* ============LICENSE_START=======================================================
* ONAP-PAP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.Iterator;
import java.util.List;
import java.util.Properties;
+import java.util.Scanner;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.CopyOnWriteArrayList;
import org.onap.policy.common.im.AdministrativeStateException;
import org.onap.policy.common.im.ForwardProgressException;
import org.onap.policy.common.im.IntegrityMonitor;
+import org.onap.policy.common.im.IntegrityMonitorException;
import org.onap.policy.common.im.IntegrityMonitorProperties;
import org.onap.policy.common.im.StandbyStatusException;
import org.onap.policy.common.logging.ONAPLoggingContext;
import org.onap.policy.pap.xacml.restAuth.CheckPDP;
import org.onap.policy.rest.XACMLRest;
import org.onap.policy.rest.XACMLRestProperties;
+import org.onap.policy.rest.dao.PolicyDBException;
+import org.onap.policy.utils.CryptoUtils;
import org.onap.policy.utils.PolicyUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
import org.onap.policy.xacml.api.pap.OnapPDP;
import org.onap.policy.xacml.api.pap.OnapPDPGroup;
import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
-import org.onap.policy.xacml.std.pap.StdPAPPolicy;
import org.onap.policy.xacml.std.pap.StdPDP;
import org.onap.policy.xacml.std.pap.StdPDPGroup;
import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier.StdItemSetChangeListener;
private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
// Client Headers.
private static final String ENVIRONMENT_HEADER = "Environment";
+ private static final String ADD_GROUP_ERROR = "addGroupError";
+ private static final String PERSISTENCE_JDBC_PWD = "javax.persistence.jdbc.password";
+
+ private static final String REGEX = "[0-9a-zA-Z._ ]*";
+
/*
* List of Admin Console URLs.
* Used to send notifications when configuration changes.
* This thread may be invoked upon startup to initiate sending PDP policy/pip configuration when
* this servlet starts. Its configurable by the admin.
*/
- private transient static Thread initiateThread = null;
+ private static transient Thread initiateThread = null;
private transient ONAPLoggingContext baseLoggingContext = null;
/**
+ "\n papDbDriver = " + papDbDriver
+ "\n papDbUrl = " + papDbUrl
+ "\n papDbUser = " + papDbUser
- + "\n papDbPassword = " + papDbPassword
+ "\n papTransWait = " + papTransWait
+ "\n papTransTimeout = " + papTransTimeout
+ "\n papAuditTimeout = " + papAuditTimeout
throw new ServletException(e.getMessage(), e.getCause());
}
// Create an IntegrityMonitor
+ if(properties.getProperty(PERSISTENCE_JDBC_PWD) != null ){
+ properties.setProperty(PERSISTENCE_JDBC_PWD, CryptoUtils.decryptTxtNoExStr(properties.getProperty(PERSISTENCE_JDBC_PWD, "")));
+ }
im = IntegrityMonitor.getInstance(papResourceName,properties);
// Create an IntegrityAudit
ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
// The factory knows how to go about creating a PAP Engine
setPAPEngine((PAPPolicyEngine) factory.newEngine());
PolicyDBDaoTransaction addNewGroup = null;
- try{
- if(((org.onap.policy.xacml.std.pap.StdEngine)papEngine).wasDefaultGroupJustAdded){
- addNewGroup = policyDBDao.getNewTransaction();
- OnapPDPGroup group = papEngine.getDefaultGroup();
- addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(), "automaticallyAdded");
- addNewGroup.commitTransaction();
- addNewGroup = policyDBDao.getNewTransaction();
- addNewGroup.changeDefaultGroup(group, "automaticallyAdded");
- addNewGroup.commitTransaction();
- }
- } catch(Exception e){
- PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet", " Error creating new default group in the database");
- if(addNewGroup != null){
- addNewGroup.rollbackTransaction();
- }
- }
+ if (((org.onap.policy.xacml.std.pap.StdEngine) papEngine).wasDefaultGroupJustAdded) {
+ try {
+ addNewGroup = policyDBDao.getNewTransaction();
+ OnapPDPGroup group = papEngine.getDefaultGroup();
+ addNewGroup.createGroup(group.getId(), group.getName(), group.getDescription(),
+ "automaticallyAdded");
+ addNewGroup.commitTransaction();
+ addNewGroup = policyDBDao.getNewTransaction();
+ addNewGroup.changeDefaultGroup(group, "automaticallyAdded");
+ addNewGroup.commitTransaction();
+ } catch (Exception e) {
+ PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "XACMLPapServlet",
+ " Error creating new default group in the database");
+ if (addNewGroup != null) {
+ addNewGroup.rollbackTransaction();
+ }
+ }
+ }
policyDBDao.setPapEngine((PAPPolicyEngine) XACMLPapServlet.papEngine);
if (Boolean.parseBoolean(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_RUN_AUDIT_FLAG))){
+ /*
+ * Auditing the local File System groups to be in sync with the Database
+ */
+
//get an AuditTransaction to lock out all other transactions
PolicyDBDaoTransaction auditTrans = policyDBDao.getNewAuditTransaction();
- policyDBDao.auditLocalDatabase(XACMLPapServlet.papEngine);
+
+ LOGGER.info("PapServlet: calling auditLocalFileSystem for PDP group audit");
+ LOGGER.info("PapServlet: old group is " + papEngine.getDefaultGroup().toString());
+ //get the current filesystem group and update from the database if needed
+ StdPDPGroup group = (StdPDPGroup) papEngine.getDefaultGroup();
+ StdPDPGroup updatedGroup = policyDBDao.auditLocalFileSystem(group);
+ if(updatedGroup!=null) {
+ papEngine.updateGroup(updatedGroup);
+ }
+ LOGGER.info("PapServlet: updated group is " + papEngine.getDefaultGroup().toString());
+
//release the transaction lock
auditTrans.close();
}
initiateThread.start();
}
+ private static void mapperWriteValue(ObjectMapper mapper, HttpServletResponse response, Object value) {
+ try {
+ mapper.writeValue(response.getOutputStream(), value);
+ } catch (Exception e) {
+ LOGGER.error(e);
+ }
+ }
+
private static void startHeartBeatService(Heartbeat heartbeat) {
XACMLPapServlet.heartbeat = heartbeat;
XACMLPapServlet.heartbeatThread = new Thread(XACMLPapServlet.heartbeat);
throw new PAPException("papDbUser is null");
}
setPapDbUser(papDbUser);
- papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD);
+ papDbPassword = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD, ""));
if(papDbPassword == null){
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
throw new PAPException("papDbPassword is null");
PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPost)");
}
PolicyDBDaoTransaction pdpTransaction = null;
+ loggingContext.metricStarted();
try {
im.startTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
} catch (AdministrativeStateException ae){
String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
+ " state of " + im.getStateManager().getAdminState()
- + "\n Exception Message: " + ae.getMessage();
+ + "\n Exception Message: " + PolicyUtils.CATCH_EXCEPTION;
LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae);
- loggingContext.transactionEnded();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
+ loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
+ " of " + im.getStateManager().getStandbyStatus()
+ "\n Exception Message: " + se.getMessage();
LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, se);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ return;
+ } catch (IntegrityMonitorException e) {
+ String message = "POST interface called for PAP " + papResourceName + " but an exception occurred"
+ + "\n Exception Message: " + e.getMessage();
+ LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, e);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
}
try {
+ loggingContext.metricStarted();
XACMLRest.dumpRequest(request);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost dumpRequest");
// since getParameter reads the content string, explicitly get the content before doing that.
