Created toolkit-template code with openapi.yaml

[iamSahdoon]

Description

This pull request includes the foundational setup for the toolkit template development (v1). It adds the generated code from the OpenAPI specification and organizes the base structure required for future enhancements and integrations.

Summary by CodeRabbit

• New Features

  • Added a toolkit-template module providing a generated JAX‑RS REST API server with runnable example endpoints.
  • Added utility helpers for JSON conversion, request URL building, ISO‑8601 validation, expiry checks, and standardized error/success JSON responses.

• Documentation

  • Added a README with build/run instructions and guidance for the new module.

• Chores

  • Included the new module in dev builds and centralized version/dependency management; adjusted build tooling to ignore generated code and suppress unresolved property warnings.

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

Walkthrough

Adds a new toolkit-template module (WAR) with a generated OpenAPI JAX-RS server, generated APIs/models, OpenAPI spec and generator metadata, new utility and implementation classes, and centralized dependency/version declarations plus minor parent POM build/plugin config tweaks.

Changes

Cohort / File(s)	Summary
Parent POM & dependency management pom.xml	Adds toolkit-template to root <modules> and dev profile modules; introduces new version properties and several dependencyManagement entries (jakarta.ws.rs-api, jackson-*, joda-time, javax.annotation-api, swagger-annotations, org.json, javax.servlet-api); adds checkstyle exclude for generated code and a suppress comment for unresolved Maven properties in maven-bundle-plugin.
Generator metadata & ignores toolkit-template/.openapi-generator/VERSION, toolkit-template/.openapi-generator/FILES, toolkit-template/.openapi-generator-ignore	Adds generator version (7.16.0), metadata listing generated files, and OpenAPI Generator ignore patterns.
Module POM toolkit-template/pom.xml	New module POM (packaging: war) declaring dependencies (Jakarta/JAX-RS, Jackson, joda-time, javax.annotation-api, validation-api, swagger-annotations, javax.servlet-api, httpclient, json, testng), and build plugins (javadoc, war config).
Generated OpenAPI sources toolkit-template/src/gen/java/org/openapitools/api/...	Adds many generated JAX-RS API interfaces and bootstrap classes (e.g., RestApplication, RestResourceRoot, Validate*/PreProcess*/Enrich* APIs, IssueRefreshTokenApi, PersistAuthorizedConsentApi, MapAcceleratorErrorResponseApi).
Generated models toolkit-template/src/gen/java/org/openapitools/model/...	Adds a large set of generated model classes for requests, responses, domain and stored resources, and many success/failed response variants.
OpenAPI spec toolkit-template/src/main/openapi/openapi.yaml	Adds the OpenAPI specification used to generate the APIs and models.
Runtime utilities toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/...	Adds CommonConsentValidationUtil (JSON conversion, URL builder, ISO-8601 validation, expiry check) and ErrorUtil (error/success JSON builders and wrappers).
API implementation stubs toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/...	Adds lightweight implementation stubs: IssueRefreshTokenApiImpl, PopulateConsentAuthorizeScreenApiImpl, ValidateAuthorizationRequestApiImpl, ValidateConsentAccessApiImpl — methods return fixed 200 OK "magic!" responses.
Documentation toolkit-template/README.md	Adds README describing the toolkit-template module, build/run instructions, and license/links.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant ParentPOM as Parent POM
  participant Maven as Maven
  participant Toolkit as toolkit-template (module)
  participant Gen as OpenAPI Generator
  participant Runtime as Runtime (App)
  participant API as Generated API
  participant Models as Generated Models

  ParentPOM->>Maven: include `toolkit-template` module + dependency versions
  Maven->>Toolkit: build lifecycle (compile, package)
  Toolkit->>Gen: openapi.yaml → generate src/gen/java (APIs, Models)
  Gen-->>Toolkit: emitted generated sources
  Maven->>Toolkit: compile generated + main sources (build plugins apply)
  Runtime->>API: incoming HTTP request
  API->>Models: marshal/unmarshal payloads
  API->>Runtime: respond (uses utils / impl stubs)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Areas needing extra attention:
  • Parent pom.xml dependencyManagement and version property introductions (ensure no property name collisions and correct scopes).
  • toolkit-template/pom.xml dependency scopes and plugin configurations for WAR packaging.
  • Large generated sources (src/gen/java/...) — verify they are truly generated (no manual edits) and license/headers.
  • New utility classes CommonConsentValidationUtil and ErrorUtil for correctness (encoding, timezone handling, JSON mapping).
  • Implementation stubs that currently return static responses — confirm intended placeholder behavior.

