From b3eb6c5deded536db97b0c670bc73c8682b88b4f Mon Sep 17 00:00:00 2001 From: rusirijayodaillesinghe Date: Wed, 7 Jun 2023 12:16:08 +0530 Subject: [PATCH 01/25] Add entry to allow the user to turn off the amqp authorization --- .../resources/conf/templates/repository/conf/broker.xml.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/distribution/product/src/main/resources/conf/templates/repository/conf/broker.xml.j2 b/modules/distribution/product/src/main/resources/conf/templates/repository/conf/broker.xml.j2 index 7de5426c14..75ed7f209f 100644 --- a/modules/distribution/product/src/main/resources/conf/templates/repository/conf/broker.xml.j2 +++ b/modules/distribution/product/src/main/resources/conf/templates/repository/conf/broker.xml.j2 @@ -101,6 +101,10 @@ This file is ciphertool compliant. Refer PRODUCT_HOME/repository/conf/security/c {{broker.transport.amqp.allow_shared_topic_subscriptions}} {{broker.transport.amqp.allow_strict_name_validation}} + + {{broker.transport.amqp.authorization}} + + From f28da51de1d4b5f0ecab77642853e0679bfbc2af Mon Sep 17 00:00:00 2001 From: HeshanSudarshana Date: Mon, 11 Sep 2023 00:46:31 +0530 Subject: [PATCH 02/25] Add flag to enable access to sun.security.x509 module --- .../product/src/main/startup-scripts/api-manager.bat | 2 +- .../product/src/main/startup-scripts/api-manager.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/distribution/product/src/main/startup-scripts/api-manager.bat b/modules/distribution/product/src/main/startup-scripts/api-manager.bat index ff08c75052..04fc8da6b8 100755 --- a/modules/distribution/product/src/main/startup-scripts/api-manager.bat +++ b/modules/distribution/product/src/main/startup-scripts/api-manager.bat @@ -203,7 +203,7 @@ set CARBON_CLASSPATH=".\lib\*";%CARBON_CLASSPATH% if %JAVA_VERSION% GEQ 110 set CARBON_CLASSPATH=".\lib\endorsed\*";%CARBON_CLASSPATH% if %JAVA_VERSION% LEQ 18 set JAVA_VER_BASED_OPTS=-Djava.endorsed.dirs=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed" -if %JAVA_VERSION% GEQ 110 set JAVA_VER_BASED_OPTS=--add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED +if %JAVA_VERSION% GEQ 110 set JAVA_VER_BASED_OPTS=--add-opens=java.base/sun.security.x509=ALL-UNNAMED --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" set CMD_LINE_ARGS=%CMD_LINE_ARGS% -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% %JAVA_VER_BASED_OPTS% diff --git a/modules/distribution/product/src/main/startup-scripts/api-manager.sh b/modules/distribution/product/src/main/startup-scripts/api-manager.sh index 6acc994ce7..48f913573a 100755 --- a/modules/distribution/product/src/main/startup-scripts/api-manager.sh +++ b/modules/distribution/product/src/main/startup-scripts/api-manager.sh @@ -310,7 +310,7 @@ echo "Using Java memory options: $JVM_MEM_OPTS" JAVA_VER_BASED_OPTS="--add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED" if [ $java_version_formatted -ge 1700 ]; then - JAVA_VER_BASED_OPTS="$JAVA_VER_BASED_OPTS --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED" + JAVA_VER_BASED_OPTS="$JAVA_VER_BASED_OPTS --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED" fi while [ "$status" = "$START_EXIT_STATUS" ] From 7d65eeff3564202ef2db6850734b66e59b4dc701 Mon Sep 17 00:00:00 2001 From: Ashera Silva Date: Mon, 22 May 2023 09:14:24 +0530 Subject: [PATCH 03/25] Add support to include kid claim to backend JWT header --- .../distribution/product/src/main/resources/conf/default.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/distribution/product/src/main/resources/conf/default.json b/modules/distribution/product/src/main/resources/conf/default.json index d4b057c09e..25717515f7 100644 --- a/modules/distribution/product/src/main/resources/conf/default.json +++ b/modules/distribution/product/src/main/resources/conf/default.json @@ -458,5 +458,6 @@ "apim.analytics.properties.keystore_password": "$ref{keystore.primary.password}", "apim.analytics.properties.truststore_location": "${carbon.home}/repository/resources/security/$ref{truststore.file_name}", "apim.analytics.properties.truststore_password": "$ref{truststore.password}", - "tenant_mgt.disable_email_domain_validation": true + "tenant_mgt.disable_email_domain_validation": true, + "apim.jwt.use_kid_property": false } From 1dc4c02df1675df272962433d563ce295ad74094 Mon Sep 17 00:00:00 2001 From: Ashera Silva Date: Thu, 20 Jul 2023 11:24:42 +0530 Subject: [PATCH 04/25] Change the default to true --- .../distribution/product/src/main/resources/conf/default.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/distribution/product/src/main/resources/conf/default.json b/modules/distribution/product/src/main/resources/conf/default.json index 25717515f7..9895d593f3 100644 --- a/modules/distribution/product/src/main/resources/conf/default.json +++ b/modules/distribution/product/src/main/resources/conf/default.json @@ -459,5 +459,5 @@ "apim.analytics.properties.truststore_location": "${carbon.home}/repository/resources/security/$ref{truststore.file_name}", "apim.analytics.properties.truststore_password": "$ref{truststore.password}", "tenant_mgt.disable_email_domain_validation": true, - "apim.jwt.use_kid_property": false + "apim.jwt.use_kid_property": true } From c4bedc77bc1aeea942215226300ae5f2b04aa87c Mon Sep 17 00:00:00 2001 From: Ashera Silva Date: Fri, 28 Jul 2023 09:02:12 +0530 Subject: [PATCH 05/25] Bump carbon.apimgt.version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2186f82e73..994e027265 100644 --- a/pom.xml +++ b/pom.xml @@ -1280,7 +1280,7 @@ 9.0.453 - 9.28.160 + 9.28.161 [9.0.0, 10.0.0) From ef5d9f368398e6b28eb45d6acb1095648aebd9b2 Mon Sep 17 00:00:00 2001 From: Ashera Silva Date: Fri, 28 Jul 2023 14:57:43 +0530 Subject: [PATCH 06/25] Fix JWTTestCase failure due to kid claim addition to backend JWT header --- .../java/org/wso2/am/integration/tests/jwt/BackendJWTUtil.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/BackendJWTUtil.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/BackendJWTUtil.java index fc3dcb5552..c58d863531 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/BackendJWTUtil.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/BackendJWTUtil.java @@ -55,7 +55,7 @@ public static void verifyJWTHeader(String decodedJWTHeaderString) throws JSONExc JSONObject jsonHeaderObject = new JSONObject(decodedJWTHeaderString); Assert.assertEquals(jsonHeaderObject.getString("typ"), "JWT"); Assert.assertEquals(jsonHeaderObject.getString("alg"), "RS256"); - Assert.assertFalse(jsonHeaderObject.has("kid")); + Assert.assertTrue(jsonHeaderObject.has("kid")); } /** From 155b1dcda26708d72e4c3530ac9c91062e56eb5c Mon Sep 17 00:00:00 2001 From: Ashera Silva Date: Mon, 11 Sep 2023 14:34:16 +0530 Subject: [PATCH 07/25] Add integration test for JWKS endpoint support --- .../integration/tests/jwt/BackendJWTUtil.java | 9 +++++++- .../am/integration/tests/jwt/JWTTestCase.java | 23 +++++++++++++++---- pom.xml | 4 ++-- 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/BackendJWTUtil.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/BackendJWTUtil.java index c58d863531..adb6dbbc89 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/BackendJWTUtil.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/BackendJWTUtil.java @@ -49,13 +49,20 @@ public static void verifySignature(Header jwtheader) throws UnsupportedEncodingE * verify JWT Header * * @param decodedJWTHeaderString decoded JWT Header value + * @param jwksKidClaim kid claim in JWKS endpoint * @throws JSONException if JSON payload is malformed */ - public static void verifyJWTHeader(String decodedJWTHeaderString) throws JSONException { + public static void verifyJWTHeader(String decodedJWTHeaderString, String jwksKidClaim) throws JSONException { JSONObject jsonHeaderObject = new JSONObject(decodedJWTHeaderString); Assert.assertEquals(jsonHeaderObject.getString("typ"), "JWT"); Assert.assertEquals(jsonHeaderObject.getString("alg"), "RS256"); + + // Verify kid claim: check if kid claim in JWT header match with that of JWKS endpoint Assert.assertTrue(jsonHeaderObject.has("kid")); + if (jwksKidClaim != null) { + Assert.assertEquals(jsonHeaderObject.getString("kid"), jwksKidClaim, "kid claim in JWT header " + + "does not match with that of JWKS endpoint"); + } } /** diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/JWTTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/JWTTestCase.java index dcb6506b30..8ede9d48b6 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/JWTTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/JWTTestCase.java @@ -28,6 +28,7 @@ import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.message.BasicNameValuePair; +import org.apache.http.util.EntityUtils; import org.json.JSONException; import org.json.JSONObject; import org.testng.Assert; @@ -76,6 +77,7 @@ import javax.ws.rs.core.Response; +import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertNotNull; import static org.testng.AssertJUnit.assertTrue; @@ -107,6 +109,7 @@ public class JWTTestCase extends APIManagerLifecycleBaseTest { URL tokenEndpointURL; private String tokenURL; private String identityLoginURL; + private String jwksKidClaim; private final String CALLBACK_URL = "https://localhost:9443/store/"; @BeforeClass(alwaysRun = true) @@ -191,6 +194,16 @@ public void setEnvironment() throws Exception { APIMIntegrationConstants.IS_API_EXISTS); waitForAPIDeploymentSync(user.getUserName(), api2Request.getName(), api2Request.getVersion(), APIMIntegrationConstants.IS_API_EXISTS); + + // Invoke JWKS endpoint and retrieve kid claim to validate backend JWT + HttpClient httpclient = HttpClientBuilder.create().build(); + HttpGet jwksGet = new HttpGet(getAPIInvocationURLHttp("jwks")); + HttpResponse jwksResponse = httpclient.execute(jwksGet); + assertEquals(jwksResponse.getStatusLine().getStatusCode(), HTTP_RESPONSE_CODE_OK, + "Invocation fails for JWKS GET request"); + String jwksResponseString = EntityUtils.toString(jwksResponse.getEntity(), "UTF-8"); + JSONObject jwksResponseObject = new JSONObject(jwksResponseString); + jwksKidClaim = jwksResponseObject.getJSONArray("keys").getJSONObject(0).getString("kid"); } @Test(groups = {"wso2.am"}, description = "Backend JWT Token Generation for Oauth Based App") @@ -225,7 +238,7 @@ public void testEnableJWTAndClaimsForOauthApp() throws Exception { //Do the signature verification for super tenant as tenant key store not there accessible BackendJWTUtil.verifySignature(jwtheader); log.debug("Decoded JWT header String = " + decodedJWTHeaderString); - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); JSONObject jsonObject = new JSONObject(decodedJWTString); log.info("JWT Received ==" + jsonObject.toString()); //Validate expiry time @@ -273,7 +286,7 @@ public void testEnableJWTAndClaimsForJWTApp() throws Exception { //Do the signature verification BackendJWTUtil.verifySignature(jwtheader); log.debug("Decoded JWT header String = " + decodedJWTHeaderString); - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); JSONObject jsonObject = new JSONObject(decodedJWTString); // check default claims @@ -341,7 +354,7 @@ public void testEnableJWTAndClaimsForAPIKeyApp() throws Exception { //Do the