// Simply getting the inputStream seems to protect it against being consumed by getParameter.
request.getInputStream();
PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
+ setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
im.endTransaction();
return;
}
}
+ loggingContext.metricStarted();
doACPost(request, response, groupId, loggingContext);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost doACPost");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
try {
pdpTransaction.addPdpToGroup(id, XACMLPapServlet.papEngine.getDefaultGroup().getId(), id, "Registered on first startup", Integer.parseInt(jmxport), "PDP autoregister");
XACMLPapServlet.papEngine.newPDP(id, XACMLPapServlet.papEngine.getDefaultGroup(), id, "Registered on first startup", Integer.parseInt(jmxport));
- } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException e) {
+ } catch (NullPointerException | PAPException | IllegalArgumentException | IllegalStateException | PersistenceException | PolicyDBException e) {
pdpTransaction.rollbackTransaction();
String message = "Failed to create new PDP for id: " + id;
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
im.endTransaction();
return;
}
// get the PDP we just created
- pdp = XACMLPapServlet.papEngine.getPDP(id);
+ try{
+ pdp = XACMLPapServlet.papEngine.getPDP(id);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
if (pdp == null) {
if(pdpTransaction != null){
pdpTransaction.rollbackTransaction();
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
im.endTransaction();
return;
}
} else {
String message = "PDP is Unauthorized to Connect to PAP: "+ id;
- PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
loggingContext.transactionEnded();
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration.");
+ PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
+ setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not Authorized to connect to this PAP. Please contact the PAP Admin for registration.");
PolicyLogger.audit("Transaction Failed - See Error.log");
im.endTransaction();
return;
}
try{
+ loggingContext.metricStarted();
pdpTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost commitTransaction");
} catch(Exception e){
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Could not commit transaction to put pdp in the database");
}
}
if (jmxport != null && jmxport != ""){
- ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport));
+ try{
+ ((StdPDP) pdp).setJmxPort(Integer.valueOf(jmxport));
+ }catch(NumberFormatException e){
+ LOGGER.error(e);
+ }
}
// Get the PDP's Group
- OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
+ OnapPDPGroup group =null;
+ try{
+ group= XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
if (group == null) {
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " PDP not associated with any group, even the default");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "PDP not associated with any group, even the default");
+ setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, "PDP not associated with any group, even the default");
im.endTransaction();
return;
}
Properties pipconfig = group.getPipConfigProperties();
// Get the current policy/pip configuration that the PDP has
Properties pdpProperties = new Properties();
- pdpProperties.load(request.getInputStream());
+ try{
+ pdpProperties.load(request.getInputStream());
+ }catch(IOException e){
+ LOGGER.error(e);
+ }
LOGGER.info("PDP Current Properties: " + pdpProperties.toString());
LOGGER.info("Policies: " + (policies != null ? policies.toString() : "null"));
LOGGER.info("Pip config: " + (pipconfig != null ? pipconfig.toString() : "null"));
// retrieve them.
this.populatePolicyURL(request.getRequestURL(), policies);
// Copy the properties to the output stream
- policies.store(response.getOutputStream(), "");
+ try{
+ policies.store(response.getOutputStream(), "");
+ }catch(IOException e){
+ LOGGER.error(e);
+ }
}
if (pipconfig != null) {
// Copy the properties to the output stream
- pipconfig.store(response.getOutputStream(), "");
+ try{
+ pipconfig.store(response.getOutputStream(), "");
+ }catch(IOException e){
+ LOGGER.error(e);
+ }
}
// We are good - and we are sending them information
response.setStatus(HttpServletResponse.SC_OK);
- setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
+ try{
+ setPDPSummaryStatus(pdp, PDPStatus.Status.OUT_OF_SYNCH);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
} else {
// Tell them they are good
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
- setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
+ try{
+ setPDPSummaryStatus(pdp, PDPStatus.Status.UP_TO_DATE);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
}
// tell the AC that something changed
+ loggingContext.metricStarted();
notifyAC();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost notifyAC");
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
- } catch (PAPException e) {
+ } catch (PAPException | IOException | NumberFormatException e) {
if(pdpTransaction != null){
pdpTransaction.rollbackTransaction();
}
LOGGER.debug(XACMLErrorConstants.ERROR_PROCESS_FLOW + "POST exception: " + e, e);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, e.getMessage());
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
im.endTransaction();
return;
}
private void setResponseError(HttpServletResponse response,int responseCode, String message) {
try {
- response.sendError(responseCode, message);
+ if(message != null && !message.isEmpty()){
+ response.sendError(responseCode, message);
+ }
} catch (IOException e) {
LOGGER.error("Error setting Error response Header ", e);
}
PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doGet)");
}
try {
+ loggingContext.metricStarted();
XACMLRest.dumpRequest(request);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doGet dumpRequest");
String pathInfo = request.getRequestURI();
LOGGER.info("path info: " + pathInfo);
if (pathInfo != null){
//DO NOT do a im.startTransaction for the test request
if (pathInfo.equals("/pap/test")) {
- testService(loggingContext, response);
+ try {
+ testService(loggingContext, response);
+ } catch (IOException e) {
+ LOGGER.debug(e);
+ }
return;
}
}
//This im.startTransaction() covers all other Get transactions
try {
+ loggingContext.metricStarted();
im.startTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doGet im startTransaction");
} catch (AdministrativeStateException ae){
String message = "GET interface called for PAP " + papResourceName + " but it has an Administrative"
+ " state of " + im.getStateManager().getAdminState()
+ "\n Exception Message: " + ae.getMessage();
- LOGGER.info(message);
+ LOGGER.info(message, ae);
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
}catch (StandbyStatusException se) {
String message = "GET interface called for PAP " + papResourceName + " but it has a Standby Status"
+ " of " + im.getStateManager().getStandbyStatus()
+ "\n Exception Message: " + se.getMessage();
- LOGGER.info(message);
+ LOGGER.info(message, se);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ return;
+ } catch (IntegrityMonitorException e) {
+ String message = "GET interface called for PAP " + papResourceName + " but an exception occurred"
+ + "\n Exception Message: " + e.getMessage();
+ LOGGER.info(message, e);
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
}
// Request from the API to get the gitPath
if (apiflag!=null) {
if(authorizeRequest(request)){
APIRequestHandler apiRequestHandler = new APIRequestHandler();
- apiRequestHandler.doGet(request,response, apiflag);
+ try{
+ loggingContext.metricStarted();
+ apiRequestHandler.doGet(request,response, apiflag);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doGet apiRequestHandler doGet");
+ }catch(IOException e){
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
+ setResponseError(response, HttpServletResponse.SC_FORBIDDEN, message);
im.endTransaction();
return;
}
String groupId = request.getParameter("groupId");
if (groupId != null) {
// this is from the Admin Console, so handle separately
- doACGet(request, response, groupId, loggingContext);
+ try{
+ loggingContext.metricStarted();
+ doACGet(request, response, groupId, loggingContext);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doGet doACGet");
+ } catch(IOException e){
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
String id = this.getPDPID(request);
LOGGER.info("doGet from: " + id);
// Get the PDP Object
- OnapPDP pdp = XACMLPapServlet.papEngine.getPDP(id);
+ OnapPDP pdp = null;
+ try{
+ pdp = XACMLPapServlet.papEngine.getPDP(id);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
// Is it known?
if (pdp == null) {
// Check if request came from localhost
if (request.getRemoteHost().equals("localhost") ||
- request.getRemoteHost().equals("127.0.0.1") ||
request.getRemoteHost().equals(request.getLocalAddr())) {
// Return status information - basically all the groups
loggingContext.setServiceName("PAP.getGroups");
Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
// convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), groups);
+ mapperWriteValue(new ObjectMapper(), response, groups);
response.setHeader("content-type", "application/json");
response.setStatus(HttpServletResponse.SC_OK);
loggingContext.transactionEnded();
PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED, message);
+ setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
im.endTransaction();
return;
}
loggingContext.setServiceName("PAP.getPolicy");
// Get the PDP's Group
- OnapPDPGroup group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
+ OnapPDPGroup group = null;
+ try {
+ group = XACMLPapServlet.papEngine.getPDPGroup((OnapPDP) pdp);
+ } catch (PAPException e) {
+ LOGGER.error(e);
+ }
if (group == null) {
String message = "No group associated with pdp " + pdp.getId();
LOGGER.warn(XACMLErrorConstants.ERROR_PERMISSIONS + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED, message);
+ setResponseError(response, HttpServletResponse.SC_UNAUTHORIZED, message);
im.endTransaction();
return;
}
LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
+ setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
im.endTransaction();
return;
}
LOGGER.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
+ setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
im.endTransaction();
return;
}
- LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n "
- + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString());
+ try{
+ LOGGER.warn("PolicyDebugging: Policy Validity: " + policy.isValid() + "\n "
+ + "Policy Name : " + policy.getName() + "\n Policy URI: " + policy.getLocation().toString());
+ } catch (PAPException| IOException e){
+ LOGGER.error(e);
+ }
try (InputStream is = new FileInputStream(((StdPDPGroup)group).getDirectory().toString()+File.separator+policyId); OutputStream os = response.getOutputStream()) {
// Send the policy back
IOUtils.copy(is, os);
PolicyLogger.audit("Transaction Ended Successfully");
} catch (IOException e) {
String message = "Failed to open policy id " + policyId;
+ LOGGER.debug(e);
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
+ setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
}
} catch (PAPException e) {
+ LOGGER.debug(e);
PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " GET exception");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, e.getMessage());
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
im.endTransaction();
return;
}
PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doPut)");
}
try {
+ loggingContext.metricStarted();
im.startTransaction();
- } catch (AdministrativeStateException ae){
- String message = "PUT interface called for PAP " + papResourceName + " but it has an Administrative"
- + " state of " + im.getStateManager().getAdminState()
- + "\n Exception Message: " + ae.getMessage();
- LOGGER.info(message +ae);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
- }catch (StandbyStatusException se) {
- String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
- + " of " + im.getStateManager().getStandbyStatus()
- + "\n Exception Message: " + se.getMessage();
- LOGGER.info(message +se);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction");
+ } catch (IntegrityMonitorException e) {
+ String message = "PUT interface called for PAP " + papResourceName;
+ if (e instanceof AdministrativeStateException) {
+ message += " but it has an Administrative state of "
+ + im.getStateManager().getAdminState();
+ } else if (e instanceof StandbyStatusException) {
+ message += " but it has a Standby Status of "
+ + im.getStateManager().getStandbyStatus();
+ } else {
+ message += " but an exception occurred";
+
+ }
+ message += "\n Exception Message: " + e.getMessage();
+
+ LOGGER.info(message, e);
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
}
+
+ loggingContext.metricStarted();
XACMLRest.dumpRequest(request);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPut dumpRequest");
//need to check if request is from the API or Admin console
String apiflag = request.getParameter("apiflag");
//This would occur if a PolicyDBDao notification was received
String policyDBDaoRequestUrl = request.getParameter("policydbdaourl");
if(policyDBDaoRequestUrl != null){
+ LOGGER.info("XACMLPapServlet: PolicyDBDao Notification received." );
String policyDBDaoRequestEntityId = request.getParameter("entityid");
- //String policyDBDaoRequestEntityType = request.getParameter("entitytype");
String policyDBDaoRequestEntityType = request.getParameter("entitytype");
String policyDBDaoRequestExtraData = request.getParameter("extradata");
if(policyDBDaoRequestEntityId == null || policyDBDaoRequestEntityType == null){
- response.sendError(400, "entityid or entitytype not supplied");
+ setResponseError(response,400, "entityid or entitytype not supplied");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
return;
}
- policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
+ loggingContext.metricStarted();
+ LOGGER.info("XACMLPapServlet: Calling PolicyDBDao to handlIncomingHttpNotification");
+ policyDBDao.handleIncomingHttpNotification(policyDBDaoRequestUrl,policyDBDaoRequestEntityId,policyDBDaoRequestEntityType,policyDBDaoRequestExtraData,this);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPut handle incoming http notification");
response.setStatus(200);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
if (importService != null) {
if(authorizeRequest(request)){
APIRequestHandler apiRequestHandler = new APIRequestHandler();
- apiRequestHandler.doPut(request, response, importService);
+ try{
+ loggingContext.metricStarted();
+ apiRequestHandler.doPut(request, response, importService);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPut apiRequestHandler doPut");
+ }catch(IOException e){
+ LOGGER.error(e);
+ }
im.endTransaction();
return;
} else {
LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + message );
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
+ setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
return;
}
}
} catch(UnsupportedEncodingException e){
PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
+ "\npolicyToCreateUpdate = " + " ");
- response.sendError(500,"policyToCreateUpdate encoding not supported"
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToCreateUpdate encoding not supported"
+ "\nfailure with the following exception: " + e);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See error.log");
renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
}catch(Exception e){
renameTransaction.rollbackTransaction();
- response.sendError(500,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
+ "\nfailure with the following exception: " + e);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See error.log");
im.endTransaction();
return;
}
+ loggingContext.metricStarted();
renameTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet goPut commitTransaction");
response.setStatus(HttpServletResponse.SC_OK);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
+ setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
return;
}
if(apiflag.equalsIgnoreCase("addPolicyToGroup")){
- updateGroupsFromAPI(request, response, groupId, loggingContext);
+ try{
+ updateGroupsFromAPI(request, response, groupId, loggingContext);
+ }catch(IOException e){
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
}
}
// this is from the Admin Console, so handle separately
- doACPut(request, response, groupId, loggingContext);
+ try {
+ loggingContext.metricEnded();
+ doACPut(request, response, groupId, loggingContext);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet goPut doACPut");
+ } catch (IOException e) {
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
if (apiflag != null && apiflag.equalsIgnoreCase("admin")){
// this request is from the Admin Console
SavePolicyHandler savePolicyHandler = SavePolicyHandler.getInstance();
- savePolicyHandler.doPolicyAPIPut(request, response);
+ try{
+ loggingContext.metricStarted();
+ savePolicyHandler.doPolicyAPIPut(request, response);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet goPut savePolicyHandler");
+ } catch (IOException e) {
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
// this request is from the Policy Creation API
if(authorizeRequest(request)){
APIRequestHandler apiRequestHandler = new APIRequestHandler();
- apiRequestHandler.doPut(request, response, request.getHeader("ClientScope"));
+ try{
