feat(maintenance mode): REST API respond with 503 in maintenance (#2718)

* catch TenantStatusException to throw 503 for APIs that are not available in maintenance * catch InvalidSessionException to throw 401 ad a single filter level * stop catching all exception when calling engine java API to be able to catch and handle runtime exceptions at filter leve * clean useless tests of wrong methods usage * clean useless exceptions Covers [DEV-484](https://bonitasoft.atlassian.net/browse/DEV-484)
bonitasoft · Sep 20, 2023 · 9c679cd · 9c679cd
1 parent 8c96d2f
commit 9c679cd
Show file tree

Hide file tree

Showing 62 changed files with 287 additions and 400 deletions.
diff --git a/...nita-web-server/src/main/java/org/bonitasoft/console/common/server/api/CommandCaller.java b/...nita-web-server/src/main/java/org/bonitasoft/console/common/server/api/CommandCaller.java
@@ -18,10 +18,9 @@
 import java.util.Map;
 
 import org.bonitasoft.engine.api.TenantAPIAccessor;
+import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.engine.session.APISession;
-import org.bonitasoft.engine.session.InvalidSessionException;
 import org.bonitasoft.web.toolkit.client.common.exception.api.APIException;
-import org.bonitasoft.web.toolkit.client.common.exception.api.APISessionInvalidException;
 
 /**
  * @author Vincent Elcrin
@@ -51,9 +50,7 @@ public CommandCaller addParameter(final String key, final Serializable value) {
     public Serializable run() {
         try {
             return TenantAPIAccessor.getCommandAPI(this.session).execute(this.command, this.parameters);
-        } catch (InvalidSessionException e) {
-            throw new APISessionInvalidException(e);
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
     }

diff --git a/...in/java/org/bonitasoft/console/common/server/login/filter/RestAPIAuthorizationFilter.java b/...in/java/org/bonitasoft/console/common/server/login/filter/RestAPIAuthorizationFilter.java
@@ -33,15 +33,12 @@
 import org.bonitasoft.console.common.server.utils.SessionUtil;
 import org.bonitasoft.engine.api.TenantAPIAccessor;
 import org.bonitasoft.engine.api.permission.APICallContext;
-import org.bonitasoft.engine.exception.BonitaException;
-import org.bonitasoft.engine.exception.BonitaHomeNotSetException;
-import org.bonitasoft.engine.exception.ExecutionException;
-import org.bonitasoft.engine.exception.ServerAPIException;
-import org.bonitasoft.engine.exception.UnknownAPITypeException;
+import org.bonitasoft.engine.exception.*;
 import org.bonitasoft.engine.session.APISession;
 import org.bonitasoft.engine.session.InvalidSessionException;
 import org.bonitasoft.engine.session.PlatformSession;
 import org.bonitasoft.web.rest.server.framework.utils.RestRequestParser;
+import org.bonitasoft.web.toolkit.client.common.exception.api.APIException;
 import org.bonitasoft.web.toolkit.client.common.i18n.model.I18nLocaleDefinition;
 import org.bonitasoft.web.toolkit.client.common.session.SessionDefinition;
 import org.bonitasoft.web.toolkit.client.data.APIID;
@@ -67,8 +64,8 @@ public class RestAPIAuthorizationFilter extends ExcludingPatternFilter {
     @Override
     public void proceedWithFiltering(ServletRequest request, ServletResponse response, FilterChain chain)
             throws ServletException {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
         try {
-            HttpServletRequest httpServletRequest = (HttpServletRequest) request;
             // body of multi-parts requests is not needed when checking permissions
             if (!ServletFileUpload.isMultipartContent(httpServletRequest)) {
                 //we need to use a MultiReadHttpServletRequest wrapper in order to be able to get the input stream twice (in the filter and in the API servlet)
@@ -86,11 +83,27 @@ public void proceedWithFiltering(ServletRequest request, ServletResponse respons
             if (isAuthorized) {
                 chain.doFilter(httpServletRequest, response);
             }
+        } catch (final InvalidSessionException e) {
+            if (LOGGER.isDebugEnabled()) {
+                LOGGER.debug("Invalid Bonita engine session.", e.getMessage());
+            }
+            SessionUtil.sessionLogout(httpServletRequest.getSession());
+            ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        } catch (final TenantStatusException e) {
+            if (LOGGER.isInfoEnabled()) {
+                LOGGER.info("Platform is probably under Maintenance : " + e.getMessage());
+            }
+            ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
         } catch (final Exception e) {
             if (LOGGER.isErrorEnabled()) {
                 LOGGER.error(e.getMessage(), e);
             }
-            throw new ServletException(e);
+            if (e instanceof APIException) {
+                throw new ServletException(e);
+            } else {
+                //wrap exception in APIException to avoid disclose too much information
+                throw new ServletException(new APIException(e));
+            }
         }
     }
 