signature verification BackendJWTUtil.verifySignature(jwtheader); log.debug("Decoded JWT header String = " + decodedJWTHeaderString); - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); JSONObject jsonObject = new JSONObject(decodedJWTString); // check default claims @@ -386,7 +399,7 @@ public void testBackendJWTWithClientCredentialsGrant() throws Exception { //Do the signature verification BackendJWTUtil.verifySignature(jwtheader); log.debug("Decoded JWT header String = " + decodedJWTHeaderString); - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); JSONObject jsonObject = new JSONObject(decodedJWTString); // check default claims @@ -434,7 +447,7 @@ public void testBackendJWTWithAuthCodeGrant() throws Exception { //Do the signature verification BackendJWTUtil.verifySignature(jwtheader); log.debug("Decoded JWT header String = " + decodedJWTHeaderString); - BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString); + BackendJWTUtil.verifyJWTHeader(decodedJWTHeaderString, jwksKidClaim); JSONObject jsonObject = new JSONObject(decodedJWTString); // check default claims diff --git a/pom.xml b/pom.xml index 994e027265..71debad6d4 100644 --- a/pom.xml +++ b/pom.xml @@ -1277,10 +1277,10 @@ 5.3.5 - 9.0.453 + 9.0.468 - 9.28.161 + 9.28.175 [9.0.0, 10.0.0) From 795bcd6e56ffdc7ecbf243515bb32d8775b6a965 Mon Sep 17 00:00:00 2001 From: Ashera Silva Date: Mon, 11 Sep 2023 21:18:57 +0530 Subject: [PATCH 08/25] Fix URLSafeJWTTestCase --- .../am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java index b175554f07..1b6191d48a 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java @@ -212,7 +212,7 @@ public void testEnableJWTAndClaimsForJWTApp() throws Exception { JSONObject jsonHeaderObject = new JSONObject(decodedJWTHeaderString); Assert.assertEquals(jsonHeaderObject.getString("typ"), "JWT"); Assert.assertEquals(jsonHeaderObject.getString("alg"), "RS256"); - Assert.assertFalse(jsonHeaderObject.has("kid")); + Assert.assertTrue(jsonHeaderObject.has("kid")); JSONObject jsonObject = new JSONObject(decodedJWTString); // check default claims From 25fb718b8d1afc7af8428ab232afdf0ce2fd9c8a Mon Sep 17 00:00:00 2001 From: Ashera Silva Date: Tue, 12 Sep 2023 10:09:03 +0530 Subject: [PATCH 09/25] Fix URLSafeJWTTestCase --- .../am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java index 1b6191d48a..ac8253b4bf 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.java @@ -156,7 +156,7 @@ public void testEnableJWTAndClaimsForOauthApp() throws Exception { JSONObject jsonHeaderObject = new JSONObject(decodedJWTHeaderString); Assert.assertEquals(jsonHeaderObject.getString("typ"), "JWT"); Assert.assertEquals(jsonHeaderObject.getString("alg"), "RS256"); - Assert.assertFalse(jsonHeaderObject.has("kid")); + Assert.assertTrue(jsonHeaderObject.has("kid")); JSONObject jsonObject = new JSONObject(decodedJWTString); log.info("JWT Received ==" + jsonObject.toString()); // check default claims From 9b6789bf81299ea6a2181933d550541e391eb3ba Mon Sep 17 00:00:00 2001 From: Ashera Silva Date: Wed, 13 Sep 2023 11:40:19 +0530 Subject: [PATCH 10/25] Bump carbon.apimgt.version --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 71debad6d4..994e027265 100644 --- a/pom.xml +++ b/pom.xml @@ -1277,10 +1277,10 @@ 5.3.5 - 9.0.468 + 9.0.453 - 9.28.175 + 9.28.161 [9.0.0, 10.0.0) From 9b48bf05bede2fae42ec8c31ed2b36dd6165b562 Mon Sep 17 00:00:00 2001 From: Samitha Chathuranga Date: Thu, 21 Sep 2023 11:28:18 +0530 Subject: [PATCH 11/25] Bump carbon.apimgt and synapse version --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 994e027265..69d3016529 100644 --- a/pom.xml +++ b/pom.xml @@ -1280,7 +1280,7 @@ 9.0.453 - 9.28.161 + 9.28.177 [9.0.0, 10.0.0) @@ -1347,7 +1347,7 @@ 1.8 3.0-FINAL 1.0.0.M8-wso2v1 - 4.0.0-wso2v20 + 4.0.0-wso2v50 1.0.2 1.6.1-wso2v85 1.2.11-wso2v25 From 4af999c30be52b6857bfe3f681b3562eaa66cb3a Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Tue, 19 Sep 2023 10:12:57 +0530 Subject: [PATCH 12/25] Enable wirelogs logs --- .../test/resources/artifacts/AM/lifecycletest/log4j2.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/log4j2.properties b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/log4j2.properties index f06c2dbcdb..e1e1d0fae5 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/log4j2.properties +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/log4j2.properties @@ -185,7 +185,7 @@ appender.osgi.type = PaxOsgi appender.osgi.name = PaxOsgi appender.osgi.filter = * -loggers = AUDIT_LOG, trace-messages, org-apache-coyote, com-hazelcast, Owasp-CsrfGuard, org-apache-axis2-wsdl-codegen-writer-PrettyPrinter, org-apache-axis2-clustering, org-apache-catalina, org-apache-tomcat, org-wso2-carbon-apacheds, org-apache-directory-server-ldap, org-apache-directory-server-core-event, com-atomikos, org-quartz, org-apache-jackrabbit-webdav, org-apache-juddi, org-apache-commons-digester-Digester, org-apache-jasper-compiler-TldLocationsCache, org-apache-qpid, org-apache-qpid-server-Main, qpid-message, qpid-message-broker-listening, org-apache-tiles, org-apache-commons-httpclient, org-apache-solr, me-prettyprint-cassandra-hector-TimingLogger, org-apache-axis-enterprise, org-apache-directory-shared-ldap, org-apache-directory-server-ldap-handlers, org-apache-directory-shared-ldap-entry-DefaultServerAttribute, org-apache-directory-server-core-DefaultDirectoryService, org-apache-directory-shared-ldap-ldif-LdifReader, org-apache-directory-server-ldap-LdapProtocolHandler, org-apache-directory-server-core, org-apache-directory-server-ldap-LdapSession, DataNucleus, Datastore, Datastore-Schema, JPOX-Datastore, JPOX-Plugin, JPOX-MetaData, JPOX-Query, JPOX-General, JPOX-Enhancer, org-apache-hadoop-hive, hive, ExecMapper, ExecReducer, net-sf-ehcache-config-ConfigurationFactory, axis2Deployment, equinox, tomcat2, StAXDialectDetector, trace, synapse, synapse_transport, axis2, axis2_transport, org-wso2-carbon, hunsicker, thrift-publisher, service_logger, trace_logger, org-wso2-carbon-apimgt-gateway-mediators-BotDetectionMediator, wso2-callhome, correlation, JAGGERY_LOG, API_LOG +loggers = AUDIT_LOG, trace-messages, org-apache-coyote, com-hazelcast, Owasp-CsrfGuard, org-apache-axis2-wsdl-codegen-writer-PrettyPrinter, org-apache-axis2-clustering, org-apache-catalina, org-apache-tomcat, org-wso2-carbon-apacheds, org-apache-directory-server-ldap, org-apache-directory-server-core-event, com-atomikos, org-quartz, org-apache-jackrabbit-webdav, org-apache-juddi, org-apache-commons-digester-Digester, org-apache-jasper-compiler-TldLocationsCache, org-apache-qpid, org-apache-qpid-server-Main, qpid-message, qpid-message-broker-listening, org-apache-tiles, org-apache-commons-httpclient, org-apache-solr, me-prettyprint-cassandra-hector-TimingLogger, org-apache-axis-enterprise, org-apache-directory-shared-ldap, org-apache-directory-server-ldap-handlers, org-apache-directory-shared-ldap-entry-DefaultServerAttribute, org-apache-directory-server-core-DefaultDirectoryService, org-apache-directory-shared-ldap-ldif-LdifReader, org-apache-directory-server-ldap-LdapProtocolHandler, org-apache-directory-server-core, org-apache-directory-server-ldap-LdapSession, DataNucleus, Datastore, Datastore-Schema, JPOX-Datastore, JPOX-Plugin, JPOX-MetaData, JPOX-Query, JPOX-General, JPOX-Enhancer, org-apache-hadoop-hive, hive, ExecMapper, ExecReducer, net-sf-ehcache-config-ConfigurationFactory, axis2Deployment, equinox, tomcat2, StAXDialectDetector, trace, synapse, synapse_transport, axis2, axis2_transport, org-wso2-carbon, hunsicker, thrift-publisher, service_logger, trace_logger, org-wso2-carbon-apimgt-gateway-mediators-BotDetectionMediator, wso2-callhome, correlation, JAGGERY_LOG, API_LOG, synapse-wire logger.API_LOG.name = API_LOG logger.API_LOG.level = INFO From fba0def5dacf2117f2aa6b5e7d827ab176ceb053 Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Wed, 20 Sep 2023 09:05:50 +0530 Subject: [PATCH 13/25] Add localhost as allowed origin in tomcat CORS filter --- .../artifacts/AM/configFiles/corsACACTest/deployment.toml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml index 6d1863d880..e30281ebf6 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml @@ -76,6 +76,12 @@ allow_methods = ["GET", "PUT", "POST", "DELETE", "PATCH", "OPTIONS"] allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","Authorization"] allow_credentials = true +[cors] +allow_any_origin = false +allowed_origins = [ + "http://localhost", "http://localhost:8080" +] + [apim.sdk] supported_languages = ["android", "java", "csharp", "dart", "flash", "groovy", "javascript", "jmeter", "perl", "php", "python", "ruby", "swift5", "clojure"] From 69a98c253198993c00a252a4fd82d301388a3854 Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Wed, 20 Sep 2023 12:22:24 +0530 Subject: [PATCH 14/25] Enable allow any origin for CORS header based test cases --- .../artifacts/AM/configFiles/corsACACTest/deployment.toml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml index e30281ebf6..2cb668defd 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml @@ -77,10 +77,7 @@ allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","S allow_credentials = true [cors] -allow_any_origin = false -allowed_origins = [ - "http://localhost", "http://localhost:8080" -] +allow_any_origin = true [apim.sdk] supported_languages = ["android", "java", "csharp", "dart", "flash", "groovy", "javascript", "jmeter", "perl", "php", "python", "ruby", "swift5", "clojure"] From 1c8772754d23a6293ce2fb6305d9c23faa22e30a Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Wed, 20 Sep 2023 23:23:12 +0530 Subject: [PATCH 15/25] Enable allow_any_origin for test suite --- .../resources/artifacts/AM/configFiles/common/deployment.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/deployment.toml index 39ce9827f2..ae77c0b133 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/deployment.toml @@ -99,6 +99,9 @@ allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","S allow_credentials = false enable_validation_for_ws = true +[cors] +allow_any_origin = true + [apim.workflow] enable = false service_url = "http://localhost:10263/BPMNProcessServerApp-1.0.0" From 9d28dde8b21b83dd2c2a50f8bb232a0a032afc2a Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Thu, 21 Sep 2023 07:52:45 +0530 Subject: [PATCH 16/25] Enable allow_any_origin for test suite --- .../artifacts/AM/configFiles/customHeaderTest/deployment.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml index 7127c39abd..95dd79396b 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml @@ -78,6 +78,9 @@ allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction"] allow_credentials = false +[cors] +allow_any_origin = true + [transport] passthru_https.listener.ssl_profile_interval = 6000 passthru_https.sender.ssl_profile.interval = 6000 From a79039bd1f73f1da1d1c112d195d35ec3dfb8c8a Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Thu, 21 Sep 2023 13:48:10 +0530 Subject: [PATCH 17/25] Enabling allow_any_origin config for CORSValve in order to avoid request blockers --- .../distribution/product/src/main/resources/conf/default.