+ loggingContext.metricStarted();
+ apiRequestHandler.doPut(request, response, request.getHeader("ClientScope"));
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet goPut apiRequestHandler doPut");
+ } catch (IOException e) {
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
+ setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
im.endTransaction();
return;
}
LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Request does not have groupId or apiflag");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
+ setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId or apiflag");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See error.log");
im.endTransaction();
PolicyLogger.info("requestID was provided in call to XACMLPapSrvlet (doDelete)");
}
try {
+ loggingContext.metricStarted();
im.startTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doDelete im startTransaction");
} catch (AdministrativeStateException ae){
String message = "DELETE interface called for PAP " + papResourceName + " but it has an Administrative"
+ " state of " + im.getStateManager().getAdminState()
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
}catch (StandbyStatusException se) {
String message = "PUT interface called for PAP " + papResourceName + " but it has a Standby Status"
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ return;
+ } catch (IntegrityMonitorException e) {
+ String message = "PUT interface called for PAP " + papResourceName + " but an exception occurred"
+ + "\n Exception Message: " + e.getMessage();
+ LOGGER.info(message, e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
}
+ loggingContext.metricStarted();
XACMLRest.dumpRequest(request);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doDelete dumpRequest");
String groupId = request.getParameter("groupId");
String apiflag = request.getParameter("apiflag");
if (groupId != null) {
PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, message);
+ setResponseError(response,HttpServletResponse.SC_FORBIDDEN, message);
return;
}
APIRequestHandler apiRequestHandler = new APIRequestHandler();
try {
+ loggingContext.metricStarted();
apiRequestHandler.doDelete(request, response, loggingContext, apiflag);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doDelete apiRequestHandler doDelete");
} catch (Exception e) {
LOGGER.error("Exception Occured"+e);
}
if(apiRequestHandler.getNewGroup()!=null){
- groupChanged(apiRequestHandler.getNewGroup());
+ groupChanged(apiRequestHandler.getNewGroup(), loggingContext);
}
return;
}
// this is from the Admin Console, so handle separately
- doACDelete(request, response, groupId, loggingContext);
+ try{
+ loggingContext.metricStarted();
+ doACDelete(request, response, groupId, loggingContext);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doDelete doACDelete");
+ } catch (IOException e) {
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Request does not have groupId");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
+ setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "Request does not have groupId");
im.endTransaction();
}
*/
public void updateGroupsFromAPI(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
+ PolicyLogger.audit("PolicyDBDaoTransaction started for updateGroupsFromAPI");
try {
// for PUT operations the group may or may not need to exist before the operation can be done
StdPDPGroup group = (StdPDPGroup) papEngine.getGroup(groupId);
+
// get the request input stream content into a String
String json = null;
java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
scanner.useDelimiter("\\A");
json = scanner.hasNext() ? scanner.next() : "";
scanner.close();
- PolicyLogger.info("JSON request from PolicyEngine API: " + json);
+
+ PolicyLogger.info("pushPolicy request from API: " + json);
+
// convert Object sent as JSON into local object
StdPDPPolicy policy = PolicyUtils.jsonStringToObject(json, StdPDPPolicy.class);
- Set<PDPPolicy> policies = new HashSet<>();
- if(policy!=null){
- policies.add(policy);
- }
+
//Get the current policies from the Group and Add the new one
Set<PDPPolicy> currentPoliciesInGroup = new HashSet<>();
currentPoliciesInGroup = group.getPolicies();
- //If the selected policy is in the group we must remove it because the name is default
- Iterator<PDPPolicy> policyIterator = policies.iterator();
- LOGGER.debug("policyIterator....." + policies);
- while (policyIterator.hasNext()) {
- PDPPolicy selPolicy = policyIterator.next();
- for (PDPPolicy existingPolicy : currentPoliciesInGroup) {
- if (existingPolicy.getId().equals(selPolicy.getId())) {
- group.removePolicyFromGroup(existingPolicy);
- LOGGER.debug("Removing policy: " + existingPolicy);
- break;
- }
- }
- }
- //Update the PDP Group after removing old version of policy
- Set<PDPPolicy> updatedPoliciesInGroup = new HashSet<>();
- updatedPoliciesInGroup = group.getPolicies();
- //need to remove the policy with default name from group
- for (PDPPolicy updatedPolicy : currentPoliciesInGroup) {
- if (updatedPolicy.getName().equalsIgnoreCase("default")) {
- group.removePolicyFromGroup(updatedPolicy);
+ //If the selected policy is in the group we must remove the old version of it
+ LOGGER.info("Removing old version of the policy");
+ for(PDPPolicy existingPolicy : currentPoliciesInGroup) {
+ if (existingPolicy.getName().equals(policy.getName()) && !existingPolicy.getId().equals(policy.getId())){
+ group.removePolicy(existingPolicy);
+ LOGGER.info("Removing policy: " + existingPolicy);
break;
}
}
- if(updatedPoliciesInGroup!=null){
- policies.addAll(updatedPoliciesInGroup);
- }
- group.setPolicies(policies);
+
// Assume that this is an update of an existing PDP Group
loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
try{
+"group="+group.getId());
throw new PAPException(e.getMessage());
}
+
+ LOGGER.info("Calling updatGroup() with new group");
papEngine.updateGroup(group);
String policyId = "empty";
- if(policy!=null){
+ if(policy !=null && policy.getId() != null){
policyId = policy.getId();
}
+ if(!policyId.matches(REGEX) ){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "Policy Id is not valid");
+ return;
+ }
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
response.addHeader("operation", "push");
response.addHeader("policyId", policyId);
response.addHeader("groupId", groupId);
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("Group '" + group.getId() + "' updated");
- }
+
+ LOGGER.info("Group '" + group.getId() + "' updated");
+
+ loggingContext.metricStarted();
acPutTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction");
+ loggingContext.metricStarted();
notifyAC();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC");
+
// Group changed, which might include changing the policies
- groupChanged(group);
+ groupChanged(group, loggingContext);
loggingContext.transactionEnded();
- auditLogger.info("Success");
+ LOGGER.info("Success");
if (policy != null && ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
- response.sendError(500, e.getMessage());
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- response.addHeader("error","addGroupError");
+ response.addHeader("error",ADD_GROUP_ERROR);
response.addHeader("message", message);
return;
}
if (groupName != null && groupDescription != null) {
// Args: group=<groupId> groupName=<name> groupDescription=<description> <= create a new group
loggingContext.setServiceName("AC:PAP.createGroup");
- String unescapedName = URLDecoder.decode(groupName, "UTF-8");
- String unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8");
+ String unescapedName = null;
+ String unescapedDescription = null;
+ try{
+ unescapedName = URLDecoder.decode(groupName, "UTF-8");
+ unescapedDescription = URLDecoder.decode(groupDescription, "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ LOGGER.error(e);
+ }
PolicyDBDaoTransaction newGroupTransaction = policyDBDao.getNewTransaction();
try {
newGroupTransaction.createGroup(PolicyDBDao.createNewPDPGroupId(unescapedName), unescapedName, unescapedDescription,"XACMLPapServlet.doACPost");
papEngine.newGroup(unescapedName, unescapedDescription);
+ loggingContext.metricStarted();
newGroupTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
} catch (Exception e) {
newGroupTransaction.rollbackTransaction();
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to create new group");
loggingContext.transactionEnded();
-
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, "Unable to create new group '" + groupId + "'");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to create new group '" + groupId + "'");
return;
}
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
LOGGER.debug("New Group '" + groupId + "' created");
}
// tell the Admin Consoles there is a change
+ loggingContext.metricStarted();
