Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix re-enabling OAuth2 security on APIs configured with only mutual SSL #12742

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

nimsara66
Copy link
Contributor

@nimsara66 nimsara66 commented Jan 9, 2025

Purpose

This PR resolves an issue where an API published with only Mutual SSL enabled cannot save updates when OAuth2 or API Key application-level security is subsequently enabled.

Approach

When Mutual SSL is the sole selected security option for an API, the tier throttling policies are cleared [1]. If OAuth2 or API Key is later enabled for the same API, the update fails because the API is already published and requires a tier throttling policy. This fix ensures that a default throttling policy is applied in such scenarios, allowing the updates to be successfully saved.
Logic to filter AI policies is based on [2].

Issue

Related to: wso2/api-manager#3486
Internal: https://github.com/wso2-enterprise/wso2-apim-internal/issues/8338

[1]

//check in github code to see this method was removed
String apiSecurity = artifact.getAttribute(APIConstants.API_OVERVIEW_API_SECURITY);
if (apiSecurity != null && !apiSecurity.contains(APIConstants.DEFAULT_API_SECURITY_OAUTH2) && !apiSecurity
.contains(APIConstants.API_SECURITY_API_KEY)) {
artifact.setAttribute(APIConstants.API_OVERVIEW_TIER, "");
}

[2]
tierList = tierList.stream()
.filter(tier -> PolicyConstants.AI_API_QUOTA_TYPE.equals(tier.getQuotaPolicyType())
|| tier.getName().contains(APIConstants.DEFAULT_SUB_POLICY_SUBSCRIPTIONLESS)
|| tier.getQuotaPolicyType() == null).collect(Collectors.toList());

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant