MS Model Input Validation

[policy/engine.git] / POLICY-SDK-APP / src / main / java / org / onap / policy / controller / AutoPushController.java

diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/AutoPushController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/AutoPushController.java
index b72993f..64928f3 100644 (file)
--- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/AutoPushController.java
+++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/AutoPushController.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP Policy Engine
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,18 +47,19 @@ import org.onap.policy.common.logging.flexlogger.FlexLogger;
 import org.onap.policy.common.logging.flexlogger.Logger;
 import org.onap.policy.model.PDPGroupContainer;
 import org.onap.policy.model.PDPPolicyContainer;
+import org.onap.policy.model.Roles;
 import org.onap.policy.rest.adapter.AutoPushTabAdapter;
 import org.onap.policy.rest.dao.CommonClassDao;
 import org.onap.policy.rest.jpa.PolicyEntity;
 import org.onap.policy.rest.jpa.PolicyVersion;
+import org.onap.policy.utils.PolicyUtils;
 import org.onap.policy.xacml.api.XACMLErrorConstants;
 import org.onap.policy.xacml.api.pap.OnapPDPGroup;
 import org.onap.policy.xacml.std.pap.StdPDPGroup;
 import org.onap.policy.xacml.std.pap.StdPDPPolicy;
-import org.openecomp.policy.model.Roles;
-import org.openecomp.portalsdk.core.controller.RestrictedBaseController;
-import org.openecomp.portalsdk.core.web.support.JsonMessage;
-import org.openecomp.portalsdk.core.web.support.UserUtils;
+import org.onap.portalsdk.core.controller.RestrictedBaseController;
+import org.onap.portalsdk.core.web.support.JsonMessage;
+import org.onap.portalsdk.core.web.support.UserUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Controller;
@@ -77,6 +78,8 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 public class AutoPushController extends RestrictedBaseController{
 
        private static final Logger logger = FlexLogger.getLogger(AutoPushController.class);
+    private static final String UTF8 = "UTF-8";
+
        
        @Autowired
        CommonClassDao commonClassDao;
@@ -118,9 +121,9 @@ public class AutoPushController extends RestrictedBaseController{
        @RequestMapping(value={"/get_AutoPushPoliciesContainerData"}, method={org.springframework.web.bind.annotation.RequestMethod.GET} , produces=MediaType.APPLICATION_JSON_VALUE)
        public void getPolicyGroupContainerData(HttpServletRequest request, HttpServletResponse response){
                try{
-                       Set<String> scopes = null;
-                       List<String> roles = null;
-                       data = new ArrayList<Object>();
+                       Set<String> scopes;
+                       List<String> roles;
+                       data = new ArrayList<>();
                        String userId = UserUtils.getUserSession(request).getOrgUserId();
                        Map<String, Object> model = new HashMap<>();
                        ObjectMapper mapper = new ObjectMapper();
@@ -138,7 +141,7 @@ public class AutoPushController extends RestrictedBaseController{
                                                        scopes.add(multipleScopes[i]);
                                                }
                                        }else{
-                                               if(!userRole.getScope().equals("")){
+                                               if(!"".equals(userRole.getScope())){
                                                        scopes.add(userRole.getScope());
                                                }
                                        }               
@@ -177,7 +180,7 @@ public class AutoPushController extends RestrictedBaseController{
        }
 
        @RequestMapping(value={"/auto_Push/PushPolicyToPDP.htm"}, method={org.springframework.web.bind.annotation.RequestMethod.POST})
-       public ModelAndView PushPolicyToPDPGroup(HttpServletRequest request, HttpServletResponse response) throws Exception {
+       public ModelAndView pushPolicyToPDPGroup(HttpServletRequest request, HttpServletResponse response) throws IOException {
                try {
                        ArrayList<Object> selectedPDPS = new ArrayList<>();
                        ArrayList<String> selectedPoliciesInUI = new ArrayList<>();
@@ -187,6 +190,12 @@ public class AutoPushController extends RestrictedBaseController{
                        this.container = new PDPGroupContainer(controller.getPapEngine());
                        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
                        JsonNode root = mapper.readTree(request.getReader());
+                       
+                       String userId = UserUtils.getUserSession(request).getOrgUserId();
+                       logger.info("****************************************Logging UserID while Pushing  Policy to PDP Group*****************************************");
+                       logger.info("UserId:  " + userId + "Push Policy Data:  "+ root.get("pushTabData").toString());
+                       logger.info("***********************************************************************************************************************************");
+                       
                        AutoPushTabAdapter adapter = mapper.readValue(root.get("pushTabData").toString(), AutoPushTabAdapter.class);
                        for (Object pdpGroupId :  adapter.getPdpDatas()) {
                                LinkedHashMap<?, ?> selectedPDP = (LinkedHashMap<?, ?>)pdpGroupId;
@@ -213,7 +222,7 @@ public class AutoPushController extends RestrictedBaseController{
                                        // Get the current selection
                                        String selectedItem = policyId;
                                        //
-                                       assert (selectedItem != null);
+                                       assert selectedItem != null;
                                        // create the id of the target file
                                        // Our standard for file naming is:
                                        // <domain>.<filename>.<version>.xml
@@ -224,7 +233,7 @@ public class AutoPushController extends RestrictedBaseController{
                                        String id = name;
                                        if (id.endsWith(".xml")) {
                                                id = id.replace(".xml", "");
-                                               id = id.substring(0, id.lastIndexOf("."));
+                                               id = id.substring(0, id.lastIndexOf('.'));
                                        }
                                        