notifyAC();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
// new group by definition has no PDPs, so no need to notify them of changes
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
return;
}
// for all remaining POST operations the group must exist before the operation can be done
- OnapPDPGroup group = papEngine.getGroup(groupId);
+ OnapPDPGroup group = null;
+ try{
+ group = papEngine.getGroup(groupId);
+ } catch (PAPException e){
+ LOGGER.error(e);
+ }
if (group == null) {
String message = "Unknown groupId '" + groupId + "'";
+ //for fixing Header Manipulation of Fortify issue
+ if(!message.matches(REGEX)){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "GroupId Id is not valid");
+ return;
+ }
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
response.addHeader("message", message);
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
} else {
- response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
+ setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
}
return;
}
- // determine the operation needed based on the parameters in the request
+
+ // If the request contains a policyId then we know we are pushing the policy to PDP
if (request.getParameter("policyId") != null) {
- // Args: group=<groupId> policy=<policyId> <= copy file
- // copy a policy from the request contents into a file in the group's directory on this machine
+
if(apiflag!=null){
loggingContext.setServiceName("PolicyEngineAPI:PAP.postPolicy");
+ LOGGER.info("PushPolicy Request From The API");
} else {
loggingContext.setServiceName("AC:PAP.postPolicy");
+ LOGGER.info("PushPolicy Request From The AC");
}
+
String policyId = request.getParameter("policyId");
PolicyDBDaoTransaction addPolicyToGroupTransaction = policyDBDao.getNewTransaction();
+ StdPDPGroup updatedGroup = null;
try {
- InputStream is = null;
- File temp= null;
- if (apiflag != null){
- // get the request content into a String if the request is from API
- String json = null;
- // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
- java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
- scanner.useDelimiter("\\A");
- json = scanner.hasNext() ? scanner.next() : "";
- scanner.close();
- LOGGER.info("JSON request from API: " + json);
- // convert Object sent as JSON into local object
- ObjectMapper mapper = new ObjectMapper();
- Object objectFromJSON = mapper.readValue(json, StdPAPPolicy.class);
- StdPAPPolicy policy = (StdPAPPolicy) objectFromJSON;
- temp = new File(policy.getLocation());
- is = new FileInputStream(temp);
- } else {
- is = request.getInputStream();
- }
- addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost");
- if (apiflag != null){
- ((StdPDPGroup) group).copyPolicyToFile(policyId,"API", is);
- } else {
- String name = null;
- if (policyId.endsWith(".xml")) {
- name = policyId.replace(".xml", "");
- name = name.substring(0, name.lastIndexOf("."));
- }
- ((StdPDPGroup) group).copyPolicyToFile(policyId, name, is);
- }
- if(is!=null && temp!=null){
- is.close();
- temp.delete();
- }
+ //Copying the policy to the file system and updating groups in database
+ LOGGER.info("PapServlet: calling PolicyDBDao.addPolicyToGroup()");
+ updatedGroup = addPolicyToGroupTransaction.addPolicyToGroup(group.getId(), policyId,"XACMLPapServlet.doACPost");
+ loggingContext.metricStarted();
addPolicyToGroupTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
+ LOGGER.info("PapServlet: addPolicyToGroup() succeeded, transaction was committed");
+
} catch (Exception e) {
addPolicyToGroupTransaction.rollbackTransaction();
String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
+ //for fixing Header Manipulation of Fortify issue
+ if(!message.matches(REGEX)){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "Policy Id is not valid");
+ return;
+ }
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
response.addHeader("message", message);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} else {
- response.sendError(500, message);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
}
return;
}
+
+ if(apiflag != null){
+ /*
+ * If request comes from the API we need to run the PolicyDBDao updateGroup() to notify other paps of the change.
+ * The GUI does this from the POLICY-SDK-APP code.
+ */
+
+ // Get new transaction to perform updateGroup()
+ PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
+ try {
+ // get the request content into a String and read the inputStream into a buffer
+ java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
+ scanner.useDelimiter("\\A");
+ String json = scanner.hasNext() ? scanner.next() : "";
+ scanner.close();
+
+ // convert Object sent as JSON into local object
+ ObjectMapper mapper = new ObjectMapper();
+ Object objectFromJSON = mapper.readValue(json, StdPDPPolicy.class);
+ StdPDPPolicy policy = (StdPDPPolicy) objectFromJSON;
+
+ LOGGER.info("Request JSON Payload: " + json);
+
+ // Assume that this is an update of an existing PDP Group
+ loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup");
+ try{
+ acPutTransaction.updateGroup(updatedGroup, "XACMLPapServlet.doACPut");
+ } catch(Exception e){
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error occurred when notifying PAPs of a group change: "
+ + e);
+ throw new PAPException(e.getMessage());
+ }
+
+ LOGGER.info("Calling updatGroup() with new group");
+ papEngine.updateGroup(updatedGroup);
+
+ LOGGER.info("Group '" + updatedGroup.getId() + "' updated");
+
+ // Commit transaction to send notification to other PAPs
+ loggingContext.metricStarted();
+ acPutTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI commitTransaction");
+ loggingContext.metricStarted();
+
+ notifyAC();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet updateGroupsFromAPI notifyAC");
+
+ // Group changed to send notification to PDPs, which might include changing the policies
+ groupChanged(updatedGroup,loggingContext);
+ loggingContext.transactionEnded();
+ LOGGER.info("Success");
+
+ if (policy != null && ((policy.getName().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param")))) {
+ PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance();
+ if (pushPolicyHandler.preSafetyCheck(policy, configHome)) {
+ LOGGER.debug("Precheck Successful.");
+ }
+ }
+
+ //delete temporary policy file from the bin directory
+ Files.deleteIfExists(Paths.get(policy.getId()));
+
+ } catch (Exception e) {
+ acPutTransaction.rollbackTransaction();
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " API PUT exception");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception occurred when updating the group from API.";
+ LOGGER.error(message);
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", message);
+ return;
+ }
+ }
+
// policy file copied ok and the Group was updated on the PDP
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
response.addHeader("operation", "push");
response.addHeader("policyId", policyId);
response.addHeader("groupId", groupId);
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("policy '" + policyId + "' copied to directory for group '" + groupId + "'");
- }
+
+ LOGGER.info("policy '" + policyId + "' copied to directory for group '" + groupId + "'");
loggingContext.transactionEnded();
auditLogger.info("Success");
- PolicyLogger.audit("Transaction Ended Successfully");
+ LOGGER.info("Transaction Ended Successfully");
+
return;
} else if (request.getParameter("default") != null) {
// Args: group=<groupId> default=true <= make default
PolicyDBDaoTransaction setDefaultGroupTransaction = policyDBDao.getNewTransaction();
try {
setDefaultGroupTransaction.changeDefaultGroup(group, "XACMLPapServlet.doACPost");
- papEngine.SetDefaultGroup(group);
+ papEngine.setDefaultGroup(group);
+ loggingContext.metricStarted();
setDefaultGroupTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
} catch (Exception e) {
setDefaultGroupTransaction.rollbackTransaction();
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Unable to set group");
loggingContext.transactionEnded();
-
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, "Unable to set group '" + groupId + "' to default");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to set group '" + groupId + "' to default");
return;
}
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
// Notify the Admin Consoles that something changed
// For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
//TODO - Future: FIGURE OUT WHAT LEVEL TO NOTIFY: 2 groups or entire set - currently notify AC to update whole configuration of all groups
+ loggingContext.metricStarted();
notifyAC();
// This does not affect any PDPs in the existing groups, so no need to notify them of this change
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
loggingContext.transactionEnded();
auditLogger.info("Success");
- PolicyLogger.audit("Transaction Ended Successfully");
