnWriteArrayList *should* protect from concurrency errors.
129 * This list is seldom changed but often read, so the costs of this approach make sense.
131 private static final CopyOnWriteArrayList<String> adminConsoleURLStringList = new CopyOnWriteArrayList<String>();
133 private static String CONFIG_HOME;
134 private static String ACTION_HOME;
136 * This PAP instance's own URL.
137 * Need this when creating URLs to send to the PDPs so they can GET the Policy files from this process.
139 private static String papURL = null;
140 // The heartbeat thread.
141 private static Heartbeat heartbeat = null;
142 private static Thread heartbeatThread = null;
143 //The entity manager factory for JPA access
144 private static EntityManagerFactory emf;
145 private static PolicyDBDao policyDBDao;
147 * papEngine - This is our engine workhorse that manages the PDP Groups and Nodes.
149 private static PAPPolicyEngine papEngine = null;
151 * These are the parameters needed for DB access from the PAP
153 private static int papIntegrityAuditPeriodSeconds = -1;
154 private static String papDbDriver = null;
155 private static String papDbUrl = null;
156 private static String papDbUser = null;
157 private static String papDbPassword = null;
158 private static Integer papTransWait = null;
159 private static Integer papTransTimeout = null;
160 private static Integer papAuditTimeout = null;
161 private static Boolean papAuditFlag = null;
162 private static Boolean papFileSystemAudit = null;
163 private static String papResourceName = null;
164 private static Integer fpMonitorInterval = null;
165 private static Integer failedCounterThreshold = null;
166 private static Integer testTransInterval = null;
167 private static Integer writeFpcInterval = null;
168 private static String papSiteName=null;
169 private static String papNodeType=null;
170 private static String papDependencyGroups = null;
171 private static String[] papDependencyGroupsFlatArray = null;
172 private static String environment = null;
173 private static String pdpFile = null;
175 private String storedRequestId = null;
176 private IntegrityMonitor im;
177 private IntegrityAudit ia;
179 //MicroService Model Properties
180 private static String msOnapName;
181 private static String msPolicyName;
183 * This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when
184 * this servlet starts. Its configurable by the admin.
186 private Thread initiateThread = null;
187 private ONAPLoggingContext baseLoggingContext = null;
190 * @see HttpServlet#HttpServlet()
192 public XACMLPapServlet() {
197 * @see Servlet#init(ServletConfig)
199 public void init(ServletConfig config) throws ServletException {
202 baseLoggingContext = new ONAPLoggingContext();
203 // fixed data that will be the same in all logging output goes here
205 String hostname = InetAddress.getLocalHost().getCanonicalHostName();
206 baseLoggingContext.setServer(hostname);
207 } catch (UnknownHostException e) {
208 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get hostname for logging");
211 XACMLRest.xacmlInit(config);
212 // Load the properties
213 XACMLRest.loadXacmlProperties(null, null);
215 * Retrieve the property values
217 CONFIG_HOME = getConfigHome();
218 ACTION_HOME = getActionHome();
219 papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER);
220 if(papDbDriver == null){
221 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbDriver property entry");
222 throw new PAPException("papDbDriver is null");
224 setPapDbDriver(papDbDriver);
225 papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL);
226 if(papDbUrl == null){
227 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUrl property entry");
228 throw new PAPException("papDbUrl is null");
230 setPapDbUrl(papDbUrl);
231 papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER);
232 if(papDbUser == null){
233 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUser property entry");
234 throw new PAPException("papDbUser is null");
236 setPapDbUser(papDbUser);
237 papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD);
238 if(papDbPassword == null){
239 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
240 throw new PAPException("papDbPassword is null");
242 setPapDbPassword(papDbPassword);
243 papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME);
244 if(papResourceName == null){
245 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papResourceName property entry");
246 throw new PAPException("papResourceName is null");
248 papSiteName = XACMLProperties.getProperty(XACMLRestProperties.PAP_SITE_NAME);
249 if(papSiteName == null){
250 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papSiteName property entry");
251 throw new PAPException("papSiteName is null");
253 papNodeType = XACMLProperties.getProperty(XACMLRestProperties.PAP_NODE_TYPE);
254 if(papNodeType == null){
255 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papNodeType property entry");
256 throw new PAPException("papNodeType is null");
258 environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
259 //Integer will throw an exception of anything is missing or unrecognized
260 papTransWait = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT));
261 papTransTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT));
262 papAuditTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_TIMEOUT));
263 //Boolean will default to false if anything is missing or unrecognized
264 papAuditFlag = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG));
265 papFileSystemAudit = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_FLAG));
266 papDependencyGroups = XACMLProperties.getProperty(XACMLRestProperties.PAP_DEPENDENCY_GROUPS);
267 if(papDependencyGroups == null){
268 throw new PAPException("papDependencyGroups is null");
271 //Now we have flattened the array into a simple comma-separated list
272 papDependencyGroupsFlatArray = papDependencyGroups.split("[;,]");
273 //clean up the entries
274 for (int i = 0 ; i < papDependencyGroupsFlatArray.length ; i ++){
275 papDependencyGroupsFlatArray[i] = papDependencyGroupsFlatArray[i].trim();
278 if(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS) != null){
279 papIntegrityAuditPeriodSeconds = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS).trim());
282 String msg = "integrity_audit_period_seconds ";
283 LOGGER.error("\n\nERROR: " + msg + "Bad property entry: " + e.getMessage() + "\n");
284 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: " + msg +"Bad property entry");
288 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry");
291 //Integer will throw an exception of anything is missing or unrecognized
292 fpMonitorInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FP_MONITOR_INTERVAL));
293 failedCounterThreshold = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FAILED_COUNTER_THRESHOLD));
294 testTransInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.TEST_TRANS_INTERVAL));
295 writeFpcInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.WRITE_FPC_INTERVAL));
296 LOGGER.debug("\n\n\n**************************************"
297 + "\n**************************************"
299 + "\n papDbDriver = " + papDbDriver
300 + "\n papDbUrl = " + papDbUrl
301 + "\n papDbUser = " + papDbUser
302 + "\n papDbPassword = " + papDbPassword
303 + "\n papTransWait = " + papTransWait
304 + "\n papTransTimeout = " + papTransTimeout
305 + "\n papAuditTimeout = " + papAuditTimeout
306 + "\n papAuditFlag = " + papAuditFlag
307 + "\n papFileSystemAudit = " + papFileSystemAudit
308 + "\n papResourceName = " + papResourceName
309 + "\n fpMonitorInterval = " + fpMonitorInterval
310 + "\n failedCounterThreshold = " + failedCounterThreshold
311 + "\n testTransInterval = " + testTransInterval
312 + "\n writeFpcInterval = " + writeFpcInterval
313 + "\n papSiteName = " + papSiteName
314 + "\n papNodeType = " + papNodeType
315 + "\n papDependencyGroupsList = " + papDependencyGroups
316 + "\n papIntegrityAuditPeriodSeconds = " + papIntegrityAuditPeriodSeconds
317 + "\n\n**************************************"
318 + "\n**************************************");
319 // Pull custom persistence settings
320 Properties properties;
322 properties = XACMLProperties.getProperties();
323 LOGGER.debug("\n\n\n**************************************"
324 + "\n**************************************"
326 + "properties = " + properties
327 + "\n\n**************************************");
328 } catch (IOException e) {
329 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " Error loading properties with: "
330 + "XACMLProperties.getProperties()");
331 throw new ServletException(e.getMessage(), e.getCause());
333 //Micro Service Properties
334 msOnapName=properties.getProperty("xacml.policy.msOnapName");
335 setMsOnapName(msOnapName);
336 msPolicyName=properties.getProperty("xacml.policy.msPolicyName");
337 setMsPolicyName(msPolicyName);
338 // PDPId File location
339 XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE);
340 if (XACMLPapServlet.pdpFile == null) {
341 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " The PDP Id Authentication File Property is not valid: "
342 + XACMLRestProperties.PROP_PDP_IDFILE);
343 throw new PAPException("The PDP Id Authentication File Property :"+ XACMLRestProperties.PROP_PDP_IDFILE+ " is not Valid. ");
345 // Create an IntegrityMonitor
346 im = IntegrityMonitor.getInstance(papResourceName,properties);
347 // Create an IntegrityAudit
348 ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
349 ia.startAuditThread();
350 // Create the entity manager factory
351 emf = Persistence.createEntityManagerFactory(PERSISTENCE_UNIT, properties);
353 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager factory with persistence unit: "
355 throw new ServletException("Unable to create Entity Manager Factory");
357 // we are about to call the PDPs and give them their configuration.
358 // To do that we need to have the URL of this PAP so we can construct the Policy file URLs
359 XACMLPapServlet.papURL = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL);
360 //Create the policyDBDao
361 policyDBDao = PolicyDBDao.getPolicyDBDaoInstance(getEmf());
362 // Load our PAP engine, first create a factory
363 ONAPPapEngineFactory factory = ONAPPapEngineFactory.newInstance(XACMLProperties.getProperty(XACMLProperties.PROP_PAP_PAPENGINEFACTORY));
364 // The factory knows how to go about creating a PAP Engine
365 XACMLPapServlet.papEngine = (PAPPolicyEngine) factory.newEngine();
366 PolicyDBDaoTransaction addNewGroup = null;
368 if(((org.onap.policy.xacml.std.pap.StdEngine)papEngine).wasDefaultGroupJustAdded){
369 addNewGroup = policyDBDao.getNewTransaction();
370 OnapPDPGroup group = papEngine.getDefaultGroup();
371 addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(), "automaticallyAdded");
372 addNewGroup.commitTransaction();
373 addNewGroup = policyDBDao.getNewTransaction();
374 addNewGroup.changeDefaultGroup(group, "automaticallyAdded");
375 addNewGroup.commitTransaction();
377 } catch(Exception e){
378 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " Error creating new default group in the database");
379 if(addNewGroup != null){
380 addNewGroup.rollbackTransaction();
383 policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine);
384 //boolean performFileToDatabaseAudit = false;
385 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){
386 //get an AuditTransaction to lock out all other transactions
387 PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction();
388 policyDBDao.auditLocalDatabase(XACMLPapServlet.papEngine);
389 //release the transaction lock
393 // Sanity check for URL.