Poem

🐇 I hopped into a POM and planted a seed,
Generated routes and models sprout with speed,
Utils tidy errors, URLs take flight,
Stubs say "magic!" and README shines bright,
New module blooms — a toolkit to lead.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is minimal and lacks required sections from the template (issue link, checklists, test details). Only a brief description is provided.	Add required sections: issue link, development checklist, security checklist, and testing checklist with specific test details.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: creating the toolkit-template module with OpenAPI code generation.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 6

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 86eb485 and c4b7920.

⛔ Files ignored due to path filters (137)

• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichConsentCreationResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichConsentFileResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichConsentSearchResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichEventPollingResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichEventSubscriptionResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/IssueRefreshTokenApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/MapAcceleratorErrorResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PersistAuthorizedConsentApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PopulateConsentAuthorizeScreenApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessApplicationCreationApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessApplicationUpdateApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessClientCreationApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessClientRetrievalApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessClientUpdateApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessConsentCreationApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessConsentFileUploadApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessConsentRetrievalApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessConsentRevokeApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/RestApplication.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/RestResourceRoot.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateAuthorizationRequestApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateConsentAccessApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateConsentFileRetrievalApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateEventCreationApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateEventPollingApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateEventSubscriptionApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Account.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AmendedAuthorization.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AmendedResource.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AppCreateProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AppCreateProcessRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AppUpdateProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AppUpdateProcessRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Authorization.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AuthorizedResources.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AuthorizedResourcesAuthorizedDataInner.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ClientProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ClientProcessRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ConsentSearchData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/DetailedConsentResourceData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/DetailedConsentResourceDataWithAmendments.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EnrichConsentCreationRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EnrichConsentSearchRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EnrichFileUploadResponseRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Error.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ErrorMapperData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ErrorMapperRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ErrorResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventCreationRequest.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventCreationRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventPollingRequest.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventPollingRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventSubscriptionRequest.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventSubscriptionRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseApplicationProcess.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseApplicationProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseClientProcess.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseClientProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseInConsentAuthorize.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseInConsentAuthorizeData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/IssueRefreshTokenRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/IssueRefreshTokenRequestData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PersistAuthorizedConsent.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PersistAuthorizedConsentRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PopulateConsentAuthorizeScreenData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PopulateConsentAuthorizeScreenRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PreProcessConsentCreationRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PreProcessConsentRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PreProcessConsentRetrievalData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PreProcessFileUploadRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Request.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/RequestForEnrichConsentCreationResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/RequestForEnrichFileUploadResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/RequestForPreProcessFileUpload.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Resource.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForApplicationCreation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForApplicationUpdate.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForClientProcess.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForConsentRevocation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForConsentSearch.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForEnrichEventPolling.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForEnrichEventSubscription.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForErrorMapper.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForEventSubscriptionValidation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForEventValidation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForIssueRefreshToken.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForPersistAuthorizedConsent.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForPopulateConsentAuthorizeScreen.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForPreProcessConsentCreation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForPreProcessFileUpload.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForResponseAlternation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForValidateAuthorizationRequest.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/StoredAuthorization.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/StoredBasicConsentResourceData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/StoredDetailedConsentResourceData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/StoredResource.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseApplicationCreation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseApplicationCreationData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseApplicationUpdate.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseApplicationUpdateData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseClientProcess.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseClientProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseConsentRevocation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseConsentRevocationData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForConsentSearch.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForConsentSearchData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEnrichEventPolling.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEnrichEventPollingData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEnrichEventSubscription.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEnrichEventSubscriptionData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEventWithDetails.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEventWithDetailsData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForResponseAlternation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForResponseAlternationData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseIssueRefreshToken.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseIssueRefreshTokenData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePersistAuthorizedConsent.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePersistAuthorizedConsentData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreen.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenDataConsentData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenDataConsentDataPermissionsInner.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenDataConsumerData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenDataConsumerDataAccountsInner.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePreProcessConsentCreation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePreProcessFileUpload.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePreProcessFileUploadData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseWithDetailedConsentData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseWithDetailedConsentDataAndAmendments.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/UserGrantedData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ValidateAuthorizationRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ValidateAuthorizationRequestBodyData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ValidateConsentAccessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ValidateConsentAccessRequestBody.java is excluded by !**/generated/**