+ LOGGER.info("Transaction Ended Successfully");
return;
} else if (request.getParameter("pdpId") != null) {
doACPostTransaction = policyDBDao.getNewTransaction();
((StdPDPGroup)group).resetStatus();
// Notify the Admin Consoles that something changed
// For now the AC cannot handle anything more detailed than the whole set of PDPGroups, so just notify on that
+ loggingContext.metricStarted();
notifyAC();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPost notifyAC");
// Need to notify the PDP that it's config may have changed
- pdpChanged(pdp);
+ pdpChanged(pdp, loggingContext);
+ loggingContext.metricStarted();
doACPostTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPost commitTransaction");
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC POST exception");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, e.getMessage());
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
return;
}
}
* @throws ServletException
* @throws IOException
*/
- private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
+ private void doACGet(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
try {
String parameterDefault = request.getParameter("default");
String pdpId = request.getParameter("pdpId");
loggingContext.setServiceName("AC:PAP.getDefaultGroup");
OnapPDPGroup group = papEngine.getDefaultGroup();
// convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), group);
+ mapperWriteValue(new ObjectMapper(), response, group);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("GET Default group req from '" + request.getRequestURL() + "'");
}
response.setStatus(HttpServletResponse.SC_OK);
response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
+ try{
+ response.getOutputStream().close();
+ } catch (IOException e){
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
if (pdpGroup == null) {
// Request is for the (unspecified) group containing a given PDP
loggingContext.setServiceName("AC:PAP.getPDP");
- OnapPDP pdp = papEngine.getPDP(pdpId);
+ OnapPDP pdp = null;
+ try{
+ pdp = papEngine.getPDP(pdpId);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
// convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), pdp);
+ mapperWriteValue(new ObjectMapper(), response, pdp);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("GET pdp '" + pdpId + "' req from '" + request.getRequestURL() + "'");
}
response.setStatus(HttpServletResponse.SC_OK);
response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
+ try{
+ response.getOutputStream().close();
+ } catch (IOException e){
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
} else {
// Request is for the group containing a given PDP
loggingContext.setServiceName("AC:PAP.getGroupForPDP");
- OnapPDP pdp = papEngine.getPDP(pdpId);
- OnapPDPGroup group = papEngine.getPDPGroup((OnapPDP) pdp);
+ OnapPDPGroup group =null;
+ try{
+ OnapPDP pdp = papEngine.getPDP(pdpId);
+ group = papEngine.getPDPGroup((OnapPDP) pdp);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
// convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), group);
+ mapperWriteValue(new ObjectMapper(), response, group);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("GET PDP '" + pdpId + "' Group req from '" + request.getRequestURL() + "'");
}
response.setStatus(HttpServletResponse.SC_OK);
response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
+ try{
+ response.getOutputStream().close();
+ } catch (IOException e){
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
loggingContext.setServiceName("AC:PAP.getAllGroups");
Set<OnapPDPGroup> groups = papEngine.getOnapPDPGroups();
// convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), groups);
+ mapperWriteValue(new ObjectMapper(), response, groups);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("GET All groups req");
}
response.setStatus(HttpServletResponse.SC_OK);
response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
+ try{
+ response.getOutputStream().close();
+ } catch (IOException e){
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
}
}
// for all other GET operations the group must exist before the operation can be done
- OnapPDPGroup group = papEngine.getGroup(groupId);
+ OnapPDPGroup group = null;
+ try{
+ group = papEngine.getGroup(groupId);
+ } catch(PAPException e){
+ LOGGER.error(e);
+ }
if (group == null) {
String message = "Unknown groupId '" + groupId + "'";
+ //for fixing Header Manipulation of Fortify issue
+ if(!message.matches(REGEX)){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "Group Id is not valid");
+ return;
+ }
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
loggingContext.transactionEnded();
-
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
+ setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
return;
}
// Figure out which request this is based on the parameters
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " GET Policy not implemented");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
+ setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "GET Policy not implemented");
} else {
// No other parameters, so return the identified Group
loggingContext.setServiceName("AC:PAP.getGroup");
// convert response object to JSON and include in the response
- ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(response.getOutputStream(), group);
+ mapperWriteValue(new ObjectMapper(), response, group);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("GET group '" + group.getId() + "' req from '" + request.getRequestURL() + "'");
}
response.setStatus(HttpServletResponse.SC_OK);
response.setHeader("content-type", "application/json");
- response.getOutputStream().close();
+ try{
+ response.getOutputStream().close();
+ } catch (IOException e){
+ LOGGER.error(e);
+ }
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " UNIMPLEMENTED ");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
+ setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
} catch (PAPException e) {
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC Get exception");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, e.getMessage());
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
return;
}
}
* @throws ServletException
* @throws IOException
*/
- private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
+ private void doACPut(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
PolicyDBDaoTransaction acPutTransaction = policyDBDao.getNewTransaction();
try {
// for PUT operations the group may or may not need to exist before the operation can be done
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_NOT_FOUND, message);
+ setResponseError(response,HttpServletResponse.SC_NOT_FOUND, message);
return;
}
if (request.getParameter("policy") != null) {
// get the request content into a String
String json = null;
// read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
- java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
- scanner.useDelimiter("\\A");
- json = scanner.hasNext() ? scanner.next() : "";
- scanner.close();
+ try{
+ Scanner scanner = new Scanner(request.getInputStream());
+ scanner.useDelimiter("\\A");
+ json = scanner.hasNext() ? scanner.next() : "";
+ scanner.close();
+ }catch(IOException e){
+ LOGGER.error(e);
+ }
LOGGER.info("JSON request from AC: " + json);
// convert Object sent as JSON into local object
ObjectMapper mapper = new ObjectMapper();
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, "Bad input, pdpid="+pdpId+" object="+objectFromJSON);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input pdpid for object:"+objectFromJSON);
}
StdPDP pdp = (StdPDP) objectFromJSON;
if(pdp != null){
- if (papEngine.getPDP(pdpId) == null) {
+ OnapPDP oPDP = null;
+ try{
+ oPDP = papEngine.getPDP(pdpId);
+ }catch (PAPException e){
+ LOGGER.error(e);
+ }
+ if (oPDP == null) {
// this is a request to create a new PDP object
try{
acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(),
+"pdp="+ (pdp.getId()) +",to group="+group.getId());
throw new PAPException(e.getMessage());
}
- papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
+ try{
+ papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort());
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
} else {
try{
acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut");
throw new PAPException(e.getMessage());
}
// this is a request to update the pdp
- papEngine.updatePDP(pdp);
+ try{
+ papEngine.updatePDP(pdp);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
}
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
if (LOGGER.isDebugEnabled()) {
// adjust the group's state including the new PDP
((StdPDPGroup)group).resetStatus();
// tell the Admin Consoles there is a change
+ loggingContext.metricStarted();
notifyAC();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
// this might affect the PDP, so notify it of the change
