Add support for global connection timeout and proxy configurations

[thisaltennakoon]

Fix wso2/api-manager#3590

This pull request adds support for configuring connection timeouts and proxy settings at both global and endpoint levels. Additionally, connection timeouts and proxy configurations can be disabled at the endpoint level. Changes have also been made to the API retrieval section to ensure that the existing behavior remains intact.

Furthermore, this update fixes an issue where the proxy password was not resolving correctly when the secure vault was enabled.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces new endpoint security configuration options by adding fields and methods to the EndpointSecurity class, along with a new enumeration to represent token endpoint connection configuration types. Additionally, the changes include new constants for security and timeout settings, modifications in APIProviderImpl for populating default security configurations, updates to proxy credential handling in publisher utilities, and enhancements to OAuth timeout configuration parameters in both JSON and XML templates.

Changes

File(s)	Change Summary
components/apimgt/.../api/model/EndpointSecurity.java components/apimgt/.../api/model/TokenEndpointConnectionConfigType.java	Added new private fields (connectionTimeoutConfigType, proxyConfigType, proxyPasswordAlias), their getters/setters, and updated the copy constructor in EndpointSecurity. Also added @JsonIgnoreProperties annotations and introduced the new TokenEndpointConnectionConfigType enum with constants GLOBAL, ENDPOINT_SPECIFIC, and NONE.
components/apimgt/.../impl/APIConstants.java	Introduced new string constants for endpoint security and timeout configurations such as ENDPOINT_SECURITY_PROXY_PASSWORD, CONNECTION_TIMEOUT_CONFIG_TYPE, PROXY_CONFIG_TYPE, CONNECTION_TIMEOUT_DURATION, CONNECTION_REQUEST_TIMEOUT_DURATION, SOCKET_TIMEOUT_DURATION, PROXY_CONFIGS, PROXY_ENABLED, and CONNECTION_TIMEOUT_DEFAULT.
components/apimgt/.../impl/APIProviderImpl.java	Added methods populateEndpointSecurityDefaults(API), setDefaultTokenEndpointConnectionConfigType(JSONObject), and isDefaultConnectionTimeout(JSONObject, String). Modified getAPIbyUUID(String, String) to invoke the default population logic for endpoint security configurations.
components/apimgt/.../impl/utils/GatewayUtils.java	Added the public static method retrieveOAuthProxyPasswordAlias(String, String, String) to generate proxy password aliases based on provided parameters.
components/apimgt/.../rest/api/publisher/v1/common/...	Updated TemplateBuilderUtil.java to handle proxy configuration credentials by checking for proxy settings and utilizing the new GatewayUtils method. Also added @JsonIgnoreProperties in EndpointSecurityModel.java and refactored alias assignment logic in SecurityConfigContext.java.
features/apimgt/.../conf_templates/org.wso2.carbon.apimgt.core.default.json features/apimgt/.../conf_templates/templates/repository/conf/api-manager.xml.j2	Added new OAuth timeout configuration parameters: connection timeout, connection request timeout, and socket timeout durations in JSON and XML templates.

Suggested reviewers

• tgtshanika
• chamilaadhi
• dushaniw
• Arshardh
• AnuGayan
• tharindu1st

Possibly related PRs

• Intra-vendor model routing feature enhancements #12948: The changes in the main PR are related to the addition of new fields and methods in the EndpointSecurity class, which utilizes the TokenEndpointConnectionConfigType enum introduced in the retrieved PR, indicating a direct connection at the code level.

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a89f7e4 and 8ecbc0c.

📒 Files selected for processing (5)

• components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/EndpointSecurity.java (6 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/GatewayUtils.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/TemplateBuilderUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/SecurityConfigContext.java (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (5)

• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/GatewayUtils.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/SecurityConfigContext.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/TemplateBuilderUtil.java
• components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/EndpointSecurity.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: build-product (4, group4)
• GitHub Check: build-product (2, group2)
• GitHub Check: build-product (3, group3)
• GitHub Check: build-product (1, group1)
• GitHub Check: run-benchmark-test
• GitHub Check: build-carbon

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/EndpointSecurity.java (1)

367-368: toString() method updated with new fields

The toString() method has been properly updated to include the new fields. However, there's an inconsistency in the string formatting.

There's a small formatting inconsistency in the toString() method. The new fields have ' characters after them, unlike other fields:

-                ", connectionTimeoutConfigType=" + connectionTimeoutConfigType + '\'' +
-                ", proxyConfigType=" + proxyConfigType + '\'' +
+                ", connectionTimeoutConfigType=" + connectionTimeoutConfigType +
+                ", proxyConfigType=" + proxyConfigType +

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between da6b532 and a89f7e4.

