Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 0fa2aa11678ab5123096d6bf8ac9418932d1fd72 / . / apps / acl / src / main / java / org / onos / acl / AclWebResource.java
blob: d7e2e57381176189f887e3bfcc9e21be5bc149fb [file] [log] [blame]
Pengfei Lue0c02e22015-07-07 15:41:31 +0800[diff] [blame]1/*
2 * Copyright 2015 Open Networking Laboratory
3 * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
4 * Advisers: Keqiu Li and Heng Qi
5 * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
6 * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20package org.onos.acl;
21
22import com.fasterxml.jackson.core.JsonParser;
23import com.fasterxml.jackson.core.JsonToken;
24import com.fasterxml.jackson.databind.JsonNode;
25import com.fasterxml.jackson.databind.ObjectMapper;
26import com.fasterxml.jackson.databind.node.ArrayNode;
27import com.fasterxml.jackson.databind.node.ObjectNode;
28import org.onlab.packet.IPv4;
29import org.onosproject.rest.AbstractWebResource;
30import org.slf4j.Logger;
31import org.slf4j.LoggerFactory;
32
33import javax.ws.rs.GET;
34import javax.ws.rs.POST;
35import javax.ws.rs.Path;
36import javax.ws.rs.PathParam;
37import javax.ws.rs.core.MediaType;
38import javax.ws.rs.core.Response;
39import java.io.IOException;
40import java.io.InputStream;
41import java.util.List;
42
Thomas Vachuska0fa2aa12015-08-18 12:53:04 -0700[diff] [blame^]43// FIXME: This does now follow REST-full principles and should be refactored.
Pengfei Lue0c02e22015-07-07 15:41:31 +0800[diff] [blame]44/**
Thomas Vachuska0fa2aa12015-08-18 12:53:04 -0700[diff] [blame^]45 * Manage ACL rules.
Pengfei Lue0c02e22015-07-07 15:41:31 +0800[diff] [blame]46 */
47@Path("")
48public class AclWebResource extends AbstractWebResource {
49
50 private final Logger log = LoggerFactory.getLogger(getClass());
51
52 /**
53 * Processes user's GET HTTP request for querying ACL rules.
54 * @return response to the request
55 */
56 @GET
57 public Response queryAclRule() {
58 List<AclRule> rules = get(AclService.class).getAclRules();
59 ObjectMapper mapper = new ObjectMapper();
60 ObjectNode root = mapper.createObjectNode();
61 ArrayNode arrayNode = mapper.createArrayNode();
62 for (AclRule rule : rules) {
63 ObjectNode node = mapper.createObjectNode();
64 node.put("id", rule.id().toString());
65 if (rule.srcIp() != null) {
66 node.put("srcIp", rule.srcIp().toString());
67 }
68 if (rule.dstIp() != null) {
69 node.put("dstIp", rule.dstIp().toString());
70 }
71 if (rule.ipProto() != 0) {
72 switch (rule.ipProto()) {
73 case IPv4.PROTOCOL_ICMP:
74 node.put("ipProto", "ICMP");
75 break;
76 case IPv4.PROTOCOL_TCP:
77 node.put("ipProto", "TCP");
78 break;
79 case IPv4.PROTOCOL_UDP:
80 node.put("ipProto", "UDP");
81 break;
82 default:
83 break;
84 }
85 }
86 if (rule.dstTpPort() != 0) {
87 node.put("dstTpPort", rule.dstTpPort());
88 }
89 node.put("action", rule.action().toString());
90 arrayNode.add(node);
91 }
92 root.set("ACL rules", arrayNode);
93 return Response.ok(root.toString(), MediaType.APPLICATION_JSON_TYPE).build();
94 }
95
96 /**
97 * Processes user's POST HTTP request for add ACL rules.