394 if (XACMLPapServlet.papURL == null) {
395 throw new PAPException("The property " + XACMLRestProperties.PROP_PAP_URL + " is not valid: " + XACMLPapServlet.papURL);
397 // Configurable - have the PAP servlet initiate sending the latest PDP policy/pip configuration
398 // to all its known PDP nodes.
399 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_INITIATE_PDP_CONFIG))) {
400 this.initiateThread = new Thread(this);
401 this.initiateThread.start();
403 // After startup, the PAP does Heartbeat's to each of the PDPs periodically
404 XACMLPapServlet.heartbeat = new Heartbeat((PAPPolicyEngine) XACMLPapServlet.papEngine);
405 XACMLPapServlet.heartbeatThread = new Thread(XACMLPapServlet.heartbeat);
406 XACMLPapServlet.heartbeatThread.start();
408 } catch (FactoryException | PAPException e) {
409 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine");
410 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; error: "+e);
411 } catch (Exception e) {
412 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine - unexpected error");
413 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; unexpected error: "+e);
418 * Thread used only during PAP startup to initiate change messages to all known PDPs.
419 * This must be on a separate thread so that any GET requests from the PDPs during this update can be serviced.
423 // send the current configuration to all the PDPs that we know about
428 * @see Servlet#destroy()
430 * Depending on how this servlet is run, we may or may not care about cleaning up the resources.
431 * For now we assume that we do care.
433 public void destroy() {
434 // Make sure our threads are destroyed
435 if (XACMLPapServlet.heartbeatThread != null) {
436 // stop the heartbeat
438 if (XACMLPapServlet.heartbeat != null) {
439 XACMLPapServlet.heartbeat.terminate();
441 XACMLPapServlet.heartbeatThread.interrupt();
442 XACMLPapServlet.heartbeatThread.join();
443 } catch (InterruptedException e) {
444 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping heartbeat");
447 if (this.initiateThread != null) {
449 this.initiateThread.interrupt();
450 this.initiateThread.join();
451 } catch (InterruptedException e) {
452 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping thread");
459 * - PDP nodes to register themselves with the PAP, and
460 * - Admin Console to make changes in the PDP Groups.
462 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
464 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
465 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
466 loggingContext.transactionStarted();
467 loggingContext.setServiceName("PAP.post");
468 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
469 UUID requestID = UUID.randomUUID();
470 loggingContext.setRequestID(requestID.toString());
471 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPost) so we generated one");
473 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)");
475 PolicyDBDaoTransaction pdpTransaction = null;
477 im.startTransaction();
478 } catch (AdministrativeStateException ae){
479 String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
480 + " state of " + im.getStateManager().getAdminState()
481 + "\n Exception Message: " + ae.getMessage();
482 LOGGER.info(message);
483 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
484 loggingContext.transactionEnded();
485 PolicyLogger.audit("Transaction Failed - See Error.log");
486 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
488 }catch (StandbyStatusException se) {
489 String message = "POST interface called for PAP " + papResourceName + " but it has a Standby Status"
490 + " of " + im.getStateManager().getStandbyStatus()
491 + "\n Exception Message: " + se.getMessage();
492 LOGGER.info(message);
493 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
494 loggingContext.transactionEnded();
495 PolicyLogger.audit("Transaction Failed - See Error.log");
496 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
500 XACMLRest.dumpRequest(request);
501 // since getParameter reads the content string, explicitly get the content before doing that.
502 // Simply getting the inputStream seems to protect it against being consumed by getParameter.
503 request.getInputStream();
504 String groupId = request.getParameter("groupId");
505 String apiflag = request.getParameter("apiflag");
506 if(groupId != null) {
507 // Is this from the Admin Console or API?
508 if(apiflag!=null && apiflag.equalsIgnoreCase("api")) {
509 // this is from the API so we need to check the client credentials before processing the request
510 if(!authorizeRequest(request)){
511 String message = "PEP not Authorized for making this Request!!";
512 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
513 loggingContext.transactionEnded();
514 PolicyLogger.audit("Transaction Failed - See Error.log");
515 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
520 doACPost(request, response, groupId, loggingContext);
521 loggingContext.transactionEnded();
522 PolicyLogger.audit("Transaction Ended Successfully");
526 // Request is from a PDP asking for its config.
527 loggingContext.setServiceName("PDP:PAP.register");
529 String id = this.getPDPID(request);
530 String jmxport = this.getPDPJMX(request);
531 LOGGER.info("Request(doPost) from PDP coming up: " + id);
532 // Get the PDP Object
533 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
536 LOGGER.info("Unknown PDP: " + id);
538 if(CheckPDP.validateID(id)){
539 pdpTransaction = policyDBDao.getNewTransaction();
541 pdpTransaction.addPdpToGroup(id, XACMLPapServlet.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister");
542 XACMLPapServlet.papEngine.newPDP(id, XACMLPapServlet.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport));
543 } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException e) {
544 pdpTransaction.rollbackTransaction();
545 String message = "Failed to create new PDP for id: " + id;
546 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message);
547 loggingContext.transactionEnded();
548 PolicyLogger.audit("Transaction Failed - See Error.log");
549 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
553 // get the PDP we just created
554 pdp = XACMLPapServlet.papEngine.getPDP(id);
556 if(pdpTransaction != null){
557 pdpTransaction.rollbackTransaction();
559 String message = "Failed to create new PDP for id: " + id;
560 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
561 loggingContext.transactionEnded();
562 PolicyLogger.audit("Transaction Failed - See Error.log");
563 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
568 String message = "PDP is Unauthorized to Connect to PAP: "+ id;
569 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
570 loggingContext.transactionEnded();
571 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration.");
572 PolicyLogger.audit("Transaction Failed - See Error.log");
577 pdpTransaction.commitTransaction();
578 } catch(Exception e){
579 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database");
582 if (jmxport != null && jmxport != ""){
583 ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport));
585 // Get the PDP's Group
586 OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
588 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " PDP not associated with any group, even the default");
589 loggingContext.transactionEnded();
590 PolicyLogger.audit("Transaction Failed - See Error.log");
591 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "PDP not associated with any group, even the default");
595 // Determine what group the PDP node is in and get
596 // its policy/pip properties.
597 Properties policies = group.getPolicyProperties();
598 Properties pipconfig = group.getPipConfigProperties();
599 // Get the current policy/pip configuration that the PDP has
600 Properties pdpProperties = new Properties();
601 pdpProperties.load(request.getInputStream());
602 LOGGER.info("PDP Current Properties: " + pdpProperties.toString());
603 LOGGER.info("Policies: " + (policies != null ? policies.toString() : "null"));
604 LOGGER.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null"));
605 // Validate the node's properties
606 boolean isCurrent = this.isPDPCurrent(policies, pipconfig, pdpProperties);
607 // Send back current configuration
608 if (isCurrent == false) {
609 // Tell the PDP we are sending back the current policies/pip config
610 LOGGER.info("PDP configuration NOT current.");
611 if (policies != null) {
612 // Put URL's into the properties in case the PDP needs to
614 this.populatePolicyURL(request.getRequestURL(), policies);
615 // Copy the properties to the output stream
616 policies.store(response.getOutputStream(), "");
618 if (pipconfig != null) {
619 // Copy the properties to the output stream
620 pipconfig.store(response.getOutputStream(), "");
622 // We are good - and we are sending them information
623 response.setStatus(HttpServletResponse.SC_OK);
624 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
626 // Tell them they are good
627 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
628 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
630 // tell the AC that something changed
632 loggingContext.transactionEnded();
633 auditLogger.info("Success");
634 PolicyLogger.audit("Transaction Ended Successfully");
635 } catch (PAPException e) {
636 if(pdpTransaction != null){
637 pdpTransaction.rollbackTransaction();
639 LOGGER.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e);
640 loggingContext.transactionEnded();
641 PolicyLogger.audit("Transaction Failed - See Error.log");
642 response.sendError(500, e.getMessage());
646 //Catch anything that fell through
647 loggingContext.transactionEnded();
648 PolicyLogger.audit("Transaction Ended");
653 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
655 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
656 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
657 loggingContext.transactionStarted();
658 loggingContext.setServiceName("PAP.get");
659 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
660 UUID requestID = UUID.randomUUID();
661 loggingContext.setRequestID(requestID.toString());
662 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doGet) so we generated one");
664 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)");
667 XACMLRest.dumpRequest(request);
668 String pathInfo = request.getRequestURI();
669 LOGGER.info("path info: " + pathInfo);
670 if (pathInfo != null){
671 //DO NOT do a im.startTransaction for the test request
672 if (pathInfo.equals("/pap/test")) {
673 testService(loggingContext, response);
677 //This im.startTransaction() covers all other Get transactions
679 im.startTransaction();
680 } catch (AdministrativeStateException ae){
681 String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative"
682 + " state of " + im.getStateManager().getAdminState()
683 + "\n Exception Message: " + ae.getMessage();
684 LOGGER.info(message);
685 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
686 loggingContext.transactionEnded();
687 PolicyLogger.audit("Transaction Failed - See Error.log");
688 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
690 }catch (StandbyStatusException se) {
691 String message = "GET interface called for PAP " + papResourceName + " but it has a Standby Status"
692 + " of " + im.getStateManager().getStandbyStatus()
693 + "\n Exception Message: " + se.getMessage();
694 LOGGER.info(message);
695 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
696 loggingContext.transactionEnded();
697 PolicyLogger.audit("Transaction Failed - See Error.log");
698 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
701 // Request from the API to get the gitPath
702 String apiflag = request.getParameter("apiflag");
704 if(authorizeRequest(request)){
705 APIRequestHandler apiRequestHandler = new APIRequestHandler();
706 apiRequestHandler.doGet(request,response, apiflag);
707 loggingContext.transactionEnded();
708 PolicyLogger.audit("Transaction Ended Successfully");
712 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
713 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
714 loggingContext.transactionEnded();
715 PolicyLogger.audit("Transaction Failed - See Error.log");
716 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
721 // Is this from the Admin Console?
