Subscriber/src/SubscriberServlet.java - onap/dmaap/datarouter - Gitiles

 /*******************************************************************************
  * ============LICENSE_START==================================================
  * * org.onap.dmaap
  * * ===========================================================================
  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
  * * ===========================================================================
  * * Licensed under the Apache License, Version 2.0 (the "License");
  * * you may not use this file except in compliance with the License.
  * * You may obtain a copy of the License at
  * *
  *  *      http://www.apache.org/licenses/LICENSE-2.0
  * *
  *  * Unless required by applicable law or agreed to in writing, software
  * * distributed under the License is distributed on an "AS IS" BASIS,
  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * * See the License for the specific language governing permissions and
  * * limitations under the License.
  * * ============LICENSE_END====================================================
  * *
  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
  * *
  ******************************************************************************/

 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.URLEncoder;

 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;

 /**
  *	Example stand alone subscriber servlet with Authorization header checking
  */
 public class SubscriberServlet extends HttpServlet	{
 	private static Logger logger = Logger.getLogger("com.att.datarouter.pubsub.ssasubscribe.SubscriberServlet");
 	private String Login = "LOGIN";
 	private String Password = "PASSWORD";
 	private String OutputDirectory = "/root/sub/received";

 	private String auth;

 	private static String gp(ServletConfig config, String param, String deflt) {
 		param = config.getInitParameter(param);
 		if (param == null || param.length() == 0) {
 			param = deflt;
 		}
 		return(param);
 	}
 	/**
 	 *	Configure this subscriberservlet.  Configuration parameters from config.getInitParameter() are:
 	 *	<ul>
 	 *	<li>Login - The login expected in the Authorization header (default "LOGIN").
 	 *	<li>Password - The password expected in the Authorization header (default "PASSWORD").
 	 *	<li>OutputDirectory - The directory where files are placed (default "received").
 	 *	</ul>
 	 */
 	public void init(ServletConfig config) throws ServletException {
 		Login = gp(config, "Login", Login);
 		Password = gp(config, "Password", Password);
 		OutputDirectory = gp(config, "OutputDirectory", OutputDirectory);
 		(new File(OutputDirectory)).mkdirs();
 		auth = "Basic " + Base64.encodeBase64String((Login + ":" + Password).getBytes());
 	}
 	/**
 	 *	Invoke common(req, resp, false).
 	 */
 	protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 		common(req, resp, false);
 	}
 	/**
 	 *	Invoke common(req, resp, true).
 	 */
 	protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 		common(req, resp, true);
 	}
 	/**
 	 *	Process a PUT or DELETE request.
 	 *	<ol>
 	 *	<li>Verify that the request contains an Authorization header
 	 *	or else UNAUTHORIZED.
 	 *	<li>Verify that the Authorization header matches the configured
 	 *	Login and Password or else FORBIDDEN.
 	 *	<li>If the request is PUT, store the message body as a file
 	 *	in the configured OutputDirectory directory protecting against
 	 *	evil characters in the received FileID.  The file is created
 	 *	initially with its name prefixed with a ".", and once it is complete, it is
 	 *	renamed to remove the leading "." character.
 	 *	<li>If the request is DELETE, instead delete the file (if it exists) from the configured OutputDirectory directory.
 	 *	<li>Respond with NO_CONTENT.
 	 *	</ol>
 	 */
 	protected void common(HttpServletRequest req, HttpServletResponse resp, boolean isdelete) throws ServletException, IOException {
 		String ah = req.getHeader("Authorization");
 		if (ah == null) {
 			logger.info("Rejecting request with no Authorization header from " + req.getRemoteAddr() + ": " + req.getPathInfo());
 			resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
 			return;
 		}
 		if (!auth.equals(ah)) {
 			logger.info("Rejecting request with incorrect Authorization header from " + req.getRemoteAddr() + ": " + req.getPathInfo());
 			resp.sendError(HttpServletResponse.SC_FORBIDDEN);
 			return;
 		}
 		String fileid = req.getPathInfo();
 		fileid = fileid.substring(fileid.lastIndexOf('/') + 1);
 		String qs = req.getQueryString();
 		if (qs != null) {
 			fileid = fileid + "?" + qs;
 		}
 		String publishid = req.getHeader("X-ATT-DR-PUBLISH-ID");
 		String filename = URLEncoder.encode(fileid, "UTF-8").replaceAll("^\\.", "%2E").replaceAll("\\*", "%2A");
 		String finalname = OutputDirectory + "/" + filename;
 		String tmpname = OutputDirectory + "/." + filename;
 		try {
 			if (isdelete) {
 				(new File(finalname)).delete();
 				logger.info("Received delete for file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname);
 			} else {
 				InputStream is = req.getInputStream();
 				OutputStream os = new FileOutputStream(tmpname);
 				byte[] buf = new byte[65536];
 				int i;
 				while ((i = is.read(buf)) > 0) {
 					os.write(buf, 0, i);
 				}
 				is.close();
 				os.close();
 				(new File(tmpname)).renameTo(new File(finalname));
 				logger.info("Received file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname);
 				resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
 				logger.info("Received file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname);
 			}
 			resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
 		} catch (IOException ioe) {
 			(new File(tmpname)).delete();
 			logger.info("Failure to save file " + finalname + " from " + req.getRemoteAddr() + ": " + req.getPathInfo(), ioe);
 			throw ioe;
 		}
 	}
 }
	/*******************************************************************************
	* ============LICENSE_START==================================================
	* * org.onap.dmaap
	* * ===========================================================================
	* * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
	* * ===========================================================================
	* * Licensed under the Apache License, Version 2.0 (the "License");
	* * you may not use this file except in compliance with the License.
	* * You may obtain a copy of the License at
	* *
	* * http://www.apache.org/licenses/LICENSE-2.0
	* *
	* * Unless required by applicable law or agreed to in writing, software
	* * distributed under the License is distributed on an "AS IS" BASIS,
	* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* * See the License for the specific language governing permissions and
	* * limitations under the License.
	* * ============LICENSE_END====================================================
	* *
	* * ECOMP is a trademark and service mark of AT&T Intellectual Property.
	* *
	******************************************************************************/