diff --git a/...server/src/main/java/org/bonitasoft/console/server/service/ProcessActorImportService.java b/...server/src/main/java/org/bonitasoft/console/server/service/ProcessActorImportService.java
@@ -23,8 +23,6 @@
 import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.engine.io.FileContent;
 import org.bonitasoft.engine.session.APISession;
-import org.bonitasoft.engine.session.InvalidSessionException;
-import org.bonitasoft.web.toolkit.client.common.exception.api.APISessionInvalidException;
 import org.bonitasoft.web.toolkit.server.ServiceException;
 
 /**
@@ -39,16 +37,12 @@ public Object run() {
         final BonitaHomeFolderAccessor tenantFolder = new BonitaHomeFolderAccessor();
         try {
             final FileContent xmlFile = tenantFolder.retrieveUploadedTempContent(getFileUploadParameter());
-
             final APISession apiSession = getSession();
             final ProcessAPI processAPI = TenantAPIAccessor.getProcessAPI(apiSession);
             try (InputStream xmlStream = xmlFile.getInputStream()) {
                 final byte[] actorsXmlContent = IOUtils.toByteArray(xmlStream);
                 processAPI.importActorMapping(Long.valueOf(getParameter("process_id")), actorsXmlContent);
             }
-
-        } catch (final InvalidSessionException e) {
-            throw new APISessionInvalidException(e);
         } catch (final BonitaException | IOException e) {
             throw new ServiceException(TOKEN, e.getMessage());
         } finally {

diff --git a/bpm/bonita-web-server/src/main/java/org/bonitasoft/web/rest/server/BonitaRestAPIServlet.java b/bpm/bonita-web-server/src/main/java/org/bonitasoft/web/rest/server/BonitaRestAPIServlet.java
@@ -21,6 +21,7 @@
 import org.bonitasoft.console.common.server.login.HttpServletRequestAccessor;
 import org.bonitasoft.console.common.server.utils.SessionUtil;
 import org.bonitasoft.engine.exception.NotFoundException;
+import org.bonitasoft.engine.exception.TenantStatusException;
 import org.bonitasoft.engine.session.InvalidSessionException;
 import org.bonitasoft.web.rest.model.ModelFactory;
 import org.bonitasoft.web.rest.server.datastore.bpm.flownode.FlowNodeConverter;
@@ -72,6 +73,11 @@ protected void catchAllExceptions(final Throwable exception, final HttpServletRe
             SessionUtil.sessionLogout(requestAccessor.getHttpSession());
         } else if (exception.getCause() instanceof NotFoundException) {
             outputException(null, req, resp, HttpServletResponse.SC_NOT_FOUND);
+        } else if (exception instanceof TenantStatusException) {
+            if (LOGGER.isInfoEnabled()) {
+                LOGGER.info("Platform is probably under Maintenance : " + exception.getMessage());
+            }
+            outputException(null, req, resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE);
         } else {
             super.catchAllExceptions(exception, req, resp);
         }

diff --git a/bpm/bonita-web-server/src/main/java/org/bonitasoft/web/rest/server/ResourceFinder.java b/bpm/bonita-web-server/src/main/java/org/bonitasoft/web/rest/server/ResourceFinder.java
@@ -22,6 +22,7 @@
 import org.bonitasoft.engine.api.ProcessAPI;
 import org.bonitasoft.engine.api.TenantAPIAccessor;
 import org.bonitasoft.engine.api.TenantAdministrationAPI;
+import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.engine.session.APISession;
 import org.bonitasoft.web.toolkit.client.common.exception.api.APIException;
 import org.restlet.Request;
@@ -40,7 +41,7 @@ protected CommandAPI getCommandAPI(final Request request) {
         final APISession apiSession = getAPISession(request);
         try {
             return TenantAPIAccessor.getCommandAPI(apiSession);
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
     }
@@ -49,7 +50,7 @@ protected ProcessAPI getProcessAPI(final Request request) {
         final APISession apiSession = getAPISession(request);
         try {
             return TenantAPIAccessor.getProcessAPI(apiSession);
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
     }
@@ -58,7 +59,7 @@ protected BusinessDataAPI getBdmAPI(final Request request) {
         final APISession apiSession = getAPISession(request);
         try {
             return TenantAPIAccessor.getBusinessDataAPI(apiSession);
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
     }
@@ -67,7 +68,7 @@ protected TenantAdministrationAPI getTenantAdministrationAPI(final Request reque
         final APISession apiSession = getAPISession(request);
         try {
             return TenantAPIAccessor.getTenantAdministrationAPI(apiSession);
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
     }

diff --git a/...erver/src/main/java/org/bonitasoft/web/rest/server/api/bdm/BusinessDataModelResource.java b/...erver/src/main/java/org/bonitasoft/web/rest/server/api/bdm/BusinessDataModelResource.java
@@ -22,8 +22,10 @@
 import org.bonitasoft.engine.business.data.BusinessDataRepositoryDeploymentException;
 import org.bonitasoft.engine.business.data.InvalidBusinessDataModelException;
 import org.bonitasoft.engine.exception.BonitaException;
+import org.bonitasoft.engine.exception.TenantStatusException;
 import org.bonitasoft.engine.exception.UnavailableLockException;
 import org.bonitasoft.engine.io.FileContent;
+import org.bonitasoft.engine.session.InvalidSessionException;
 import org.bonitasoft.web.rest.model.bdm.BusinessDataModelItem;
 import org.bonitasoft.web.rest.server.api.resource.CommonResource;
 import org.bonitasoft.web.rest.server.api.tenant.TenantResourceItem;
@@ -69,6 +71,8 @@ public TenantResourceItem addBDM(final BusinessDataModelItem businessDataModelIt
             return null;
         } catch (final BusinessDataRepositoryDeploymentException e) {
             throw new APIException("An error has occurred when deploying Business Data Model.", e);
+        } catch (final TenantStatusException | InvalidSessionException e) {
+            throw e; //handled by REST API Authorization filter
         } catch (Exception e) {
             Throwable cause = e.getCause();
             if (cause instanceof UnavailableLockException) {
@@ -88,6 +92,8 @@ public TenantResourceItem addBDM(final BusinessDataModelItem businessDataModelIt
     public TenantResourceItem getBDM() {
         try {
             return new TenantResourceItem(tenantAdministrationAPI.getBusinessDataModelResource());
+        } catch (final TenantStatusException | InvalidSessionException e) {
+            throw e; //handled by REST API Authorization filter
         } catch (final Exception e) {
             throw new APIException(e);
         }

diff --git a/...r/src/main/java/org/bonitasoft/web/rest/server/api/bpm/cases/APIArchivedCaseDocument.java b/...r/src/main/java/org/bonitasoft/web/rest/server/api/bpm/cases/APIArchivedCaseDocument.java
@@ -19,6 +19,7 @@
 import org.bonitasoft.console.common.server.preferences.constants.WebBonitaConstantsUtils;
 import org.bonitasoft.engine.api.ProcessAPI;
 import org.bonitasoft.engine.api.TenantAPIAccessor;
+import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.web.rest.model.bpm.cases.ArchivedCaseDocumentDefinition;
 import org.bonitasoft.web.rest.model.bpm.cases.ArchivedCaseDocumentItem;
 import org.bonitasoft.web.rest.server.api.ConsoleAPI;
@@ -82,7 +83,7 @@ protected ArchivedCaseDocumentDatastore getArchivedCaseDocumentDatastore() {
         ProcessAPI processAPI;
         try {
             processAPI = TenantAPIAccessor.getProcessAPI(getEngineSession());
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
         final WebBonitaConstantsUtils constants = WebBonitaConstantsUtils.getTenantInstance();

diff --git a/...eb-server/src/main/java/org/bonitasoft/web/rest/server/api/bpm/cases/APICaseDocument.java b/...eb-server/src/main/java/org/bonitasoft/web/rest/server/api/bpm/cases/APICaseDocument.java
@@ -20,6 +20,7 @@
 import org.bonitasoft.console.common.server.utils.BonitaHomeFolderAccessor;
 import org.bonitasoft.engine.api.ProcessAPI;
 import org.bonitasoft.engine.api.TenantAPIAccessor;
+import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.web.rest.model.bpm.cases.CaseDocumentDefinition;
 import org.bonitasoft.web.rest.model.bpm.cases.CaseDocumentItem;
 import org.bonitasoft.web.rest.server.api.ConsoleAPI;
@@ -93,7 +94,7 @@ protected CaseDocumentDatastore getCaseDocumentDatastore() {
         ProcessAPI processAPI;
         try {
             processAPI = TenantAPIAccessor.getProcessAPI(getEngineSession());
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
         final WebBonitaConstantsUtils constants = WebBonitaConstantsUtils.getTenantInstance();

diff --git a/...c/main/java/org/bonitasoft/web/rest/server/api/bpm/flownode/ActivityVariableResource.java b/...c/main/java/org/bonitasoft/web/rest/server/api/bpm/flownode/ActivityVariableResource.java
@@ -16,8 +16,11 @@
 import org.bonitasoft.engine.api.ProcessAPI;
 import org.bonitasoft.engine.bpm.data.DataInstance;
 import org.bonitasoft.engine.bpm.data.DataNotFoundException;
+import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.web.rest.server.api.resource.CommonResource;
 import org.bonitasoft.web.toolkit.client.common.exception.api.APIException;
+import org.bonitasoft.web.toolkit.client.common.exception.api.APIItemIdMalformedException;
+import org.bonitasoft.web.toolkit.client.common.exception.api.APIMalformedUrlException;
 import org.restlet.resource.Get;
 
 public class ActivityVariableResource extends CommonResource {
@@ -36,12 +39,23 @@ public DataInstance getTaskVariable() {
         try {
             final String taskId = getAttribute(ACTIVITYDATA_ACTIVITY_ID);
             final String dataName = getAttribute(ACTIVITYDATA_DATA_NAME);
-            return getTaskVariableInstance(dataName, Long.valueOf(taskId));
-        } catch (final Exception e) {
+            if (taskId == null || dataName == null) {
+                throw new APIMalformedUrlException("missing activity Id and or variable name");
+            }
+            return getTaskVariableInstance(dataName, getActivityInstanceId(taskId));
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
     }
 
+    private Long getActivityInstanceId(String taskId) {
+        try {
+            return Long.valueOf(taskId);
+        } catch (NumberFormatException e) {
+            throw new APIItemIdMalformedException("Long", "long value expected for activity Id");
+        }
+    }
+
     private DataInstance getTaskVariableInstance(final String dataName, final Long activityInstanceId)
             throws DataNotFoundException {
         return processAPI.getActivityDataInstance(dataName, activityInstanceId);

diff --git a/.../main/java/org/bonitasoft/web/rest/server/api/bpm/flownode/TimerEventTriggerResource.java b/.../main/java/org/bonitasoft/web/rest/server/api/bpm/flownode/TimerEventTriggerResource.java
@@ -13,10 +13,12 @@
  **/
 package org.bonitasoft.web.rest.server.api.bpm.flownode;
 
+import java.io.IOException;
 import java.util.Date;
 
 import org.bonitasoft.engine.api.ProcessAPI;
 import org.bonitasoft.engine.bpm.flownode.TimerEventTriggerInstance;
+import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.engine.search.SearchResult;
 import org.bonitasoft.web.rest.server.api.resource.CommonResource;
 import org.bonitasoft.web.toolkit.client.common.exception.api.APIException;
@@ -55,7 +57,7 @@ public void searchTimerEventTriggers() {
             representation.setCharacterSet(CharacterSet.UTF_8);
             getResponse().setEntity(representation);
             setContentRange(searchResult);
-        } catch (final Exception e) {
+        } catch (final BonitaException | IOException e) {
             throw new APIException(e);
         }
     }

