aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java')
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java216
1 files changed, 216 insertions, 0 deletions
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java
new file mode 100644
index 00000000..3f4dc769
--- /dev/null
+++ b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
+ * Advisers: Keqiu Li, Heng Qi and Haisheng Yu
+ * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
+ * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onos.acl;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import org.onlab.packet.IPv4;
+import org.onosproject.rest.AbstractWebResource;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+
+// FIXME: This does now follow REST-full principles and should be refactored.
+/**
+ * Manage ACL rules.
+ */
+@Path("")
+public class AclWebResource extends AbstractWebResource {
+
+ private final Logger log = LoggerFactory.getLogger(getClass());
+
+ /**
+ * Processes user's GET HTTP request for querying ACL rules.
+ * @return response to the request
+ */
+ @GET
+ public Response queryAclRule() {
+ List<AclRule> rules = get(AclService.class).getAclRules();
+ ObjectMapper mapper = new ObjectMapper();
+ ObjectNode root = mapper.createObjectNode();
+ ArrayNode arrayNode = mapper.createArrayNode();
+ for (AclRule rule : rules) {
+ ObjectNode node = mapper.createObjectNode();
+ node.put("id", rule.id().toString());
+ if (rule.srcIp() != null) {
+ node.put("srcIp", rule.srcIp().toString());
+ }
+ if (rule.dstIp() != null) {
+ node.put("dstIp", rule.dstIp().toString());
+ }
+ if (rule.ipProto() != 0) {
+ switch (rule.ipProto()) {
+ case IPv4.PROTOCOL_ICMP:
+ node.put("ipProto", "ICMP");
+ break;
+ case IPv4.PROTOCOL_TCP:
+ node.put("ipProto", "TCP");
+ break;
+ case IPv4.PROTOCOL_UDP:
+ node.put("ipProto", "UDP");
+ break;
+ default:
+ break;
+ }
+ }
+ if (rule.dstTpPort() != 0) {
+ node.put("dstTpPort", rule.dstTpPort());
+ }
+ node.put("action", rule.action().toString());
+ arrayNode.add(node);
+ }
+ root.set("ACL rules", arrayNode);
+ return Response.ok(root.toString(), MediaType.APPLICATION_JSON_TYPE).build();
+ }
+
+ /**
+ * Processes user's POST HTTP request for add ACL rules.
+ * @param stream input stream
+ * @return response to the request
+ */
+ @POST
+ @Path("add")
+ public Response addAclRule(InputStream stream) {
+ AclRule newRule;
+ try {
+ newRule = jsonToRule(stream);
+ } catch (Exception e) {
+ return Response.ok("{\"status\" : \"Failed! " + e.getMessage() + "\"}").build();
+ }
+
+ String status;
+ if (get(AclService.class).addAclRule(newRule)) {
+ status = "Success! New ACL rule is added.";
+ } else {
+ status = "Failed! New ACL rule matches an existing rule.";
+ }
+ return Response.ok("{\"status\" : \"" + status + "\"}").build();
+ }
+
+ /**
+ * Processes user's GET HTTP request for removing ACL rule.
+ * @param id ACL rule id (in hex string format)
+ * @return response to the request
+ */
+ @GET
+ @Path("remove/{id}")
+ public Response removeAclRule(@PathParam("id") String id) {
+ String status;
+ RuleId ruleId = new RuleId(Long.parseLong(id.substring(2), 16));
+ if (get(AclStore.class).getAclRule(ruleId) == null) {
+ status = "Failed! There is no ACL rule with this id.";
+ } else {
+ get(AclService.class).removeAclRule(ruleId);
+ status = "Success! ACL rule(id:" + id + ") is removed.";
+ }
+ return Response.ok("{\"status\" : \"" + status + "\"}").build();
+ }
+
+ /**
+ * Processes user's GET HTTP request for clearing ACL.
+ * @return response to the request
+ */
+ @GET
+ @Path("clear")
+ public Response clearACL() {
+ get(AclService.class).clearAcl();
+ return Response.ok("{\"status\" : \"ACL is cleared.\"}").build();
+ }
+
+ /**
+ * Exception class for parsing a invalid ACL rule.
+ */
+ private class AclRuleParseException extends Exception {
+ public AclRuleParseException(String message) {
+ super(message);
+ }
+ }
+
+ /**
+ * Turns a JSON string into an ACL rule instance.
+ */
+ private AclRule jsonToRule(InputStream stream) throws AclRuleParseException, IOException {
+ ObjectMapper mapper = new ObjectMapper();
+ JsonNode jsonNode = mapper.readTree(stream);
+ JsonParser jp = jsonNode.traverse();
+ AclRule.Builder rule = AclRule.builder();
+ jp.nextToken();
+ if (jp.getCurrentToken() != JsonToken.START_OBJECT) {
+ throw new AclRuleParseException("Expected START_OBJECT");
+ }
+
+ while (jp.nextToken() != JsonToken.END_OBJECT) {
+ if (jp.getCurrentToken() != JsonToken.FIELD_NAME) {
+ throw new AclRuleParseException("Expected FIELD_NAME");
+ }
+
+ String key = jp.getCurrentName();
+ jp.nextToken();
+ String value = jp.getText();
+ if ("".equals(value)) {
+ continue;
+ }
+
+ if ("srcIp".equals(key)) {
+ rule.srcIp(value);
+ } else if ("dstIp".equals(key)) {
+ rule.dstIp(value);
+ } else if ("ipProto".equals(key)) {
+ if ("TCP".equalsIgnoreCase(value)) {
+ rule.ipProto(IPv4.PROTOCOL_TCP);
+ } else if ("UDP".equalsIgnoreCase(value)) {
+ rule.ipProto(IPv4.PROTOCOL_UDP);
+ } else if ("ICMP".equalsIgnoreCase(value)) {
+ rule.ipProto(IPv4.PROTOCOL_ICMP);
+ } else {
+ throw new AclRuleParseException("ipProto must be assigned to TCP, UDP, or ICMP.");
+ }
+ } else if ("dstTpPort".equals(key)) {
+ try {
+ rule.dstTpPort(Short.parseShort(value));
+ } catch (NumberFormatException e) {
+ throw new AclRuleParseException("dstTpPort must be assigned to a numerical value.");
+ }
+ } else if ("action".equals(key)) {
+ if (!"allow".equalsIgnoreCase(value) && !"deny".equalsIgnoreCase(value)) {
+ throw new AclRuleParseException("action must be assigned to ALLOW or DENY.");
+ }
+ if ("allow".equalsIgnoreCase(value)) {
+ rule.action(AclRule.Action.ALLOW);
+ }
+ }
+ }
+ return rule.build();
+ }
+
+} \ No newline at end of file