Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / f609198c9f6260c64fdfd0d5702328e84baf4240 / . / apps / acl / src / main / java / org / onosproject / acl / AclWebResource.java
blob: 21c393937e3b0e358ea93130dd1e14563f82f18b [file] [log] [blame]
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]1/*
Brian O'Connora09fe5b2017-08-03 21:12:30 -0700[diff] [blame]2 * Copyright 2015-present Open Networking Foundation
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
Ray Milkey85267002016-11-16 11:06:35 -0800[diff] [blame]15 *
16 * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
17 * Advisers: Keqiu Li, Heng Qi and Haisheng Yu
18 * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
19 * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]20 */
21package org.onosproject.acl;
22
23import com.fasterxml.jackson.databind.JsonNode;
24import com.fasterxml.jackson.databind.ObjectMapper;
25import com.fasterxml.jackson.databind.node.ArrayNode;
26import com.fasterxml.jackson.databind.node.ObjectNode;
27import org.onlab.packet.IPv4;
28import org.onlab.packet.Ip4Prefix;
Nitin Anandfb22901d2018-05-09 12:16:36 +0530[diff] [blame]29import org.onlab.packet.MacAddress;
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]30import org.onosproject.rest.AbstractWebResource;
31
32import javax.ws.rs.Consumes;
33import javax.ws.rs.DELETE;
34import javax.ws.rs.GET;
35import javax.ws.rs.POST;
36import javax.ws.rs.Path;
37import javax.ws.rs.PathParam;
38import javax.ws.rs.core.MediaType;
39import javax.ws.rs.core.Response;
40import java.io.IOException;
41import java.io.InputStream;
42import java.net.URI;
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]43import java.util.List;
44
Ray Milkey86ee5e82018-04-02 15:33:07 -0700[diff] [blame]45import static org.onlab.util.Tools.readTreeFromStream;
46
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]47/**
48 * Manage ACL rules.
49 */
50@Path("rules")
51public class AclWebResource extends AbstractWebResource {
debmaitif6091982019-04-12 14:51:57 +0530[diff] [blame^]52 private static final int MULTI_STATUS_RESPONSE = 207;
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]53
54 /**
55 * Get all ACL rules.
56 * Returns array of all ACL rules.
57 *
58 * @return 200 OK
59 */
60 @GET
61 public Response queryAclRule() {
62 List<AclRule> rules = get(AclService.class).getAclRules();
63 ObjectMapper mapper = new ObjectMapper();
64 ObjectNode root = mapper.createObjectNode();
65 ArrayNode arrayNode = mapper.createArrayNode();
66 for (AclRule rule : rules) {
67 ObjectNode node = mapper.createObjectNode();
68 node.put("id", rule.id().toString());
Nitin Anandfb22901d2018-05-09 12:16:36 +0530[diff] [blame]69 if (rule.srcMac() != null) {
70 node.put("srcMac", rule.srcMac().toString());
71 }
72 if (rule.dstMac() != null) {
73 node.put("dstMac", rule.dstMac().toString());
74 }
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]75 if (rule.srcIp() != null) {
76 node.put("srcIp", rule.srcIp().toString());
77 }
78 if (rule.dstIp() != null) {
79 node.put("dstIp", rule.dstIp().toString());
80 }
Nitin Anandfb22901d2018-05-09 12:16:36 +0530[diff] [blame]81 if (rule.dscp() != 0) {
82 node.put("dscp", rule.dscp());
83 }
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]84 if (rule.ipProto() != 0) {
85 switch (rule.ipProto()) {
86 case IPv4.PROTOCOL_ICMP:
87 node.put("ipProto", "ICMP");
88 break;
89 case IPv4.PROTOCOL_TCP:
90 node.put("ipProto", "TCP");
91 break;
92 case IPv4.PROTOCOL_UDP:
93 node.put("ipProto", "UDP");
94 break;
95 default:
96 break;
97 }
98 }
99 if (rule.dstTpPort() != 0) {
100 node.put("dstTpPort", rule.dstTpPort());
101 }
Nitin Anandfb22901d2018-05-09 12:16:36 +0530[diff] [blame]102 if (rule.srcTpPort() != 0) {
103 node.put("srcTpPort", rule.srcTpPort());
104 }
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]105 node.put("action", rule.action().toString());
106 arrayNode.add(node);
107 }
108 root.set("aclRules", arrayNode);
109 return Response.ok(root.toString(), MediaType.APPLICATION_JSON_TYPE).build();
110 }
111
112 /**
113 * Add a new ACL rule.
114 *
115 * @param stream JSON data describing the rule
debmaitif6091982019-04-12 14:51:57 +0530[diff] [blame^]116 * @return 200 OK for successful aclRule application
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]117 */
118 @POST
119 @Consumes(MediaType.APPLICATION_JSON)
debmaitif6091982019-04-12 14:51:57 +0530[diff] [blame^]120 public Response addAclRule(InputStream stream) {
121 try {
122 AclRule newRule = jsonToRule(stream);
123 return get(AclService.class).addAclRule(newRule) ?