diff --git a/...ver/src/main/java/org/bonitasoft/web/rest/server/api/bpm/process/APIProcessParameter.java b/...ver/src/main/java/org/bonitasoft/web/rest/server/api/bpm/process/APIProcessParameter.java
@@ -25,6 +25,7 @@
 import org.bonitasoft.engine.bpm.parameter.ParameterInstance;
 import org.bonitasoft.engine.bpm.process.ProcessDefinition;
 import org.bonitasoft.engine.bpm.process.ProcessDeploymentInfo;
+import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.engine.exception.BonitaHomeNotSetException;
 import org.bonitasoft.engine.exception.ServerAPIException;
 import org.bonitasoft.engine.exception.UnknownAPITypeException;
@@ -83,7 +84,7 @@ public ProcessParameterItem get(final APIID id) {
             return new ProcessParameterItem(processId, parameterInstance.getName(), parameterInstance.getType(),
                     paramValue, parameterInstance.getDescription(), processDeploy.getDisplayName(),
                     processDef.getVersion());
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
     }
@@ -121,7 +122,7 @@ public ItemSearchResult<ProcessParameterItem> search(final int page, final int r
                         p.getDescription(), "", ""));
             }
             return new ItemSearchResult<>(page, resultsByPage, parametersCount, items);
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
     }

diff --git a/...server/src/main/java/org/bonitasoft/web/rest/server/api/document/APIArchivedDocument.java b/...server/src/main/java/org/bonitasoft/web/rest/server/api/document/APIArchivedDocument.java
@@ -21,6 +21,7 @@
 import org.bonitasoft.engine.api.TenantAPIAccessor;
 import org.bonitasoft.engine.bpm.document.ArchivedDocument;
 import org.bonitasoft.engine.bpm.document.ArchivedDocumentsSearchDescriptor;
+import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.engine.search.SearchOptionsBuilder;
 import org.bonitasoft.engine.search.SearchResult;
 import org.bonitasoft.engine.session.APISession;
@@ -55,7 +56,7 @@ public ArchivedDocumentItem get(final APIID id) {
             final DocumentDatastore dataStore = new DocumentDatastore(apiSession);
             final ArchivedDocument document = processAPI.getArchivedProcessDocument(id.toLong());
             item = dataStore.mapToArchivedDocumentItem(document);
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
         return item;
@@ -117,7 +118,7 @@ public ItemSearchResult<ArchivedDocumentItem> search(final int page, final int r
                     items.add(dataStore.mapToArchivedDocumentItem(document));
                 }
             }
-        } catch (final Exception e) {
+        } catch (final BonitaException | IllegalArgumentException e) {
             throw new APIException(e);
         }
         return new ItemSearchResult<>(page, resultsByPage, nbOfDocument, items);

diff --git a/...ita-web-server/src/main/java/org/bonitasoft/web/rest/server/api/document/APIDocument.java b/...ita-web-server/src/main/java/org/bonitasoft/web/rest/server/api/document/APIDocument.java
@@ -13,6 +13,7 @@
  **/
 package org.bonitasoft.web.rest.server.api.document;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -22,6 +23,7 @@
 import org.bonitasoft.engine.api.TenantAPIAccessor;
 import org.bonitasoft.engine.bpm.document.ArchivedDocumentsSearchDescriptor;
 import org.bonitasoft.engine.bpm.document.Document;
+import org.bonitasoft.engine.exception.BonitaException;
 import org.bonitasoft.engine.search.SearchOptionsBuilder;
 import org.bonitasoft.engine.search.SearchResult;
 import org.bonitasoft.engine.session.APISession;
@@ -59,7 +61,7 @@ public DocumentItem get(final APIID id) {
             final ProcessAPI processAPI = TenantAPIAccessor.getProcessAPI(apiSession);
             final Document document = processAPI.getDocument(id.toLong());
             item = getDataStore().mapToDocumentItem(document);
-        } catch (final Exception e) {
+        } catch (final BonitaException e) {
             throw new APIException(e);
         }
 
@@ -123,7 +125,7 @@ public ItemSearchResult<DocumentItem> search(final int page, final int resultsBy
                     items.add(getDataStore().mapToDocumentItem(document));
                 }
             }
-        } catch (final Exception e) {
+        } catch (final BonitaException | IllegalArgumentException e) {
             throw new APIException(e);
         }
         return new ItemSearchResult<>(page, resultsByPage, nbOfDocument, items);
@@ -151,7 +153,7 @@ public DocumentItem add(final DocumentItem item) {
             } else {
                 throw new APIException("Error while attaching a new document. Request with bad param value.");
             }
-        } catch (final Exception e) {
+        } catch (final BonitaException | IOException e) {
             throw new APIException(e);
         }
     }