* ============LICENSE_START=======================================================
* ONAP-PAP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Scanner;
import org.onap.policy.common.im.AdministrativeStateException;
import org.onap.policy.common.im.ForwardProgressException;
import org.onap.policy.common.im.IntegrityMonitor;
+import org.onap.policy.common.im.IntegrityMonitorException;
import org.onap.policy.common.im.IntegrityMonitorProperties;
import org.onap.policy.common.im.StandbyStatusException;
import org.onap.policy.common.logging.ONAPLoggingContext;
import org.onap.policy.rest.XACMLRest;
import org.onap.policy.rest.XACMLRestProperties;
import org.onap.policy.rest.dao.PolicyDBException;
+import org.onap.policy.utils.CryptoUtils;
import org.onap.policy.utils.PolicyUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
import org.onap.policy.xacml.api.pap.OnapPDP;
import org.onap.policy.xacml.api.pap.OnapPDPGroup;
import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
-import org.onap.policy.xacml.std.pap.StdPAPPolicy;
import org.onap.policy.xacml.std.pap.StdPDP;
import org.onap.policy.xacml.std.pap.StdPDPGroup;
import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener;
private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
// Client Headers.
private static final String ENVIRONMENT_HEADER = "Environment";
+ private static final String ADD_GROUP_ERROR = "addGroupError";
+ private static final String PERSISTENCE_JDBC_PWD = "javax.persistence.jdbc.password";
+
+ private static final String REGEX = "[0-9a-zA-Z._ ]*";
+
/*
* List of Admin Console URLs.
* Used to send notifications when configuration changes.
+ "\n papDbDriver = " + papDbDriver
+ "\n papDbUrl = " + papDbUrl
+ "\n papDbUser = " + papDbUser
- + "\n papDbPassword = " + papDbPassword
+ "\n papTransWait = " + papTransWait
+ "\n papTransTimeout = " + papTransTimeout
+ "\n papAuditTimeout = " + papAuditTimeout
throw new ServletException(e.getMessage(), e.getCause());
}
// Create an IntegrityMonitor
+ if(properties.getProperty(PERSISTENCE_JDBC_PWD) != null ){
+ properties.setProperty(PERSISTENCE_JDBC_PWD, CryptoUtils.decryptTxtNoExStr(properties.getProperty(PERSISTENCE_JDBC_PWD, "")));
+ }
im = IntegrityMonitor.getInstance(papResourceName,properties);
// Create an IntegrityAudit
ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
throw new PAPException("papDbUser is null");
}
setPapDbUser(papDbUser);
- papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD);
+ papDbPassword = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD, ""));
if(papDbPassword == null){
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
throw new PAPException("papDbPassword is null");
} catch (AdministrativeStateException ae){
String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
+ " state of " + im.getStateManager().getAdminState()
- + "\n Exception Message: " + ae.getMessage();
+ + "\n Exception Message: " + PolicyUtils.CATCH_EXCEPTION;
LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae);
loggingContext.metricEnded();
PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
+ } catch (IntegrityMonitorException e) {
+ String message = "POST interface called for PAP " + papResourceName + " but an exception occurred"
+ + "\n Exception Message: " + e.getMessage();
+ LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, e);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ return;
}
try {
loggingContext.metricStarted();
private void setResponseError(HttpServletResponse response,int responseCode, String message) {
try {
- response.sendError(responseCode, message);
+ if(message != null && !message.isEmpty()){
+ response.sendError(responseCode, message);
+ }
} catch (IOException e) {
LOGGER.error("Error setting Error response Header ", e);
}
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
+ } catch (IntegrityMonitorException e) {
+ String message = "GET interface called for PAP " + papResourceName + " but an exception occurred"
+ + "\n Exception Message: " + e.getMessage();
+ LOGGER.info(message, e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ return;
}
// Request from the API to get the gitPath
String apiflag = request.getParameter("apiflag");
im.startTransaction();
loggingContext.metricEnded();
PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction");
- } catch (AdministrativeStateException | StandbyStatusException e) {
+ } catch (IntegrityMonitorException e) {
String message = "PUT interface called for PAP " + papResourceName;
if (e instanceof AdministrativeStateException) {
message += " but it has an Administrative state of "
} else if (e instanceof StandbyStatusException) {
message += " but it has a Standby Status of "
+ im.getStateManager().getStandbyStatus();
+ } else {
+ message += " but an exception occurred";
}
message += "\n Exception Message: " + e.getMessage();
//This would occur if a PolicyDBDao notification was received
String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
if(policyDBDaoRequestUrl != null){
+ LOGGER.info("XACMLPapServlet: PolicyDBDao Notification received." );
String policyDBDaoRequestEntityId = request.getParameter("entityid");
String policyDBDaoRequestEntityType = request.getParameter("entitytype");
String policyDBDaoRequestExtraData = request.getParameter("extradata");
im.endTransaction();
return;
}
- loggingContext.metricStarted();
+ loggingContext.metricStarted();
+ LOGGER.info("XACMLPapServlet: Calling PolicyDBDao to handlIncomingHttpNotification");
policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
loggingContext.metricEnded();
PolicyLogger.metrics("XACMLPapServlet doPut handle incoming http notification");
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
+ } catch (IntegrityMonitorException e) {
+ String message = "PUT interface called for PAP " + papResourceName + " but an exception occurred"
+ + "\n Exception Message: " + e.getMessage();
+ LOGGER.info(message, e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ return;
}
loggingContext.metricStarted();
XACMLRest.dumpRequest(request);
//If the selected policy is in the group we must remove the old version of it
LOGGER.info("Removing old version of the policy");
for(PDPPolicy existingPolicy : currentPoliciesInGroup) {
- if (existingPolicy.getName().equals(policy.getName())){