98 * @param stream input stream
99 * @return response to the request
100 */
101 @POST
102 @Path("add")
103 public Response addAclRule(InputStream stream) {
104 AclRule newRule;
105 try {
106 newRule = jsonToRule(stream);
107 } catch (Exception e) {
108 return Response.ok("{\"status\" : \"Failed! " + e.getMessage() + "\"}").build();
109 }
110
111 String status;
112 if (get(AclService.class).addAclRule(newRule)) {
113 status = "Success! New ACL rule is added.";
114 } else {
115 status = "Failed! New ACL rule matches an existing rule.";
116 }
117 return Response.ok("{\"status\" : \"" + status + "\"}").build();
118 }
119
120 /**
121 * Processes user's GET HTTP request for removing ACL rule.
122 * @param id ACL rule id (in hex string format)
123 * @return response to the request
124 */
125 @GET
126 @Path("remove/{id}")
127 public Response removeAclRule(@PathParam("id") String id) {
128 String status;
129 RuleId ruleId = new RuleId(Long.parseLong(id.substring(2), 16));
130 if (get(AclStore.class).getAclRule(ruleId) == null) {
131 status = "Failed! There is no ACL rule with this id.";
132 } else {
133 get(AclService.class).removeAclRule(ruleId);
134 status = "Success! ACL rule(id:" + id + ") is removed.";
135 }
136 return Response.ok("{\"status\" : \"" + status + "\"}").build();
137 }
138
139 /**
140 * Processes user's GET HTTP request for clearing ACL.
141 * @return response to the request
142 */
143 @GET
144 @Path("clear")
145 public Response clearACL() {
146 get(AclService.class).clearAcl();
147 return Response.ok("{\"status\" : \"ACL is cleared.\"}").build();
148 }
149
150 /**
151 * Exception class for parsing a invalid ACL rule.
152 */
153 private class AclRuleParseException extends Exception {
154 public AclRuleParseException(String message) {
155 super(message);
156 }
157 }
158
159 /**
160 * Turns a JSON string into an ACL rule instance.
161 */
162 private AclRule jsonToRule(InputStream stream) throws AclRuleParseException, IOException {
163 ObjectMapper mapper = new ObjectMapper();
164 JsonNode jsonNode = mapper.readTree(stream);
165 JsonParser jp = jsonNode.traverse();
166 AclRule.Builder rule = AclRule.builder();
167 jp.nextToken();
168 if (jp.getCurrentToken() != JsonToken.START_OBJECT) {
169 throw new AclRuleParseException("Expected START_OBJECT");
170 }
171
172 while (jp.nextToken() != JsonToken.END_OBJECT) {
173 if (jp.getCurrentToken() != JsonToken.FIELD_NAME) {
174 throw new AclRuleParseException("Expected FIELD_NAME");
175 }
176
177 String key = jp.getCurrentName();
178 jp.nextToken();
179 String value = jp.getText();
180 if ("".equals(value)) {
181 continue;
182 }
183
184 if ("srcIp".equals(key)) {
185 rule.srcIp(value);
186 } else if ("dstIp".equals(key)) {
187 rule.dstIp(value);
188 } else if ("ipProto".equals(key)) {
189 if ("TCP".equalsIgnoreCase(value)) {
190 rule.ipProto(IPv4.PROTOCOL_TCP);
191 } else if ("UDP".equalsIgnoreCase(value)) {
192 rule.ipProto(IPv4.PROTOCOL_UDP);
193 } else if ("ICMP".equalsIgnoreCase(value)) {
194 rule.ipProto(IPv4.PROTOCOL_ICMP);
195 } else {
196 throw new AclRuleParseException("ipProto must be assigned to TCP, UDP, or ICMP.");
197 }
198 } else if ("dstTpPort".equals(key)) {
199 try {
200 rule.dstTpPort(Short.parseShort(value));
201 } catch (NumberFormatException e) {
202 throw new AclRuleParseException("dstTpPort must be assigned to a numerical value.");
203 }
204 } else if ("action".equals(key)) {
205 if (!"allow".equalsIgnoreCase(value) && !"deny".equalsIgnoreCase(value)) {
206 throw new AclRuleParseException("action must be assigned to ALLOW or DENY.");
207 }
208 if ("allow".equalsIgnoreCase(value)) {
209 rule.action(AclRule.Action.ALLOW);
210 }
211 }
212 }
213 return rule.build();
214 }
215
216}