- pdpChanged(pdp);
+ pdpChanged(pdp, loggingContext);
+ loggingContext.metricStarted();
acPutTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
+ setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
return;
} else {
// Assume that this is an update of an existing PDP Group
// get the request content into a String
String json = null;
// read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
- java.util.Scanner scanner = new java.util.Scanner(request.getInputStream());
- scanner.useDelimiter("\\A");
- json = scanner.hasNext() ? scanner.next() : "";
- scanner.close();
+ try{
+ Scanner scanner = new Scanner(request.getInputStream());
+ scanner.useDelimiter("\\A");
+ json = scanner.hasNext() ? scanner.next() : "";
+ scanner.close();
+ }catch(IOException e){
+ LOGGER.error(e);
+ }
LOGGER.info("JSON request from AC: " + json);
// convert Object sent as JSON into local object
ObjectMapper mapper = new ObjectMapper();
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, "Bad input, id="+group.getId() +" object="+objectFromJSON);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input id for object:"+objectFromJSON);
}
// The Path on the PAP side is not carried on the RESTful interface with the AC
// (because it is local to the PAP)
((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory());
}
try{
- acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
+ if("delete".equals(((StdPDPGroup)objectFromJSON).getOperation())){
+ acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doDelete");
+ } else {
+ acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut");
+ }
} catch(Exception e){
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " Error while updating group in the database: "
+"group="+group.getId());
+ LOGGER.error(e);
throw new PAPException(e.getMessage());
}
if (pushPolicyHandler.preSafetyCheck(updatedGroup, configHome)) {
LOGGER.debug("Precheck Successful.");
}
-
- papEngine.updateGroup((StdPDPGroup)objectFromJSON);
-
+ try{
+ papEngine.updateGroup((StdPDPGroup)objectFromJSON);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Group '" + group.getId() + "' updated");
}
+ loggingContext.metricStarted();
acPutTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
// tell the Admin Consoles there is a change
+ loggingContext.metricStarted();
notifyAC();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
// Group changed, which might include changing the policies
- groupChanged(group);
+ groupChanged(group, loggingContext);
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
return;
}
} catch (PAPException e) {
+ LOGGER.debug(e);
acPutTransaction.rollbackTransaction();
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, e.getMessage());
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
return;
}
}
* @throws ServletException
* @throws IOException
*/
- private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws ServletException, IOException {
+ private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
//This code is to allow deletes to propagate to the database since delete is not implemented
String isDeleteNotify = request.getParameter("isDeleteNotify");
if(isDeleteNotify != null){
try{
policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8");
} catch(UnsupportedEncodingException e){
- PolicyLogger.error("Unsupported URL encoding of policyToDelete (UTF-8");
- response.sendError(500,"policyToDelete encoding not supported");
+ LOGGER.error("Unsupported URL encoding of policyToDelete (UTF-8", e);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToDelete encoding not supported");
return;
}
PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction();
deleteTransaction.deletePolicy(policyToDelete);
} catch(Exception e){
deleteTransaction.rollbackTransaction();
- response.sendError(500,"deleteTransaction.deleteTransaction(policyToDelete) "
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"deleteTransaction.deleteTransaction(policyToDelete) "
+ "\nfailure with the following exception: " + e);
return;
}
+ loggingContext.metricStarted();
deleteTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
response.setStatus(HttpServletResponse.SC_OK);
return;
}
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'");
+ setResponseError(response,HttpServletResponse.SC_NOT_FOUND, "Unknown groupId '" + groupId +"'");
return;
}
// determine the operation needed based on the parameters in the request
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
+ setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
return;
} else if (request.getParameter("pdpId") != null) {
// ARGS: group=<groupId> pdpId=<pdpId> <= delete PDP
try{
removePdpOrGroupTransaction.removePdpFromGroup(pdp.getId(),"XACMLPapServlet.doACDelete");
} catch(Exception e){
- throw new PAPException();
+ throw new PAPException(e);
}
- papEngine.removePDP((OnapPDP) pdp);
+ try{
+ papEngine.removePDP((OnapPDP) pdp);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
// adjust the status of the group, which may have changed when we removed this PDP
((StdPDPGroup)group).resetStatus();
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
+ loggingContext.metricStarted();
notifyAC();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
// update the PDP and tell it that it has NO Policies (which prevents it from serving PEP Requests)
- pdpChanged(pdp);
+ pdpChanged(pdp, loggingContext);
+ loggingContext.metricStarted();
removePdpOrGroupTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " UNIMPLEMENTED");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
+ setResponseError(response,HttpServletResponse.SC_BAD_REQUEST, "UNIMPLEMENTED");
return;
} else {
// ARGS: group=<groupId> movePDPsToGroupId=<movePDPsToGroupId> <= delete a group and move all its PDPs to the given group
String moveToGroupId = request.getParameter("movePDPsToGroupId");
OnapPDPGroup moveToGroup = null;
if (moveToGroupId != null) {
- moveToGroup = papEngine.getGroup(moveToGroupId);
+ try{
+ moveToGroup = papEngine.getGroup(moveToGroupId);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
}
// get list of PDPs in the group being deleted so we can notify them that they got changed
Set<OnapPDP> movedPDPs = new HashSet<>();
PolicyLogger.error(MessageCodes.ERROR_UNKNOWN, e, "XACMLPapServlet", " Failed to delete PDP Group. Exception");
throw new PAPException(e.getMessage());
}
- papEngine.removeGroup(group, moveToGroup);
+ try{
+ papEngine.removeGroup(group, moveToGroup);
+ }catch(PAPException e){
+ LOGGER.error(e);
+ }
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
+ loggingContext.metricStarted();
notifyAC();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPut notifyAC");
// notify any PDPs in the removed set that their config may have changed
for (OnapPDP pdp : movedPDPs) {
- pdpChanged(pdp);
+ pdpChanged(pdp, loggingContext);
}
+ loggingContext.metricStarted();
removePdpOrGroupTransaction.commitTransaction();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
loggingContext.transactionEnded();
auditLogger.info("Success");
PolicyLogger.audit("Transaction Ended Successfully");
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC DELETE exception");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(500, e.getMessage());
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
return;
}
}
} catch (InterruptedException e) {
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat interrupted. Shutting down");
this.terminate();
+ Thread.currentThread().interrupt();
}
}
}
groups = papEngine.getOnapPDPGroups();
} catch (PAPException e) {
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
- throw new RuntimeException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
+ throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
}
for (OnapPDPGroup group : groups) {
groupChanged(group);
}
}
-
+
+ public void changed(ONAPLoggingContext loggingContext) {
+ // all PDPs in all groups need to be updated/sync'd
+ Set<OnapPDPGroup> groups;
+ try {
+ groups = papEngine.getOnapPDPGroups();
+ } catch (PAPException e) {
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " getPDPGroups failed");
+ throw new IllegalAccessError(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get Groups: " + e);
+ }
+ for (OnapPDPGroup group : groups) {
+ groupChanged(group, loggingContext);
+ }
+ }
+
@Override
public void groupChanged(OnapPDPGroup group) {
// all PDPs within one group need to be updated/sync'd
}
}
+ public void groupChanged(OnapPDPGroup group, ONAPLoggingContext loggingContext) {
+ // all PDPs within one group need to be updated/sync'd
+ for (OnapPDP pdp : group.getOnapPdps()) {
+ pdpChanged(pdp, loggingContext);
+ }
+ }
+
@Override
- public void pdpChanged(OnapPDP pdp) {
+ public void pdpChanged(OnapPDP pdp) {
// kick off a thread to do an event notification for each PDP.
