Blame - apps/acl/src/main/java/org/onosproject/acl/AclWebResource.java - onos

blob: ff58ba63bb0ff8ecd6d54cf9a62664549c04aef7 [file] [log] [blame]

Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	1	/*
Brian O'Connor	a09fe5b	2017-08-03 21:12:30 -0700	[diff] [blame^]	2	* Copyright 2015-present Open Networking Foundation
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
Ray Milkey	8526700	2016-11-16 11:06:35 -0800	[diff] [blame]	15	*
				16	* Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
				17	* Advisers: Keqiu Li, Heng Qi and Haisheng Yu
				18	* This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
				19	* and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	20	*/
				21	package org.onosproject.acl;
				22
				23	import com.fasterxml.jackson.databind.JsonNode;
				24	import com.fasterxml.jackson.databind.ObjectMapper;
				25	import com.fasterxml.jackson.databind.node.ArrayNode;
				26	import com.fasterxml.jackson.databind.node.ObjectNode;
				27	import org.onlab.packet.IPv4;
				28	import org.onlab.packet.Ip4Prefix;
				29	import org.onosproject.rest.AbstractWebResource;
				30
				31	import javax.ws.rs.Consumes;
				32	import javax.ws.rs.DELETE;
				33	import javax.ws.rs.GET;
				34	import javax.ws.rs.POST;
				35	import javax.ws.rs.Path;
				36	import javax.ws.rs.PathParam;
				37	import javax.ws.rs.core.MediaType;
				38	import javax.ws.rs.core.Response;
				39	import java.io.IOException;
				40	import java.io.InputStream;
				41	import java.net.URI;
				42	import java.net.URISyntaxException;
				43	import java.util.List;
				44
				45	/**
				46	* Manage ACL rules.
				47	*/
				48	@Path("rules")
				49	public class AclWebResource extends AbstractWebResource {
				50
				51	/**
				52	* Get all ACL rules.
				53	* Returns array of all ACL rules.
				54	*
				55	* @return 200 OK
				56	*/
				57	@GET
				58	public Response queryAclRule() {
				59	List<AclRule> rules = get(AclService.class).getAclRules();
				60	ObjectMapper mapper = new ObjectMapper();
				61	ObjectNode root = mapper.createObjectNode();
				62	ArrayNode arrayNode = mapper.createArrayNode();
				63	for (AclRule rule : rules) {
				64	ObjectNode node = mapper.createObjectNode();
				65	node.put("id", rule.id().toString());
				66	if (rule.srcIp() != null) {
				67	node.put("srcIp", rule.srcIp().toString());
				68	}
				69	if (rule.dstIp() != null) {
				70	node.put("dstIp", rule.dstIp().toString());
				71	}
				72	if (rule.ipProto() != 0) {
				73	switch (rule.ipProto()) {
				74	case IPv4.PROTOCOL_ICMP:
				75	node.put("ipProto", "ICMP");
				76	break;
				77	case IPv4.PROTOCOL_TCP:
				78	node.put("ipProto", "TCP");
				79	break;
				80	case IPv4.PROTOCOL_UDP:
				81	node.put("ipProto", "UDP");
				82	break;
				83	default:
				84	break;
				85	}
				86	}
				87	if (rule.dstTpPort() != 0) {
				88	node.put("dstTpPort", rule.dstTpPort());
				89	}
				90	node.put("action", rule.action().toString());
				91	arrayNode.add(node);
				92	}
				93	root.set("aclRules", arrayNode);
				94	return Response.ok(root.toString(), MediaType.APPLICATION_JSON_TYPE).build();
				95	}
				96
				97	/**
				98	* Add a new ACL rule.