124 Response.created(new URI(newRule.id().toString())).build() :
125 Response.serverError().build();
126 } catch (Exception e) {
127 return Response.status(MULTI_STATUS_RESPONSE).entity(e.getMessage()).build();
128 }
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]129 }
130
131 /**
132 * Remove ACL rule.
133 *
134 * @param id ACL rule id (in hex string format)
Jian Lic2a542b2016-05-10 11:48:19 -0700[diff] [blame]135 * @return 204 NO CONTENT
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]136 */
137 @DELETE
138 @Path("{id}")
139 public Response removeAclRule(@PathParam("id") String id) {
140 RuleId ruleId = new RuleId(Long.parseLong(id.substring(2), 16));
141 get(AclService.class).removeAclRule(ruleId);
Jian Lic2a542b2016-05-10 11:48:19 -0700[diff] [blame]142 return Response.noContent().build();
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]143 }
144
145 /**
146 * Remove all ACL rules.
147 *
Jian Lic2a542b2016-05-10 11:48:19 -0700[diff] [blame]148 * @return 204 NO CONTENT
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]149 */
150 @DELETE
Jonathan Hartd9df7bd2015-11-10 17:10:25 -0800[diff] [blame]151 public Response clearAcl() {
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]152 get(AclService.class).clearAcl();
Jian Lic2a542b2016-05-10 11:48:19 -0700[diff] [blame]153 return Response.noContent().build();
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]154 }
155
156 /**
157 * Turns a JSON string into an ACL rule instance.
158 */
159 private AclRule jsonToRule(InputStream stream) {
160 JsonNode node;
161 try {
Ray Milkey86ee5e82018-04-02 15:33:07 -0700[diff] [blame]162 node = readTreeFromStream(mapper(), stream);
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]163 } catch (IOException e) {
164 throw new IllegalArgumentException("Unable to parse ACL request", e);
165 }
166
167 AclRule.Builder rule = AclRule.builder();
168
169 String s = node.path("srcIp").asText(null);
170 if (s != null) {
171 rule.srcIp(Ip4Prefix.valueOf(s));
172 }
173
174 s = node.path("dstIp").asText(null);
175 if (s != null) {
176 rule.dstIp(Ip4Prefix.valueOf(s));
177 }
178
Nitin Anandfb22901d2018-05-09 12:16:36 +0530[diff] [blame]179 s = node.path("srcMac").asText(null);
180 if (s != null) {
181 rule.srcMac(MacAddress.valueOf(s));
182 }
183
184 s = node.path("dstMac").asText(null);
185 if (s != null) {
186 rule.dstMac(MacAddress.valueOf(s));
187 }
188
189 s = node.path("dscp").asText(null);
190 if (s != null) {
191 rule.dscp(Byte.valueOf(s));
192 }
193
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]194 s = node.path("ipProto").asText(null);
195 if (s != null) {
196 if ("TCP".equalsIgnoreCase(s)) {
197 rule.ipProto(IPv4.PROTOCOL_TCP);
198 } else if ("UDP".equalsIgnoreCase(s)) {
199 rule.ipProto(IPv4.PROTOCOL_UDP);
200 } else if ("ICMP".equalsIgnoreCase(s)) {
201 rule.ipProto(IPv4.PROTOCOL_ICMP);
202 } else {
203 throw new IllegalArgumentException("ipProto must be assigned to TCP, UDP, or ICMP");
204 }
205 }
206
207 int port = node.path("dstTpPort").asInt(0);
208 if (port > 0) {
Sangyeok Simcd125de2018-06-08 11:27:27 +0900[diff] [blame]209 if ("TCP".equalsIgnoreCase(s) || "UDP".equalsIgnoreCase(s)) {
210 rule.dstTpPort((short) port);
211 } else {
212 throw new IllegalArgumentException("dstTpPort can be set only when ipProto is TCP or UDP");
213 }
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]214 }
215
Nitin Anandfb22901d2018-05-09 12:16:36 +0530[diff] [blame]216 port = node.path("srcTpPort").asInt(0);
217 if (port > 0) {
Sangyeok Simcd125de2018-06-08 11:27:27 +0900[diff] [blame]218 if ("TCP".equalsIgnoreCase(s) || "UDP".equalsIgnoreCase(s)) {
219 rule.srcTpPort((short) port);
220 } else {
221 throw new IllegalArgumentException("srcTpPort can be set only when ipProto is TCP or UDP");
222 }
Nitin Anandfb22901d2018-05-09 12:16:36 +0530[diff] [blame]223 }
224
Thomas Vachuska9bb32352015-09-25 11:31:22 -0700[diff] [blame]225 s = node.path("action").asText(null);
226 if (s != null) {
227 if ("allow".equalsIgnoreCase(s)) {
228 rule.action(AclRule.Action.ALLOW);
229 } else if ("deny".equalsIgnoreCase(s)) {
230 rule.action(AclRule.Action.DENY);
231 } else {
232 throw new IllegalArgumentException("action must be ALLOW or DENY");
233 }
234 }
235
236 return rule.build();
237 }
238
Jonathan Hartd9df7bd2015-11-10 17:10:25 -0800[diff] [blame]239}