📒 Files selected for processing (6)

• pom.xml (1 hunks)
• toolkit-template/.openapi-generator-ignore (1 hunks)
• toolkit-template/.openapi-generator/FILES (1 hunks)
• toolkit-template/.openapi-generator/VERSION (1 hunks)
• toolkit-template/README.md (1 hunks)
• toolkit-template/pom.xml (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

toolkit-template/README.md

16-16: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

22-22: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build-repo-check

🔇 Additional comments (3)

toolkit-template/.openapi-generator-ignore (1)

1-23: LGTM!

The OpenAPI Generator ignore file follows the standard template format and is appropriate for a foundational setup.

toolkit-template/.openapi-generator/FILES (1)

1-141: LGTM!

This is a standard OpenAPI Generator manifest file that tracks all generated files. It's appropriate for the generated project structure.

toolkit-template/.openapi-generator/VERSION (1)

1-1: ---

No critical security issues found for OpenAPI Generator 7.16.0; optional upgrade available.

The latest stable version is v7.17.0 (released late Oct 2025), while the toolkit uses 7.16.0. Past advisories (e.g., GHSA-g3hr-p86p-593h from May 2024) affected the online generator or earlier versions, not 7.16.0. The version in this auto-generated metadata file can be updated by regenerating with OpenAPI Generator 7.17.0 if desired, but it is not required to address security concerns.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add language specifier to code block.

The fenced code block should specify the language for proper syntax highlighting.

Apply this diff:

-```
+```bash
 mvn -Dtomee-embedded-plugin.http=8080 package org.apache.tomee.maven:tomee-embedded-maven-plugin:7.0.5:run

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.18.1)</summary>

16-16: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

</details>

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

In toolkit-template/README.md around lines 16 to 18, the fenced code block is
missing a language specifier; update the opening fence to include "bash" so it
reads ```bash, leaving the block contents and closing fence unchanged to enable
proper syntax highlighting.

</details>

<!-- This is an auto-generated comment by CodeRabbit -->

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add language specifier to code block.

The fenced code block should specify the language for proper syntax highlighting.

Apply this diff:

-```
+```text
 http://localhost:8080/wso2-f5b/OB4/1.0.0/

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.18.1)</summary>

22-22: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

</details>

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

In toolkit-template/README.md around lines 22 to 24, the fenced code block lacks
a language specifier which prevents proper syntax highlighting; update the block
to include a language (use "text") by replacing the opening triple backticks
with ```text so the block becomes a text fenced block and keep the URL content
unchanged.

</details>

<!-- This is an auto-generated comment by CodeRabbit -->

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (3)

toolkit-template/pom.xml (3)

54-75: Align dependency versions with parent POM dependencyManagement.

This comment duplicates feedback from a previous review. Multiple dependencies have version mismatches with the parent POM's dependencyManagement. Once the parent POM reference (lines 1-8) is added, remove hardcoded versions and leverage parent's managed versions.

After adding the parent reference, apply a diff similar to this pattern to remove explicit versions for managed dependencies:

   <dependency>
     <groupId>jakarta.ws.rs</groupId>
     <artifactId>jakarta.ws.rs-api</artifactId>
-    <version>${jakarta.ws.rs-version}</version>
     <scope>provided</scope>
   </dependency>

Verify managed versions by running: mvn -DskipTests=true validate

---

99-118: Update TestNG to current version.

This comment duplicates feedback from a previous review. TestNG 6.8.8 is significantly outdated (released ~2013). The parent POM uses 7.10.1. After adding the parent POM reference, remove the hardcoded version so dependency management is inherited from the parent.

After adding the parent POM reference, apply this diff:

   <dependency>
     <groupId>org.testng</groupId>
     <artifactId>testng</artifactId>
-    <version>6.8.8</version>
     <scope>test</scope>
     <exclusions>
       <exclusion>

Verify the inherited version with: mvn dependency:tree | grep testng

---

1-8: Add parent POM reference and align project coordinates.

This comment duplicates feedback from a previous review. The module POM is missing a parent reference and uses an inconsistent groupId (org.openapitools instead of org.wso2.financial.services.accelerator). This prevents inheritance of shared configuration and dependency management from the parent.