				99	*
				100	* @param stream JSON data describing the rule
				101	* @return 200 OK
Brian O'Connor	5251562	2015-10-09 17:03:44 -0700	[diff] [blame]	102	* @throws URISyntaxException uri syntax exception
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	103	*/
				104	@POST
				105	@Consumes(MediaType.APPLICATION_JSON)
				106	public Response addAclRule(InputStream stream) throws URISyntaxException {
				107	AclRule newRule = jsonToRule(stream);
				108	return get(AclService.class).addAclRule(newRule) ?
				109	Response.created(new URI(newRule.id().toString())).build() :
				110	Response.serverError().build();
				111	}
				112
				113	/**
				114	* Remove ACL rule.
				115	*
				116	* @param id ACL rule id (in hex string format)
Jian Li	c2a542b	2016-05-10 11:48:19 -0700	[diff] [blame]	117	* @return 204 NO CONTENT
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	118	*/
				119	@DELETE
				120	@Path("{id}")
				121	public Response removeAclRule(@PathParam("id") String id) {
				122	RuleId ruleId = new RuleId(Long.parseLong(id.substring(2), 16));
				123	get(AclService.class).removeAclRule(ruleId);
Jian Li	c2a542b	2016-05-10 11:48:19 -0700	[diff] [blame]	124	return Response.noContent().build();
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	125	}
				126
				127	/**
				128	* Remove all ACL rules.
				129	*
Jian Li	c2a542b	2016-05-10 11:48:19 -0700	[diff] [blame]	130	* @return 204 NO CONTENT
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	131	*/
				132	@DELETE
Jonathan Hart	d9df7bd	2015-11-10 17:10:25 -0800	[diff] [blame]	133	public Response clearAcl() {
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	134	get(AclService.class).clearAcl();
Jian Li	c2a542b	2016-05-10 11:48:19 -0700	[diff] [blame]	135	return Response.noContent().build();
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	136	}
				137
				138	/**
				139	* Turns a JSON string into an ACL rule instance.
				140	*/
				141	private AclRule jsonToRule(InputStream stream) {
				142	JsonNode node;
				143	try {
				144	node = mapper().readTree(stream);
				145	} catch (IOException e) {
				146	throw new IllegalArgumentException("Unable to parse ACL request", e);
				147	}
				148
				149	AclRule.Builder rule = AclRule.builder();
				150
				151	String s = node.path("srcIp").asText(null);
				152	if (s != null) {
				153	rule.srcIp(Ip4Prefix.valueOf(s));
				154	}
				155
				156	s = node.path("dstIp").asText(null);
				157	if (s != null) {
				158	rule.dstIp(Ip4Prefix.valueOf(s));
				159	}
				160
				161	s = node.path("ipProto").asText(null);
				162	if (s != null) {
				163	if ("TCP".equalsIgnoreCase(s)) {
				164	rule.ipProto(IPv4.PROTOCOL_TCP);
				165	} else if ("UDP".equalsIgnoreCase(s)) {
				166	rule.ipProto(IPv4.PROTOCOL_UDP);
				167	} else if ("ICMP".equalsIgnoreCase(s)) {
				168	rule.ipProto(IPv4.PROTOCOL_ICMP);
				169	} else {
				170	throw new IllegalArgumentException("ipProto must be assigned to TCP, UDP, or ICMP");
				171	}
				172	}
				173
				174	int port = node.path("dstTpPort").asInt(0);
				175	if (port > 0) {
				176	rule.dstTpPort((short) port);
				177	}
				178
				179	s = node.path("action").asText(null);
				180	if (s != null) {
				181	if ("allow".equalsIgnoreCase(s)) {
				182	rule.action(AclRule.Action.ALLOW);
				183	} else if ("deny".equalsIgnoreCase(s)) {
				184	rule.action(AclRule.Action.DENY);
				185	} else {
				186	throw new IllegalArgumentException("action must be ALLOW or DENY");
				187	}
				188	}
				189
				190	return rule.build();
				191	}
				192
Jonathan Hart	d9df7bd	2015-11-10 17:10:25 -0800	[diff] [blame]	193	}