Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update retrieval of URITemplates, scopes and roles from swagger in the local entry #7401

Merged
merged 3 commits into from
Oct 10, 2019
Merged

Update retrieval of URITemplates, scopes and roles from swagger in the local entry #7401

merged 3 commits into from
Oct 10, 2019

Conversation

ChamodDamitha
Copy link
Contributor

@ChamodDamitha ChamodDamitha commented Oct 9, 2019
edited
Loading

  • This will enable the scope and role validation in the JWT and Basic Auth flow

This will fix wso2/product-apim#6224

  • Allow retrieval of URITemplates from swagger in the local entry in OAuth2 flow

chamilaadhi
chamilaadhi reviewed Oct 10, 2019
View reviewed changes
...2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/OpenAPIUtils.java
return (ArrayList<LinkedHashMap>) swaggerObjectAPIM.get(APIConstants.SWAGGER_X_WSO2_SCOPES);
if (openAPI.getExtensions() != null) {
LinkedHashMap swaggerWSO2Security = (LinkedHashMap) openAPI.getExtensions()
.get(APIConstants.SWAGGER_X_WSO2_SECURITY);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you need to do a Null check for openAPI.getExtensions().get(APIConstants.SWAGGER_X_WSO2_SECURITY) as well because there could be a NPE when casting to LinkedHashMap when there is no when get(APIConstants.SWAGGER_X_WSO2_SECURITY) becomes null. We could add the null check to the if condition

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

...2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/OpenAPIUtils.java
LinkedHashMap<String, Object> scopeBindings =
(LinkedHashMap<String, Object>) extensions.get(APIConstants.SWAGGER_X_SCOPES_BINDINGS);
if (scopeBindings != null) {
return (String) scopeBindings.get(resourceScope);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

...2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/OpenAPIUtils.java Outdated
LinkedHashMap swaggerObjectAPIM = (LinkedHashMap) swaggerWSO2Security
.get(APIConstants.SWAGGER_OBJECT_NAME_APIM);
if (swaggerObjectAPIM != null) {
ArrayList<LinkedHashMap> apiScopes = (ArrayList<LinkedHashMap>) swaggerObjectAPIM.get(APIConstants.SWAGGER_X_WSO2_SCOPES);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@ChamodDamitha ChamodDamitha changed the title Update retrieval of scopes and roles from swagger in the local entry Update retrieval of URITemplates, scopes and roles from swagger in the local entry Oct 10, 2019
@rmsamitha rmsamitha merged commit 7df8a5b into wso2:master Oct 10, 2019
dushaniw
dushaniw reviewed Jul 20, 2020
View reviewed changes
....gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/APIKeyValidator.java
@@ -539,15 +545,15 @@ private boolean isResourcePathMatching(String resourceString, ResourceInfoDTO re
}

@MethodStats
private APIInfoDTO doGetAPIInfo(String context, String apiVersion) throws APISecurityException {
ArrayList<URITemplate> uriTemplates = getAllURITemplates(context, apiVersion);
private APIInfoDTO doGetAPIInfo(MessageContext messageContext, String context, String apiVersion) throws APISecurityException {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

arent we exceeding the max column length? 120

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in #9250

dushaniw
dushaniw reviewed Jul 20, 2020
View reviewed changes
....gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/APIKeyValidator.java
private APIInfoDTO doGetAPIProductInfo(String context, String apiVersion) throws APISecurityException {
ArrayList<URITemplate> uriTemplates = getAPIProductURITemplates(context, apiVersion);
private APIInfoDTO doGetAPIProductInfo(MessageContext messageContext, String context, String apiVersion) throws APISecurityException {
ArrayList<URITemplate> uriTemplates = getAPIProductURITemplates(messageContext, context, apiVersion);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here, seems we are exceeding 120

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in #9250

dushaniw
dushaniw reviewed Jul 20, 2020
View reviewed changes
....gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/APIKeyValidator.java
* @param context API context of API
* @param apiVersion Version of API
* @param requestPath Incoming request path
* @param httpMethod http method of request
* @return verbInfoDTO which contains throttling tier for given resource and verb+resource key
*/
public VerbInfoDTO getVerbInfoDTOFromAPIData(String context, String apiVersion, String requestPath, String httpMethod)
public VerbInfoDTO getVerbInfoDTOFromAPIData(MessageContext messageContext, String context, String apiVersion, String requestPath, String httpMethod)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

exceeding the max length

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in #9250

wso2-jenkins-bot added a commit that referenced this pull request Jan 23, 2025
@wso2-jenkins-bot
[WSO2 Release] [Jenkins #7401] [Release 9.30.100] prepare release v9.…
3173a73 
…30.100
wso2-jenkins-bot added a commit that referenced this pull request Jan 23, 2025
@wso2-jenkins-bot
[WSO2 Release] [Jenkins #7401] [Release 9.30.100] prepare for next de…
648a0b7 
…velopment iteration
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dushaniw dushaniw dushaniw left review comments

@mushthaq33 mushthaq33 mushthaq33 left review comments

@HiranyaKavishani HiranyaKavishani HiranyaKavishani left review comments

@chamilaadhi chamilaadhi chamilaadhi approved these changes

@uvindra uvindra uvindra approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Publisher] Users can invoke resources with a token which does not have required scope
7 participants
@ChamodDamitha @chamilaadhi @uvindra @dushaniw @mushthaq33 @HiranyaKavishani @rmsamitha