722 String groupId = request.getParameter("groupId");
723 if (groupId != null) {
724 // this is from the Admin Console, so handle separately
725 doACGet(request, response, groupId, loggingContext);
726 loggingContext.transactionEnded();
727 PolicyLogger.audit("Transaction Ended Successfully");
732 String id = this.getPDPID(request);
733 LOGGER.info("doGet from: " + id);
734 // Get the PDP Object
735 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
738 // Check if request came from localhost
739 if (request.getRemoteHost().equals("localhost") ||
740 request.getRemoteHost().equals("127.0.0.1") ||
741 request.getRemoteHost().equals(request.getLocalAddr())) {
742 // Return status information - basically all the groups
743 loggingContext.setServiceName("PAP.getGroups");
744 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
745 // convert response object to JSON and include in the response
746 ObjectMapper mapper = new ObjectMapper();
747 mapper.writeValue(response.getOutputStream(), groups);
748 response.setHeader("content-type", "application/json");
749 response.setStatus(HttpServletResponse.SC_OK);
750 loggingContext.transactionEnded();
751 PolicyLogger.audit("Transaction Ended Successfully");
755 String message = "Unknown PDP: " + id + " from " + request.getRemoteHost() + " us: " + request.getLocalAddr();
756 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
757 loggingContext.transactionEnded();
758 PolicyLogger.audit("Transaction Failed - See Error.log");
759 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, message);
763 loggingContext.setServiceName("PAP.getPolicy");
764 // Get the PDP's Group
765 OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
767 String message = "No group associated with pdp " + pdp.getId();
768 LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message);
769 loggingContext.transactionEnded();
770 PolicyLogger.audit("Transaction Failed - See Error.log");
771 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, message);
775 // Which policy do they want?
776 String policyId = request.getParameter("id");
777 if (policyId == null) {
778 String message = "Did not specify an id for the policy";
779 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
780 loggingContext.transactionEnded();
781 PolicyLogger.audit("Transaction Failed - See Error.log");
782 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
786 PDPPolicy policy = group.getPolicy(policyId);
787 if (policy == null) {
788 String message = "Unknown policy: " + policyId;
789 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
790 loggingContext.transactionEnded();
791 PolicyLogger.audit("Transaction Failed - See Error.log");
792 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
796 LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n "
797 + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString());
798 try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) {
799 // Send the policy back
800 IOUtils.copy(is, os);
801 response.setStatus(HttpServletResponse.SC_OK);
802 loggingContext.transactionEnded();
803 auditLogger.info("Success");
804 PolicyLogger.audit("Transaction Ended Successfully");
805 } catch (IOException e) {
806 String message = "Failed to open policy id " + policyId;
807 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
808 loggingContext.transactionEnded();
809 PolicyLogger.audit("Transaction Failed - See Error.log");
810 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
812 } catch (PAPException e) {
813 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception");
814 loggingContext.transactionEnded();
815 PolicyLogger.audit("Transaction Failed - See Error.log");
816 response.sendError(500, e.getMessage());
820 loggingContext.transactionEnded();
821 PolicyLogger.audit("Transaction Ended");
826 * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
828 protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
829 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
830 storedRequestId = loggingContext.getRequestID();
831 loggingContext.transactionStarted();
832 loggingContext.setServiceName("PAP.put");
833 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
834 UUID requestID = UUID.randomUUID();
835 loggingContext.setRequestID(requestID.toString());
836 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPut) so we generated one");
838 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)");
841 im.startTransaction();
842 } catch (AdministrativeStateException ae){
843 String message = "PUT interface called for PAP " + papResourceName + " but it has an Administrative"
844 + " state of " + im.getStateManager().getAdminState()
845 + "\n Exception Message: " + ae.getMessage();
846 LOGGER.info(message +ae);
847 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
848 loggingContext.transactionEnded();
849 PolicyLogger.audit("Transaction Failed - See Error.log");
850 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
852 }catch (StandbyStatusException se) {
853 String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
854 + " of " + im.getStateManager().getStandbyStatus()
855 + "\n Exception Message: " + se.getMessage();
856 LOGGER.info(message +se);
857 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
858 loggingContext.transactionEnded();
859 PolicyLogger.audit("Transaction Failed - See Error.log");
860 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
863 XACMLRest.dumpRequest(request);
864 //need to check if request is from the API or Admin console
865 String apiflag = request.getParameter("apiflag");
866 //This would occur if a PolicyDBDao notification was received
867 String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
868 if(policyDBDaoRequestUrl != null){
869 String policyDBDaoRequestEntityId = request.getParameter("entityid");
870 //String policyDBDaoRequestEntityType = request.getParameter("entitytype");
871 String policyDBDaoRequestEntityType = request.getParameter("entitytype");
872 String policyDBDaoRequestExtraData = request.getParameter("extradata");
873 if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){
874 response.sendError(400, "entityid or entitytype not supplied");
875 loggingContext.transactionEnded();
876 PolicyLogger.audit("Transaction Ended Successfully");
880 policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
881 response.setStatus(200);
882 loggingContext.transactionEnded();
883 PolicyLogger.audit("Transaction Ended Successfully");
888 * Request for ImportService
890 String importService = request.getParameter("importService");
891 if (importService != null) {
892 if(authorizeRequest(request)){
893 APIRequestHandler apiRequestHandler = new APIRequestHandler();
894 apiRequestHandler.doPut(request, response, importService);
898 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
899 LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
900 loggingContext.transactionEnded();
901 PolicyLogger.audit("Transaction Failed - See Error.log");
902 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
906 //This would occur if we received a notification of a policy rename from AC
907 String oldPolicyName = request.getParameter("oldPolicyName");
908 String newPolicyName = request.getParameter("newPolicyName");
909 if(oldPolicyName != null && newPolicyName != null){
910 if(LOGGER.isDebugEnabled()){
911 LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding"
912 + "\npolicyToCreateUpdate = " + " ");
916 oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8");
917 newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8");
918 if(LOGGER.isDebugEnabled()){
919 LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding"
920 + "\npolicyToCreateUpdate = " + " ");
922 } catch(UnsupportedEncodingException e){
923 PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
924 + "\npolicyToCreateUpdate = " + " ");
925 response.sendError(500,"policyToCreateUpdate encoding not supported"
926 + "\nfailure with the following exception: " + e);
927 loggingContext.transactionEnded();
928 PolicyLogger.audit("Transaction Failed - See error.log");
932 //send it to PolicyDBDao
933 PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction();
935 renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
937 renameTransaction.rollbackTransaction();
938 response.sendError(500,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
939 + "\nfailure with the following exception: " + e);
940 loggingContext.transactionEnded();
941 PolicyLogger.audit("Transaction Failed - See error.log");
945 renameTransaction.commitTransaction();
946 response.setStatus(HttpServletResponse.SC_OK);
947 loggingContext.transactionEnded();
948 PolicyLogger.audit("Transaction Ended Successfully");
953 // See if this is Admin Console registering itself with us
955 String acURLString = request.getParameter("adminConsoleURL");
956 if (acURLString != null) {
957 loggingContext.setServiceName("AC:PAP.register");
958 // remember this Admin Console for future updates
959 if ( ! adminConsoleURLStringList.contains(acURLString)) {
960 adminConsoleURLStringList.add(acURLString);
962 if (LOGGER.isDebugEnabled()) {
963 LOGGER.debug("Admin Console registering with URL: " + acURLString);
965 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
966 loggingContext.transactionEnded();
967 auditLogger.info("Success");
968 PolicyLogger.audit("Transaction Ended Successfully");
973 * This is to update the PDP Group with the policy/policies being pushed
974 * Part of a 2 step process to push policies to the PDP that can now be done
975 * From both the Admin Console and the PolicyEngine API
977 String groupId = request.getParameter("groupId");
978 if (groupId != null) {
980 if(!authorizeRequest(request)){
981 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
982 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
983 loggingContext.transactionEnded();
984 PolicyLogger.audit("Transaction Failed - See Error.log");
985 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
988 if(apiflag.equalsIgnoreCase("addPolicyToGroup")){
989 updateGroupsFromAPI(request, response, groupId, loggingContext);
990 loggingContext.transactionEnded();
991 PolicyLogger.audit("Transaction Ended Successfully");
996 // this is from the Admin Console, so handle separately
997 doACPut(request, response, groupId, loggingContext);
998 loggingContext.transactionEnded();
999 PolicyLogger.audit("Transaction Ended Successfully");
1000 im.endTransaction();
1004 // Request is for policy validation and creation
1006 if (apiflag != null && apiflag.equalsIgnoreCase("admin")){
1007 // this request is from the Admin Console
1008 SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance();
1009 savePolicyHandler.doPolicyAPIPut(request, response);
1010 loggingContext.transactionEnded();
1011 PolicyLogger.audit("Transaction Ended Successfully");
1012 im.endTransaction();
1014 } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) {
1015 // this request is from the Policy Creation API
1016 if(authorizeRequest(request)){
1017 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1018 apiRequestHandler.doPut(request, response, request.getHeader("ClientScope"));
1019 loggingContext.transactionEnded();
1020 PolicyLogger.audit("Transaction Ended Successfully");
1021 im.endTransaction();
1024 String message = "PEP not Authorized for making this Request!!";
1025 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1026 loggingContext.transactionEnded();
1027 PolicyLogger.audit("Transaction Failed - See Error.log");
1028 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
1029 im.endTransaction();
1033 // We do not expect anything from anywhere else.
1034 // This method is here in case we ever need to support other operations.
1035 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag");
1036 loggingContext.transactionEnded();
1037 PolicyLogger.audit("Transaction Failed - See Error.log");
1038 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
1039 loggingContext.transactionEnded();
1040 PolicyLogger.audit("Transaction Failed - See error.log");
1041 im.endTransaction();
1045 * @see HttpServlet#doDelete(HttpServletRequest request, HttpServletResponse response)
1047 protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
1048 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
1049 loggingContext.transactionStarted();
1050 loggingContext.setServiceName("PAP.delete");
1051 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
1052 UUID requestID = UUID.randomUUID();
1053 loggingContext.setRequestID(requestID.toString());
1054 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doDelete) so we generated one");
1056 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)");
1059 im.startTransaction();
1060 } catch (AdministrativeStateException ae){
1061 String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative"
1062 + " state of " + im.getStateManager().getAdminState()
1063 + "\n Exception Message: " + ae.getMessage();
1064 LOGGER.info(message);
1065 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1066 loggingContext.transactionEnded();
1067 PolicyLogger.audit("Transaction Failed - See Error.log");
1068 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1070 }catch (StandbyStatusException se) {
1071 String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
1072 + " of " + im.getStateManager().getStandbyStatus()
1073 + "\n Exception Message: " + se.getMessage();
1074 LOGGER.info(message);
1075 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1076 loggingContext.transactionEnded();
1077 PolicyLogger.audit("Transaction Failed - See Error.log");
1078 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1081 XACMLRest.dumpRequest(request);
1082 String groupId = request.getParameter("groupId");
1083 String apiflag = request.getParameter("apiflag");
1084 if (groupId != null) {
1085 // Is this from the Admin Console or API?