- if (!existingPolicy.getId().equals(policy.getId())) {
- group.removePolicy(existingPolicy);
- LOGGER.info("Removing policy: " + existingPolicy);
- break;
- }
+ if (existingPolicy.getName().equals(policy.getName()) && !existingPolicy.getId().equals(policy.getId())){
+ group.removePolicy(existingPolicy);
+ LOGGER.info("Removing policy: " + existingPolicy);
+ break;
}
}
LOGGER.info("Calling updatGroup() with new group");
papEngine.updateGroup(group);
-
String policyId = "empty";
- if(policy!=null){
+ if(policy !=null && policy.getId() != null){
policyId = policy.getId();
}
+ if(!policyId.matches(REGEX) ){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "Policy Id is not valid");
+ return;
+ }
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
response.addHeader("operation", "push");
response.addHeader("policyId", policyId);
String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- response.addHeader("error","addGroupError");
+ response.addHeader("error",ADD_GROUP_ERROR);
response.addHeader("message", message);
return;
}
}
if (group == null) {
String message = "Unknown groupId '" + groupId + "'";
+ //for fixing Header Manipulation of Fortify issue
+ if(!message.matches(REGEX)){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "GroupId Id is not valid");
+ return;
+ }
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
if(apiflag!=null){
loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy");
+ LOGGER.info("PushPolicy Request From The API");
} else {
loggingContext.setServiceName("AC:PAP.postPolicy");
+ LOGGER.info("PushPolicy Request From The AC");
}
String policyId = request.getParameter("policyId");
} catch (Exception e) {
addPolicyToGroupTransaction.rollbackTransaction();
String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
+ //for fixing Header Manipulation of Fortify issue
+ if(!message.matches(REGEX)){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "Policy Id is not valid");
+ return;
+ }
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
return;
}
- // Get new transaction to perform updateGroup()
- PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
- try {
+ if(apiflag != null){
/*
* If request comes from the API we need to run the PolicyDBDao updateGroup() to notify other paps of the change.
* The GUI does this from the POLICY-SDK-APP code.
*/
- if(apiflag != null){
-
- // get the request content into a String
- String json = null;
- // read the inputStream into a buffer
+
+ // Get new transaction to perform updateGroup()
+ PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
+ try {
+ // get the request content into a String and read the inputStream into a buffer
java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
scanner.useDelimiter("\\A");
- json = scanner.hasNext() ? scanner.next() : "";
+ String json = scanner.hasNext() ? scanner.next() : "";
scanner.close();
- LOGGER.info("PushPolicy API request: " + json);
// convert Object sent as JSON into local object
ObjectMapper mapper = new ObjectMapper();
Object objectFromJSON = mapper.readValue(json, StdPDPPolicy.class);
StdPDPPolicy policy = (StdPDPPolicy) objectFromJSON;
+ LOGGER.info("Request JSON Payload: " + json);
+
// Assume that this is an update of an existing PDP Group
loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
try{
//delete temporary policy file from the bin directory
Files.deleteIfExists(Paths.get(policy.getId()));
-
+
+ } catch (Exception e) {
+ acPutTransaction.rollbackTransaction();
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception occurred when updating the group from API.";
+ LOGGER.error(message);
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", message);
+ return;
}
- } catch (Exception e) {
- acPutTransaction.rollbackTransaction();
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception occurred when updating the group from API.";
- LOGGER.error(message);
- setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
- response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- response.addHeader("error","addGroupError");
- response.addHeader("message", message);
- return;
}
-
-
// policy file copied ok and the Group was updated on the PDP
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
response.addHeader("operation", "push");
}
if (group == null) {
String message = "Unknown groupId '" + groupId + "'";
+ //for fixing Header Manipulation of Fortify issue
+ if(!message.matches(REGEX)){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "Group Id is not valid");
+ return;
+ }
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, pdpid="+pdpId+" object="+objectFromJSON);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input pdpid for object:"+objectFromJSON);
}
StdPDP pdp = (StdPDP) objectFromJSON;
if(pdp != null){
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, id="+group.getId() +" object="+objectFromJSON);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input id for object:"+objectFromJSON);
}
// The Path on the PAP side is not carried on the RESTful interface with the AC
// (because it is local to the PAP)
((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
}
try{
- acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
+ if("delete".equals(((StdPDPGroup)objectFromJSON).getOperation())){
+ acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doDelete");
+ } else {
+ acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
+ }
} catch(Exception e){
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: "
+"group="+group.getId());
public UpdatePDPThread(OnapPDP pdp, ONAPLoggingContext loggingContext) {
this.pdp = pdp;
- if (!(loggingContext == null)) {
- if (!(loggingContext.getRequestID() == null) || (loggingContext.getRequestID() == "")) {
+ if ((loggingContext != null) && (loggingContext.getRequestID() != null || loggingContext.getRequestID() == "")) {
this.requestId = loggingContext.getRequestID();
- }
}
this.loggingContext = loggingContext;
}
HttpURLConnection connection = null;
// get a new logging context for the thread
try {
- if (this.loggingContext.equals(null)) {
+ if (this.loggingContext == null) {
loggingContext = new ONAPLoggingContext(baseLoggingContext);
}
} catch (Exception e) {
Code Review / policy / engine.git / blobdiff