// This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
// do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
t.start();
}
}
+
+ public void pdpChanged(OnapPDP pdp, ONAPLoggingContext loggingContext) {
+ // kick off a thread to do an event notification for each PDP.
+ // This needs to be on a separate thread so that PDPs that do not respond (down, non-existent, etc)
+ // do not block the PSP response to the AC, which would freeze the GUI until all PDPs sequentially respond or time-out.
+ Thread t = new Thread(new UpdatePDPThread(pdp, loggingContext));
+ if(CheckPDP.validateID(pdp.getId())){
+ t.start();
+ }
+ }
private class UpdatePDPThread implements Runnable {
private OnapPDP pdp;
private String requestId;
+ private ONAPLoggingContext loggingContext;
public UpdatePDPThread(OnapPDP pdp) {
this.pdp = pdp;
}
+ public UpdatePDPThread(OnapPDP pdp, ONAPLoggingContext loggingContext) {
+ this.pdp = pdp;
+ if ((loggingContext != null) && (loggingContext.getRequestID() != null || loggingContext.getRequestID() == "")) {
+ this.requestId = loggingContext.getRequestID();
+ }
+ this.loggingContext = loggingContext;
+ }
+
public void run() {
// send the current configuration to one PDP
HttpURLConnection connection = null;
// get a new logging context for the thread
- ONAPLoggingContext loggingContext = new ONAPLoggingContext(baseLoggingContext);
+ try {
+ if (this.loggingContext == null) {
+ loggingContext = new ONAPLoggingContext(baseLoggingContext);
+ }
+ } catch (Exception e) {
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Failed to send property file to " + pdp.getId());
+ // Since this is a server-side error, it probably does not reflect a problem on the client,
+ // so do not change the PDP status.
+ return;
+ }
try {
loggingContext.setServiceName("PAP:PDP.putConfig");
// If a requestId was provided, use it, otherwise generate one; post to loggingContext to be used later when calling PDP
return;
}
// Do the connect
+ loggingContext.metricStarted();
connection.connect();
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet UpdatePDPThread connection connect");
if (connection.getResponseCode() == 204) {
LOGGER.info("Success. We are configured correctly.");
loggingContext.transactionEnded();
setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
}
} catch (Exception e) {
+ LOGGER.debug(e);
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to sync config with PDP '" + pdp.getId() + "'");
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed: Unable to sync config with PDP '" + pdp.getId() + "': " + e);
try {
setPDPSummaryStatus(pdp, PDPStatus.Status.UNKNOWN);
} catch (PAPException e1) {
+ LOGGER.debug(e1);
PolicyLogger.audit("Transaction Failed: Unable to set status of PDP " + pdp.getId() + " to UNKNOWN: " + e);
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", " Unable to set status of PDP '" + pdp.getId() + "' to UNKNOWN");
}
PolicyLogger.audit("Transaction Failed - See Error.log");
response.setStatus(HttpServletResponse.SC_OK);
return;
- }catch (ForwardProgressException fpe){
- //No forward progress is being made
- String message = "GET:/pap/test called and PAP " + papResourceName + " is not making forward progress."
- + " Exception Message: " + fpe.getMessage();
- LOGGER.info(message);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
- }catch (AdministrativeStateException ase){
- //Administrative State is locked
- String message = "GET:/pap/test called and PAP " + papResourceName + " Administrative State is LOCKED "
- + " Exception Message: " + ase.getMessage();
- LOGGER.info(message);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
- }catch (StandbyStatusException sse){
- //Administrative State is locked
- String message = "GET:/pap/test called and PAP " + papResourceName + " Standby Status is NOT PROVIDING SERVICE "
- + " Exception Message: " + sse.getMessage();
- LOGGER.info(message);
+ }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){
+ String submsg;
+ if (e instanceof ForwardProgressException) {
+ submsg = " is not making forward progress.";
+ } else if (e instanceof AdministrativeStateException) {
+ submsg = " Administrative State is LOCKED.";
+ } else {
+ submsg = " Standby Status is NOT PROVIDING SERVICE.";
+ }
+
+ String message = "GET:/pap/test called and PAP " + papResourceName + submsg
+ + " Exception Message: " + e.getMessage();
+ LOGGER.info(message, e);
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
}catch (Exception e) {
//A subsystem is not making progress, is locked, standby or is not responding
}
String message = "GET:/pap/test called and PAP " + papResourceName + " has had a subsystem failure."
+ " Exception Message: " + eMsg;
- LOGGER.info(message);
+ LOGGER.info(message, e);
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
ssFailureList = "UnknownSubSystem";
}
response.addHeader("X-ONAP-SubsystemFailure", ssFailureList);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
}
}
try {
Files.createDirectories(webappsPathConfig);
} catch (IOException e) {
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Failed to create config directory: "
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", "Failed to create config directory: "
+ webappsPathConfig.toAbsolutePath().toString());
}
}
try {
Files.createDirectories(webappsPathAction);
} catch (IOException e) {
- LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create config directory: "
+ LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create action directory: "
+ webappsPathAction.toAbsolutePath().toString(), e);
}
}
try {
loadWebapps();
} catch (PAPException e) {
+ LOGGER.debug(e);
return null;
}
return configHome;
try {
loadWebapps();
} catch (PAPException e) {
+ LOGGER.debug(e);
return null;
}
return actionHome;
Code Review / policy / engine.git / blobdiff