1087 if(!authorizeRequest(request)){
1088 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1089 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1090 loggingContext.transactionEnded();
1091 PolicyLogger.audit("Transaction Failed - See Error.log");
1092 response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
1095 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1097 apiRequestHandler.doDelete(request, response, loggingContext, apiflag);
1098 } catch (Exception e) {
1099 LOGGER.error("Exception Occured"+e);
1101 if(apiRequestHandler.getNewGroup()!=null){
1102 groupChanged(apiRequestHandler.getNewGroup());
1106 // this is from the Admin Console, so handle separately
1107 doACDelete(request, response, groupId, loggingContext);
1108 loggingContext.transactionEnded();
1109 PolicyLogger.audit("Transaction Ended Successfully");
1110 im.endTransaction();
1113 //Catch anything that fell through
1114 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId");
1115 loggingContext.transactionEnded();
1116 PolicyLogger.audit("Transaction Failed - See Error.log");
1117 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
1118 im.endTransaction();
1121 private boolean isPDPCurrent(Properties policies, Properties pipconfig, Properties pdpProperties) {
1122 String localRootPolicies = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1123 String localReferencedPolicies = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1124 if (localRootPolicies == null || localReferencedPolicies == null) {
1125 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing property on PAP server: RootPolicies="+localRootPolicies+" ReferencedPolicies="+localReferencedPolicies);
1128 // Compare the policies and pipconfig properties to the pdpProperties
1130 // the policy properties includes only xacml.rootPolicies and
1131 // xacml.referencedPolicies without any .url entries
1132 Properties pdpPolicies = XACMLProperties.getPolicyProperties(pdpProperties, false);
1133 Properties pdpPipConfig = XACMLProperties.getPipProperties(pdpProperties);
1134 if (localRootPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_ROOTPOLICIES)) &&
1135 localReferencedPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)) &&
1136 pdpPipConfig.equals(pipconfig)) {
1137 // The PDP is current
1140 } catch (Exception e) {
1141 // we get here if the PDP did not include either xacml.rootPolicies or xacml.pip.engines,
1142 // or if there are policies that do not have a corresponding ".url" property.
1143 // Either of these cases means that the PDP is not up-to-date, so just drop-through to return false.
1144 PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPapServlet", " PDP Error");
1149 private void populatePolicyURL(StringBuffer urlPath, Properties policies) {
1150 String lists[] = new String[2];
1151 lists[0] = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1152 lists[1] = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1153 for (String list : lists) {
1154 if (list != null && list.isEmpty() == false) {
1155 for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(list)) {
1156 String url = urlPath + "?id=" + id;
1157 LOGGER.info("Policy URL for " + id + ": " + url);
1158 policies.setProperty(id + ".url", url);
1164 protected String getPDPID(HttpServletRequest request) {
1165 String pdpURL = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_ID);
1166 if (pdpURL == null || pdpURL.isEmpty()) {
1167 // Should send back its port for identification
1168 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header");
1174 protected String getPDPJMX(HttpServletRequest request) {
1175 String pdpJMMX = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_JMX_PORT);
1176 if (pdpJMMX == null || pdpJMMX.isEmpty()) {
1177 // Should send back its port for identification
1178 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header for JMX Port so the value of 0 is assigned");
1185 * Requests from the PolicyEngine API to update the PDP Group with pushed policy
1190 * @param loggingContext
1191 * @throws ServletException
1192 * @throws IOException
1194 public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1195 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1197 // for PUT operations the group may or may not need to exist before the operation can be done
1198 StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId);
1199 // get the request input stream content into a String
1201 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1202 scanner.useDelimiter("\\A");
1203 json = scanner.hasNext() ? scanner.next() : "";
1205 PolicyLogger.info("JSON request from PolicyEngine API: " + json);
1206 // convert Object sent as JSON into local object
1207 StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class);
1208 Set<PDPPolicy> policies = new HashSet<>();
1210 policies.add(policy);
1212 //Get the current policies from the Group and Add the new one
1213 Set<PDPPolicy> currentPoliciesInGroup = new HashSet<>();
1214 currentPoliciesInGroup = group.getPolicies();
1215 //If the selected policy is in the group we must remove it because the name is default
1216 Iterator<PDPPolicy> policyIterator = policies.iterator();
1217 LOGGER.debug("policyIterator....." + policies);
1218 while (policyIterator.hasNext()) {
1219 PDPPolicy selPolicy = policyIterator.next();
1220 for (PDPPolicy existingPolicy : currentPoliciesInGroup) {
1221 if (existingPolicy.getId().equals(selPolicy.getId())) {
1222 group.removePolicyFromGroup(existingPolicy);
1223 LOGGER.debug("Removing policy: " + existingPolicy);
1228 //Update the PDP Group after removing old version of policy
1229 Set<PDPPolicy> updatedPoliciesInGroup = new HashSet<>();
1230 updatedPoliciesInGroup = group.getPolicies();
1231 //need to remove the policy with default name from group
1232 for (PDPPolicy updatedPolicy : currentPoliciesInGroup) {
1233 if (updatedPolicy.getName().equalsIgnoreCase("default")) {
1234 group.removePolicyFromGroup(updatedPolicy);
1238 if(updatedPoliciesInGroup!=null){
1239 policies.addAll(updatedPoliciesInGroup);
1241 group.setPolicies(policies);
1242 // Assume that this is an update of an existing PDP Group
1243 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1245 acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut");
1246 } catch(Exception e){
1247 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: "
1248 +"group="+group.getId());
1249 throw new PAPException(e.getMessage());
1251 papEngine.updateGroup(group);
1252 String policyId = "empty";
1254 policyId = policy.getId();
1256 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1257 response.addHeader("operation", "push");
1258 response.addHeader("policyId", policyId);
1259 response.addHeader("groupId", groupId);
1260 if (LOGGER.isDebugEnabled()) {
1261 LOGGER.debug("Group '" + group.getId() + "' updated");
1263 acPutTransaction.commitTransaction();
1265 // Group changed, which might include changing the policies
1266 groupChanged(group);
1267 loggingContext.transactionEnded();
1268 auditLogger.info("Success");
1270 if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1271 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1272 if (pushPolicyHandler.preSafetyCheck(policy, CONFIG_HOME)) {
1273 LOGGER.debug("Precheck Successful.");
1277 PolicyLogger.audit("Transaction Ended Successfully");
1279 } catch (PAPException e) {
1280 acPutTransaction.rollbackTransaction();
1281 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1282 loggingContext.transactionEnded();
1283 PolicyLogger.audit("Transaction Failed - See Error.log");
1284 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
1285 response.sendError(500, e.getMessage());
1286 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1287 response.addHeader("error","addGroupError");
1288 response.addHeader("message", message);
1294 * Requests from the Admin Console for operations not on single specific objects
1299 * @param loggingContext
1300 * @throws ServletException
1301 * @throws IOException
1303 private void doACPost(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1304 PolicyDBDaoTransaction doACPostTransaction = null;
1306 String groupName = request.getParameter("groupName");
1307 String groupDescription = request.getParameter("groupDescription");
1308 String apiflag = request.getParameter("apiflag");
1309 if (groupName != null && groupDescription != null) {
1310 // Args: group=<groupId> groupName=<name> groupDescription=<description> <= create a new group
1311 loggingContext.setServiceName("AC:PAP.createGroup");
1312 String unescapedName = URLDecoder.decode(groupName, "UTF-8");
1313 String unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8");
1314 PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction();
1316 newGroupTransaction.createGroup(PolicyDBDao.createNewPDPGroupId(unescapedName), unescapedName, unescapedDescription,"XACMLPapServlet.doACPost");
1317 papEngine.newGroup(unescapedName, unescapedDescription);
1318 newGroupTransaction.commitTransaction();
1319 } catch (Exception e) {
1320 newGroupTransaction.rollbackTransaction();
1321 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group");
1322 loggingContext.transactionEnded();
1324 PolicyLogger.audit("Transaction Failed - See Error.log");
1325 response.sendError(500, "Unable to create new group '" + groupId + "'");
1328 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1329 if (LOGGER.isDebugEnabled()) {
1330 LOGGER.debug("New Group '" + groupId + "' created");
1332 // tell the Admin Consoles there is a change
1334 // new group by definition has no PDPs, so no need to notify them of changes
1335 loggingContext.transactionEnded();
1336 PolicyLogger.audit("Transaction Failed - See Error.log");
1337 auditLogger.info("Success");
1338 PolicyLogger.audit("Transaction Ended Successfully");
1341 // for all remaining POST operations the group must exist before the operation can be done
1342 OnapPDPGroup group = papEngine.getGroup(groupId);
1343 if (group == null) {
1344 String message = "Unknown groupId '" + groupId + "'";
1345 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1346 loggingContext.transactionEnded();
1347 PolicyLogger.audit("Transaction Failed - See Error.log");
1349 response.addHeader("error", "unknownGroupId");
1350 response.addHeader("operation", "push");
1351 response.addHeader("message", message);
1352 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
1354 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
1358 // determine the operation needed based on the parameters in the request
1359 if (request.getParameter("policyId") != null) {
1360 // Args: group=<groupId> policy=<policyId> <= copy file
1361 // copy a policy from the request contents into a file in the group's directory on this machine
1363 loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy");
1365 loggingContext.setServiceName("AC:PAP.postPolicy");
1367 String policyId = request.getParameter("policyId");
1368 PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction();
1370 InputStream is = null;
1372 if (apiflag != null){
1373 // get the request content into a String if the request is from API
1375 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1376 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1377 scanner.useDelimiter("\\A");
1378 json = scanner.hasNext() ? scanner.next() : "";
1380 LOGGER.info("JSON request from API: " + json);
1381 // convert Object sent as JSON into local object
1382 ObjectMapper mapper = new ObjectMapper();
1383 Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class);
1384 StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON;
1385 temp = new File(policy.getLocation());
1386 is = new FileInputStream(temp);
1388 is = request.getInputStream();
1390 addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost");
1391 if (apiflag != null){
1392 ((StdPDPGroup) group).copyPolicyToFile(policyId,"API", is);
1395 if (policyId.endsWith(".xml")) {
1396 name = policyId.replace(".xml", "");
1397 name = name.substring(0, name.lastIndexOf("."));
1399 ((StdPDPGroup) group).copyPolicyToFile(policyId, name, is);
1401 if(is!=null && temp!=null){
1405 addPolicyToGroupTransaction.commitTransaction();
1406 } catch (Exception e) {
1407 addPolicyToGroupTransaction.rollbackTransaction();
1408 String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
1409 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
1410 loggingContext.transactionEnded();
1411 PolicyLogger.audit("Transaction Failed - See Error.log");
1413 response.addHeader("error", "policyCopyError");
1414 response.addHeader("message", message);
1415 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1417 response.sendError(500, message);
1421 // policy file copied ok and the Group was updated on the PDP
1422 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1423 response.addHeader("operation", "push");
1424 response.addHeader("policyId", policyId);
1425 response.addHeader("groupId", groupId);
1426 if (LOGGER.isDebugEnabled()) {
1427 LOGGER.debug("policy '" + policyId + "' copied to directory for group '" + groupId + "'");
1429 loggingContext.transactionEnded();
1430 auditLogger.info("Success");
1431 PolicyLogger.audit("Transaction Ended Successfully");
1433 } else if (request.getParameter("default") != null) {
1434 // Args: group=<groupId> default=true <= make default
1435 // change the current default group to be the one identified in the request.
