2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest;
24 import java.io.FileInputStream;
25 import java.io.IOException;
26 import java.io.InputStream;
27 import java.io.OutputStream;
28 import java.io.UnsupportedEncodingException;
29 import java.net.ConnectException;
30 import java.net.HttpURLConnection;
31 import java.net.InetAddress;
32 import java.net.MalformedURLException;
33 import java.net.SocketTimeoutException;
35 import java.net.URLDecoder;
36 import java.net.UnknownHostException;
37 import java.nio.file.Files;
38 import java.nio.file.Path;
39 import java.nio.file.Paths;
40 import java.util.ArrayList;
41 import java.util.HashMap;
42 import java.util.HashSet;
43 import java.util.Iterator;
44 import java.util.List;
45 import java.util.Properties;
46 import java.util.Scanner;
48 import java.util.UUID;
49 import java.util.concurrent.CopyOnWriteArrayList;
51 import javax.persistence.EntityManagerFactory;
52 import javax.persistence.Persistence;
53 import javax.persistence.PersistenceException;
54 import javax.servlet.Servlet;
55 import javax.servlet.ServletConfig;
56 import javax.servlet.ServletException;
57 import javax.servlet.annotation.WebInitParam;
58 import javax.servlet.annotation.WebServlet;
59 import javax.servlet.http.HttpServlet;
60 import javax.servlet.http.HttpServletRequest;
61 import javax.servlet.http.HttpServletResponse;
63 import org.apache.commons.io.IOUtils;
64 import org.onap.policy.common.ia.IntegrityAudit;
65 import org.onap.policy.common.im.AdministrativeStateException;
66 import org.onap.policy.common.im.ForwardProgressException;
67 import org.onap.policy.common.im.IntegrityMonitor;
68 import org.onap.policy.common.im.IntegrityMonitorProperties;
69 import org.onap.policy.common.im.StandbyStatusException;
70 import org.onap.policy.common.logging.ONAPLoggingContext;
71 import org.onap.policy.common.logging.ONAPLoggingUtils;
72 import org.onap.policy.common.logging.eelf.MessageCodes;
73 import org.onap.policy.common.logging.eelf.PolicyLogger;
74 import org.onap.policy.common.logging.flexlogger.FlexLogger;
75 import org.onap.policy.common.logging.flexlogger.Logger;
76 import org.onap.policy.pap.xacml.rest.components.PolicyDBDao;
77 import org.onap.policy.pap.xacml.rest.components.PolicyDBDaoTransaction;
78 import org.onap.policy.pap.xacml.rest.handler.APIRequestHandler;
79 import org.onap.policy.pap.xacml.rest.handler.PushPolicyHandler;
80 import org.onap.policy.pap.xacml.rest.handler.SavePolicyHandler;
81 import org.onap.policy.pap.xacml.restAuth.CheckPDP;
82 import org.onap.policy.rest.XACMLRest;
83 import org.onap.policy.rest.XACMLRestProperties;
84 import org.onap.policy.rest.dao.PolicyDBException;
85 import org.onap.policy.utils.CryptoUtils;
86 import org.onap.policy.utils.PolicyUtils;
87 import org.onap.policy.xacml.api.XACMLErrorConstants;
88 import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
89 import org.onap.policy.xacml.api.pap.OnapPDP;
90 import org.onap.policy.xacml.api.pap.OnapPDPGroup;
91 import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
92 import org.onap.policy.xacml.std.pap.StdPAPPolicy;
93 import org.onap.policy.xacml.std.pap.StdPDP;
94 import org.onap.policy.xacml.std.pap.StdPDPGroup;
95 import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener;
96 import org.onap.policy.xacml.std.pap.StdPDPPolicy;
97 import org.onap.policy.xacml.std.pap.StdPDPStatus;
99 import com.att.research.xacml.api.pap.PAPException;
100 import com.att.research.xacml.api.pap.PDPPolicy;
101 import com.att.research.xacml.api.pap.PDPStatus;
102 import com.att.research.xacml.util.FactoryException;
103 import com.att.research.xacml.util.XACMLProperties;
104 import com.fasterxml.jackson.databind.ObjectMapper;
105 import com.google.common.base.Splitter;
108 * Servlet implementation class XacmlPapServlet
111 description = "Implements the XACML PAP RESTful API.",
112 urlPatterns = { "/" },
115 @WebInitParam(name = "XACML_PROPERTIES_NAME", value = "xacml.pap.properties", description = "The location of the properties file holding configuration information.")
117 public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeListener, Runnable {
118 private static final long serialVersionUID = 1L;
119 private static final Logger LOGGER = FlexLogger.getLogger(XACMLPapServlet.class);
120 // audit (transaction) LOGGER
121 private static final Logger auditLogger = FlexLogger.getLogger("auditLogger");
122 //Persistence Unit for JPA
123 private static final String PERSISTENCE_UNIT = "XACML-PAP-REST";
124 private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
126 private static final String ENVIRONMENT_HEADER = "Environment";
127 private static final String ADD_GROUP_ERROR = "addGroupError";
128 private static final String PERSISTENCE_JDBC_PWD = "javax.persistence.jdbc.password";
130 private static final String REGEX = "[0-9a-zA-Z._ ]*";
133 * List of Admin Console URLs.
134 * Used to send notifications when configuration changes.
136 * The CopyOnWriteArrayList *should* protect from concurrency errors.
137 * This list is seldom changed but often read, so the costs of this approach make sense.
139 private static final CopyOnWriteArrayList<String> adminConsoleURLStringList = new CopyOnWriteArrayList<>();
141 private static String configHome;
142 private static String actionHome;
144 * This PAP instance's own URL.
145 * Need this when creating URLs to send to the PDPs so they can GET the Policy files from this process.
147 private static String papURL = null;
148 // The heartbeat thread.
149 private static Heartbeat heartbeat = null;
150 private static Thread heartbeatThread = null;
151 //The entity manager factory for JPA access
152 private static EntityManagerFactory emf;
153 private static PolicyDBDao policyDBDao;
155 * papEngine - This is our engine workhorse that manages the PDP Groups and Nodes.
157 private static PAPPolicyEngine papEngine = null;
159 * These are the parameters needed for DB access from the PAP
161 private static int papIntegrityAuditPeriodSeconds = -1;
162 private static String papDbDriver = null;
163 private static String papDbUrl = null;
164 private static String papDbUser = null;
165 private static String papDbPassword = null;
166 private static String papResourceName = null;
167 private static String[] papDependencyGroupsFlatArray = null;
168 private static String environment = null;
169 private static String pdpFile = null;
171 private transient IntegrityMonitor im;
172 private transient IntegrityAudit ia;
174 //MicroService Model Properties
175 private static String msOnapName;
176 private static String msPolicyName;
178 * This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when
179 * this servlet starts. Its configurable by the admin.
181 private static transient Thread initiateThread = null;
182 private transient ONAPLoggingContext baseLoggingContext = null;
185 * @see HttpServlet#HttpServlet()
187 public XACMLPapServlet() {
192 * @see Servlet#init(ServletConfig)
194 public void init(ServletConfig config) throws ServletException {
197 baseLoggingContext = new ONAPLoggingContext();
198 // fixed data that will be the same in all logging output goes here
200 String hostname = InetAddress.getLocalHost().getCanonicalHostName();
201 baseLoggingContext.setServer(hostname);
202 } catch (UnknownHostException e) {
203 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get hostname for logging", e);
206 XACMLRest.xacmlInit(config);
207 // Load the properties
208 XACMLRest.loadXacmlProperties(null, null);
210 * Retrieve the property values
212 setCommonProperties();
213 String papSiteName = XACMLProperties.getProperty(XACMLRestProperties.PAP_SITE_NAME);
214 if(papSiteName == null){
215 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papSiteName property entry");
216 throw new PAPException("papSiteName is null");
218 String papNodeType = XACMLProperties.getProperty(XACMLRestProperties.PAP_NODE_TYPE);
219 if(papNodeType == null){
220 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papNodeType property entry");
221 throw new PAPException("papNodeType is null");
223 //Integer will throw an exception of anything is missing or unrecognized
224 int papTransWait = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT));
225 int papTransTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT));
226 int papAuditTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_TIMEOUT));
227 //Boolean will default to false if anything is missing or unrecognized
228 boolean papAuditFlag = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG));
229 boolean papFileSystemAudit = Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_AUDIT_FLAG));
230 String papDependencyGroups = XACMLProperties.getProperty(XACMLRestProperties.PAP_DEPENDENCY_GROUPS);
231 if(papDependencyGroups == null){
232 throw new PAPException("papDependencyGroups is null");
234 setPAPDependencyGroups(papDependencyGroups);
235 //Integer will throw an exception of anything is missing or unrecognized
236 int fpMonitorInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FP_MONITOR_INTERVAL));
237 int failedCounterThreshold = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.FAILED_COUNTER_THRESHOLD));
238 int testTransInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.TEST_TRANS_INTERVAL));
239 int writeFpcInterval = Integer.parseInt(XACMLProperties.getProperty(IntegrityMonitorProperties.WRITE_FPC_INTERVAL));
240 LOGGER.debug("\n\n\n**************************************"
241 + "\n*************************************"
243 + "\n papDbDriver = " + papDbDriver
244 + "\n papDbUrl = " + papDbUrl
245 + "\n papDbUser = " + papDbUser
246 + "\n papTransWait = " + papTransWait
247 + "\n papTransTimeout = " + papTransTimeout
248 + "\n papAuditTimeout = " + papAuditTimeout
249 + "\n papAuditFlag = " + papAuditFlag
250 + "\n papFileSystemAudit = " + papFileSystemAudit
251 + "\n papResourceName = " + papResourceName
252 + "\n fpMonitorInterval = " + fpMonitorInterval
253 + "\n failedCounterThreshold = " + failedCounterThreshold
254 + "\n testTransInterval = " + testTransInterval
255 + "\n writeFpcInterval = " + writeFpcInterval
256 + "\n papSiteName = " + papSiteName
257 + "\n papNodeType = " + papNodeType
258 + "\n papDependencyGroupsList = " + papDependencyGroups
259 + "\n papIntegrityAuditPeriodSeconds = " + papIntegrityAuditPeriodSeconds
260 + "\n\n*************************************"
261 + "\n**************************************");
262 // Pull custom persistence settings
263 Properties properties;
265 properties = XACMLProperties.getProperties();
266 LOGGER.debug("\n\n\n**************************************"
267 + "\n**************************************"
269 + "properties = " + properties
270 + "\n\n**************************************");
271 } catch (IOException e) {
272 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " Error loading properties with: "
273 + "XACMLProperties.getProperties()");
274 throw new ServletException(e.getMessage(), e.getCause());
276 // Create an IntegrityMonitor
277 if(properties.getProperty(PERSISTENCE_JDBC_PWD) != null ){
278 properties.setProperty(PERSISTENCE_JDBC_PWD, CryptoUtils.decryptTxtNoExStr(properties.getProperty(PERSISTENCE_JDBC_PWD, "")));
280 im = IntegrityMonitor.getInstance(papResourceName,properties);
281 // Create an IntegrityAudit
282 ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
283 ia.startAuditThread();
284 // Create the entity manager factory
286 // we are about to call the PDPs and give them their configuration.
287 // To do that we need to have the URL of this PAP so we can construct the Policy file URLs
288 setPAPURL(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL));
289 //Create the policyDBDao
291 // Load our PAP engine, first create a factory
292 ONAPPapEngineFactory factory = ONAPPapEngineFactory.newInstance(XACMLProperties.getProperty(XACMLProperties.PROP_PAP_PAPENGINEFACTORY));
293 // The factory knows how to go about creating a PAP Engine
294 setPAPEngine((PAPPolicyEngine) factory.newEngine());
295 PolicyDBDaoTransaction addNewGroup = null;
296 if (((org.onap.policy.xacml.std.pap.StdEngine) papEngine).wasDefaultGroupJustAdded) {
298 addNewGroup = policyDBDao.getNewTransaction();
299 OnapPDPGroup group = papEngine.getDefaultGroup();
300 addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(),
301 "automaticallyAdded");
302 addNewGroup.commitTransaction();
303 addNewGroup = policyDBDao.getNewTransaction();
304 addNewGroup.changeDefaultGroup(group, "automaticallyAdded");
305 addNewGroup.commitTransaction();
306 } catch (Exception e) {
307 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet",
308 " Error creating new default group in the database");
309 if (addNewGroup != null) {
310 addNewGroup.rollbackTransaction();
314 policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine);
315 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){
317 * Auditing the local File System groups to be in sync with the Database
320 //get an AuditTransaction to lock out all other transactions
321 PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction();
323 LOGGER.info("PapServlet: calling auditLocalFileSystem for PDP group audit");
324 LOGGER.info("PapServlet: old group is " + papEngine.getDefaultGroup().toString());
325 //get the current filesystem group and update from the database if needed
326 StdPDPGroup group = (StdPDPGroup) papEngine.getDefaultGroup();
327 StdPDPGroup updatedGroup = policyDBDao.auditLocalFileSystem(group);
328 if(updatedGroup!=null) {
329 papEngine.updateGroup(updatedGroup);
331 LOGGER.info("PapServlet: updated group is " + papEngine.getDefaultGroup().toString());
333 //release the transaction lock
337 // Sanity check for URL.