Apply this diff to add the parent reference and align coordinates:

 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.wso2.financial.services.accelerator</groupId>
+    <artifactId>financial-services</artifactId>
+    <version>4.1.2-SNAPSHOT</version>
+    <relativePath>../pom.xml</relativePath>
+  </parent>
+
-  <groupId>org.openapitools</groupId>
+  <groupId>org.wso2.financial.services.accelerator</groupId>
   <artifactId>openapi-jaxrs-server</artifactId>
   <packaging>war</packaging>
   <name>openapi-jaxrs-server</name>
-  <version>v1.0.2</version>

The version should be inherited from the parent (remove the <version> element).

🧹 Nitpick comments (1)

toolkit-template/pom.xml (1)

40-51: Update maven-failsafe-plugin to a current version.

maven-failsafe-plugin 2.6 is from 2010 and significantly outdated. Current versions are 3.x. Once the parent POM reference is added, this should be managed by the parent's pluginManagement.

After adding the parent POM reference, consider aligning this plugin version with the parent's pluginManagement. You can verify current plugin versions by checking the parent POM or searching for the latest release.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c4b7920 and ac660cb.

⛔ Files ignored due to path filters (137)

• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichConsentCreationResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichConsentFileResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichConsentSearchResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichEventPollingResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/EnrichEventSubscriptionResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/IssueRefreshTokenApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/MapAcceleratorErrorResponseApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PersistAuthorizedConsentApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PopulateConsentAuthorizeScreenApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessApplicationCreationApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessApplicationUpdateApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessClientCreationApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessClientRetrievalApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessClientUpdateApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessConsentCreationApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessConsentFileUploadApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessConsentRetrievalApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PreProcessConsentRevokeApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/RestApplication.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/RestResourceRoot.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateAuthorizationRequestApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateConsentAccessApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateConsentFileRetrievalApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateEventCreationApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateEventPollingApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateEventSubscriptionApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Account.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AmendedAuthorization.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AmendedResource.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AppCreateProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AppCreateProcessRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AppUpdateProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AppUpdateProcessRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Authorization.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AuthorizedResources.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/AuthorizedResourcesAuthorizedDataInner.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ClientProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ClientProcessRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ConsentSearchData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/DetailedConsentResourceData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/DetailedConsentResourceDataWithAmendments.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EnrichConsentCreationRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EnrichConsentSearchRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EnrichFileUploadResponseRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Error.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ErrorMapperData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ErrorMapperRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ErrorResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventCreationRequest.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventCreationRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventPollingRequest.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventPollingRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventSubscriptionRequest.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/EventSubscriptionRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseApplicationProcess.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseApplicationProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseClientProcess.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseClientProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseInConsentAuthorize.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/FailedResponseInConsentAuthorizeData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/IssueRefreshTokenRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/IssueRefreshTokenRequestData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PersistAuthorizedConsent.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PersistAuthorizedConsentRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PopulateConsentAuthorizeScreenData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PopulateConsentAuthorizeScreenRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PreProcessConsentCreationRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PreProcessConsentRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PreProcessConsentRetrievalData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/PreProcessFileUploadRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Request.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/RequestForEnrichConsentCreationResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/RequestForEnrichFileUploadResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/RequestForPreProcessFileUpload.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Resource.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForApplicationCreation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForApplicationUpdate.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForClientProcess.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForConsentRevocation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForConsentSearch.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForEnrichEventPolling.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForEnrichEventSubscription.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForErrorMapper.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForEventSubscriptionValidation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForEventValidation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForIssueRefreshToken.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForPersistAuthorizedConsent.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForPopulateConsentAuthorizeScreen.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForPreProcessConsentCreation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForPreProcessFileUpload.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForResponseAlternation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/Response200ForValidateAuthorizationRequest.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/StoredAuthorization.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/StoredBasicConsentResourceData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/StoredDetailedConsentResourceData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/StoredResource.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponse.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseApplicationCreation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseApplicationCreationData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseApplicationUpdate.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseApplicationUpdateData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseClientProcess.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseClientProcessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseConsentRevocation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseConsentRevocationData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForConsentSearch.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForConsentSearchData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEnrichEventPolling.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEnrichEventPollingData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEnrichEventSubscription.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEnrichEventSubscriptionData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEventWithDetails.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForEventWithDetailsData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForResponseAlternation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseForResponseAlternationData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseIssueRefreshToken.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseIssueRefreshTokenData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePersistAuthorizedConsent.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePersistAuthorizedConsentData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreen.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenDataConsentData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenDataConsentDataPermissionsInner.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenDataConsumerData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePopulateConsentAuthorizeScreenDataConsumerDataAccountsInner.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePreProcessConsentCreation.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePreProcessFileUpload.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponsePreProcessFileUploadData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseWithDetailedConsentData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/SuccessResponseWithDetailedConsentDataAndAmendments.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/UserGrantedData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ValidateAuthorizationRequestBody.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ValidateAuthorizationRequestBodyData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ValidateConsentAccessData.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/model/ValidateConsentAccessRequestBody.java is excluded by !**/generated/**