1436 loggingContext.setServiceName("AC:PAP.setDefaultGroup");
1437 // This is a POST operation rather than a PUT "update group" because of the side-effect that the current default group is also changed.
1438 // It should never be the case that multiple groups are currently marked as the default, but protect against that anyway.
1439 PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction();
1441 setDefaultGroupTransaction.changeDefaultGroup(group, "XACMLPapServlet.doACPost");
1442 papEngine.SetDefaultGroup(group);
1443 setDefaultGroupTransaction.commitTransaction();
1444 } catch (Exception e) {
1445 setDefaultGroupTransaction.rollbackTransaction();
1446 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group");
1447 loggingContext.transactionEnded();
1449 PolicyLogger.audit("Transaction Failed - See Error.log");
1450 response.sendError(500, "Unable to set group '" + groupId + "' to default");
1453 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1454 if (LOGGER.isDebugEnabled()) {
1455 LOGGER.debug("Group '" + groupId + "' set to be default");
1457 // Notify the Admin Consoles that something changed
1458 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1459 //TODO - Future: FIGURE OUT WHAT LEVEL TO NOTIFY: 2 groups or entire set - currently notify AC to update whole configuration of all groups
1461 // This does not affect any PDPs in the existing groups, so no need to notify them of this change
1462 loggingContext.transactionEnded();
1463 auditLogger.info("Success");
1464 PolicyLogger.audit("Transaction Ended Successfully");
1466 } else if (request.getParameter("pdpId") != null) {
1467 doACPostTransaction = policyDBDao.getNewTransaction();
1468 // Args: group=<groupId> pdpId=<pdpId> <= move PDP to group
1469 loggingContext.setServiceName("AC:PAP.movePDP");
1470 String pdpId = request.getParameter("pdpId");
1471 OnapPDP pdp = papEngine.getPDP(pdpId);
1472 OnapPDPGroup originalGroup = papEngine.getPDPGroup((OnapPDP) pdp);
1474 doACPostTransaction.movePdp(pdp, group, "XACMLPapServlet.doACPost");
1475 }catch(Exception e){
1476 doACPostTransaction.rollbackTransaction();
1477 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet",
1478 " Error while moving pdp in the database: "
1479 +"pdp="+pdp.getId()+",to group="+group.getId());
1480 throw new PAPException(e.getMessage());
1482 papEngine.movePDP((OnapPDP) pdp, group);
1483 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1484 if (LOGGER.isDebugEnabled()) {
1485 LOGGER.debug("PDP '" + pdp.getId() +"' moved to group '" + group.getId() + "' set to be default");
1487 // update the status of both the original group and the new one
1488 ((StdPDPGroup)originalGroup).resetStatus();
1489 ((StdPDPGroup)group).resetStatus();
1490 // Notify the Admin Consoles that something changed
1491 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1493 // Need to notify the PDP that it's config may have changed
1495 doACPostTransaction.commitTransaction();
1496 loggingContext.transactionEnded();
1497 auditLogger.info("Success");
1498 PolicyLogger.audit("Transaction Ended Successfully");
1501 } catch (PAPException e) {
1502 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception");
1503 loggingContext.transactionEnded();
1504 PolicyLogger.audit("Transaction Failed - See Error.log");
1505 response.sendError(500, e.getMessage());
1511 * Requests from the Admin Console to GET info about the Groups and PDPs
1516 * @param loggingContext
1517 * @throws ServletException
1518 * @throws IOException
1520 private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1522 String parameterDefault = request.getParameter("default");
1523 String pdpId = request.getParameter("pdpId");
1524 String pdpGroup = request.getParameter("getPDPGroup");
1525 if ("".equals(groupId)) {
1526 // request IS from AC but does not identify a group by name
1527 if (parameterDefault != null) {
1528 // Request is for the Default group (whatever its id)
1529 loggingContext.setServiceName("AC:PAP.getDefaultGroup");
1530 OnapPDPGroup group = papEngine.getDefaultGroup();
1531 // convert response object to JSON and include in the response
1532 ObjectMapper mapper = new ObjectMapper();
1533 mapper.writeValue(response.getOutputStream(), group);
1534 if (LOGGER.isDebugEnabled()) {
1535 LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'");
1537 response.setStatus(HttpServletResponse.SC_OK);
1538 response.setHeader("content-type", "application/json");
1539 response.getOutputStream().close();
1540 loggingContext.transactionEnded();
1541 auditLogger.info("Success");
1542 PolicyLogger.audit("Transaction Ended Successfully");
1544 } else if (pdpId != null) {
1545 // Request is related to a PDP
1546 if (pdpGroup == null) {
1547 // Request is for the (unspecified) group containing a given PDP
1548 loggingContext.setServiceName("AC:PAP.getPDP");
1549 OnapPDP pdp = papEngine.getPDP(pdpId);
1550 // convert response object to JSON and include in the response
1551 ObjectMapper mapper = new ObjectMapper();
1552 mapper.writeValue(response.getOutputStream(), pdp);
1553 if (LOGGER.isDebugEnabled()) {
1554 LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'");
1556 response.setStatus(HttpServletResponse.SC_OK);
1557 response.setHeader("content-type", "application/json");
1558 response.getOutputStream().close();
1559 loggingContext.transactionEnded();
1560 auditLogger.info("Success");
1561 PolicyLogger.audit("Transaction Ended Successfully");
1564 // Request is for the group containing a given PDP
1565 loggingContext.setServiceName("AC:PAP.getGroupForPDP");
1566 OnapPDP pdp = papEngine.getPDP(pdpId);
1567 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
1568 // convert response object to JSON and include in the response
1569 ObjectMapper mapper = new ObjectMapper();
1570 mapper.writeValue(response.getOutputStream(), group);
1571 if (LOGGER.isDebugEnabled()) {
1572 LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'");
1574 response.setStatus(HttpServletResponse.SC_OK);
1575 response.setHeader("content-type", "application/json");
1576 response.getOutputStream().close();
1577 loggingContext.transactionEnded();
1578 auditLogger.info("Success");
1579 PolicyLogger.audit("Transaction Ended Successfully");
1583 // request is for top-level properties about all groups
1584 loggingContext.setServiceName("AC:PAP.getAllGroups");
1585 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
1586 // convert response object to JSON and include in the response
1587 ObjectMapper mapper = new ObjectMapper();
1588 mapper.writeValue(response.getOutputStream(), groups);
1589 if (LOGGER.isDebugEnabled()) {
1590 LOGGER.debug("GET All groups req");
1592 response.setStatus(HttpServletResponse.SC_OK);
1593 response.setHeader("content-type", "application/json");
1594 response.getOutputStream().close();
1595 loggingContext.transactionEnded();
1596 auditLogger.info("Success");
1597 PolicyLogger.audit("Transaction Ended Successfully");
1601 // for all other GET operations the group must exist before the operation can be done
1602 OnapPDPGroup group = papEngine.getGroup(groupId);
1603 if (group == null) {
1604 String message = "Unknown groupId '" + groupId + "'";
1605 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1606 loggingContext.transactionEnded();
1608 PolicyLogger.audit("Transaction Failed - See Error.log");
1609 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
1612 // Figure out which request this is based on the parameters
1613 String policyId = request.getParameter("policyId");
1614 if (policyId != null) {
1615 // retrieve a policy
1616 loggingContext.setServiceName("AC:PAP.getPolicy");
1617 // convert response object to JSON and include in the response
1618 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented");
1619 loggingContext.transactionEnded();
1620 PolicyLogger.audit("Transaction Failed - See Error.log");
1621 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
1623 // No other parameters, so return the identified Group
1624 loggingContext.setServiceName("AC:PAP.getGroup");
1625 // convert response object to JSON and include in the response
1626 ObjectMapper mapper = new ObjectMapper();
1627 mapper.writeValue(response.getOutputStream(), group);
1628 if (LOGGER.isDebugEnabled()) {
1629 LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'");
1631 response.setStatus(HttpServletResponse.SC_OK);
1632 response.setHeader("content-type", "application/json");
1633 response.getOutputStream().close();
1634 loggingContext.transactionEnded();
1635 auditLogger.info("Success");
1636 PolicyLogger.audit("Transaction Ended Successfully");
1639 // Currently there are no other GET calls from the AC.
1640 // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP.
1641 // Other GETs that could be called:
1642 // Specific Group (groupId=<groupId>)
1643 // A Policy (groupId=<groupId> policyId=<policyId>)
1644 // A PDP (groupId=<groupId> pdpId=<pdpId>)
1645 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED ");
1646 loggingContext.transactionEnded();
1647 PolicyLogger.audit("Transaction Failed - See Error.log");
1648 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1649 } catch (PAPException e) {
1650 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception");
1651 loggingContext.transactionEnded();
1652 PolicyLogger.audit("Transaction Failed - See Error.log");
1653 response.sendError(500, e.getMessage());
1659 * Requests from the Admin Console to create new items or update existing ones
1664 * @param loggingContext
1665 * @throws ServletException
1666 * @throws IOException
1668 private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1669 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1671 // for PUT operations the group may or may not need to exist before the operation can be done
1672 OnapPDPGroup group = papEngine.getGroup(groupId);
1673 // determine the operation needed based on the parameters in the request
1674 // for remaining operations the group must exist before the operation can be done
1675 if (group == null) {
1676 String message = "Unknown groupId '" + groupId + "'";
1677 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1678 loggingContext.transactionEnded();
1679 PolicyLogger.audit("Transaction Failed - See Error.log");
1680 response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
1683 if (request.getParameter("policy") != null) {
1684 // group=<groupId> policy=<policyId> contents=policy file <= Create new policy file in group dir, or replace it if it already exists (do not touch properties)
1685 loggingContext.setServiceName("AC:PAP.putPolicy");
1686 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PARTIALLY IMPLEMENTED!!! ACTUAL CHANGES SHOULD BE MADE BY PAP SERVLET!!! ");
1687 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1688 loggingContext.transactionEnded();
1689 PolicyLogger.audit("Transaction Failed - See Error.log");
1690 auditLogger.info("Success");
1691 PolicyLogger.audit("Transaction Ended Successfully");
1693 } else if (request.getParameter("pdpId") != null) {
1694 // ARGS: group=<groupId> pdpId=<pdpId/URL> <= create a new PDP or Update an Existing one
1695 String pdpId = request.getParameter("pdpId");
1696 if (papEngine.getPDP(pdpId) == null) {
1697 loggingContext.setServiceName("AC:PAP.createPDP");
1699 loggingContext.setServiceName("AC:PAP.updatePDP");
1701 // get the request content into a String
1703 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1704 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1705 scanner.useDelimiter("\\A");
1706 json = scanner.hasNext() ? scanner.next() : "";
1708 LOGGER.info("JSON request from AC: " + json);
1709 // convert Object sent as JSON into local object
1710 ObjectMapper mapper = new ObjectMapper();
1711 Object objectFromJSON = mapper.readValue(json, StdPDP.class);
1712 if (pdpId == null ||
1713 objectFromJSON == null ||
1714 ! (objectFromJSON instanceof StdPDP) ||
1715 ((StdPDP)objectFromJSON).getId() == null ||
1716 ! ((StdPDP)objectFromJSON).getId().equals(pdpId)) {
1717 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
1718 loggingContext.transactionEnded();
1719 PolicyLogger.audit("Transaction Failed - See Error.log");
1720 response.sendError(500, "Bad input, pdpid="+pdpId+" object="+objectFromJSON);
1722 StdPDP pdp = (StdPDP) objectFromJSON;
1724 if (papEngine.getPDP(pdpId) == null) {
1725 // this is a request to create a new PDP object
1727 acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(),
1728 pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut");
1729 } catch(Exception e){
1730 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: "
1731 +"pdp="+ (pdp.getId()) +",to group="+group.getId());
1732 throw new PAPException(e.getMessage());
1734 papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
1737 acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
1738 } catch(Exception e){
1739 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: "
1740 +"pdp="+ pdp.getId());
1741 throw new PAPException(e.getMessage());
1743 // this is a request to update the pdp
1744 papEngine.updatePDP(pdp);
1746 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1747 if (LOGGER.isDebugEnabled()) {
1748 LOGGER.debug("PDP '" + pdpId + "' created/updated");
1750 // adjust the group's state including the new PDP
1751 ((StdPDPGroup)group).resetStatus();
1752 // tell the Admin Consoles there is a change
1754 // this might affect the PDP, so notify it of the change
1756 acPutTransaction.commitTransaction();
1757 loggingContext.transactionEnded();
1758 auditLogger.info("Success");
1759 PolicyLogger.audit("Transaction Ended Successfully");
1763 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "XACMLPapServlet", " Error while adding pdp to group in the database: "
1764 +"pdp=null" + ",to group="+group.getId());
1765 throw new PAPException("PDP is null");
1766 } catch(Exception e){
1767 throw new PAPException("PDP is null" + e.getMessage() +e);
1770 } else if (request.getParameter("pipId") != null) {
1771 // group=<groupId> pipId=<pipEngineId> contents=pip properties <= add a PIP to pip config, or replace it if it already exists (lenient operation)
1772 loggingContext.setServiceName("AC:PAP.putPIP");
1773 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1774 loggingContext.transactionEnded();
1775 PolicyLogger.audit("Transaction Failed - See Error.log");
1776 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1779 // Assume that this is an update of an existing PDP Group
1780 // ARGS: group=<groupId> <= Update an Existing Group
1781 loggingContext.setServiceName("AC:PAP.updateGroup");
1782 // get the request content into a String
1784 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
1785 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1786 scanner.useDelimiter("\\A");
1787 json = scanner.hasNext() ? scanner.next() : "";
1789 LOGGER.info("JSON request from AC: " + json);
1790 // convert Object sent as JSON into local object
1791 ObjectMapper mapper = new ObjectMapper();
1792 Object objectFromJSON = mapper.readValue(json, StdPDPGroup.class);
1793 if (objectFromJSON == null || ! (objectFromJSON instanceof StdPDPGroup) ||
1794 ! ((StdPDPGroup)objectFromJSON).getId().equals(group.getId())) {
1795 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
1796 loggingContext.transactionEnded();
1797 PolicyLogger.audit("Transaction Failed - See Error.log");
1798 response.sendError(500, "Bad input, id="+group.getId() +" object="+objectFromJSON);
1800 // The Path on the PAP side is not carried on the RESTful interface with the AC
1801 // (because it is local to the PAP)
1802 // so we need to fill that in before submitting the group for update
1803 if(objectFromJSON != null){
1804 ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
1807 acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
1808 } catch(Exception e){
1809 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: "
1810 +"group="+group.getId());
1811 throw new PAPException(e.getMessage());
1814 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1815 OnapPDPGroup updatedGroup = (StdPDPGroup)objectFromJSON;
1816 if (pushPolicyHandler.preSafetyCheck(updatedGroup, CONFIG_HOME)) {
1817 LOGGER.debug("Precheck Successful.");
1820 papEngine.updateGroup((StdPDPGroup)objectFromJSON);
1822 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1823 if (LOGGER.isDebugEnabled()) {
1824 LOGGER.debug("Group '" + group.getId() + "' updated");
1826 acPutTransaction.commitTransaction();
1827 // tell the Admin Consoles there is a change
1829 // Group changed, which might include changing the policies
1830 groupChanged(group);
1831 loggingContext.transactionEnded();
1832 auditLogger.info("Success");
1833 PolicyLogger.audit("Transaction Ended Successfully");
1836 } catch (PAPException e) {
1837 acPutTransaction.rollbackTransaction();
1838 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
1839 loggingContext.transactionEnded();
1840 PolicyLogger.audit("Transaction Failed - See Error.log");
1841 response.sendError(500, e.getMessage());
1847 * Requests from the Admin Console to delete/remove items
1852 * @param loggingContext
1853 * @throws ServletException
1854 * @throws IOException
1856 private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1857 //This code is to allow deletes to propagate to the database since delete is not implemented
1858 String isDeleteNotify = request.getParameter("isDeleteNotify");
1859 if(isDeleteNotify != null){
1860 String policyToDelete = request.getParameter("policyToDelete");
1862 policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8");
1863 } catch(UnsupportedEncodingException e){
1864 PolicyLogger.error("Unsupported URL encoding of policyToDelete (UTF-8");
1865 response.sendError(500,"policyToDelete encoding not supported");
1868 PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction();
1870 deleteTransaction.deletePolicy(policyToDelete);
1871 } catch(Exception e){
1872 deleteTransaction.rollbackTransaction();
1873 response.sendError(500,"deleteTransaction.deleteTransaction(policyToDelete) "
1874 + "\nfailure with the following exception: " + e);
1877 deleteTransaction.commitTransaction();
1878 response.setStatus(HttpServletResponse.SC_OK);
1881 PolicyDBDaoTransaction removePdpOrGroupTransaction = policyDBDao.getNewTransaction();
1883 // for all DELETE operations the group must exist before the operation can be done
1884 loggingContext.setServiceName("AC:PAP.delete");
1885 OnapPDPGroup group = papEngine.getGroup(groupId);
1886 if (group == null) {
1887 String message = "Unknown groupId '" + groupId + "'";
1888 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1889 loggingContext.transactionEnded();
1890 PolicyLogger.audit("Transaction Failed - See Error.log");
1891 response.sendError(HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'");
1894 // determine the operation needed based on the parameters in the request
1895 if (request.getParameter("policy") != null) {
1896 // group=<groupId> policy=<policyId> [delete=<true|false>] <= delete policy file from group
1897 loggingContext.setServiceName("AC:PAP.deletePolicy");
1898 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1899 loggingContext.transactionEnded();
1900 PolicyLogger.audit("Transaction Failed - See Error.log");
1901 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1903 } else if (request.getParameter("pdpId") != null) {
1904 // ARGS: group=<groupId> pdpId=<pdpId> <= delete PDP
1905 String pdpId = request.getParameter("pdpId");
1906 OnapPDP pdp = papEngine.getPDP(pdpId);
1908 removePdpOrGroupTransaction.removePdpFromGroup(pdp.getId(),"XACMLPapServlet.doACDelete");
1909 } catch(Exception e){
1910 throw new PAPException();
1912 papEngine.removePDP((OnapPDP) pdp);
1913 // adjust the status of the group, which may have changed when we removed this PDP
1914 ((StdPDPGroup)group).resetStatus();
1915 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1917 // update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests)
1919 removePdpOrGroupTransaction.commitTransaction();
1920 loggingContext.transactionEnded();
1921 auditLogger.info("Success");
1922 PolicyLogger.audit("Transaction Ended Successfully");
1924 } else if (request.getParameter("pipId") != null) {
1925 // group=<groupId> pipId=<pipEngineId> <= delete PIP config for given engine
1926 loggingContext.setServiceName("AC:PAP.deletePIPConfig");
1927 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
1928 loggingContext.transactionEnded();
1929 PolicyLogger.audit("Transaction Failed - See Error.log");
1930 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1933 // ARGS: group=<groupId> movePDPsToGroupId=<movePDPsToGroupId> <= delete a group and move all its PDPs to the given group
1934 String moveToGroupId = request.getParameter("movePDPsToGroupId");
1935 OnapPDPGroup moveToGroup = null;
1936 if (moveToGroupId != null) {
1937 moveToGroup = papEngine.getGroup(moveToGroupId);
1939 // get list of PDPs in the group being deleted so we can notify them that they got changed
1940 Set<OnapPDP> movedPDPs = new HashSet<>();
1941 movedPDPs.addAll(group.getOnapPdps());
1942 // do the move/remove
1944 removePdpOrGroupTransaction.deleteGroup(group, moveToGroup,"XACMLPapServlet.doACDelete");
1945 } catch(Exception e){
1946 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception");
1947 throw new PAPException(e.getMessage());
1949 papEngine.removeGroup(group, moveToGroup);
1950 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1952 // notify any PDPs in the removed set that their config may have changed
1953 for (OnapPDP pdp : movedPDPs) {
1956 removePdpOrGroupTransaction.commitTransaction();
1957 loggingContext.transactionEnded();
1958 auditLogger.info("Success");
1959 PolicyLogger.audit("Transaction Ended Successfully");
1962 } catch (PAPException e) {
1963 removePdpOrGroupTransaction.rollbackTransaction();
1964 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC DELETE exception");
1965 loggingContext.transactionEnded();
1966 PolicyLogger.audit("Transaction Failed - See Error.log");
1967 response.sendError(500, e.getMessage());
1973 * Heartbeat thread - periodically check on PDPs' status
1975 * Heartbeat with all known PDPs.
1977 * Implementation note:
1979 * The PDPs are contacted Sequentially, not in Parallel.
1981 * If we did this in parallel using multiple threads we would simultaneously use
1985 * This could become a resource problem since we already use multiple threads and connections for updating the PDPs
1986 * when user changes occur.
1987 * Using separate threads can also make it tricky dealing with timeouts on PDPs that are non-responsive.
1989 * The Sequential operation does a heartbeat request to each PDP one at a time.
1990 * This has the flaw that any PDPs that do not respond will hold up the entire heartbeat sequence until they timeout.
1991 * If there are a lot of non-responsive PDPs and the timeout is large-ish (the default is 20 seconds)
1992 * it could take a long time to cycle through all of the PDPs.
1993 * That means that this may not notice a PDP being down in a predictable time.
1995 private class Heartbeat implements Runnable {
1996 private PAPPolicyEngine papEngine;
1997 private Set<OnapPDP> pdps = new HashSet<>();
1998 private int heartbeatInterval;
1999 private int heartbeatTimeout;
2001 public volatile boolean isRunning = false;
2003 public synchronized boolean isRunning() {
2004 return this.isRunning;
2007 public synchronized void terminate() {
2008 this.isRunning = false;
2011 public Heartbeat(PAPPolicyEngine papEngine2) {
2012 papEngine = papEngine2;
2013 this.heartbeatInterval = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_INTERVAL, "10000"));
2014 this.heartbeatTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_TIMEOUT, "10000"));
2019 // Set ourselves as running
2020 synchronized(this) {
2021 this.isRunning = true;
2023 HashMap<String, URL> idToURLMap = new HashMap<>();
2025 while (this.isRunning()) {
2026 // Wait the given time
2027 Thread.sleep(heartbeatInterval);
2028 // get the list of PDPs (may have changed since last time)
2030 synchronized(papEngine) {
2032 for (OnapPDPGroup g : papEngine.getOnapPDPGroups()) {
2033 for (OnapPDP p : g.getOnapPdps()) {
2037 } catch (PAPException e) {
2038 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat unable to read PDPs from PAPEngine");
2041 // Check for shutdown
2042 if (this.isRunning() == false) {
2043 LOGGER.info("isRunning is false, getting out of loop.");
2046 // try to get the summary status from each PDP
2047 boolean changeSeen = false;
2048 for (OnapPDP pdp : pdps) {
2049 // Check for shutdown
2050 if (this.isRunning() == false) {
2051 LOGGER.info("isRunning is false, getting out of loop.");
2054 // the id of the PDP is its url (though we add a query parameter)
2055 URL pdpURL = idToURLMap.get(pdp.getId());
2056 if (pdpURL == null) {
2057 // haven't seen this PDP before
2058 String fullURLString = null;
2061 if(CheckPDP.validateID(pdp.getId())){
2062 fullURLString = pdp.getId() + "?type=hb";
2063 pdpURL = new URL(fullURLString);
2064 idToURLMap.put(pdp.getId(), pdpURL);
2066 } catch (MalformedURLException e) {
2067 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " PDP id '" + fullURLString + "' is not a valid URL");
2071 // Do a GET with type HeartBeat
2072 String newStatus = "";
2073 HttpURLConnection connection = null;
2075 // Open up the connection
2077 connection = (HttpURLConnection)pdpURL.openConnection();
2078 // Setup our method and headers
2079 connection.setRequestMethod("GET");
2080 connection.setConnectTimeout(heartbeatTimeout);
2082 String encoding = CheckPDP.getEncoding(pdp.getId());
2083 if(encoding !=null){
2084 connection.setRequestProperty("Authorization", "Basic " + encoding);
2087 connection.connect();
2088 if (connection.getResponseCode() == 204) {
2089 newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB);
2090 if (LOGGER.isDebugEnabled()) {
2091 LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'");
2094 // anything else is an unexpected result
2095 newStatus = PDPStatus.Status.UNKNOWN.toString();
2096 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId());
2099 } catch (UnknownHostException e) {
2100 newStatus = PDPStatus.Status.NO_SUCH_HOST.toString();
2101 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' NO_SUCH_HOST");
2102 } catch (SocketTimeoutException e) {
2103 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2104 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' connection timeout");
2105 } catch (ConnectException e) {
2106 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2107 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' cannot connect");
2108 } catch (Exception e) {
2109 newStatus = PDPStatus.Status.UNKNOWN.toString();
2110 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat '" + pdp.getId() + "' connect exception");
2112 // cleanup the connection
2113 if(connection != null)
2114 connection.disconnect();
2116 if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) {
2117 if (LOGGER.isDebugEnabled()) {
2118 LOGGER.debug("previous status='" + pdp.getStatus().getStatus()+"' new Status='" + newStatus + "'");
2121 setPDPSummaryStatus(pdp, newStatus);
2122 } catch (PAPException e) {
2123 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Unable to set state for PDP '" + pdp.getId());
2128 // Check for shutdown
2129 if (this.isRunning() == false) {
2130 LOGGER.info("isRunning is false, getting out of loop.");
2133 // if any of the PDPs changed state, tell the ACs to update
2138 } catch (InterruptedException e) {
2139 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat interrupted. Shutting down");
2146 * HELPER to change Group status when PDP status is changed
2147 * (Must NOT be called from a method that is synchronized on the papEngine or it may deadlock)
2149 private void setPDPSummaryStatus(OnapPDP pdp, PDPStatus.Status newStatus) throws PAPException {
2150 setPDPSummaryStatus(pdp, newStatus.toString());
2153 private void setPDPSummaryStatus(OnapPDP pdp, String newStatus) throws PAPException {
2154 synchronized(papEngine) {
2155 StdPDPStatus status = new StdPDPStatus();
2156 status.setStatus(PDPStatus.Status.valueOf(newStatus));
2157 ((StdPDP)pdp).setStatus(status);
2158 // now adjust the group
2159 StdPDPGroup group = (StdPDPGroup)papEngine.getPDPGroup((OnapPDP) pdp);
2160 // if the PDP was just deleted it may transiently exist but not be in a group
2161 if (group != null) {
2162 group.resetStatus();
2168 * Callback methods telling this servlet to notify PDPs of changes made by the PAP StdEngine
2169 * in the PDP group directories
2172 public void changed() {
2173 // all PDPs in all groups need to be updated/sync'd
2174 Set<OnapPDPGroup> groups;
2176 groups = papEngine.getOnapPDPGroups();
2177 } catch (PAPException e) {
2178 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2179 throw new RuntimeException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2181 for (OnapPDPGroup group : groups) {
2182 groupChanged(group);
2187 public void groupChanged(OnapPDPGroup group) {
2188 // all PDPs within one group need to be updated/sync'd
2189 for (OnapPDP pdp : group.getOnapPdps()) {
2195 public void pdpChanged(OnapPDP pdp) {
2196 // kick off a thread to do an event notification for each PDP.
2197 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2198 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2199 Thread t = new Thread(new UpdatePDPThread(pdp, storedRequestId));
2200 if(CheckPDP.validateID(pdp.getId())){
2205 private class UpdatePDPThread implements Runnable {
2206 private OnapPDP pdp;
2207 private String requestId;
2209 public UpdatePDPThread(OnapPDP pdp, String storedRequestId) {
2211 requestId = storedRequestId;
2215 // send the current configuration to one PDP
2216 HttpURLConnection connection = null;
2217 // get a new logging context for the thread
2218 ONAPLoggingContext loggingContext = new ONAPLoggingContext(baseLoggingContext);
2220 loggingContext.setServiceName("PAP:PDP.putConfig");
2221 // If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP
2222 if ((requestId == null) || (requestId == "")) {
2223 UUID requestID = UUID.randomUUID();
2224 loggingContext.setRequestID(requestID.toString());
2225 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (UpdatePDPThread) so we generated one: " + loggingContext.getRequestID());
2227 loggingContext.setRequestID(requestId);
2228 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (UpdatePDPThread): " + loggingContext.getRequestID());
2230 loggingContext.transactionStarted();
2231 // the Id of the PDP is its URL
2232 if (LOGGER.isDebugEnabled()) {
2233 LOGGER.debug("creating url for id '" + pdp.getId() + "'");
2235 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2236 //TODO (need to change "cache=", implying getting some input saying which to change)
2237 URL url = new URL(pdp.getId() + "?cache=all");
2238 // Open up the connection
2239 connection = (HttpURLConnection)url.openConnection();
2240 // Setup our method and headers
2241 connection.setRequestMethod("PUT");
2243 String encoding = CheckPDP.getEncoding(pdp.getId());
2244 if(encoding !=null){
2245 connection.setRequestProperty("Authorization", "Basic " + encoding);
2247 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2248 connection.setRequestProperty("X-ECOMP-RequestID", loggingContext.getRequestID());
2249 storedRequestId = null;
2250 connection.setInstanceFollowRedirects(true);
2251 connection.setDoOutput(true);
2252 try (OutputStream os = connection.getOutputStream()) {
2253 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
2254 // if the PDP was just deleted, there is no group, but we want to send an update anyway
2255 if (group == null) {
2256 // create blank properties files
2257 Properties policyProperties = new Properties();
2258 policyProperties.put(XACMLProperties.PROP_ROOTPOLICIES, "");
2259 policyProperties.put(XACMLProperties.PROP_REFERENCEDPOLICIES, "");
2260 policyProperties.store(os, "");
2261 Properties pipProps = new Properties();
2262 pipProps.setProperty(XACMLProperties.PROP_PIP_ENGINES, "");
2263 pipProps.store(os, "");
2265 // send properties from the current group
2266 group.getPolicyProperties().store(os, "");
2267 Properties policyLocations = new Properties();
2268 for (PDPPolicy policy : group.getPolicies()) {
2269 policyLocations.put(policy.getId() + ".url", XACMLPapServlet.papURL + "?id=" + policy.getId());
2271 policyLocations.store(os, "");
2272 group.getPipConfigProperties().store(os, "");
2274 } catch (Exception e) {
2275 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2276 // Since this is a server-side error, it probably does not reflect a problem on the client,
2277 // so do not change the PDP status.
2281 connection.connect();
2282 if (connection.getResponseCode() == 204) {
2283 LOGGER.info("Success. We are configured correctly.");
2284 loggingContext.transactionEnded();
2285 auditLogger.info("Success. PDP is configured correctly.");
2286 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2287 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
2288 } else if (connection.getResponseCode() == 200) {
2289 LOGGER.info("Success. PDP needs to update its configuration.");
2290 loggingContext.transactionEnded();
2291 auditLogger.info("Success. PDP needs to update its configuration.");
2292 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2293 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
2295 LOGGER.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2296 loggingContext.transactionEnded();
2297 auditLogger.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2298 PolicyLogger.audit("Transaction Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2299 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2301 } catch (Exception e) {
2302 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config with PDP '" + pdp.getId() + "'");
2303 loggingContext.transactionEnded();
2304 PolicyLogger.audit("Transaction Failed: Unable to sync config with PDP '" + pdp.getId() + "': " + e);
2306 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2307 } catch (PAPException e1) {
2308 PolicyLogger.audit("Transaction Failed: Unable to set status of PDP " + pdp.getId() + " to UNKNOWN: " + e);
2309 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to set status of PDP '" + pdp.getId() + "' to UNKNOWN");
2312 // cleanup the connection
2313 if(connection != null){
2314 connection.disconnect();
2316 // tell the AC to update it's status info
2323 * RESTful Interface from PAP to ACs notifying them of changes
2325 private void notifyAC() {
2326 // kick off a thread to do one event notification for all registered ACs
2327 // This needs to be on a separate thread so that ACs can make calls back to PAP to get the updated Group data
2328 // as part of processing this message on their end.
2329 Thread t = new Thread(new NotifyACThread());
2333 private class NotifyACThread implements Runnable {
2335 List<String> disconnectedACs = new ArrayList<>();
2336 // There should be no Concurrent exception here because the list is a CopyOnWriteArrayList.
2337 // The "for each" loop uses the collection's iterator under the covers, so it should be correct.
2338 for (String acURL : adminConsoleURLStringList) {
2339 HttpURLConnection connection = null;
2341 acURL += "?PAPNotification=true";
2342 //TODO - Currently we just tell AC that "Something changed" without being specific. Do we want to tell it which group/pdp changed?
2343 //TODO - If so, put correct parameters into the Query string here
2344 acURL += "&objectType=all" + "&action=update";
2345 if (LOGGER.isDebugEnabled()) {
2346 LOGGER.debug("creating url for id '" + acURL + "'");
2348 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2349 //TODO (need to change "cache=", implying getting some input saying which to change)
2350 URL url = new URL(acURL );
2351 // Open up the connection
2352 connection = (HttpURLConnection)url.openConnection();
2353 // Setup our method and headers
2354 connection.setRequestMethod("PUT");
2355 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2356 // Adding this in. It seems the HttpUrlConnection class does NOT
2357 // properly forward our headers for POST re-direction. It does so
2358 // for a GET re-direction.
2359 // So we need to handle this ourselves.
2360 //TODO - is this needed for a PUT? seems better to leave in for now?
2361 connection.setInstanceFollowRedirects(false);
2362 // Do not include any data in the PUT because this is just a
2363 // notification to the AC.
2364 // The AC will use GETs back to the PAP to get what it needs
2365 // to fill in the screens.
2367 connection.connect();
2368 if (connection.getResponseCode() == 204) {
2369 LOGGER.info("Success. We updated correctly.");
2371 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2374 } catch (Exception e) {
2375 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config AC '" + acURL + "'");
2376 disconnectedACs.add(acURL);
2378 // cleanup the connection
2379 if(connection != null)
2380 connection.disconnect();
2383 // remove any ACs that are no longer connected
2384 if (disconnectedACs.size() > 0) {
2385 adminConsoleURLStringList.removeAll(disconnectedACs);
2390 private void testService(ONAPLoggingContext loggingContext, HttpServletResponse response) throws IOException{
2391 LOGGER.info("Test request received");
2393 im.evaluateSanity();
2394 //If we make it this far, all is well
2395 String message = "GET:/pap/test called and PAP " + papResourceName + " is OK";
2396 LOGGER.info(message);
2397 loggingContext.transactionEnded();
2398 PolicyLogger.audit("Transaction Failed - See Error.log");
2399 response.setStatus(HttpServletResponse.SC_OK);
2401 }catch (ForwardProgressException fpe){
2402 //No forward progress is being made
2403 String message = "GET:/pap/test called and PAP " + papResourceName + " is not making forward progress."
2404 + " Exception Message: " + fpe.getMessage();
2405 LOGGER.info(message);
2406 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2407 loggingContext.transactionEnded();
2408 PolicyLogger.audit("Transaction Failed - See Error.log");
2409 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2411 }catch (AdministrativeStateException ase){
2412 //Administrative State is locked
2413 String message = "GET:/pap/test called and PAP " + papResourceName + " Administrative State is LOCKED "
2414 + " Exception Message: " + ase.getMessage();
2415 LOGGER.info(message);
2416 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2417 loggingContext.transactionEnded();
2418 PolicyLogger.audit("Transaction Failed - See Error.log");
2419 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2421 }catch (StandbyStatusException sse){
2422 //Administrative State is locked
2423 String message = "GET:/pap/test called and PAP " + papResourceName + " Standby Status is NOT PROVIDING SERVICE "
2424 + " Exception Message: " + sse.getMessage();
2425 LOGGER.info(message);
2426 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2427 loggingContext.transactionEnded();
2428 PolicyLogger.audit("Transaction Failed - See Error.log");
2429 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2431 }catch (Exception e) {
2432 //A subsystem is not making progress, is locked, standby or is not responding
2433 String eMsg = e.getMessage();
2435 eMsg = "No Exception Message";
2437 String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure."
2438 + " Exception Message: " + eMsg;
2439 LOGGER.info(message);
2440 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2441 loggingContext.transactionEnded();
2442 PolicyLogger.audit("Transaction Failed - See Error.log");
2443 //Get the specific list of subsystems that failed
2444 String ssFailureList = null;
2445 for(String failedSS : papDependencyGroupsFlatArray){
2446 if(eMsg.contains(failedSS)){
2447 if(ssFailureList == null){
2448 ssFailureList = failedSS;
2450 ssFailureList = ssFailureList.concat(","+failedSS);
2454 if(ssFailureList == null){
2455 ssFailureList = "UnknownSubSystem";
2457 response.addHeader("X-ONAP-SubsystemFailure", ssFailureList);
2458 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2464 * Authorizing the PEP Requests.
2466 private boolean authorizeRequest(HttpServletRequest request) {
2467 String clientCredentials = request.getHeader(ENVIRONMENT_HEADER);
2468 // Check if the Client is Authorized.
2469 if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){
2476 private static void loadWebapps() throws PAPException{
2477 if(ACTION_HOME == null || CONFIG_HOME == null){
2478 Path webappsPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS));
2480 if (webappsPath == null) {
2481 PolicyLogger.error("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2482 throw new PAPException("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2484 Path webappsPathConfig = Paths.get(webappsPath.toString()+File.separator+"Config");
2485 Path webappsPathAction = Paths.get(webappsPath.toString()+File.separator+"Action");
2486 if (Files.notExists(webappsPathConfig)) {
2488 Files.createDirectories(webappsPathConfig);
2489 } catch (IOException e) {
2490 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Failed to create config directory: "
2491 + webappsPathConfig.toAbsolutePath().toString());
2494 if (Files.notExists(webappsPathAction)) {
2496 Files.createDirectories(webappsPathAction);
2497 } catch (IOException e) {
2498 LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create config directory: "
2499 + webappsPathAction.toAbsolutePath().toString(), e);
2502 ACTION_HOME = webappsPathAction.toString();
2503 CONFIG_HOME = webappsPathConfig.toString();
2507 public static String getConfigHome(){
2510 } catch (PAPException e) {
2516 public static String getActionHome(){
2519 } catch (PAPException e) {
2525 public static EntityManagerFactory getEmf() {
2529 public IntegrityAudit getIa() {
2533 public static String getPDPFile(){
2534 return XACMLPapServlet.pdpFile;
2537 public static String getPersistenceUnit(){
2538 return PERSISTENCE_UNIT;
2541 public static PAPPolicyEngine getPAPEngine(){
2545 public static PolicyDBDaoTransaction getDbDaoTransaction(){
2546 return policyDBDao.getNewTransaction();
2548 public static String getPapDbDriver() {
2552 public static void setPapDbDriver(String papDbDriver) {
2553 XACMLPapServlet.papDbDriver = papDbDriver;
2556 public static String getPapDbUrl() {
2560 public static void setPapDbUrl(String papDbUrl) {
2561 XACMLPapServlet.papDbUrl = papDbUrl;
2564 public static String getPapDbUser() {
2568 public static void setPapDbUser(String papDbUser) {
2569 XACMLPapServlet.papDbUser = papDbUser;
2572 public static String getPapDbPassword() {
2573 return papDbPassword;
2576 public static void setPapDbPassword(String papDbPassword) {
2577 XACMLPapServlet.papDbPassword = papDbPassword;
2580 public static String getMsOnapName() {
2584 public static void setMsOnapName(String msOnapName) {
2585 XACMLPapServlet.msOnapName = msOnapName;
2588 public static String getMsPolicyName() {
2589 return msPolicyName;
2592 public static void setMsPolicyName(String msPolicyName) {
2593 XACMLPapServlet.msPolicyName = msPolicyName;
Code Review / policy / engine.git / blob