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/distribution/product/src/main/resources/conf/default.json b/modules/distribution/product/src/main/resources/conf/default.json index 9895d593f3..0d377afaea 100644 --- a/modules/distribution/product/src/main/resources/conf/default.json +++ b/modules/distribution/product/src/main/resources/conf/default.json @@ -459,5 +459,6 @@ "apim.analytics.properties.truststore_location": "${carbon.home}/repository/resources/security/$ref{truststore.file_name}", "apim.analytics.properties.truststore_password": "$ref{truststore.password}", "tenant_mgt.disable_email_domain_validation": true, - "apim.jwt.use_kid_property": true + "apim.jwt.use_kid_property": true, + "cors.allow_any_origin": true } From 2c9cb008ffee920329efbdfb61be69e02be71219 Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Thu, 21 Sep 2023 14:14:35 +0530 Subject: [PATCH 18/25] Upgrade carbon.apimgt version to 9.28.178 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 69d3016529..57cd12bebd 100644 --- a/pom.xml +++ b/pom.xml @@ -1280,7 +1280,7 @@ 9.0.453 - 9.28.177 + 9.28.178 [9.0.0, 10.0.0) From ab77b1e6b0f5eb49ca2cde2294138bcfd2dbf23e Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Thu, 21 Sep 2023 14:26:50 +0530 Subject: [PATCH 19/25] Add missing websocket endpoint configurations to WebSocketAPIInvocationWithTracingTestCase --- .../AM/configFiles/webSocketWithTracing/deployment.toml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/webSocketWithTracing/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/webSocketWithTracing/deployment.toml index 2526f60b3b..e6e8d824a5 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/webSocketWithTracing/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/webSocketWithTracing/deployment.toml @@ -45,7 +45,9 @@ show_as_token_endpoint_url = true service_url = "https://localhost:${mgt.transport.https.port}/services/" username = "admin" password = "admin" -http_endpoint = "ws://wsserverhost:9797" +ws_endpoint = "ws://localhost:9960/" +wss_endpoint = "wss://localhost:9960/" +http_endpoint = "http://wsserverhost:9797" https_endpoint = "https://serverhost:9898" [[apim.gateway.environment]] From 846a50eeacfa031918f523051dfd5221b69272eb Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Thu, 21 Sep 2023 15:43:00 +0530 Subject: [PATCH 20/25] Enable allow_all_origin config in CORSValve --- .../resources/artifacts/AM/toml_config/case1/deployment.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/toml_config/case1/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/toml_config/case1/deployment.toml index 2d565bd899..3e557f2948 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/toml_config/case1/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/toml_config/case1/deployment.toml @@ -172,6 +172,8 @@ allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","X-custom"] allow_credentials = true +[cors] +allow_any_origin = true # [apim.throttling] From 54ee1b3ae4902db7dae9088d8c9eb1c3ee9124c7 Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Mon, 25 Sep 2023 06:59:40 +0530 Subject: [PATCH 21/25] Disabling CORSValve --- .../conf/templates/repository/conf/tomcat/catalina-server.xml.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/distribution/product/src/main/resources/conf/templates/repository/conf/tomcat/catalina-server.xml.j2 b/modules/distribution/product/src/main/resources/conf/templates/repository/conf/tomcat/catalina-server.xml.j2 index fc4500d1f3..a0adf6f4a7 100644 --- a/modules/distribution/product/src/main/resources/conf/templates/repository/conf/tomcat/catalina-server.xml.j2 +++ b/modules/distribution/product/src/main/resources/conf/templates/repository/conf/tomcat/catalina-server.xml.j2 @@ -94,7 +94,6 @@ - {% for valve in catalina.valves %} From 50673a8570823793cc3aff3bdfc8e27d51c054f6 Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Mon, 25 Sep 2023 07:24:53 +0530 Subject: [PATCH 22/25] Disable CORSValve related configs --- .../distribution/product/src/main/resources/conf/default.json | 3 +-- .../resources/artifacts/AM/configFiles/common/deployment.toml | 3 --- .../artifacts/AM/configFiles/corsACACTest/deployment.toml | 3 --- .../artifacts/AM/configFiles/customHeaderTest/deployment.toml | 3 --- .../resources/artifacts/AM/toml_config/case1/deployment.toml | 4 ---- 5 files changed, 1 insertion(+), 15 deletions(-) diff --git a/modules/distribution/product/src/main/resources/conf/default.json b/modules/distribution/product/src/main/resources/conf/default.json index 0d377afaea..9895d593f3 100644 --- a/modules/distribution/product/src/main/resources/conf/default.json +++ b/modules/distribution/product/src/main/resources/conf/default.json @@ -459,6 +459,5 @@ "apim.analytics.properties.truststore_location": "${carbon.home}/repository/resources/security/$ref{truststore.file_name}", "apim.analytics.properties.truststore_password": "$ref{truststore.password}", "tenant_mgt.disable_email_domain_validation": true, - "apim.jwt.use_kid_property": true, - "cors.allow_any_origin": true + "apim.jwt.use_kid_property": true } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/deployment.toml index ae77c0b133..39ce9827f2 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/deployment.toml @@ -99,9 +99,6 @@ allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","S allow_credentials = false enable_validation_for_ws = true -[cors] -allow_any_origin = true - [apim.workflow] enable = false service_url = "http://localhost:10263/BPMNProcessServerApp-1.0.0" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml index 2cb668defd..6d1863d880 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/corsACACTest/deployment.toml @@ -76,9 +76,6 @@ allow_methods = ["GET", "PUT", "POST", "DELETE", "PATCH", "OPTIONS"] allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","Authorization"] allow_credentials = true -[cors] -allow_any_origin = true - [apim.sdk] supported_languages = ["android", "java", "csharp", "dart", "flash", "groovy", "javascript", "jmeter", "perl", "php", "python", "ruby", "swift5", "clojure"] diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml index 95dd79396b..7127c39abd 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml @@ -78,9 +78,6 @@ allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction"] allow_credentials = false -[cors] -allow_any_origin = true - [transport] passthru_https.listener.ssl_profile_interval = 6000 passthru_https.sender.ssl_profile.interval = 6000 diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/toml_config/case1/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/toml_config/case1/deployment.toml index 3e557f2948..b920268972 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/toml_config/case1/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/toml_config/case1/deployment.toml @@ -171,10 +171,6 @@ allow_origins = ["origin1","origin2"] allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","X-custom"] allow_credentials = true - -[cors] -allow_any_origin = true - # [apim.throttling] enable_advanced_throttling = "true" From 99e5ebc2bc20de9687ca57416e08c98844c69496 Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Mon, 25 Sep 2023 20:45:14 +0530 Subject: [PATCH 23/25] Enable wire logs for restart test module --- .../test/resources/artifacts/AM/lifecycletest/log4j2.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-restart/src/test/resources/artifacts/AM/lifecycletest/log4j2.properties b/modules/integration/tests-integration/tests-restart/src/test/resources/artifacts/AM/lifecycletest/log4j2.properties index f06c2dbcdb..e1e1d0fae5 100644 --- a/modules/integration/tests-integration/tests-restart/src/test/resources/artifacts/AM/lifecycletest/log4j2.properties +++ b/modules/integration/tests-integration/tests-restart/src/test/resources/artifacts/AM/lifecycletest/log4j2.properties @@ -185,7 +185,7 @@ appender.osgi.type = PaxOsgi appender.osgi.name = PaxOsgi appender.osgi.filter = * -loggers = AUDIT_LOG, trace-messages, org-apache-coyote, com-hazelcast, Owasp-CsrfGuard, org-apache-axis2-wsdl-codegen-writer-PrettyPrinter, org-apache-axis2-clustering, org-apache-catalina, org-apache-tomcat, org-wso2-carbon-apacheds, org-apache-directory-server-ldap, org-apache-directory-server-core-event, com-atomikos, org-quartz, org-apache-jackrabbit-webdav, org-apache-juddi, org-apache-commons-digester-Digester, org-apache-jasper-compiler-TldLocationsCache, org-apache-qpid, org-apache-qpid-server-Main, qpid-message, qpid-message-broker-listening, org-apache-tiles, org-apache-commons-httpclient, org-apache-solr, me-prettyprint-cassandra-hector-TimingLogger, org-apache-axis-enterprise, org-apache-directory-shared-ldap, org-apache-directory-server-ldap-handlers, org-apache-directory-shared-ldap-entry-DefaultServerAttribute, org-apache-directory-server-core-DefaultDirectoryService, org-apache-directory-shared-ldap-ldif-LdifReader, org-apache-directory-server-ldap-LdapProtocolHandler, org-apache-directory-server-core, org-apache-directory-server-ldap-LdapSession, DataNucleus, Datastore, Datastore-Schema, JPOX-Datastore, JPOX-Plugin, JPOX-MetaData, JPOX-Query, JPOX-General, JPOX-Enhancer, org-apache-hadoop-hive, hive, ExecMapper, ExecReducer, net-sf-ehcache-config-ConfigurationFactory, axis2Deployment, equinox, tomcat2, StAXDialectDetector, trace, synapse, synapse_transport, axis2, axis2_transport, org-wso2-carbon, hunsicker, thrift-publisher, service_logger, trace_logger, org-wso2-carbon-apimgt-gateway-mediators-BotDetectionMediator, wso2-callhome, correlation, JAGGERY_LOG, API_LOG +loggers = AUDIT_LOG, trace-messages, org-apache-coyote, com-hazelcast, Owasp-CsrfGuard, org-apache-axis2-wsdl-codegen-writer-PrettyPrinter, org-apache-axis2-clustering, org-apache-catalina, org-apache-tomcat, org-wso2-carbon-apacheds, org-apache-directory-server-ldap, org-apache-directory-server-core-event, com-atomikos, org-quartz, org-apache-jackrabbit-webdav, org-apache-juddi, org-apache-commons-digester-Digester, org-apache-jasper-compiler-TldLocationsCache, org-apache-qpid, org-apache-qpid-server-Main, qpid-message, qpid-message-broker-listening, org-apache-tiles, org-apache-commons-httpclient, org-apache-solr, me-prettyprint-cassandra-hector-TimingLogger, org-apache-axis-enterprise, org-apache-directory-shared-ldap, org-apache-directory-server-ldap-handlers, org-apache-directory-shared-ldap-entry-DefaultServerAttribute, org-apache-directory-server-core-DefaultDirectoryService, org-apache-directory-shared-ldap-ldif-LdifReader, org-apache-directory-server-ldap-LdapProtocolHandler, org-apache-directory-server-core, org-apache-directory-server-ldap-LdapSession, DataNucleus, Datastore, Datastore-Schema, JPOX-Datastore, JPOX-Plugin, JPOX-MetaData, JPOX-Query, JPOX-General, JPOX-Enhancer, org-apache-hadoop-hive, hive, ExecMapper, ExecReducer, net-sf-ehcache-config-ConfigurationFactory, axis2Deployment, equinox, tomcat2, StAXDialectDetector, trace, synapse, synapse_transport, axis2, axis2_transport, org-wso2-carbon, hunsicker, thrift-publisher, service_logger, trace_logger, org-wso2-carbon-apimgt-gateway-mediators-BotDetectionMediator, wso2-callhome, correlation, JAGGERY_LOG, API_LOG, synapse-wire logger.API_LOG.name = API_LOG