338 if (XACMLPapServlet.papURL == null) {
339 throw new PAPException("The property " + XACMLRestProperties.PROP_PAP_URL + " is not valid: " + XACMLPapServlet.papURL);
341 // Configurable - have the PAP servlet initiate sending the latest PDP policy/pip configuration
342 // to all its known PDP nodes.
343 if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_INITIATE_PDP_CONFIG))) {
344 startInitiateThreadService(new Thread(this));
346 // After startup, the PAP does Heartbeat's to each of the PDPs periodically
347 startHeartBeatService(new Heartbeat((PAPPolicyEngine) XACMLPapServlet.papEngine));
349 } catch (FactoryException | PAPException e) {
350 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine");
351 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; error: "+e);
352 } catch (Exception e) {
353 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to create engine - unexpected error");
354 throw new ServletException (XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP not initialized; unexpected error: "+e);
358 private static void startInitiateThreadService(Thread thread) {
359 initiateThread = thread;
360 initiateThread.start();
363 private static void mapperWriteValue(ObjectMapper mapper, HttpServletResponse response, Object value) {
365 mapper.writeValue(response.getOutputStream(), value);
366 } catch (Exception e) {
371 private static void startHeartBeatService(Heartbeat heartbeat) {
372 XACMLPapServlet.heartbeat = heartbeat;
373 XACMLPapServlet.heartbeatThread = new Thread(XACMLPapServlet.heartbeat);
374 XACMLPapServlet.heartbeatThread.start();
377 private static void setPolicyDBDao() throws ServletException {
379 policyDBDao = PolicyDBDao.getPolicyDBDaoInstance(getEmf());
380 } catch (Exception e) {
381 throw new ServletException("Unable to Create Policy DBDao Instance",e);
385 private static void setEMF(Properties properties) throws ServletException {
386 emf = Persistence.createEntityManagerFactory(PERSISTENCE_UNIT, properties);
388 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Error creating entity manager factory with persistence unit: "
390 throw new ServletException("Unable to create Entity Manager Factory");
394 private static void setPAPURL(String papURL) {
395 XACMLPapServlet.papURL = papURL;
398 private static void setPAPEngine(PAPPolicyEngine newEngine) {
399 XACMLPapServlet.papEngine = newEngine;
402 private static void setPAPDependencyGroups(String papDependencyGroups) throws PAPException {
404 //Now we have flattened the array into a simple comma-separated list
405 papDependencyGroupsFlatArray = papDependencyGroups.split("[;,]");
406 //clean up the entries
407 for (int i = 0 ; i < papDependencyGroupsFlatArray.length ; i ++){
408 papDependencyGroupsFlatArray[i] = papDependencyGroupsFlatArray[i].trim();
411 if(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS) != null){
412 papIntegrityAuditPeriodSeconds = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PAP_INTEGRITY_AUDIT_PERIOD_SECONDS).trim());
415 String msg = "integrity_audit_period_seconds ";
416 LOGGER.error("\n\nERROR: " + msg + "Bad property entry: " + e.getMessage() + "\n");
417 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: " + msg +"Bad property entry");
421 PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " ERROR: Bad property entry");
422 throw new PAPException(e);
426 private static void setCommonProperties() throws PAPException {
429 papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER);
430 if(papDbDriver == null){
431 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbDriver property entry");
432 throw new PAPException("papDbDriver is null");
434 setPapDbDriver(papDbDriver);
435 papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL);
436 if(papDbUrl == null){
437 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUrl property entry");
438 throw new PAPException("papDbUrl is null");
440 setPapDbUrl(papDbUrl);
441 papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER);
442 if(papDbUser == null){
443 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbUser property entry");
444 throw new PAPException("papDbUser is null");
446 setPapDbUser(papDbUser);
447 papDbPassword = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD, ""));
448 if(papDbPassword == null){
449 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
450 throw new PAPException("papDbPassword is null");
452 setPapDbPassword(papDbPassword);
453 papResourceName = XACMLProperties.getProperty(XACMLRestProperties.PAP_RESOURCE_NAME);
454 if(papResourceName == null){
455 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papResourceName property entry");
456 throw new PAPException("papResourceName is null");
458 environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
459 //Micro Service Properties
460 msOnapName=XACMLProperties.getProperty("xacml.policy.msOnapName");
461 setMsOnapName(msOnapName);
462 msPolicyName=XACMLProperties.getProperty("xacml.policy.msPolicyName");
463 setMsPolicyName(msPolicyName);
464 // PDPId File location
465 XACMLPapServlet.pdpFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_IDFILE);
466 if (XACMLPapServlet.pdpFile == null) {
467 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " The PDP Id Authentication File Property is not valid: "
468 + XACMLRestProperties.PROP_PDP_IDFILE);
469 throw new PAPException("The PDP Id Authentication File Property :"+ XACMLRestProperties.PROP_PDP_IDFILE+ " is not Valid. ");
474 * Thread used only during PAP startup to initiate change messages to all known PDPs.
475 * This must be on a separate thread so that any GET requests from the PDPs during this update can be serviced.
479 // send the current configuration to all the PDPs that we know about
484 * @see Servlet#destroy()
486 * Depending on how this servlet is run, we may or may not care about cleaning up the resources.
487 * For now we assume that we do care.
490 public void destroy() {
491 // Make sure our threads are destroyed
492 if (XACMLPapServlet.heartbeatThread != null) {
493 // stop the heartbeat
495 if (XACMLPapServlet.heartbeat != null) {
496 XACMLPapServlet.heartbeat.terminate();
498 XACMLPapServlet.heartbeatThread.interrupt();
499 XACMLPapServlet.heartbeatThread.join();
500 } catch (InterruptedException e) {
501 XACMLPapServlet.heartbeatThread.interrupt();
502 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping heartbeat");
505 if (initiateThread != null) {
507 initiateThread.interrupt();
508 initiateThread.join();
509 } catch (InterruptedException e) {
510 initiateThread.interrupt();
511 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Error stopping thread");
518 * - PDP nodes to register themselves with the PAP, and
519 * - Admin Console to make changes in the PDP Groups.
521 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
523 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
524 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
525 loggingContext.transactionStarted();
526 loggingContext.setServiceName("PAP.post");
527 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
528 UUID requestID = UUID.randomUUID();
529 loggingContext.setRequestID(requestID.toString());
530 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPost) so we generated one");
532 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)");
534 PolicyDBDaoTransaction pdpTransaction = null;
535 loggingContext.metricStarted();
537 im.startTransaction();
538 loggingContext.metricEnded();
539 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
540 } catch (AdministrativeStateException ae){
541 String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
542 + " state of " + im.getStateManager().getAdminState()
543 + "\n Exception Message: " + PolicyUtils.CATCH_EXCEPTION;
544 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae);
545 loggingContext.metricEnded();
546 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
547 loggingContext.transactionEnded();
548 PolicyLogger.audit("Transaction Failed - See Error.log");
549 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
551 }catch (StandbyStatusException se) {
552 String message = "POST interface called for PAP " + papResourceName + " but it has a Standby Status"
553 + " of " + im.getStateManager().getStandbyStatus()
554 + "\n Exception Message: " + se.getMessage();
555 LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, se);
556 loggingContext.metricEnded();
557 PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
558 loggingContext.transactionEnded();
559 PolicyLogger.audit("Transaction Failed - See Error.log");
560 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
564 loggingContext.metricStarted();
565 XACMLRest.dumpRequest(request);
566 loggingContext.metricEnded();
567 PolicyLogger.metrics("XACMLPapServlet doPost dumpRequest");
568 // since getParameter reads the content string, explicitly get the content before doing that.
569 // Simply getting the inputStream seems to protect it against being consumed by getParameter.
570 request.getInputStream();
571 String groupId = request.getParameter("groupId");
572 String apiflag = request.getParameter("apiflag");
573 if(groupId != null) {
574 // Is this from the Admin Console or API?
575 if(apiflag!=null && apiflag.equalsIgnoreCase("api")) {
576 // this is from the API so we need to check the client credentials before processing the request
577 if(!authorizeRequest(request)){
578 String message = "PEP not Authorized for making this Request!!";
579 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
580 loggingContext.transactionEnded();
581 PolicyLogger.audit("Transaction Failed - See Error.log");
582 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
587 loggingContext.metricStarted();
588 doACPost(request, response, groupId, loggingContext);
589 loggingContext.metricEnded();
590 PolicyLogger.metrics("XACMLPapServlet doPost doACPost");
591 loggingContext.transactionEnded();
592 PolicyLogger.audit("Transaction Ended Successfully");
596 // Request is from a PDP asking for its config.
597 loggingContext.setServiceName("PDP:PAP.register");
599 String id = this.getPDPID(request);
600 String jmxport = this.getPDPJMX(request);
601 LOGGER.info("Request(doPost) from PDP coming up: " + id);
602 // Get the PDP Object
603 OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
606 LOGGER.info("Unknown PDP: " + id);
608 if(CheckPDP.validateID(id)){
609 pdpTransaction = policyDBDao.getNewTransaction();
611 pdpTransaction.addPdpToGroup(id, XACMLPapServlet.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister");
612 XACMLPapServlet.papEngine.newPDP(id, XACMLPapServlet.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport));
613 } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException | PolicyDBException e) {
614 pdpTransaction.rollbackTransaction();
615 String message = "Failed to create new PDP for id: " + id;
616 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message);
617 loggingContext.transactionEnded();
618 PolicyLogger.audit("Transaction Failed - See Error.log");
619 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
623 // get the PDP we just created
625 pdp = XACMLPapServlet.papEngine.getPDP(id);
626 }catch(PAPException e){
630 if(pdpTransaction != null){
631 pdpTransaction.rollbackTransaction();
633 String message = "Failed to create new PDP for id: " + id;
634 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
635 loggingContext.transactionEnded();
636 PolicyLogger.audit("Transaction Failed - See Error.log");
637 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
642 String message = "PDP is Unauthorized to Connect to PAP: "+ id;
643 loggingContext.transactionEnded();
644 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
645 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration.");
646 PolicyLogger.audit("Transaction Failed - See Error.log");
651 loggingContext.metricStarted();
652 pdpTransaction.commitTransaction();
653 loggingContext.metricEnded();
654 PolicyLogger.metrics("XACMLPapServlet doPost commitTransaction");
655 } catch(Exception e){
656 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database");
659 if (jmxport != null && jmxport != ""){
661 ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport));
662 }catch(NumberFormatException e){
666 // Get the PDP's Group
667 OnapPDPGroup group =null;
669 group= XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
670 }catch(PAPException e){
674 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " PDP not associated with any group, even the default");
675 loggingContext.transactionEnded();
676 PolicyLogger.audit("Transaction Failed - See Error.log");
677 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not associated with any group, even the default");
681 // Determine what group the PDP node is in and get
682 // its policy/pip properties.