📒 Files selected for processing (10)

• components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/EndpointSecurity.java (6 hunks)
• components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/TokenEndpointConnectionConfigType.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java (3 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/GatewayUtils.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/TemplateBuilderUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/EndpointSecurityModel.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/SecurityConfigContext.java (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 (1 hunks)

🧰 Additional context used

🧬 Code Definitions (6)

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/EndpointSecurityModel.java (1)

components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/EndpointSecurity.java (2)

• JsonIgnoreProperties (25-371)
• JsonIgnoreProperties (279-344)

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/TemplateBuilderUtil.java (2)

components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConstants.java (1)

• APIConstants (24-124)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/GatewayUtils.java (1)

• GatewayUtils (36-241)

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/SecurityConfigContext.java (1)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/GatewayUtils.java (1)

• GatewayUtils (36-241)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/GatewayUtils.java (1)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1)

• APIConstants (32-3346)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java (1)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1)

• APIConstants (32-3346)

components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/EndpointSecurity.java (1)

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/EndpointSecurityModel.java (1)

• JsonIgnoreProperties (28-84)

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: build-product (2, group2)
• GitHub Check: build-product (1, group1)
• GitHub Check: build-carbon
• GitHub Check: build-product (3, group3)
• GitHub Check: build-product (4, group4)
• GitHub Check: run-benchmark-test

🔇 Additional comments (26)

components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/TokenEndpointConnectionConfigType.java (1)

1-25: Well-structured enum for token endpoint connection configuration types.

The enum provides a clear set of options for configuring how token endpoints should handle connection settings: globally, endpoint-specific, or none. The naming follows Java conventions and the implementation is clean.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/GatewayUtils.java (1)

172-177: Good addition of method to retrieve OAuth proxy password alias.

This method follows the same pattern as the existing methods retrieveOauthClientSecretAlias and retrieveOAuthPasswordAlias, maintaining consistency in the codebase.

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/EndpointSecurityModel.java (2)

20-20: Added import for JsonIgnoreProperties annotation.

Appropriate import to support the annotation added to the class.

---

28-28: Added JsonIgnoreProperties annotation for better JSON deserialization.

This annotation allows Jackson to ignore unknown properties during deserialization, providing forward compatibility as new fields are added to the model. This is particularly important since this PR introduces new fields in the parent EndpointSecurity class.

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/TemplateBuilderUtil.java (1)

1520-1536: Added support for OAuth proxy password credentials.

This change correctly handles proxy credentials by extracting proxy password from endpoint security configuration and adding it to the credentials list. It follows the same pattern as existing credential handling code and utilizes the newly added retrieveOAuthProxyPasswordAlias method.

The implementation properly:

1. Checks for the existence of proxy configuration
2. Extracts the proxy password
3. Creates a credential DTO with appropriate alias
4. Adds it to the existing credentials list

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 (1)

1790-1792: Well-structured timeout configuration additions for OAuth.

These new timeout configuration parameters will enhance the fine-grained control over OAuth connection behavior, improving resilience against slow connections or unresponsive services.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (1)

91-93: Good default timeout values added for OAuth connections.

The default value of 15000ms (15 seconds) for all three timeout parameters is reasonable and consistent with industry standards for HTTP connection timeouts.

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/SecurityConfigContext.java (2)

171-179: Improved code organization for prefixed OAuth security configuration.

The refactored code effectively consolidates the logic for setting OAuth security parameters when a prefix is provided, including the new proxy password alias configuration.

---

184-186: Added proxy password alias handling for non-prefixed scenarios.

The code now properly sets the proxy password alias even when no prefix is provided, ensuring consistent proxy authentication configuration across different endpoint scenarios.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java (5)

108-108: New import for token endpoint connection configuration types.

This adds support for the new enum that defines different types of token endpoint connection configurations (global or endpoint-specific).

---

5590-5613: Well-structured method to populate endpoint security defaults.

This new method properly parses the endpoint configuration JSON and populates default values for token endpoint connection settings for both production and sandbox endpoints. It follows good practices with null checking before processing the JSON.

---

5623-5650: Important logic for determining token endpoint connection configuration types.

The method intelligently determines whether to use global or endpoint-specific configuration based on the values present:

1. For connection timeout: Uses global config if using default timeouts, otherwise uses endpoint-specific config
2. For proxy: Uses endpoint-specific config if proxy is enabled, otherwise uses global config

A well-designed approach that maintains backward compatibility while adding new functionality.

---

5662-5667: Efficient helper method for checking default connection timeout values.

This method handles various ways a default timeout could be represented (null, string "-1", integer -1, or long -1), making the code more robust against different data formats that might exist in the configuration.

---

5569-5569: Proper integration of the new functionality in API retrieval.