	import java.io.File;
	import java.io.FileOutputStream;
	import java.io.IOException;
	import java.io.InputStream;
	import java.io.OutputStream;
	import java.net.URLEncoder;

	import javax.servlet.ServletConfig;
	import javax.servlet.ServletException;
	import javax.servlet.http.HttpServlet;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	import org.apache.commons.codec.binary.Base64;
	import org.apache.log4j.Logger;

	/**
	* Example stand alone subscriber servlet with Authorization header checking
	*/
	public class SubscriberServlet extends HttpServlet {
	private static Logger logger = Logger.getLogger("com.att.datarouter.pubsub.ssasubscribe.SubscriberServlet");
	private String Login = "LOGIN";
	private String Password = "PASSWORD";
	private String OutputDirectory = "/root/sub/received";

	private String auth;

	private static String gp(ServletConfig config, String param, String deflt) {
	param = config.getInitParameter(param);
	if (param == null \|\| param.length() == 0) {
	param = deflt;
	}
	return(param);
	}
	/**
	* Configure this subscriberservlet. Configuration parameters from config.getInitParameter() are:
	* <ul>
	* <li>Login - The login expected in the Authorization header (default "LOGIN").
	* <li>Password - The password expected in the Authorization header (default "PASSWORD").
	* <li>OutputDirectory - The directory where files are placed (default "received").
	* </ul>
	*/
	public void init(ServletConfig config) throws ServletException {
	Login = gp(config, "Login", Login);
	Password = gp(config, "Password", Password);
	OutputDirectory = gp(config, "OutputDirectory", OutputDirectory);
	(new File(OutputDirectory)).mkdirs();
	auth = "Basic " + Base64.encodeBase64String((Login + ":" + Password).getBytes());
	}
	/**
	* Invoke common(req, resp, false).
	*/
	protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
	common(req, resp, false);
	}
	/**
	* Invoke common(req, resp, true).
	*/
	protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
	common(req, resp, true);
	}
	/**
	* Process a PUT or DELETE request.
	* <ol>
	* <li>Verify that the request contains an Authorization header
	* or else UNAUTHORIZED.
	* <li>Verify that the Authorization header matches the configured
	* Login and Password or else FORBIDDEN.
	* <li>If the request is PUT, store the message body as a file
	* in the configured OutputDirectory directory protecting against
	* evil characters in the received FileID. The file is created
	* initially with its name prefixed with a ".", and once it is complete, it is
	* renamed to remove the leading "." character.
	* <li>If the request is DELETE, instead delete the file (if it exists) from the configured OutputDirectory directory.
	* <li>Respond with NO_CONTENT.
	* </ol>
	*/
	protected void common(HttpServletRequest req, HttpServletResponse resp, boolean isdelete) throws ServletException, IOException {
	String ah = req.getHeader("Authorization");
	if (ah == null) {
	logger.info("Rejecting request with no Authorization header from " + req.getRemoteAddr() + ": " + req.getPathInfo());
	resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
	return;
	}
	if (!auth.equals(ah)) {
	logger.info("Rejecting request with incorrect Authorization header from " + req.getRemoteAddr() + ": " + req.getPathInfo());
	resp.sendError(HttpServletResponse.SC_FORBIDDEN);
	return;
	}
	String fileid = req.getPathInfo();
	fileid = fileid.substring(fileid.lastIndexOf('/') + 1);
	String qs = req.getQueryString();
	if (qs != null) {
	fileid = fileid + "?" + qs;
	}
	String publishid = req.getHeader("X-ATT-DR-PUBLISH-ID");
	String filename = URLEncoder.encode(fileid, "UTF-8").replaceAll("^\\.", "%2E").replaceAll("\\*", "%2A");
	String finalname = OutputDirectory + "/" + filename;
	String tmpname = OutputDirectory + "/." + filename;
	try {
	if (isdelete) {
	(new File(finalname)).delete();
	logger.info("Received delete for file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname);
	} else {
	InputStream is = req.getInputStream();
	OutputStream os = new FileOutputStream(tmpname);
	byte[] buf = new byte[65536];
	int i;
	while ((i = is.read(buf)) > 0) {
	os.write(buf, 0, i);
	}
	is.close();
	os.close();
	(new File(tmpname)).renameTo(new File(finalname));
	logger.info("Received file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname);
	resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
	logger.info("Received file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname);
	}
	resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
	} catch (IOException ioe) {
	(new File(tmpname)).delete();
	logger.info("Failure to save file " + finalname + " from " + req.getRemoteAddr() + ": " + req.getPathInfo(), ioe);
	throw ioe;
	}
	}
	}