683 Properties policies = group.getPolicyProperties();
684 Properties pipconfig = group.getPipConfigProperties();
685 // Get the current policy/pip configuration that the PDP has
686 Properties pdpProperties = new Properties();
688 pdpProperties.load(request.getInputStream());
689 }catch(IOException e){
692 LOGGER.info("PDP Current Properties: " + pdpProperties.toString());
693 LOGGER.info("Policies: " + (policies != null ? policies.toString() : "null"));
694 LOGGER.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null"));
695 // Validate the node's properties
696 boolean isCurrent = this.isPDPCurrent(policies, pipconfig, pdpProperties);
697 // Send back current configuration
698 if (isCurrent == false) {
699 // Tell the PDP we are sending back the current policies/pip config
700 LOGGER.info("PDP configuration NOT current.");
701 if (policies != null) {
702 // Put URL's into the properties in case the PDP needs to
704 this.populatePolicyURL(request.getRequestURL(), policies);
705 // Copy the properties to the output stream
707 policies.store(response.getOutputStream(), "");
708 }catch(IOException e){
712 if (pipconfig != null) {
713 // Copy the properties to the output stream
715 pipconfig.store(response.getOutputStream(), "");
716 }catch(IOException e){
720 // We are good - and we are sending them information
721 response.setStatus(HttpServletResponse.SC_OK);
723 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
724 }catch(PAPException e){
728 // Tell them they are good
729 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
731 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
732 }catch(PAPException e){
736 // tell the AC that something changed
737 loggingContext.metricStarted();
739 loggingContext.metricEnded();
740 PolicyLogger.metrics("XACMLPapServlet doPost notifyAC");
741 loggingContext.transactionEnded();
742 auditLogger.info("Success");
743 PolicyLogger.audit("Transaction Ended Successfully");
744 } catch (PAPException | IOException | NumberFormatException e) {
745 if(pdpTransaction != null){
746 pdpTransaction.rollbackTransaction();
748 LOGGER.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e);
749 loggingContext.transactionEnded();
750 PolicyLogger.audit("Transaction Failed - See Error.log");
751 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
755 //Catch anything that fell through
756 loggingContext.transactionEnded();
757 PolicyLogger.audit("Transaction Ended");
761 private void setResponseError(HttpServletResponse response,int responseCode, String message) {
763 if(message != null && !message.isEmpty()){
764 response.sendError(responseCode, message);
766 } catch (IOException e) {
767 LOGGER.error("Error setting Error response Header ", e);
773 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
775 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
776 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
777 loggingContext.transactionStarted();
778 loggingContext.setServiceName("PAP.get");
779 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
780 UUID requestID = UUID.randomUUID();
781 loggingContext.setRequestID(requestID.toString());
782 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doGet) so we generated one");
784 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)");
787 loggingContext.metricStarted();
788 XACMLRest.dumpRequest(request);
789 loggingContext.metricEnded();
790 PolicyLogger.metrics("XACMLPapServlet doGet dumpRequest");
791 String pathInfo = request.getRequestURI();
792 LOGGER.info("path info: " + pathInfo);
793 if (pathInfo != null){
794 //DO NOT do a im.startTransaction for the test request
795 if (pathInfo.equals("/pap/test")) {
797 testService(loggingContext, response);
798 } catch (IOException e) {
804 //This im.startTransaction() covers all other Get transactions
806 loggingContext.metricStarted();
807 im.startTransaction();
808 loggingContext.metricEnded();
809 PolicyLogger.metrics("XACMLPapServlet doGet im startTransaction");
810 } catch (AdministrativeStateException ae){
811 String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative"
812 + " state of " + im.getStateManager().getAdminState()
813 + "\n Exception Message: " + ae.getMessage();
814 LOGGER.info(message, ae);
815 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
816 loggingContext.transactionEnded();
817 PolicyLogger.audit("Transaction Failed - See Error.log");
818 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
820 }catch (StandbyStatusException se) {
821 String message = "GET interface called for PAP " + papResourceName + " but it has a Standby Status"
822 + " of " + im.getStateManager().getStandbyStatus()
823 + "\n Exception Message: " + se.getMessage();
824 LOGGER.info(message, se);
825 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
826 loggingContext.transactionEnded();
827 PolicyLogger.audit("Transaction Failed - See Error.log");
828 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
831 // Request from the API to get the gitPath
832 String apiflag = request.getParameter("apiflag");
834 if(authorizeRequest(request)){
835 APIRequestHandler apiRequestHandler = new APIRequestHandler();
837 loggingContext.metricStarted();
838 apiRequestHandler.doGet(request,response, apiflag);
839 loggingContext.metricEnded();
840 PolicyLogger.metrics("XACMLPapServlet doGet apiRequestHandler doGet");
841 }catch(IOException e){
844 loggingContext.transactionEnded();
845 PolicyLogger.audit("Transaction Ended Successfully");
849 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
850 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
851 loggingContext.transactionEnded();
852 PolicyLogger.audit("Transaction Failed - See Error.log");
853 setResponseError(response, HttpServletResponse.SC_FORBIDDEN, message);
858 // Is this from the Admin Console?
859 String groupId = request.getParameter("groupId");
860 if (groupId != null) {
861 // this is from the Admin Console, so handle separately
863 loggingContext.metricStarted();
864 doACGet(request, response, groupId, loggingContext);
865 loggingContext.metricEnded();
866 PolicyLogger.metrics("XACMLPapServlet doGet doACGet");
867 } catch(IOException e){
870 loggingContext.transactionEnded();
871 PolicyLogger.audit("Transaction Ended Successfully");
876 String id = this.getPDPID(request);
877 LOGGER.info("doGet from: " + id);
878 // Get the PDP Object
881 pdp = XACMLPapServlet.papEngine.getPDP(id);
882 }catch(PAPException e){
887 // Check if request came from localhost
888 if (request.getRemoteHost().equals("localhost") ||
889 request.getRemoteHost().equals(request.getLocalAddr())) {
890 // Return status information - basically all the groups
891 loggingContext.setServiceName("PAP.getGroups");
892 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
893 // convert response object to JSON and include in the response
894 mapperWriteValue(new ObjectMapper(), response, groups);
895 response.setHeader("content-type", "application/json");
896 response.setStatus(HttpServletResponse.SC_OK);
897 loggingContext.transactionEnded();
898 PolicyLogger.audit("Transaction Ended Successfully");
902 String message = "Unknown PDP: " + id + " from " + request.getRemoteHost() + " us: " + request.getLocalAddr();
903 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
904 loggingContext.transactionEnded();
905 PolicyLogger.audit("Transaction Failed - See Error.log");
906 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
910 loggingContext.setServiceName("PAP.getPolicy");
911 // Get the PDP's Group
912 OnapPDPGroup group = null;
914 group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
915 } catch (PAPException e) {
919 String message = "No group associated with pdp " + pdp.getId();
920 LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message);
921 loggingContext.transactionEnded();
922 PolicyLogger.audit("Transaction Failed - See Error.log");
923 setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
927 // Which policy do they want?
928 String policyId = request.getParameter("id");
929 if (policyId == null) {
930 String message = "Did not specify an id for the policy";
931 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
932 loggingContext.transactionEnded();
933 PolicyLogger.audit("Transaction Failed - See Error.log");
934 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
938 PDPPolicy policy = group.getPolicy(policyId);
939 if (policy == null) {
940 String message = "Unknown policy: " + policyId;
941 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
942 loggingContext.transactionEnded();
943 PolicyLogger.audit("Transaction Failed - See Error.log");
944 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
949 LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n "
950 + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString());
951 } catch (PAPException| IOException e){
954 try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) {
955 // Send the policy back
956 IOUtils.copy(is, os);
957 response.setStatus(HttpServletResponse.SC_OK);
958 loggingContext.transactionEnded();
959 auditLogger.info("Success");
960 PolicyLogger.audit("Transaction Ended Successfully");
961 } catch (IOException e) {
962 String message = "Failed to open policy id " + policyId;
964 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
965 loggingContext.transactionEnded();
966 PolicyLogger.audit("Transaction Failed - See Error.log");
967 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
969 } catch (PAPException e) {
971 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception");
972 loggingContext.transactionEnded();
973 PolicyLogger.audit("Transaction Failed - See Error.log");
974 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
978 loggingContext.transactionEnded();
979 PolicyLogger.audit("Transaction Ended");
984 * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
986 protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
987 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
988 loggingContext.transactionStarted();
989 loggingContext.setServiceName("PAP.put");
990 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
991 UUID requestID = UUID.randomUUID();
992 loggingContext.setRequestID(requestID.toString());
993 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doPut) so we generated one");
995 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)");
998 loggingContext.metricStarted();
999 im.startTransaction();
1000 loggingContext.metricEnded();
1001 PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction");
1002 } catch (AdministrativeStateException | StandbyStatusException e) {
1003 String message = "PUT interface called for PAP " + papResourceName;
1004 if (e instanceof AdministrativeStateException) {
1005 message += " but it has an Administrative state of "
1006 + im.getStateManager().getAdminState();
1007 } else if (e instanceof StandbyStatusException) {
1008 message += " but it has a Standby Status of "
1009 + im.getStateManager().getStandbyStatus();
1012 message += "\n Exception Message: " + e.getMessage();
1014 LOGGER.info(message, e);
1015 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1016 loggingContext.transactionEnded();
1017 PolicyLogger.audit("Transaction Failed - See Error.log");
1018 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1022 loggingContext.metricStarted();
1023 XACMLRest.dumpRequest(request);
1024 loggingContext.metricEnded();
1025 PolicyLogger.metrics("XACMLPapServlet doPut dumpRequest");
1026 //need to check if request is from the API or Admin console
1027 String apiflag = request.getParameter("apiflag");
1028 //This would occur if a PolicyDBDao notification was received
1029 String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
1030 if(policyDBDaoRequestUrl != null){
1031 LOGGER.info("XACMLPapServlet: PolicyDBDao Notification received." );
1032 String policyDBDaoRequestEntityId = request.getParameter("entityid");
1033 String policyDBDaoRequestEntityType = request.getParameter("entitytype");
1034 String policyDBDaoRequestExtraData = request.getParameter("extradata");
1035 if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){
1036 setResponseError(response,400, "entityid or entitytype not supplied");
1037 loggingContext.transactionEnded();
1038 PolicyLogger.audit("Transaction Ended Successfully");
1039 im.endTransaction();
1042 loggingContext.metricStarted();
1043 LOGGER.info("XACMLPapServlet: Calling PolicyDBDao to handlIncomingHttpNotification");
1044 policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
1045 loggingContext.metricEnded();
1046 PolicyLogger.metrics("XACMLPapServlet doPut handle incoming http notification");
1047 response.setStatus(200);
1048 loggingContext.transactionEnded();
1049 PolicyLogger.audit("Transaction Ended Successfully");
1050 im.endTransaction();
1054 * Request for ImportService
1056 String importService = request.getParameter("importService");
1057 if (importService != null) {
1058 if(authorizeRequest(request)){
1059 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1061 loggingContext.metricStarted();
1062 apiRequestHandler.doPut(request, response, importService);
1063 loggingContext.metricEnded();
1064 PolicyLogger.metrics("XACMLPapServlet doPut apiRequestHandler doPut");
1065 }catch(IOException e){
1068 im.endTransaction();
1071 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1072 LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
1073 loggingContext.transactionEnded();
1074 PolicyLogger.audit("Transaction Failed - See Error.log");
1075 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1079 //This would occur if we received a notification of a policy rename from AC
1080 String oldPolicyName = request.getParameter("oldPolicyName");
1081 String newPolicyName = request.getParameter("newPolicyName");
1082 if(oldPolicyName != null && newPolicyName != null){
1083 if(LOGGER.isDebugEnabled()){
1084 LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding"
1085 + "\npolicyToCreateUpdate = " + " ");
1089 oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8");
1090 newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8");
1091 if(LOGGER.isDebugEnabled()){
1092 LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding"
1093 + "\npolicyToCreateUpdate = " + " ");
1095 } catch(UnsupportedEncodingException e){
1096 PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
1097 + "\npolicyToCreateUpdate = " + " ");
1098 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToCreateUpdate encoding not supported"
1099 + "\nfailure with the following exception: " + e);
1100 loggingContext.transactionEnded();
1101 PolicyLogger.audit("Transaction Failed - See error.log");
1102 im.endTransaction();
1105 //send it to PolicyDBDao
1106 PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction();
1108 renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
1109 }catch(Exception e){
1110 renameTransaction.rollbackTransaction();
1111 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
1112 + "\nfailure with the following exception: " + e);
1113 loggingContext.transactionEnded();
1114 PolicyLogger.audit("Transaction Failed - See error.log");
1115 im.endTransaction();
1118 loggingContext.metricStarted();
1119 renameTransaction.commitTransaction();
1120 loggingContext.metricEnded();
1121 PolicyLogger.metrics("XACMLPapServlet goPut commitTransaction");
1122 response.setStatus(HttpServletResponse.SC_OK);
1123 loggingContext.transactionEnded();
1124 PolicyLogger.audit("Transaction Ended Successfully");
1125 im.endTransaction();
1129 // See if this is Admin Console registering itself with us
1131 String acURLString = request.getParameter("adminConsoleURL");
1132 if (acURLString != null) {
1133 loggingContext.setServiceName("AC:PAP.register");
1134 // remember this Admin Console for future updates
1135 if ( ! adminConsoleURLStringList.contains(acURLString)) {
1136 adminConsoleURLStringList.add(acURLString);
1138 if (LOGGER.isDebugEnabled()) {
1139 LOGGER.debug("Admin Console registering with URL: " + acURLString);
1141 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1142 loggingContext.transactionEnded();
1143 auditLogger.info("Success");
1144 PolicyLogger.audit("Transaction Ended Successfully");
1145 im.endTransaction();
1149 * This is to update the PDP Group with the policy/policies being pushed
1150 * Part of a 2 step process to push policies to the PDP that can now be done
1151 * From both the Admin Console and the PolicyEngine API
1153 String groupId = request.getParameter("groupId");
1154 if (groupId != null) {
1156 if(!authorizeRequest(request)){
1157 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1158 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1159 loggingContext.transactionEnded();
1160 PolicyLogger.audit("Transaction Failed - See Error.log");
1161 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1164 if(apiflag.equalsIgnoreCase("addPolicyToGroup")){
1166 updateGroupsFromAPI(request, response, groupId, loggingContext);
1167 }catch(IOException e){
1170 loggingContext.transactionEnded();
1171 PolicyLogger.audit("Transaction Ended Successfully");
1172 im.endTransaction();
1176 // this is from the Admin Console, so handle separately
1178 loggingContext.metricEnded();
1179 doACPut(request, response, groupId, loggingContext);
1180 loggingContext.metricEnded();
1181 PolicyLogger.metrics("XACMLPapServlet goPut doACPut");
1182 } catch (IOException e) {
1185 loggingContext.transactionEnded();
1186 PolicyLogger.audit("Transaction Ended Successfully");
1187 im.endTransaction();
1191 // Request is for policy validation and creation
1193 if (apiflag != null && apiflag.equalsIgnoreCase("admin")){
1194 // this request is from the Admin Console
1195 SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance();
1197 loggingContext.metricStarted();
1198 savePolicyHandler.doPolicyAPIPut(request, response);
1199 loggingContext.metricEnded();
1200 PolicyLogger.metrics("XACMLPapServlet goPut savePolicyHandler");
1201 } catch (IOException e) {
1204 loggingContext.transactionEnded();
1205 PolicyLogger.audit("Transaction Ended Successfully");
1206 im.endTransaction();
1208 } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) {
1209 // this request is from the Policy Creation API
1210 if(authorizeRequest(request)){
1211 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1213 loggingContext.metricStarted();
1214 apiRequestHandler.doPut(request, response, request.getHeader("ClientScope"));
1215 loggingContext.metricEnded();
1216 PolicyLogger.metrics("XACMLPapServlet goPut apiRequestHandler doPut");
1217 } catch (IOException e) {
1220 loggingContext.transactionEnded();
1221 PolicyLogger.audit("Transaction Ended Successfully");
1222 im.endTransaction();
1225 String message = "PEP not Authorized for making this Request!!";
1226 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1227 loggingContext.transactionEnded();
1228 PolicyLogger.audit("Transaction Failed - See Error.log");
1229 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1230 im.endTransaction();
1234 // We do not expect anything from anywhere else.
1235 // This method is here in case we ever need to support other operations.
1236 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag");
1237 loggingContext.transactionEnded();
1238 PolicyLogger.audit("Transaction Failed - See Error.log");
1239 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
1240 loggingContext.transactionEnded();
1241 PolicyLogger.audit("Transaction Failed - See error.log");
1242 im.endTransaction();
1246 * @see HttpServlet#doDelete(HttpServletRequest request, HttpServletResponse response)
1248 protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
1249 ONAPLoggingContext loggingContext = ONAPLoggingUtils.getLoggingContextForRequest(request, baseLoggingContext);
1250 loggingContext.transactionStarted();
1251 loggingContext.setServiceName("PAP.delete");
1252 if ((loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")){
1253 UUID requestID = UUID.randomUUID();
1254 loggingContext.setRequestID(requestID.toString());
1255 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (doDelete) so we generated one");
1257 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)");
1260 loggingContext.metricStarted();
1261 im.startTransaction();
1262 loggingContext.metricEnded();
1263 PolicyLogger.metrics("XACMLPapServlet doDelete im startTransaction");
1264 } catch (AdministrativeStateException ae){
1265 String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative"
1266 + " state of " + im.getStateManager().getAdminState()
1267 + "\n Exception Message: " + ae.getMessage();
1268 LOGGER.info(message, ae);
1269 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1270 loggingContext.transactionEnded();
1271 PolicyLogger.audit("Transaction Failed - See Error.log");
1272 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1274 }catch (StandbyStatusException se) {
1275 String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
1276 + " of " + im.getStateManager().getStandbyStatus()
1277 + "\n Exception Message: " + se.getMessage();
1278 LOGGER.info(message, se);
1279 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
1280 loggingContext.transactionEnded();
1281 PolicyLogger.audit("Transaction Failed - See Error.log");
1282 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1285 loggingContext.metricStarted();
1286 XACMLRest.dumpRequest(request);
1287 loggingContext.metricEnded();
1288 PolicyLogger.metrics("XACMLPapServlet doDelete dumpRequest");
1289 String groupId = request.getParameter("groupId");
1290 String apiflag = request.getParameter("apiflag");
1291 if (groupId != null) {
1292 // Is this from the Admin Console or API?
1294 if(!authorizeRequest(request)){
1295 String message = "PEP not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
1296 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
1297 loggingContext.transactionEnded();
1298 PolicyLogger.audit("Transaction Failed - See Error.log");
1299 setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
1302 APIRequestHandler apiRequestHandler = new APIRequestHandler();
1304 loggingContext.metricStarted();
1305 apiRequestHandler.doDelete(request, response, loggingContext, apiflag);
1306 loggingContext.metricEnded();
1307 PolicyLogger.metrics("XACMLPapServlet doDelete apiRequestHandler doDelete");
1308 } catch (Exception e) {
1309 LOGGER.error("Exception Occured"+e);
1311 if(apiRequestHandler.getNewGroup()!=null){
1312 groupChanged(apiRequestHandler.getNewGroup(), loggingContext);
1316 // this is from the Admin Console, so handle separately
1318 loggingContext.metricStarted();
1319 doACDelete(request, response, groupId, loggingContext);
1320 loggingContext.metricEnded();
1321 PolicyLogger.metrics("XACMLPapServlet doDelete doACDelete");
1322 } catch (IOException e) {
1325 loggingContext.transactionEnded();
1326 PolicyLogger.audit("Transaction Ended Successfully");
1327 im.endTransaction();
1330 //Catch anything that fell through
1331 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId");
1332 loggingContext.transactionEnded();
1333 PolicyLogger.audit("Transaction Failed - See Error.log");
1334 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
1335 im.endTransaction();
1338 private boolean isPDPCurrent(Properties policies, Properties pipconfig, Properties pdpProperties) {
1339 String localRootPolicies = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1340 String localReferencedPolicies = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1341 if (localRootPolicies == null || localReferencedPolicies == null) {
1342 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing property on PAP server: RootPolicies="+localRootPolicies+" ReferencedPolicies="+localReferencedPolicies);
1345 // Compare the policies and pipconfig properties to the pdpProperties
1347 // the policy properties includes only xacml.rootPolicies and
1348 // xacml.referencedPolicies without any .url entries
1349 Properties pdpPolicies = XACMLProperties.getPolicyProperties(pdpProperties, false);
1350 Properties pdpPipConfig = XACMLProperties.getPipProperties(pdpProperties);
1351 if (localRootPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_ROOTPOLICIES)) &&
1352 localReferencedPolicies.equals(pdpPolicies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)) &&
1353 pdpPipConfig.equals(pipconfig)) {
1354 // The PDP is current
1357 } catch (Exception e) {
1358 // we get here if the PDP did not include either xacml.rootPolicies or xacml.pip.engines,
1359 // or if there are policies that do not have a corresponding ".url" property.
1360 // Either of these cases means that the PDP is not up-to-date, so just drop-through to return false.
1361 PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPapServlet", " PDP Error");
1366 private void populatePolicyURL(StringBuffer urlPath, Properties policies) {
1367 String lists[] = new String[2];
1368 lists[0] = policies.getProperty(XACMLProperties.PROP_ROOTPOLICIES);
1369 lists[1] = policies.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES);
1370 for (String list : lists) {
1371 if (list != null && list.isEmpty() == false) {
1372 for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(list)) {
1373 String url = urlPath + "?id=" + id;
1374 LOGGER.info("Policy URL for " + id + ": " + url);
1375 policies.setProperty(id + ".url", url);
1381 protected String getPDPID(HttpServletRequest request) {
1382 String pdpURL = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_ID);
1383 if (pdpURL == null || pdpURL.isEmpty()) {
1384 // Should send back its port for identification
1385 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header");
1391 protected String getPDPJMX(HttpServletRequest request) {
1392 String pdpJMMX = request.getHeader(XACMLRestProperties.PROP_PDP_HTTP_HEADER_JMX_PORT);
1393 if (pdpJMMX == null || pdpJMMX.isEmpty()) {
1394 // Should send back its port for identification
1395 LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP did not send custom header for JMX Port so the value of 0 is assigned");
1402 * Requests from the PolicyEngine API to update the PDP Group with pushed policy
1407 * @param loggingContext
1408 * @throws ServletException
1409 * @throws IOException
1411 public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1412 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1413 PolicyLogger.audit("PolicyDBDaoTransaction started for updateGroupsFromAPI");
1415 // for PUT operations the group may or may not need to exist before the operation can be done
1416 StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId);
1418 // get the request input stream content into a String
1420 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1421 scanner.useDelimiter("\\A");
1422 json = scanner.hasNext() ? scanner.next() : "";
1425 PolicyLogger.info("pushPolicy request from API: " + json);
1427 // convert Object sent as JSON into local object
1428 StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class);
1430 //Get the current policies from the Group and Add the new one
1431 Set<PDPPolicy> currentPoliciesInGroup = new HashSet<>();
1432 currentPoliciesInGroup = group.getPolicies();
1433 //If the selected policy is in the group we must remove the old version of it
1434 LOGGER.info("Removing old version of the policy");
1435 for(PDPPolicy existingPolicy : currentPoliciesInGroup) {
1436 if (existingPolicy.getName().equals(policy.getName()) && !existingPolicy.getId().equals(policy.getId())){
1437 group.removePolicy(existingPolicy);
1438 LOGGER.info("Removing policy: " + existingPolicy);
1443 // Assume that this is an update of an existing PDP Group
1444 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1446 acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut");
1447 } catch(Exception e){
1448 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: "
1449 +"group="+group.getId());
1450 throw new PAPException(e.getMessage());
1453 LOGGER.info("Calling updatGroup() with new group");
1454 papEngine.updateGroup(group);
1455 String policyId = "empty";
1456 if(policy !=null && policy.getId() != null){
1457 policyId = policy.getId();
1459 if(!policyId.matches(REGEX) ){
1460 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1461 response.addHeader("error",ADD_GROUP_ERROR);
1462 response.addHeader("message", "Policy Id is not valid");
1465 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1466 response.addHeader("operation", "push");
1467 response.addHeader("policyId", policyId);
1468 response.addHeader("groupId", groupId);
1470 LOGGER.info("Group '" + group.getId() + "' updated");
1472 loggingContext.metricStarted();
1473 acPutTransaction.commitTransaction();
1474 loggingContext.metricEnded();
1475 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction");
1476 loggingContext.metricStarted();
1478 loggingContext.metricEnded();
1479 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC");
1481 // Group changed, which might include changing the policies
1482 groupChanged(group, loggingContext);
1483 loggingContext.transactionEnded();
1484 LOGGER.info("Success");
1486 if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1487 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1488 if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
1489 LOGGER.debug("Precheck Successful.");
1493 PolicyLogger.audit("Transaction Ended Successfully");
1495 } catch (PAPException e) {
1496 acPutTransaction.rollbackTransaction();
1497 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1498 loggingContext.transactionEnded();
1499 PolicyLogger.audit("Transaction Failed - See Error.log");
1500 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
1501 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1502 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1503 response.addHeader("error",ADD_GROUP_ERROR);
1504 response.addHeader("message", message);
1510 * Requests from the Admin Console for operations not on single specific objects
1515 * @param loggingContext
1516 * @throws ServletException
1517 * @throws IOException
1519 private void doACPost(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
1520 PolicyDBDaoTransaction doACPostTransaction = null;
1522 String groupName = request.getParameter("groupName");
1523 String groupDescription = request.getParameter("groupDescription");
1524 String apiflag = request.getParameter("apiflag");
1525 if (groupName != null && groupDescription != null) {
1526 // Args: group=<groupId> groupName=<name> groupDescription=<description> <= create a new group
1527 loggingContext.setServiceName("AC:PAP.createGroup");
1528 String unescapedName = null;
1529 String unescapedDescription = null;
1531 unescapedName = URLDecoder.decode(groupName, "UTF-8");
1532 unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8");
1533 } catch (UnsupportedEncodingException e) {
1536 PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction();
1538 newGroupTransaction.createGroup(PolicyDBDao.createNewPDPGroupId(unescapedName), unescapedName, unescapedDescription,"XACMLPapServlet.doACPost");
1539 papEngine.newGroup(unescapedName, unescapedDescription);
1540 loggingContext.metricStarted();
1541 newGroupTransaction.commitTransaction();
1542 loggingContext.metricEnded();
1543 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1544 } catch (Exception e) {
1545 newGroupTransaction.rollbackTransaction();
1546 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group");
1547 loggingContext.transactionEnded();
1548 PolicyLogger.audit("Transaction Failed - See Error.log");
1549 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to create new group '" + groupId + "'");
1552 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1553 if (LOGGER.isDebugEnabled()) {
1554 LOGGER.debug("New Group '" + groupId + "' created");
1556 // tell the Admin Consoles there is a change
1557 loggingContext.metricStarted();
1559 loggingContext.metricEnded();
1560 PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
1561 // new group by definition has no PDPs, so no need to notify them of changes
1562 loggingContext.transactionEnded();
1563 PolicyLogger.audit("Transaction Failed - See Error.log");
1564 auditLogger.info("Success");
1565 PolicyLogger.audit("Transaction Ended Successfully");
1568 // for all remaining POST operations the group must exist before the operation can be done
1569 OnapPDPGroup group = null;
1571 group = papEngine.getGroup(groupId);
1572 } catch (PAPException e){
1575 if (group == null) {
1576 String message = "Unknown groupId '" + groupId + "'";
1577 //for fixing Header Manipulation of Fortify issue
1578 if(!message.matches(REGEX)){
1579 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1580 response.addHeader("error",ADD_GROUP_ERROR);
1581 response.addHeader("message", "GroupId Id is not valid");
1584 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1585 loggingContext.transactionEnded();
1586 PolicyLogger.audit("Transaction Failed - See Error.log");
1588 response.addHeader("error", "unknownGroupId");
1589 response.addHeader("operation", "push");
1590 response.addHeader("message", message);
1591 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
1593 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1598 // If the request contains a policyId then we know we are pushing the policy to PDP
1599 if (request.getParameter("policyId") != null) {
1602 loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy");
1603 LOGGER.info("PushPolicy Request From The API");
1605 loggingContext.setServiceName("AC:PAP.postPolicy");
1606 LOGGER.info("PushPolicy Request From The AC");
1609 String policyId = request.getParameter("policyId");
1610 PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction();
1611 StdPDPGroup updatedGroup = null;
1613 //Copying the policy to the file system and updating groups in database
1614 LOGGER.info("PapServlet: calling PolicyDBDao.addPolicyToGroup()");
1615 updatedGroup = addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost");
1616 loggingContext.metricStarted();
1617 addPolicyToGroupTransaction.commitTransaction();
1618 loggingContext.metricEnded();
1619 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1620 LOGGER.info("PapServlet: addPolicyToGroup() succeeded, transaction was committed");
1622 } catch (Exception e) {
1623 addPolicyToGroupTransaction.rollbackTransaction();
1624 String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
1625 //for fixing Header Manipulation of Fortify issue
1626 if(!message.matches(REGEX)){
1627 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1628 response.addHeader("error",ADD_GROUP_ERROR);
1629 response.addHeader("message", "Policy Id is not valid");
1632 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
1633 loggingContext.transactionEnded();
1634 PolicyLogger.audit("Transaction Failed - See Error.log");
1636 response.addHeader("error", "policyCopyError");
1637 response.addHeader("message", message);
1638 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1640 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
1645 if(apiflag != null){
1647 * If request comes from the API we need to run the PolicyDBDao updateGroup() to notify other paps of the change.