                                        // Default policy to be Root policy; user can change to deferred
@@ -256,7 +265,7 @@ public class AutoPushController extends RestrictedBaseController{
                                                // Create the policy
                                                selectedPolicy = new StdPDPPolicy(name, true, id, selectedURI);
                                        } catch (IOException e) {
-                                               logger.error("Unable to create policy '" + name + "': "+ e.getMessage());
+                                               logger.error("Unable to create policy '" + name + "': "+ e.getMessage(), e);
                                        }
                                        StdPDPGroup selectedGroup = (StdPDPGroup) pdpDestinationGroupId;
                                        if (selectedPolicy != null) {
@@ -282,6 +291,7 @@ public class AutoPushController extends RestrictedBaseController{
                                updatedGroupObject.setOnapPdps(pdpGroup.getOnapPdps());
                                updatedGroupObject.setPipConfigs(pdpGroup.getPipConfigs());
                                updatedGroupObject.setStatus(pdpGroup.getStatus());
+                               updatedGroupObject.setOperation("push");
 
                                // replace the original set of Policies with the set from the
                                // container (possibly modified by the user)
@@ -311,43 +321,54 @@ public class AutoPushController extends RestrictedBaseController{
                                updatedGroupObject.setPolicies(currentPoliciesInGroup);
                                this.container.updateGroup(updatedGroupObject);
 
-                               response.setCharacterEncoding("UTF-8");
+                               response.setCharacterEncoding(UTF8);
                                response.setContentType("application / json");
-                               request.setCharacterEncoding("UTF-8");
+                               request.setCharacterEncoding(UTF8);
 
                                PrintWriter out = response.getWriter();
                                refreshGroups();
                                JsonMessage msg = new JsonMessage(mapper.writeValueAsString(groups));
                                JSONObject j = new JSONObject(msg);
-                               out.write(j.toString());      
+                               out.write(j.toString());
+                               //
+                               // Why is this here? This defeats the purpose of the loop??
+                               // Sonar says to remove it or make it conditional
+                               //
                                return null;
                        }
                }
                catch (Exception e){
-                       response.setCharacterEncoding("UTF-8");
-                       request.setCharacterEncoding("UTF-8");
+                       response.setCharacterEncoding(UTF8);
+                       request.setCharacterEncoding(UTF8);
                        PrintWriter out = response.getWriter();
-                       out.write(e.getMessage());
+                       logger.error(e);
+                       out.write(PolicyUtils.CATCH_EXCEPTION);
                }
                return null;
        }
 
        @SuppressWarnings("unchecked")
        @RequestMapping(value={"/auto_Push/remove_GroupPolicies.htm"}, method={org.springframework.web.bind.annotation.RequestMethod.POST})
-       public ModelAndView removePDPGroup(HttpServletRequest request, HttpServletResponse response) throws Exception {
+       public ModelAndView removePDPGroup(HttpServletRequest request, HttpServletResponse response) throws IOException {
                try {
                        PolicyController controller = getPolicyControllerInstance();
                        this.container = new PDPGroupContainer(controller.getPapEngine());
                        ObjectMapper mapper = new ObjectMapper();
                        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
                        JsonNode root = mapper.readTree(request.getReader());  
-                       StdPDPGroup group = (StdPDPGroup)mapper.readValue(root.get("activePdpGroup").toString(), StdPDPGroup.class);
+                       StdPDPGroup group = mapper.readValue(root.get("activePdpGroup").toString(), StdPDPGroup.class);
                        JsonNode removePolicyData = root.get("data");
+                       
+                       String userId = UserUtils.getUserSession(request).getOrgUserId();
+                       logger.info("****************************************Logging UserID while Removing Policy from PDP Group*****************************************");
+                       logger.info("UserId:  " + userId + "PDP Group Data:  "+ root.get("activePdpGroup").toString() + "Remove Policy Data: "+root.get("data"));
+                       logger.info("***********************************************************************************************************************************");
+                       
                        policyContainer = new PDPPolicyContainer(group);
                        if(removePolicyData.size() > 0){
                                for(int i = 0 ; i < removePolicyData.size(); i++){
-                                       String data = removePolicyData.get(i).toString();
-                                       this.policyContainer.removeItem(data);
+                                       String polData = removePolicyData.get(i).toString();
+                                       this.policyContainer.removeItem(polData);
                                }
                                Set<PDPPolicy> changedPolicies = new HashSet<>();
                                changedPolicies.addAll((Collection<PDPPolicy>) this.policyContainer.getItemIds());
@@ -356,12 +377,13 @@ public class AutoPushController extends RestrictedBaseController{
                                updatedGroupObject.setOnapPdps(group.getOnapPdps());
                                updatedGroupObject.setPipConfigs(group.getPipConfigs());
                                updatedGroupObject.setStatus(group.getStatus());
+                               updatedGroupObject.setOperation("delete");
                                this.container.updateGroup(updatedGroupObject);
                        }
                        
-                       response.setCharacterEncoding("UTF-8");
+                       response.setCharacterEncoding(UTF8);
                        response.setContentType("application / json");
-                       request.setCharacterEncoding("UTF-8");
+                       request.setCharacterEncoding(UTF8);
 
                        PrintWriter out = response.getWriter();
                        refreshGroups();
@@ -373,12 +395,13 @@ public class AutoPushController extends RestrictedBaseController{
                        return null;
                }
                catch (Exception e){
-                       response.setCharacterEncoding("UTF-8");
-                       request.setCharacterEncoding("UTF-8");
+                       response.setCharacterEncoding(UTF8);
+                       request.setCharacterEncoding(UTF8);
                        PrintWriter out = response.getWriter();
-                       out.write(e.getMessage());
+                       logger.error(e);
+                       out.write(PolicyUtils.CATCH_EXCEPTION);
                }
                return null;
        }
 
-}
\ No newline at end of file
+}