-
Bug
-
Resolution: Done
-
Medium
-
Honolulu Maintenance Release 1, Jakarta Release, Kohn Release, Istanbul Maintenance Release 1
-
Policy 2022-06-30->2022-07-13, Policy 2022-07-13->2022-07-27
The "XacmlJsonMessageBodyHandler" and "XacmlXmlMessageBodyHandler" message handlers are not being executed for the "/policy/pdpx/v1/xacml" endpoint. This results in improper serialization of the expected XACML response format.
The problem appears to be occurring because the "canHandle(MediaType, Class<?>)" method checks if the class is of type Request.class or Response.class. For responses, the class type is actually "com.att.research.xacml.std.StdMutableResponse" and thus the method returns false and the custom message handler is skipped. See here: https://git.onap.org/policy/xacml-pdp/tree/main/src/main/java/org/onap/policy/pdpx/main/rest/serialization/XacmlJsonMessageBodyHandler.java?h=master#n101 and here: https://git.onap.org/policy/xacml-pdp/tree/main/src/main/java/org/onap/policy/pdpx/main/rest/serialization/XacmlXmlMessageBodyHandler.java#n101.
For JSON the message serializer is defaulting to a standard GSON serializer and thus generates a response that is not consistent with the XACML JSON spec (http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/cos01/xacml-json-http-v1.0-cos01.html#_Toc497727091).
// JSON Example curl -u 'healthcheck:zb!XztG34' -H 'Content-Type: application/xacml+json' -H 'Accept: application/xacml+json' -X POST -d @decision.request.json {"results":[{"decision":"NOTAPPLICABLE","status":{"wrappedObject":{"statusCode":{"statusCodeValue":{"uri":"urn:oasis:names:tc:xacml:1.0:status:ok"}}}},"obligations":[],"associatedAdvice":[],"attributes":[],"policyIdentifiers":[],"policySetIdentifiers":[]}]}
For XML, there are no XML serialization providers offered outside of the custom handler and thus the response is a 500 error due to no suitable serialization providers.
// XML Example curl -v -u 'healthcheck:zb!XztG34' -H 'Content-Type: application/xacml+xml' -H 'Accept: application/xacml+xml' -X POST -d @decision.request.xml 'http://policy-xacml-pdp:6969/policy/pdpx/v1/xacml' Note: Unnecessary use of -X or --request, POST is already inferred. * Trying 172.23.0.6:6969... * Connected to policy-xacml-pdp (172.23.0.6) port 6969 (#0) * Server auth using Basic with user 'healthcheck' > POST /policy/pdpx/v1/xacml HTTP/1.1 > Host: policy-xacml-pdp:6969 > Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0 > User-Agent: curl/7.69.1 > Content-Type: application/xacml+xml > Accept: application/xacml+xml > Content-Length: 32775 > * upload completely sent off: 32775 out of 32775 bytes * Mark bundle as not supporting multiuse < HTTP/1.1 500 Internal Server Error < Cache-Control: must-revalidate,no-cache,no-store < Content-Length: 0 < Server: Jetty(9.4.33.v20201020) < * Connection #0 to host policy-xacml-pdp left intact
The proposed solution is to modify the message handlers to check if the class type is Request.class, Response.class, or StdMutableResponse.class.