The populateEndpointSecurityDefaults method is correctly called when retrieving API details, ensuring that all API objects have proper default connection settings before being used by the application.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (5)

1853-1853: New constant added for endpoint security proxy password.

This constant ENDPOINT_SECURITY_PROXY_PASSWORD with value "proxyPassword" will be used to store and retrieve the proxy password used in endpoint security configurations.

---

1854-1855: Added configuration type constants for connection timeout and proxy settings.

These new constants will be used to specify the type of configuration being used for connection timeout and proxy settings, enabling different configuration approaches.

---

1856-1858: Added constants for various timeout duration parameters.

These three constants define different aspects of connection timeout:

• CONNECTION_TIMEOUT_DURATION: For the main connection establishment timeout
• CONNECTION_REQUEST_TIMEOUT_DURATION: For timeout when requesting a connection from the connection manager
• SOCKET_TIMEOUT_DURATION: For timeout when waiting for data after the connection is established

This granular approach to timeout settings allows for more precise control over connection behavior.

---

1859-1860: Added constants for proxy configuration settings.

These constants will help manage proxy-related settings:

• PROXY_CONFIGS: Likely holds the full proxy configuration
• PROXY_ENABLED: Boolean flag to enable/disable proxy functionality

These additions support the global proxy configuration capabilities mentioned in the PR objectives.

---

1861-1861: Added default timeout value constant.

The CONNECTION_TIMEOUT_DEFAULT constant with value "-1" likely represents a disabled or infinite timeout setting, which is a common default in connection timeout scenarios.

components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/EndpointSecurity.java (7)

20-25: Proper handling of unknown properties added with JsonIgnoreProperties annotation

The addition of @JsonIgnoreProperties(ignoreUnknown = true) at the class level ensures backward compatibility by allowing the JSON deserialization process to ignore unknown properties. This is a good practice when extending APIs to prevent deserialization failures when processing data from older versions.

---

85-86: Copy constructor properly updated to include new fields

The copy constructor has been properly updated to copy the new configuration type fields. This ensures that when an EndpointSecurity object is cloned, all of its properties, including the newly added ones, are correctly transferred.

---

263-277: Getter and setter methods implemented for new configuration type fields

The implementation of getter and setter methods for the new connectionTimeoutConfigType and proxyConfigType fields follows the Java bean conventions and is consistent with the existing code style.

---

279-279: JsonIgnoreProperties annotation added to inner class

Adding the @JsonIgnoreProperties(ignoreUnknown = true) annotation to the ProxyConfigs inner class ensures consistent handling of JSON deserialization across the model, which is good practice.

---

287-287: New proxyPasswordAlias field added to ProxyConfigs class

The addition of the proxyPasswordAlias field in the ProxyConfigs class allows for secure credential management by supporting the use of password aliases instead of plain text passwords for proxy authentication.

---

337-343: Getter and setter methods implemented for proxyPasswordAlias

The implementation of getter and setter methods for the new proxyPasswordAlias field follows Java bean conventions and is consistent with the existing code style.

---

64-66:

✅ Verification successful

New configuration type fields added for connection timeout and proxy settings

The addition of connectionTimeoutConfigType and proxyConfigType fields of type TokenEndpointConnectionConfigType seems appropriate for implementing the global connection timeout and proxy configuration support as mentioned in the PR objectives.

Can you verify that the TokenEndpointConnectionConfigType enum is correctly implemented? It's referenced here but not shown in the provided code.

---

🏁 Script executed:

#!/bin/bash
# Check if TokenEndpointConnectionConfigType enum exists and examine its values
fd TokenEndpointConnectionConfigType.java -exec cat {} \;

Length of output: 250

---

Action Required: Verify TokenEndpointConnectionConfigType Implementation

The new configuration-type fields for connection timeout and proxy settings are appropriate per the PR objectives. However, we couldn’t automatically verify the contents of the TokenEndpointConnectionConfigType enum due to an earlier command syntax error. Please run the above corrected script (or manually verify) to ensure that the enum is implemented correctly and includes the necessary values to support both connection timeout and proxy configuration.

---

🏁 Script executed:

#!/bin/bash
# Correctly search for the TokenEndpointConnectionConfigType enum and display its content.
# This command uses a proper regex pattern and --exec flag to print the file if found.
fd "TokenEndpointConnectionConfigType\.java" --exec cat {} \;

Length of output: 982

---

Review Comment Update: Confirmed Enum Implementation

The newly introduced fields connectionTimeoutConfigType and proxyConfigType in EndpointSecurity.java correctly reference the TokenEndpointConnectionConfigType enum. The enum implementation is verified and contains the necessary values (GLOBAL, ENDPOINT_SPECIFIC, and NONE) to support global connection timeout and proxy configuration functionality as outlined in the PR objectives.