1648 * The GUI does this from the POLICY-SDK-APP code.
1651 // Get new transaction to perform updateGroup()
1652 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
1654 // get the request content into a String and read the inputStream into a buffer
1655 java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
1656 scanner.useDelimiter("\\A");
1657 String json = scanner.hasNext() ? scanner.next() : "";
1660 // convert Object sent as JSON into local object
1661 ObjectMapper mapper = new ObjectMapper();
1662 Object objectFromJSON = mapper.readValue(json, StdPDPPolicy.class);
1663 StdPDPPolicy policy = (StdPDPPolicy) objectFromJSON;
1665 LOGGER.info("Request JSON Payload: " + json);
1667 // Assume that this is an update of an existing PDP Group
1668 loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
1670 acPutTransaction.updateGroup(updatedGroup, "XACMLPapServlet.doACPut");
1671 } catch(Exception e){
1672 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error occurred when notifying PAPs of a group change: "
1674 throw new PAPException(e.getMessage());
1677 LOGGER.info("Calling updatGroup() with new group");
1678 papEngine.updateGroup(updatedGroup);
1680 LOGGER.info("Group '" + updatedGroup.getId() + "' updated");
1682 // Commit transaction to send notification to other PAPs
1683 loggingContext.metricStarted();
1684 acPutTransaction.commitTransaction();
1685 loggingContext.metricEnded();
1686 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction");
1687 loggingContext.metricStarted();
1690 loggingContext.metricEnded();
1691 PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC");
1693 // Group changed to send notification to PDPs, which might include changing the policies
1694 groupChanged(updatedGroup,loggingContext);
1695 loggingContext.transactionEnded();
1696 LOGGER.info("Success");
1698 if (policy != null && ((policy.getName().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
1699 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
1700 if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
1701 LOGGER.debug("Precheck Successful.");
1705 //delete temporary policy file from the bin directory
1706 Files.deleteIfExists(Paths.get(policy.getId()));
1708 } catch (Exception e) {
1709 acPutTransaction.rollbackTransaction();
1710 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
1711 loggingContext.transactionEnded();
1712 PolicyLogger.audit("Transaction Failed - See Error.log");
1713 String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception occurred when updating the group from API.";
1714 LOGGER.error(message);
1715 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1716 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1717 response.addHeader("error",ADD_GROUP_ERROR);
1718 response.addHeader("message", message);
1723 // policy file copied ok and the Group was updated on the PDP
1724 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1725 response.addHeader("operation", "push");
1726 response.addHeader("policyId", policyId);
1727 response.addHeader("groupId", groupId);
1729 LOGGER.info("policy '" + policyId + "' copied to directory for group '" + groupId + "'");
1730 loggingContext.transactionEnded();
1731 auditLogger.info("Success");
1732 LOGGER.info("Transaction Ended Successfully");
1735 } else if (request.getParameter("default") != null) {
1736 // Args: group=<groupId> default=true <= make default
1737 // change the current default group to be the one identified in the request.
1738 loggingContext.setServiceName("AC:PAP.setDefaultGroup");
1739 // This is a POST operation rather than a PUT "update group" because of the side-effect that the current default group is also changed.
1740 // It should never be the case that multiple groups are currently marked as the default, but protect against that anyway.
1741 PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction();
1743 setDefaultGroupTransaction.changeDefaultGroup(group, "XACMLPapServlet.doACPost");
1744 papEngine.setDefaultGroup(group);
1745 loggingContext.metricStarted();
1746 setDefaultGroupTransaction.commitTransaction();
1747 loggingContext.metricEnded();
1748 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1749 } catch (Exception e) {
1750 setDefaultGroupTransaction.rollbackTransaction();
1751 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group");
1752 loggingContext.transactionEnded();
1753 PolicyLogger.audit("Transaction Failed - See Error.log");
1754 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to set group '" + groupId + "' to default");
1757 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1758 if (LOGGER.isDebugEnabled()) {
1759 LOGGER.debug("Group '" + groupId + "' set to be default");
1761 // Notify the Admin Consoles that something changed
1762 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1763 //TODO - Future: FIGURE OUT WHAT LEVEL TO NOTIFY: 2 groups or entire set - currently notify AC to update whole configuration of all groups
1764 loggingContext.metricStarted();
1766 // This does not affect any PDPs in the existing groups, so no need to notify them of this change
1767 loggingContext.metricEnded();
1768 PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
1769 loggingContext.transactionEnded();
1770 auditLogger.info("Success");
1771 LOGGER.info("Transaction Ended Successfully");
1773 } else if (request.getParameter("pdpId") != null) {
1774 doACPostTransaction = policyDBDao.getNewTransaction();
1775 // Args: group=<groupId> pdpId=<pdpId> <= move PDP to group
1776 loggingContext.setServiceName("AC:PAP.movePDP");
1777 String pdpId = request.getParameter("pdpId");
1778 OnapPDP pdp = papEngine.getPDP(pdpId);
1779 OnapPDPGroup originalGroup = papEngine.getPDPGroup((OnapPDP) pdp);
1781 doACPostTransaction.movePdp(pdp, group, "XACMLPapServlet.doACPost");
1782 }catch(Exception e){
1783 doACPostTransaction.rollbackTransaction();
1784 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet",
1785 " Error while moving pdp in the database: "
1786 +"pdp="+pdp.getId()+",to group="+group.getId());
1787 throw new PAPException(e.getMessage());
1789 papEngine.movePDP((OnapPDP) pdp, group);
1790 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
1791 if (LOGGER.isDebugEnabled()) {
1792 LOGGER.debug("PDP '" + pdp.getId() +"' moved to group '" + group.getId() + "' set to be default");
1794 // update the status of both the original group and the new one
1795 ((StdPDPGroup)originalGroup).resetStatus();
1796 ((StdPDPGroup)group).resetStatus();
1797 // Notify the Admin Consoles that something changed
1798 // For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
1799 loggingContext.metricStarted();
1801 loggingContext.metricEnded();
1802 PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
1803 // Need to notify the PDP that it's config may have changed
1804 pdpChanged(pdp, loggingContext);
1805 loggingContext.metricStarted();
1806 doACPostTransaction.commitTransaction();
1807 loggingContext.metricEnded();
1808 PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
1809 loggingContext.transactionEnded();
1810 auditLogger.info("Success");
1811 PolicyLogger.audit("Transaction Ended Successfully");
1814 } catch (PAPException e) {
1815 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception");
1816 loggingContext.transactionEnded();
1817 PolicyLogger.audit("Transaction Failed - See Error.log");
1818 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
1824 * Requests from the Admin Console to GET info about the Groups and PDPs
1829 * @param loggingContext
1830 * @throws ServletException
1831 * @throws IOException
1833 private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
1835 String parameterDefault = request.getParameter("default");
1836 String pdpId = request.getParameter("pdpId");
1837 String pdpGroup = request.getParameter("getPDPGroup");
1838 if ("".equals(groupId)) {
1839 // request IS from AC but does not identify a group by name
1840 if (parameterDefault != null) {
1841 // Request is for the Default group (whatever its id)
1842 loggingContext.setServiceName("AC:PAP.getDefaultGroup");
1843 OnapPDPGroup group = papEngine.getDefaultGroup();
1844 // convert response object to JSON and include in the response
1845 mapperWriteValue(new ObjectMapper(), response, group);
1846 if (LOGGER.isDebugEnabled()) {
1847 LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'");
1849 response.setStatus(HttpServletResponse.SC_OK);
1850 response.setHeader("content-type", "application/json");
1852 response.getOutputStream().close();
1853 } catch (IOException e){
1856 loggingContext.transactionEnded();
1857 auditLogger.info("Success");
1858 PolicyLogger.audit("Transaction Ended Successfully");
1860 } else if (pdpId != null) {
1861 // Request is related to a PDP
1862 if (pdpGroup == null) {
1863 // Request is for the (unspecified) group containing a given PDP
1864 loggingContext.setServiceName("AC:PAP.getPDP");
1867 pdp = papEngine.getPDP(pdpId);
1868 }catch(PAPException e){
1871 // convert response object to JSON and include in the response
1872 mapperWriteValue(new ObjectMapper(), response, pdp);
1873 if (LOGGER.isDebugEnabled()) {
1874 LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'");
1876 response.setStatus(HttpServletResponse.SC_OK);
1877 response.setHeader("content-type", "application/json");
1879 response.getOutputStream().close();
1880 } catch (IOException e){
1883 loggingContext.transactionEnded();
1884 auditLogger.info("Success");
1885 PolicyLogger.audit("Transaction Ended Successfully");
1888 // Request is for the group containing a given PDP
1889 loggingContext.setServiceName("AC:PAP.getGroupForPDP");
1890 OnapPDPGroup group =null;
1892 OnapPDP pdp = papEngine.getPDP(pdpId);
1893 group = papEngine.getPDPGroup((OnapPDP) pdp);
1894 }catch(PAPException e){
1897 // convert response object to JSON and include in the response
1898 mapperWriteValue(new ObjectMapper(), response, group);
1899 if (LOGGER.isDebugEnabled()) {
1900 LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'");
1902 response.setStatus(HttpServletResponse.SC_OK);
1903 response.setHeader("content-type", "application/json");
1905 response.getOutputStream().close();
1906 } catch (IOException e){
1909 loggingContext.transactionEnded();
1910 auditLogger.info("Success");
1911 PolicyLogger.audit("Transaction Ended Successfully");
1915 // request is for top-level properties about all groups
1916 loggingContext.setServiceName("AC:PAP.getAllGroups");
1917 Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
1918 // convert response object to JSON and include in the response
1919 mapperWriteValue(new ObjectMapper(), response, groups);
1920 if (LOGGER.isDebugEnabled()) {
1921 LOGGER.debug("GET All groups req");
1923 response.setStatus(HttpServletResponse.SC_OK);
1924 response.setHeader("content-type", "application/json");
1926 response.getOutputStream().close();
1927 } catch (IOException e){
1930 loggingContext.transactionEnded();
1931 auditLogger.info("Success");
1932 PolicyLogger.audit("Transaction Ended Successfully");
1936 // for all other GET operations the group must exist before the operation can be done
1937 OnapPDPGroup group = null;
1939 group = papEngine.getGroup(groupId);
1940 } catch(PAPException e){
1943 if (group == null) {
1944 String message = "Unknown groupId '" + groupId + "'";
1945 //for fixing Header Manipulation of Fortify issue
1946 if(!message.matches(REGEX)){
1947 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
1948 response.addHeader("error",ADD_GROUP_ERROR);
1949 response.addHeader("message", "Group Id is not valid");
1952 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
1953 loggingContext.transactionEnded();
1954 PolicyLogger.audit("Transaction Failed - See Error.log");
1955 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
1958 // Figure out which request this is based on the parameters
1959 String policyId = request.getParameter("policyId");
1960 if (policyId != null) {
1961 // retrieve a policy
1962 loggingContext.setServiceName("AC:PAP.getPolicy");
1963 // convert response object to JSON and include in the response
1964 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented");
1965 loggingContext.transactionEnded();
1966 PolicyLogger.audit("Transaction Failed - See Error.log");
1967 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
1969 // No other parameters, so return the identified Group
1970 loggingContext.setServiceName("AC:PAP.getGroup");
1971 // convert response object to JSON and include in the response
1972 mapperWriteValue(new ObjectMapper(), response, group);
1973 if (LOGGER.isDebugEnabled()) {
1974 LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'");
1976 response.setStatus(HttpServletResponse.SC_OK);
1977 response.setHeader("content-type", "application/json");
1979 response.getOutputStream().close();
1980 } catch (IOException e){
1983 loggingContext.transactionEnded();
1984 auditLogger.info("Success");
1985 PolicyLogger.audit("Transaction Ended Successfully");
1988 // Currently there are no other GET calls from the AC.
1989 // The AC uses the "GET All Groups" operation to fill its local cache and uses that cache for all other GETs without calling the PAP.
1990 // Other GETs that could be called:
1991 // Specific Group (groupId=<groupId>)
1992 // A Policy (groupId=<groupId> policyId=<policyId>)
1993 // A PDP (groupId=<groupId> pdpId=<pdpId>)
1994 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED ");
1995 loggingContext.transactionEnded();
1996 PolicyLogger.audit("Transaction Failed - See Error.log");
1997 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
1998 } catch (PAPException e) {
1999 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception");
2000 loggingContext.transactionEnded();
2001 PolicyLogger.audit("Transaction Failed - See Error.log");
2002 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2008 * Requests from the Admin Console to create new items or update existing ones
2013 * @param loggingContext
2014 * @throws ServletException
2015 * @throws IOException
2017 private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
2018 PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
2020 // for PUT operations the group may or may not need to exist before the operation can be done
2021 OnapPDPGroup group = papEngine.getGroup(groupId);
2022 // determine the operation needed based on the parameters in the request
2023 // for remaining operations the group must exist before the operation can be done
2024 if (group == null) {
2025 String message = "Unknown groupId '" + groupId + "'";
2026 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
2027 loggingContext.transactionEnded();
2028 PolicyLogger.audit("Transaction Failed - See Error.log");
2029 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
2032 if (request.getParameter("policy") != null) {
2033 // group=<groupId> policy=<policyId> contents=policy file <= Create new policy file in group dir, or replace it if it already exists (do not touch properties)
2034 loggingContext.setServiceName("AC:PAP.putPolicy");
2035 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PARTIALLY IMPLEMENTED!!! ACTUAL CHANGES SHOULD BE MADE BY PAP SERVLET!!! ");
2036 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2037 loggingContext.transactionEnded();
2038 PolicyLogger.audit("Transaction Failed - See Error.log");
2039 auditLogger.info("Success");
2040 PolicyLogger.audit("Transaction Ended Successfully");
2042 } else if (request.getParameter("pdpId") != null) {
2043 // ARGS: group=<groupId> pdpId=<pdpId/URL> <= create a new PDP or Update an Existing one
2044 String pdpId = request.getParameter("pdpId");
2045 if (papEngine.getPDP(pdpId) == null) {
2046 loggingContext.setServiceName("AC:PAP.createPDP");
2048 loggingContext.setServiceName("AC:PAP.updatePDP");
2050 // get the request content into a String
2052 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
2054 Scanner scanner = new Scanner(request.getInputStream());
2055 scanner.useDelimiter("\\A");
2056 json = scanner.hasNext() ? scanner.next() : "";
2058 }catch(IOException e){
2061 LOGGER.info("JSON request from AC: " + json);
2062 // convert Object sent as JSON into local object
2063 ObjectMapper mapper = new ObjectMapper();
2064 Object objectFromJSON = mapper.readValue(json, StdPDP.class);
2065 if (pdpId == null ||
2066 objectFromJSON == null ||
2067 ! (objectFromJSON instanceof StdPDP) ||
2068 ((StdPDP)objectFromJSON).getId() == null ||
2069 ! ((StdPDP)objectFromJSON).getId().equals(pdpId)) {
2070 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
2071 loggingContext.transactionEnded();
2072 PolicyLogger.audit("Transaction Failed - See Error.log");
2073 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input pdpid for object:"+objectFromJSON);
2075 StdPDP pdp = (StdPDP) objectFromJSON;
2077 OnapPDP oPDP = null;
2079 oPDP = papEngine.getPDP(pdpId);
2080 }catch (PAPException e){
2084 // this is a request to create a new PDP object
2086 acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(),
2087 pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut");
2088 } catch(Exception e){
2089 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: "
2090 +"pdp="+ (pdp.getId()) +",to group="+group.getId());
2091 throw new PAPException(e.getMessage());
2094 papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
2095 }catch(PAPException e){
2100 acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
2101 } catch(Exception e){
2102 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: "
2103 +"pdp="+ pdp.getId());
2104 throw new PAPException(e.getMessage());
2106 // this is a request to update the pdp
2108 papEngine.updatePDP(pdp);
2109 }catch(PAPException e){
2113 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2114 if (LOGGER.isDebugEnabled()) {
2115 LOGGER.debug("PDP '" + pdpId + "' created/updated");
2117 // adjust the group's state including the new PDP
2118 ((StdPDPGroup)group).resetStatus();
2119 // tell the Admin Consoles there is a change
2120 loggingContext.metricStarted();
2122 loggingContext.metricEnded();
2123 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2124 // this might affect the PDP, so notify it of the change
2125 pdpChanged(pdp, loggingContext);
2126 loggingContext.metricStarted();
2127 acPutTransaction.commitTransaction();
2128 loggingContext.metricEnded();
2129 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2130 loggingContext.transactionEnded();
2131 auditLogger.info("Success");
2132 PolicyLogger.audit("Transaction Ended Successfully");
2136 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, "XACMLPapServlet", " Error while adding pdp to group in the database: "
2137 +"pdp=null" + ",to group="+group.getId());
2138 throw new PAPException("PDP is null");
2139 } catch(Exception e){
2140 throw new PAPException("PDP is null" + e.getMessage() +e);
2143 } else if (request.getParameter("pipId") != null) {
2144 // group=<groupId> pipId=<pipEngineId> contents=pip properties <= add a PIP to pip config, or replace it if it already exists (lenient operation)
2145 loggingContext.setServiceName("AC:PAP.putPIP");
2146 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2147 loggingContext.transactionEnded();
2148 PolicyLogger.audit("Transaction Failed - See Error.log");
2149 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2152 // Assume that this is an update of an existing PDP Group
2153 // ARGS: group=<groupId> <= Update an Existing Group
2154 loggingContext.setServiceName("AC:PAP.updateGroup");
2155 // get the request content into a String
2157 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
2159 Scanner scanner = new Scanner(request.getInputStream());
2160 scanner.useDelimiter("\\A");
2161 json = scanner.hasNext() ? scanner.next() : "";
2163 }catch(IOException e){
2166 LOGGER.info("JSON request from AC: " + json);
2167 // convert Object sent as JSON into local object
2168 ObjectMapper mapper = new ObjectMapper();
2169 Object objectFromJSON = mapper.readValue(json, StdPDPGroup.class);
2170 if (objectFromJSON == null || ! (objectFromJSON instanceof StdPDPGroup) ||
2171 ! ((StdPDPGroup)objectFromJSON).getId().equals(group.getId())) {
2172 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
2173 loggingContext.transactionEnded();
2174 PolicyLogger.audit("Transaction Failed - See Error.log");
2175 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input id for object:"+objectFromJSON);
2177 // The Path on the PAP side is not carried on the RESTful interface with the AC
2178 // (because it is local to the PAP)
2179 // so we need to fill that in before submitting the group for update
2180 if(objectFromJSON != null){
2181 ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
2184 if("delete".equals(((StdPDPGroup)objectFromJSON).getOperation())){
2185 acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doDelete");
2187 acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
2189 } catch(Exception e){
2190 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: "
2191 +"group="+group.getId());
2193 throw new PAPException(e.getMessage());
2196 PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
2197 OnapPDPGroup updatedGroup = (StdPDPGroup)objectFromJSON;
2198 if (pushPolicyHandler.preSafetyCheck(updatedGroup, configHome)) {
2199 LOGGER.debug("Precheck Successful.");
2202 papEngine.updateGroup((StdPDPGroup)objectFromJSON);
2203 }catch(PAPException e){
2206 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2207 if (LOGGER.isDebugEnabled()) {
2208 LOGGER.debug("Group '" + group.getId() + "' updated");
2210 loggingContext.metricStarted();
2211 acPutTransaction.commitTransaction();
2212 loggingContext.metricEnded();
2213 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2214 // tell the Admin Consoles there is a change
2215 loggingContext.metricStarted();
2217 loggingContext.metricEnded();
2218 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2219 // Group changed, which might include changing the policies
2220 groupChanged(group, loggingContext);
2221 loggingContext.transactionEnded();
2222 auditLogger.info("Success");
2223 PolicyLogger.audit("Transaction Ended Successfully");
2226 } catch (PAPException e) {
2228 acPutTransaction.rollbackTransaction();
2229 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
2230 loggingContext.transactionEnded();
2231 PolicyLogger.audit("Transaction Failed - See Error.log");
2232 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2238 * Requests from the Admin Console to delete/remove items
2243 * @param loggingContext
2244 * @throws ServletException
2245 * @throws IOException
2247 private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
2248 //This code is to allow deletes to propagate to the database since delete is not implemented
2249 String isDeleteNotify = request.getParameter("isDeleteNotify");
2250 if(isDeleteNotify != null){
2251 String policyToDelete = request.getParameter("policyToDelete");
2253 policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8");
2254 } catch(UnsupportedEncodingException e){
2255 LOGGER.error("Unsupported URL encoding of policyToDelete (UTF-8", e);
2256 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToDelete encoding not supported");
2259 PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction();
2261 deleteTransaction.deletePolicy(policyToDelete);
2262 } catch(Exception e){
2263 deleteTransaction.rollbackTransaction();
2264 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"deleteTransaction.deleteTransaction(policyToDelete) "
2265 + "\nfailure with the following exception: " + e);
2268 loggingContext.metricStarted();
2269 deleteTransaction.commitTransaction();
2270 loggingContext.metricEnded();
2271 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2272 response.setStatus(HttpServletResponse.SC_OK);
2275 PolicyDBDaoTransaction removePdpOrGroupTransaction = policyDBDao.getNewTransaction();
2277 // for all DELETE operations the group must exist before the operation can be done
2278 loggingContext.setServiceName("AC:PAP.delete");
2279 OnapPDPGroup group = papEngine.getGroup(groupId);
2280 if (group == null) {
2281 String message = "Unknown groupId '" + groupId + "'";
2282 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
2283 loggingContext.transactionEnded();
2284 PolicyLogger.audit("Transaction Failed - See Error.log");
2285 setResponseError(response,HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'");
2288 // determine the operation needed based on the parameters in the request
2289 if (request.getParameter("policy") != null) {
2290 // group=<groupId> policy=<policyId> [delete=<true|false>] <= delete policy file from group
2291 loggingContext.setServiceName("AC:PAP.deletePolicy");
2292 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2293 loggingContext.transactionEnded();
2294 PolicyLogger.audit("Transaction Failed - See Error.log");
2295 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2297 } else if (request.getParameter("pdpId") != null) {
2298 // ARGS: group=<groupId> pdpId=<pdpId> <= delete PDP
2299 String pdpId = request.getParameter("pdpId");
2300 OnapPDP pdp = papEngine.getPDP(pdpId);
2302 removePdpOrGroupTransaction.removePdpFromGroup(pdp.getId(),"XACMLPapServlet.doACDelete");
2303 } catch(Exception e){
2304 throw new PAPException(e);
2307 papEngine.removePDP((OnapPDP) pdp);
2308 }catch(PAPException e){
2311 // adjust the status of the group, which may have changed when we removed this PDP
2312 ((StdPDPGroup)group).resetStatus();