logger.API_LOG.level = INFO From f2633063d6920c397dee8da44be10f806484efe7 Mon Sep 17 00:00:00 2001 From: Thilini Shanika Date: Wed, 27 Sep 2023 10:44:13 +0530 Subject: [PATCH 24/25] Upgrade carbon.apimgt.version to 9.28.179 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 57cd12bebd..aab2520e11 100644 --- a/pom.xml +++ b/pom.xml @@ -1280,7 +1280,7 @@ 9.0.453 - 9.28.178 + 9.28.179 [9.0.0, 10.0.0) From 02fb4d2af42be15c1b62e6605df62e60454c776b Mon Sep 17 00:00:00 2001 From: rusirijayodaillesinghe Date: Tue, 19 Sep 2023 10:02:16 +0530 Subject: [PATCH 25/25] Add integration tests to cross tenant subscription update scenarios --- .../test/impl/RestAPIStoreImpl.java | 29 ++++ ...CrossTenantSubscriptionUpdateTestCase.java | 157 ++++++++++++++++++ .../src/test/resources/testng.xml | 1 + 3 files changed, 187 insertions(+) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/crossSubscription/CrossTenantSubscriptionUpdateTestCase.java diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIStoreImpl.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIStoreImpl.java index e77518ebfa..3ff881f918 100644 --- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIStoreImpl.java +++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIStoreImpl.java @@ -1737,6 +1737,35 @@ public SubscriptionDTO subscribeToAPI(String apiID, String appID, String tier,St return subscriptionResponse.getData(); } + /** + * Update subscription to an API of a specific tenant + * + * @param apiID API ID + * @param appID Application ID + * @param existingTier Existing subscription Tier + * @param requestedTier Requested subscription Tier + * @param subscriptionStatus subscription status + * @param subscriptionId Subscription ID + * @param xWso2Tenant Tenant Domain + * @return SubscriptionDTO + * @throws ApiException If an API exception occurs. + */ + public SubscriptionDTO updateSubscriptionToAPI(String apiID, String appID, String existingTier, + String requestedTier, SubscriptionDTO.StatusEnum subscriptionStatus, String subscriptionId, + String xWso2Tenant) throws ApiException, APIManagerIntegrationTestException { + + SubscriptionDTO subscription = new SubscriptionDTO(); + subscription.setApplicationId(appID); + subscription.setApiId(apiID); + subscription.setThrottlingPolicy(existingTier); + subscription.setRequestedThrottlingPolicy(requestedTier); + subscription.setStatus(subscriptionStatus); + SubscriptionDTO subscriptionUpdate = subscriptionIndividualApi.subscriptionsSubscriptionIdPut( + subscriptionId, subscription, xWso2Tenant); + waitUntilSubscriptionAvailableInGateway(subscriptionUpdate); + return subscriptionUpdate; + } + private void waitUntilSubscriptionAvailableInGateway(SubscriptionDTO subscribedDto) throws APIManagerIntegrationTestException { if (Boolean.parseBoolean(disableVerification)){ diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/crossSubscription/CrossTenantSubscriptionUpdateTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/crossSubscription/CrossTenantSubscriptionUpdateTestCase.java new file mode 100644 index 0000000000..7c9ac76534 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/crossSubscription/CrossTenantSubscriptionUpdateTestCase.java @@ -0,0 +1,157 @@ +/* + *Copyright (c) 2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. + * + *WSO2 LLC. licenses this file to you under the Apache License, + *Version 2.0 (the "License"); you may not use this file except + *in compliance with the License. + *You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + *Unless required by applicable law or agreed to in writing, + *software distributed under the License is distributed on an + *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + *KIND, either express or implied. See the License for the + *specific language governing permissions and limitations + *under the License. + */ +package org.wso2.am.integration.tests.crossSubscription; + +import org.apache.commons.lang3.StringUtils; +import org.json.JSONArray; +import org.json.JSONException; +import org.json.JSONObject; +import org.testng.Assert; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.Test; +import org.wso2.am.integration.clients.admin.ApiException; +import org.wso2.am.integration.clients.store.api.v1.dto.*; +import org.wso2.am.integration.test.utils.base.APIMIntegrationConstants; +import org.wso2.am.integration.test.utils.bean.APILifeCycleAction; +import org.wso2.am.integration.test.utils.bean.APIRequest; +import org.wso2.am.integration.tests.api.lifecycle.APIManagerLifecycleBaseTest; +import org.wso2.carbon.automation.engine.annotations.ExecutionEnvironment; +import org.wso2.carbon.automation.engine.annotations.SetEnvironment; +import org.wso2.carbon.automation.engine.context.TestUserMode; +import org.wso2.carbon.automation.test.utils.http.client.HttpResponse; +import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; + +import java.io.File; +import java.net.URL; +import java.util.ArrayList; + +import static org.wso2.am.integration.clients.publisher.api.v1.dto.APIDTO.SubscriptionAvailabilityEnum.ALL_TENANTS; + +@SetEnvironment(executionEnvironments = { ExecutionEnvironment.STANDALONE }) +public class CrossTenantSubscriptionUpdateTestCase extends APIManagerLifecycleBaseTest { + private ServerConfigurationManager serverConfigurationManager; + private String apiId1; + private final String apiName1 = "Test1"; + private final String apiVersion1 = "1.0.0"; + private final String apiContext1 = "/test1"; + private String apiId2; + private final String apiName2 = "Test2"; + private final String apiVersion2 = "1.0.0"; + private final String apiContext2 = "/test2"; + + private final String apiEndpoint1 = "http://localhost:9443"; + private final String apiEndpoint2 = "http://localhost:9444"; + private final String tenant3ApplicationName = "TestApp"; + private ApplicationDTO tenant3Application; + private ApplicationKeyDTO tenant3AppTenant3Store; + private String tenant1Domain; + private String tenant2Domain; + private final String errorMessageKeyGeneration = "Error occurred while generating keys"; + + @BeforeClass(alwaysRun = true) + public void setEnvironment() throws Exception { + super.init(TestUserMode.SUPER_TENANT_ADMIN); + serverConfigurationManager = new ServerConfigurationManager(gatewayContextWrk); + serverConfigurationManager.applyConfiguration(new File(getAMResourceLocation() + + File.separator + "configFiles" + File.separator + "cross-tenant" + File.separator + "deployment.toml")); + APIRequest apiRequest1 = new APIRequest(apiName1, apiContext1, new URL(apiEndpoint1)); + apiRequest1.setVersion(apiVersion1); + apiRequest1.setTier(APIMIntegrationConstants.API_TIER.GOLD); + apiRequest1.setTiersCollection(APIMIntegrationConstants.API_TIER.GOLD + "," + APIMIntegrationConstants.API_TIER.BRONZE); + apiRequest1.setSubscriptionAvailability(ALL_TENANTS.toString()); + HttpResponse response = restAPIPublisher.addAPI(apiRequest1); + apiId1 = response.getData(); + restAPIPublisher.changeAPILifeCycleStatus(apiId1, APILifeCycleAction.PUBLISH.getAction()); + tenant1Domain = MultitenantUtils.getTenantDomain(user.getUserName()); + + super.init(TestUserMode.TENANT_ADMIN); + + APIRequest apiRequest2 = new APIRequest(apiName2, apiContext2, new URL(apiEndpoint2)); + apiRequest2.setVersion(apiVersion2); + apiRequest2.setTier(APIMIntegrationConstants.API_TIER.GOLD); + apiRequest2.setTiersCollection(APIMIntegrationConstants.API_TIER.GOLD + "," + APIMIntegrationConstants.API_TIER.BRONZE); + apiRequest2.setSubscriptionAvailability(ALL_TENANTS.toString()); + apiRequest2.setProvider(user.getUserName()); + HttpResponse response2 = restAPIPublisher.addAPI(apiRequest2); + apiId2 = response2.getData(); + restAPIPublisher.changeAPILifeCycleStatus(apiId2, APILifeCycleAction.PUBLISH.getAction()); + tenant2Domain = MultitenantUtils.getTenantDomain(user.getUserName()); + // tenant1 :carbon.super, tenant2 :wso2.com + Assert.assertNotEquals(tenant1Domain, tenant2Domain); + } + + @Test(description = "Create new application and generate access token using an already subscribed application") + public void testCreateNewApplicationAndGenerateTokenSubscribedApplication() throws Exception { + + super.init(TestUserMode.TENANT_EMAIL_USER); + + tenant3Application = restAPIStore.addApplication(tenant3ApplicationName, + APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, + StringUtils.EMPTY, StringUtils.EMPTY); + SubscriptionDTO subscriptionDTO1 = restAPIStore.subscribeToAPI(apiId1, tenant3Application.getApplicationId(), + APIMIntegrationConstants.API_TIER.GOLD, tenant1Domain); + ArrayList grantTypes = new ArrayList<>(); + grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.PASSWORD); + grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.CLIENT_CREDENTIAL); + restAPIAdmin.getKeyManagers(); // Due to the issue: https://github.com/wso2/product-apim/issues/12634 + tenant3AppTenant3Store = restAPIStore.generateKeys(tenant3Application.getApplicationId(), + APIMIntegrationConstants.DEFAULT_TOKEN_VALIDITY_TIME, + StringUtils.EMPTY, + ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, + null, grantTypes); + Assert.assertNotNull(tenant3AppTenant3Store, errorMessageKeyGeneration); + + // subscribe to the other API + SubscriptionDTO subscriptionDTO2 = restAPIStore.subscribeToAPI(apiId2, tenant3Application.getApplicationId(), + APIMIntegrationConstants.API_TIER.GOLD, tenant2Domain); + + restAPIStore.updateSubscriptionToAPI(apiId2, tenant3Application.getApplicationId(), APIMIntegrationConstants.API_TIER.GOLD, + APIMIntegrationConstants.API_TIER.BRONZE, SubscriptionDTO.StatusEnum.UNBLOCKED, subscriptionDTO2.getSubscriptionId(), tenant2Domain); + + verifyTenantDomainInWorkflowsTable(apiName2, tenant2Domain); + + restAPIStore.updateSubscriptionToAPI(apiId1, tenant3Application.getApplicationId(), APIMIntegrationConstants.API_TIER.GOLD, + APIMIntegrationConstants.API_TIER.BRONZE, SubscriptionDTO.StatusEnum.UNBLOCKED, subscriptionDTO1.getSubscriptionId(), tenant1Domain); + + verifyTenantDomainInWorkflowsTable(apiName1, tenant1Domain); + } + + private void verifyTenantDomainInWorkflowsTable (String apiName, String tenantDomain) throws JSONException, ApiException { + org.wso2.am.integration.test.HttpResponse workflowsResponse = restAPIAdmin.getWorkflows(null); + Assert.assertNotNull(workflowsResponse); + JSONObject workflowRespObj = new JSONObject(workflowsResponse.getData()); + JSONArray arr = (JSONArray) workflowRespObj.get("list"); + + for (int i = 0; i < arr.length(); i++) { + JSONObject listItem = (JSONObject) arr.get(i); + JSONObject properties = (JSONObject) listItem.get("properties"); + if (properties.has("apiName") && apiName.equals(properties.get("apiName"))) { + Assert.assertEquals(listItem.get("tenantDomain"), tenantDomain); + } + } + } + + @AfterClass(alwaysRun = true) + public void destroy() throws Exception { + restAPIStore.deleteApplication(tenant3Application.getApplicationId()); + serverConfigurationManager.restoreToLastConfiguration(); + } +} + diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml index 569410771f..03901f9726 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml @@ -427,6 +427,7 @@ +