2313 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2314 loggingContext.metricStarted();
2316 loggingContext.metricEnded();
2317 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2318 // update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests)
2319 pdpChanged(pdp, loggingContext);
2320 loggingContext.metricStarted();
2321 removePdpOrGroupTransaction.commitTransaction();
2322 loggingContext.metricEnded();
2323 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2324 loggingContext.transactionEnded();
2325 auditLogger.info("Success");
2326 PolicyLogger.audit("Transaction Ended Successfully");
2328 } else if (request.getParameter("pipId") != null) {
2329 // group=<groupId> pipId=<pipEngineId> <= delete PIP config for given engine
2330 loggingContext.setServiceName("AC:PAP.deletePIPConfig");
2331 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
2332 loggingContext.transactionEnded();
2333 PolicyLogger.audit("Transaction Failed - See Error.log");
2334 setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
2337 // ARGS: group=<groupId> movePDPsToGroupId=<movePDPsToGroupId> <= delete a group and move all its PDPs to the given group
2338 String moveToGroupId = request.getParameter("movePDPsToGroupId");
2339 OnapPDPGroup moveToGroup = null;
2340 if (moveToGroupId != null) {
2342 moveToGroup = papEngine.getGroup(moveToGroupId);
2343 }catch(PAPException e){
2347 // get list of PDPs in the group being deleted so we can notify them that they got changed
2348 Set<OnapPDP> movedPDPs = new HashSet<>();
2349 movedPDPs.addAll(group.getOnapPdps());
2350 // do the move/remove
2352 removePdpOrGroupTransaction.deleteGroup(group, moveToGroup,"XACMLPapServlet.doACDelete");
2353 } catch(Exception e){
2354 PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception");
2355 throw new PAPException(e.getMessage());
2358 papEngine.removeGroup(group, moveToGroup);
2359 }catch(PAPException e){
2362 response.setStatus(HttpServletResponse.SC_NO_CONTENT);
2363 loggingContext.metricStarted();
2365 loggingContext.metricEnded();
2366 PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
2367 // notify any PDPs in the removed set that their config may have changed
2368 for (OnapPDP pdp : movedPDPs) {
2369 pdpChanged(pdp, loggingContext);
2371 loggingContext.metricStarted();
2372 removePdpOrGroupTransaction.commitTransaction();
2373 loggingContext.metricEnded();
2374 PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
2375 loggingContext.transactionEnded();
2376 auditLogger.info("Success");
2377 PolicyLogger.audit("Transaction Ended Successfully");
2380 } catch (PAPException e) {
2381 removePdpOrGroupTransaction.rollbackTransaction();
2382 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC DELETE exception");
2383 loggingContext.transactionEnded();
2384 PolicyLogger.audit("Transaction Failed - See Error.log");
2385 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
2391 * Heartbeat thread - periodically check on PDPs' status
2393 * Heartbeat with all known PDPs.
2395 * Implementation note:
2397 * The PDPs are contacted Sequentially, not in Parallel.
2399 * If we did this in parallel using multiple threads we would simultaneously use
2403 * This could become a resource problem since we already use multiple threads and connections for updating the PDPs
2404 * when user changes occur.
2405 * Using separate threads can also make it tricky dealing with timeouts on PDPs that are non-responsive.
2407 * The Sequential operation does a heartbeat request to each PDP one at a time.
2408 * This has the flaw that any PDPs that do not respond will hold up the entire heartbeat sequence until they timeout.
2409 * If there are a lot of non-responsive PDPs and the timeout is large-ish (the default is 20 seconds)
2410 * it could take a long time to cycle through all of the PDPs.
2411 * That means that this may not notice a PDP being down in a predictable time.
2413 private class Heartbeat implements Runnable {
2414 private PAPPolicyEngine papEngine;
2415 private Set<OnapPDP> pdps = new HashSet<>();
2416 private int heartbeatInterval;
2417 private int heartbeatTimeout;
2419 public volatile boolean isRunning = false;
2421 public synchronized boolean isRunning() {
2422 return this.isRunning;
2425 public synchronized void terminate() {
2426 this.isRunning = false;
2429 public Heartbeat(PAPPolicyEngine papEngine2) {
2430 papEngine = papEngine2;
2431 this.heartbeatInterval = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_INTERVAL, "10000"));
2432 this.heartbeatTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_HEARTBEAT_TIMEOUT, "10000"));
2437 // Set ourselves as running
2438 synchronized(this) {
2439 this.isRunning = true;
2441 HashMap<String, URL> idToURLMap = new HashMap<>();
2443 while (this.isRunning()) {
2444 // Wait the given time
2445 Thread.sleep(heartbeatInterval);
2446 // get the list of PDPs (may have changed since last time)
2448 synchronized(papEngine) {
2450 for (OnapPDPGroup g : papEngine.getOnapPDPGroups()) {
2451 for (OnapPDP p : g.getOnapPdps()) {
2455 } catch (PAPException e) {
2456 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat unable to read PDPs from PAPEngine");
2459 // Check for shutdown
2460 if (this.isRunning() == false) {
2461 LOGGER.info("isRunning is false, getting out of loop.");
2464 // try to get the summary status from each PDP
2465 boolean changeSeen = false;
2466 for (OnapPDP pdp : pdps) {
2467 // Check for shutdown
2468 if (this.isRunning() == false) {
2469 LOGGER.info("isRunning is false, getting out of loop.");
2472 // the id of the PDP is its url (though we add a query parameter)
2473 URL pdpURL = idToURLMap.get(pdp.getId());
2474 if (pdpURL == null) {
2475 // haven't seen this PDP before
2476 String fullURLString = null;
2479 if(CheckPDP.validateID(pdp.getId())){
2480 fullURLString = pdp.getId() + "?type=hb";
2481 pdpURL = new URL(fullURLString);
2482 idToURLMap.put(pdp.getId(), pdpURL);
2484 } catch (MalformedURLException e) {
2485 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "XACMLPapServlet", " PDP id '" + fullURLString + "' is not a valid URL");
2489 // Do a GET with type HeartBeat
2490 String newStatus = "";
2491 HttpURLConnection connection = null;
2493 // Open up the connection
2495 connection = (HttpURLConnection)pdpURL.openConnection();
2496 // Setup our method and headers
2497 connection.setRequestMethod("GET");
2498 connection.setConnectTimeout(heartbeatTimeout);
2500 String encoding = CheckPDP.getEncoding(pdp.getId());
2501 if(encoding !=null){
2502 connection.setRequestProperty("Authorization", "Basic " + encoding);
2505 connection.connect();
2506 if (connection.getResponseCode() == 204) {
2507 newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB);
2508 if (LOGGER.isDebugEnabled()) {
2509 LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'");
2512 // anything else is an unexpected result
2513 newStatus = PDPStatus.Status.UNKNOWN.toString();
2514 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId());
2517 } catch (UnknownHostException e) {
2518 newStatus = PDPStatus.Status.NO_SUCH_HOST.toString();
2519 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' NO_SUCH_HOST");
2520 } catch (SocketTimeoutException e) {
2521 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2522 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' connection timeout");
2523 } catch (ConnectException e) {
2524 newStatus = PDPStatus.Status.CANNOT_CONNECT.toString();
2525 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Heartbeat '" + pdp.getId() + "' cannot connect");
2526 } catch (Exception e) {
2527 newStatus = PDPStatus.Status.UNKNOWN.toString();
2528 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat '" + pdp.getId() + "' connect exception");
2530 // cleanup the connection
2531 if(connection != null)
2532 connection.disconnect();
2534 if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) {
2535 if (LOGGER.isDebugEnabled()) {
2536 LOGGER.debug("previous status='" + pdp.getStatus().getStatus()+"' new Status='" + newStatus + "'");
2539 setPDPSummaryStatus(pdp, newStatus);
2540 } catch (PAPException e) {
2541 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Unable to set state for PDP '" + pdp.getId());
2546 // Check for shutdown
2547 if (this.isRunning() == false) {
2548 LOGGER.info("isRunning is false, getting out of loop.");
2551 // if any of the PDPs changed state, tell the ACs to update
2556 } catch (InterruptedException e) {
2557 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat interrupted. Shutting down");
2559 Thread.currentThread().interrupt();
2565 * HELPER to change Group status when PDP status is changed
2566 * (Must NOT be called from a method that is synchronized on the papEngine or it may deadlock)
2568 private void setPDPSummaryStatus(OnapPDP pdp, PDPStatus.Status newStatus) throws PAPException {
2569 setPDPSummaryStatus(pdp, newStatus.toString());
2572 private void setPDPSummaryStatus(OnapPDP pdp, String newStatus) throws PAPException {
2573 synchronized(papEngine) {
2574 StdPDPStatus status = new StdPDPStatus();
2575 status.setStatus(PDPStatus.Status.valueOf(newStatus));
2576 ((StdPDP)pdp).setStatus(status);
2577 // now adjust the group
2578 StdPDPGroup group = (StdPDPGroup)papEngine.getPDPGroup((OnapPDP) pdp);
2579 // if the PDP was just deleted it may transiently exist but not be in a group
2580 if (group != null) {
2581 group.resetStatus();
2587 * Callback methods telling this servlet to notify PDPs of changes made by the PAP StdEngine
2588 * in the PDP group directories
2591 public void changed() {
2592 // all PDPs in all groups need to be updated/sync'd
2593 Set<OnapPDPGroup> groups;
2595 groups = papEngine.getOnapPDPGroups();
2596 } catch (PAPException e) {
2597 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2598 throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2600 for (OnapPDPGroup group : groups) {
2601 groupChanged(group);
2605 public void changed(ONAPLoggingContext loggingContext) {
2606 // all PDPs in all groups need to be updated/sync'd
2607 Set<OnapPDPGroup> groups;
2609 groups = papEngine.getOnapPDPGroups();
2610 } catch (PAPException e) {
2611 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
2612 throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
2614 for (OnapPDPGroup group : groups) {
2615 groupChanged(group, loggingContext);
2620 public void groupChanged(OnapPDPGroup group) {
2621 // all PDPs within one group need to be updated/sync'd
2622 for (OnapPDP pdp : group.getOnapPdps()) {
2627 public void groupChanged(OnapPDPGroup group, ONAPLoggingContext loggingContext) {
2628 // all PDPs within one group need to be updated/sync'd
2629 for (OnapPDP pdp : group.getOnapPdps()) {
2630 pdpChanged(pdp, loggingContext);
2635 public void pdpChanged(OnapPDP pdp) {
2636 // kick off a thread to do an event notification for each PDP.
2637 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2638 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2639 Thread t = new Thread(new UpdatePDPThread(pdp));
2640 if(CheckPDP.validateID(pdp.getId())){
2645 public void pdpChanged(OnapPDP pdp, ONAPLoggingContext loggingContext) {
2646 // kick off a thread to do an event notification for each PDP.
2647 // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
2648 // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
2649 Thread t = new Thread(new UpdatePDPThread(pdp, loggingContext));
2650 if(CheckPDP.validateID(pdp.getId())){
2655 private class UpdatePDPThread implements Runnable {
2656 private OnapPDP pdp;
2657 private String requestId;
2658 private ONAPLoggingContext loggingContext;
2660 public UpdatePDPThread(OnapPDP pdp) {
2664 public UpdatePDPThread(OnapPDP pdp, ONAPLoggingContext loggingContext) {
2666 if ((loggingContext != null) && (loggingContext.getRequestID() != null || loggingContext.getRequestID() == "")) {
2667 this.requestId = loggingContext.getRequestID();
2669 this.loggingContext = loggingContext;
2673 // send the current configuration to one PDP
2674 HttpURLConnection connection = null;
2675 // get a new logging context for the thread
2677 if (this.loggingContext == null) {
2678 loggingContext = new ONAPLoggingContext(baseLoggingContext);
2680 } catch (Exception e) {
2681 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2682 // Since this is a server-side error, it probably does not reflect a problem on the client,
2683 // so do not change the PDP status.
2687 loggingContext.setServiceName("PAP:PDP.putConfig");
2688 // If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP
2689 if ((requestId == null) || (requestId == "")) {
2690 UUID requestID = UUID.randomUUID();
2691 loggingContext.setRequestID(requestID.toString());
2692 PolicyLogger.info("requestID not provided in call to XACMLPapSrvlet (UpdatePDPThread) so we generated one: " + loggingContext.getRequestID());
2694 loggingContext.setRequestID(requestId);
2695 PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (UpdatePDPThread): " + loggingContext.getRequestID());
2697 loggingContext.transactionStarted();
2698 // the Id of the PDP is its URL
2699 if (LOGGER.isDebugEnabled()) {
2700 LOGGER.debug("creating url for id '" + pdp.getId() + "'");
2702 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2703 //TODO (need to change "cache=", implying getting some input saying which to change)
2704 URL url = new URL(pdp.getId() + "?cache=all");
2705 // Open up the connection
2706 connection = (HttpURLConnection)url.openConnection();
2707 // Setup our method and headers
2708 connection.setRequestMethod("PUT");
2710 String encoding = CheckPDP.getEncoding(pdp.getId());
2711 if(encoding !=null){
2712 connection.setRequestProperty("Authorization", "Basic " + encoding);
2714 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2715 connection.setRequestProperty("X-ECOMP-RequestID", loggingContext.getRequestID());
2716 connection.setInstanceFollowRedirects(true);
2717 connection.setDoOutput(true);
2718 try (OutputStream os = connection.getOutputStream()) {
2719 OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
2720 // if the PDP was just deleted, there is no group, but we want to send an update anyway
2721 if (group == null) {
2722 // create blank properties files
2723 Properties policyProperties = new Properties();
2724 policyProperties.put(XACMLProperties.PROP_ROOTPOLICIES, "");
2725 policyProperties.put(XACMLProperties.PROP_REFERENCEDPOLICIES, "");
2726 policyProperties.store(os, "");
2727 Properties pipProps = new Properties();
2728 pipProps.setProperty(XACMLProperties.PROP_PIP_ENGINES, "");
2729 pipProps.store(os, "");
2731 // send properties from the current group
2732 group.getPolicyProperties().store(os, "");
2733 Properties policyLocations = new Properties();
2734 for (PDPPolicy policy : group.getPolicies()) {
2735 policyLocations.put(policy.getId() + ".url", XACMLPapServlet.papURL + "?id=" + policy.getId());
2737 policyLocations.store(os, "");
2738 group.getPipConfigProperties().store(os, "");
2740 } catch (Exception e) {
2741 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
2742 // Since this is a server-side error, it probably does not reflect a problem on the client,
2743 // so do not change the PDP status.
2747 loggingContext.metricStarted();
2748 connection.connect();
2749 loggingContext.metricEnded();
2750 PolicyLogger.metrics("XACMLPapServlet UpdatePDPThread connection connect");
2751 if (connection.getResponseCode() == 204) {
2752 LOGGER.info("Success. We are configured correctly.");
2753 loggingContext.transactionEnded();
2754 auditLogger.info("Success. PDP is configured correctly.");
2755 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2756 setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
2757 } else if (connection.getResponseCode() == 200) {
2758 LOGGER.info("Success. PDP needs to update its configuration.");
2759 loggingContext.transactionEnded();
2760 auditLogger.info("Success. PDP needs to update its configuration.");
2761 PolicyLogger.audit("Transaction Success. PDP is configured correctly.");
2762 setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
2764 LOGGER.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2765 loggingContext.transactionEnded();
2766 auditLogger.warn("Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2767 PolicyLogger.audit("Transaction Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2768 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2770 } catch (Exception e) {
2772 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config with PDP '" + pdp.getId() + "'");
2773 loggingContext.transactionEnded();
2774 PolicyLogger.audit("Transaction Failed: Unable to sync config with PDP '" + pdp.getId() + "': " + e);
2776 setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
2777 } catch (PAPException e1) {
2779 PolicyLogger.audit("Transaction Failed: Unable to set status of PDP " + pdp.getId() + " to UNKNOWN: " + e);
2780 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to set status of PDP '" + pdp.getId() + "' to UNKNOWN");
2783 // cleanup the connection
2784 if(connection != null){
2785 connection.disconnect();
2787 // tell the AC to update it's status info
2794 * RESTful Interface from PAP to ACs notifying them of changes
2796 private void notifyAC() {
2797 // kick off a thread to do one event notification for all registered ACs
2798 // This needs to be on a separate thread so that ACs can make calls back to PAP to get the updated Group data
2799 // as part of processing this message on their end.
2800 Thread t = new Thread(new NotifyACThread());
2804 private class NotifyACThread implements Runnable {
2806 List<String> disconnectedACs = new ArrayList<>();
2807 // There should be no Concurrent exception here because the list is a CopyOnWriteArrayList.
2808 // The "for each" loop uses the collection's iterator under the covers, so it should be correct.
2809 for (String acURL : adminConsoleURLStringList) {
2810 HttpURLConnection connection = null;
2812 acURL += "?PAPNotification=true";
2813 //TODO - Currently we just tell AC that "Something changed" without being specific. Do we want to tell it which group/pdp changed?
2814 //TODO - If so, put correct parameters into the Query string here
2815 acURL += "&objectType=all" + "&action=update";
2816 if (LOGGER.isDebugEnabled()) {
2817 LOGGER.debug("creating url for id '" + acURL + "'");
2819 //TODO - currently always send both policies and pips. Do we care enough to add code to allow sending just one or the other?
2820 //TODO (need to change "cache=", implying getting some input saying which to change)
2821 URL url = new URL(acURL );
2822 // Open up the connection
2823 connection = (HttpURLConnection)url.openConnection();
2824 // Setup our method and headers
2825 connection.setRequestMethod("PUT");
2826 connection.setRequestProperty("Content-Type", "text/x-java-properties");
2827 // Adding this in. It seems the HttpUrlConnection class does NOT
2828 // properly forward our headers for POST re-direction. It does so
2829 // for a GET re-direction.
2830 // So we need to handle this ourselves.
2831 //TODO - is this needed for a PUT? seems better to leave in for now?
2832 connection.setInstanceFollowRedirects(false);
2833 // Do not include any data in the PUT because this is just a
2834 // notification to the AC.
2835 // The AC will use GETs back to the PAP to get what it needs
2836 // to fill in the screens.
2838 connection.connect();
2839 if (connection.getResponseCode() == 204) {
2840 LOGGER.info("Success. We updated correctly.");
2842 LOGGER.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed: " + connection.getResponseCode() + " message: " + connection.getResponseMessage());
2845 } catch (Exception e) {
2846 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config AC '" + acURL + "'");
2847 disconnectedACs.add(acURL);
2849 // cleanup the connection
2850 if(connection != null)
2851 connection.disconnect();
2854 // remove any ACs that are no longer connected
2855 if (disconnectedACs.size() > 0) {
2856 adminConsoleURLStringList.removeAll(disconnectedACs);
2861 private void testService(ONAPLoggingContext loggingContext, HttpServletResponse response) throws IOException{
2862 LOGGER.info("Test request received");
2864 im.evaluateSanity();
2865 //If we make it this far, all is well
2866 String message = "GET:/pap/test called and PAP " + papResourceName + " is OK";
2867 LOGGER.info(message);
2868 loggingContext.transactionEnded();
2869 PolicyLogger.audit("Transaction Failed - See Error.log");
2870 response.setStatus(HttpServletResponse.SC_OK);
2872 }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){
2874 if (e instanceof ForwardProgressException) {
2875 submsg = " is not making forward progress.";
2876 } else if (e instanceof AdministrativeStateException) {
2877 submsg = " Administrative State is LOCKED.";
2879 submsg = " Standby Status is NOT PROVIDING SERVICE.";
2882 String message = "GET:/pap/test called and PAP " + papResourceName + submsg
2883 + " Exception Message: " + e.getMessage();
2884 LOGGER.info(message, e);
2885 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2886 loggingContext.transactionEnded();
2887 PolicyLogger.audit("Transaction Failed - See Error.log");
2888 setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2890 }catch (Exception e) {
2891 //A subsystem is not making progress, is locked, standby or is not responding
2892 String eMsg = e.getMessage();
2894 eMsg = "No Exception Message";
2896 String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure."
2897 + " Exception Message: " + eMsg;
2898 LOGGER.info(message, e);
2899 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
2900 loggingContext.transactionEnded();
2901 PolicyLogger.audit("Transaction Failed - See Error.log");
2902 //Get the specific list of subsystems that failed
2903 String ssFailureList = null;
2904 for(String failedSS : papDependencyGroupsFlatArray){
2905 if(eMsg.contains(failedSS)){
2906 if(ssFailureList == null){
2907 ssFailureList = failedSS;
2909 ssFailureList = ssFailureList.concat(","+failedSS);
2913 if(ssFailureList == null){
2914 ssFailureList = "UnknownSubSystem";
2916 response.addHeader("X-ONAP-SubsystemFailure", ssFailureList);
2917 setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
2923 * Authorizing the PEP Requests.
2925 private boolean authorizeRequest(HttpServletRequest request) {
2926 String clientCredentials = request.getHeader(ENVIRONMENT_HEADER);
2927 // Check if the Client is Authorized.
2928 if(clientCredentials!=null && clientCredentials.equalsIgnoreCase(environment)){
2935 private static void loadWebapps() throws PAPException{
2936 if(actionHome == null || configHome == null){
2937 Path webappsPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS));
2939 if (webappsPath == null) {
2940 PolicyLogger.error("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2941 throw new PAPException("Invalid Webapps Path Location property : " + XACMLRestProperties.PROP_PAP_WEBAPPS);
2943 Path webappsPathConfig = Paths.get(webappsPath.toString()+File.separator+"Config");
2944 Path webappsPathAction = Paths.get(webappsPath.toString()+File.separator+"Action");
2945 if (Files.notExists(webappsPathConfig)) {
2947 Files.createDirectories(webappsPathConfig);
2948 } catch (IOException e) {
2949 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Failed to create config directory: "
2950 + webappsPathConfig.toAbsolutePath().toString());
2953 if (Files.notExists(webappsPathAction)) {
2955 Files.createDirectories(webappsPathAction);
2956 } catch (IOException e) {
2957 LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create action directory: "
2958 + webappsPathAction.toAbsolutePath().toString(), e);
2961 actionHome = webappsPathAction.toString();
2962 configHome = webappsPathConfig.toString();
2966 public static String getConfigHome(){
2969 } catch (PAPException e) {
2976 private static void setConfigHome(){
2977 configHome = getConfigHome();
2980 public static String getActionHome(){
2983 } catch (PAPException e) {
2990 private static void setActionHome(){
2991 actionHome = getActionHome();
2994 public static EntityManagerFactory getEmf() {
2998 public IntegrityAudit getIa() {
3002 public static String getPDPFile(){
3003 return XACMLPapServlet.pdpFile;
3006 public static String getPersistenceUnit(){
3007 return PERSISTENCE_UNIT;
3010 public static PAPPolicyEngine getPAPEngine(){
3014 public static PolicyDBDaoTransaction getDbDaoTransaction(){
3015 return policyDBDao.getNewTransaction();
3017 public static String getPapDbDriver() {
3021 public static void setPapDbDriver(String papDbDriver) {
3022 XACMLPapServlet.papDbDriver = papDbDriver;
3025 public static String getPapDbUrl() {
3029 public static void setPapDbUrl(String papDbUrl) {
3030 XACMLPapServlet.papDbUrl = papDbUrl;
3033 public static String getPapDbUser() {
3037 public static void setPapDbUser(String papDbUser) {
3038 XACMLPapServlet.papDbUser = papDbUser;
3041 public static String getPapDbPassword() {
3042 return papDbPassword;
3045 public static void setPapDbPassword(String papDbPassword) {
3046 XACMLPapServlet.papDbPassword = papDbPassword;
3049 public static String getMsOnapName() {
3053 public static void setMsOnapName(String msOnapName) {
3054 XACMLPapServlet.msOnapName = msOnapName;
3057 public static String getMsPolicyName() {
3058 return msPolicyName;
3061 public static void setMsPolicyName(String msPolicyName) {
3062 XACMLPapServlet.msPolicyName = msPolicyName;
Code Review / policy / engine.git / blob