📒 Files selected for processing (1)

• toolkit-template/pom.xml (1 hunks)

🧰 Additional context used

🪛 OSV Scanner (2.2.4)

toolkit-template/pom.xml

[HIGH] 1-1: org.json:json 20210307: json stack overflow vulnerability

(GHSA-3vqj-43w4-2q58)

---

[HIGH] 1-1: org.json:json 20210307: Java: DoS Vulnerability in JSON-JAVA

(GHSA-4jq9-2xhw-jpx7)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build-repo-check

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Remove or update org.json due to known security vulnerabilities.

The pinned version org.json:json 20210307 has two known HIGH-severity vulnerabilities:

• GHSA-3vqj-43w4-2q58: JSON stack overflow vulnerability
• GHSA-4jq9-2xhw-jpx7: DoS vulnerability in JSON-JAVA

This version is from 2021 and significantly outdated. Either remove this dependency if not essential, or upgrade to a current version (latest is 20.1.x or newer).

To verify if this dependency is actually used, check the generated code under src/gen/java:

If this is unused, remove the dependency. If it's required, upgrade to the latest stable version.

---

🏁 Script executed:

#!/bin/bash
# Search for org.json usage in generated code
rg -n 'import\s+org\.json' toolkit-template/src/gen/java/ || echo "No direct org.json imports found"

# Alternative: check if HTTPClient actually requires it
rg -n 'JSONObject|JSONArray' toolkit-template/src/gen/java/

Length of output: 174

---

🏁 Script executed:

#!/bin/bash
# First, explore the toolkit-template directory structure
echo "=== Directory structure of toolkit-template ==="
find toolkit-template -type d -maxdepth 3 | head -20

echo ""
echo "=== Looking for Java source files ==="
find toolkit-template -name "*.java" -type f | head -10

echo ""
echo "=== Checking if src/main/java exists ==="
ls -la toolkit-template/src/main/java/ 2>/dev/null || echo "src/main/java does not exist"

echo ""
echo "=== Search for org.json imports across entire toolkit-template ==="
rg -n 'org\.json' toolkit-template/ --type java -i

Length of output: 1814

---

🏁 Script executed:

#!/bin/bash
# Search for JSONObject or JSONArray usage (which would indicate org.json usage)
echo "=== Searching for JSONObject/JSONArray usage ==="
rg -n 'JSONObject|JSONArray' toolkit-template/src/main/java/ --type java

echo ""
echo "=== Checking pom.xml to understand dependencies ==="
cat toolkit-template/pom.xml | grep -A 50 '<dependencies>'

Length of output: 1755

---

🏁 Script executed:

#!/bin/bash
# Get the full pom.xml to see all dependencies
echo "=== Full pom.xml content ==="
cat toolkit-template/pom.xml

echo ""
echo "=== Verify org.json line numbers in pom.xml ==="
rg -n 'org.json' toolkit-template/pom.xml

Length of output: 5707

---

Remove unused org.json dependency with known security vulnerabilities (lines 131-135).

Verification confirms org.json:json 20210307 is declared in pom.xml but is not used anywhere in the codebase—no imports or usage of JSONObject/JSONArray found. This unused dependency carries two HIGH-severity vulnerabilities (GHSA-3vqj-43w4-2q58, GHSA-4jq9-2xhw-jpx7) and is significantly outdated from 2021. Remove the entire dependency block.

🤖 Prompt for AI Agents

In toolkit-template/pom.xml around lines 131 to 135, the project declares an
unused and vulnerable org.json:json 20210307 dependency; remove the entire
<dependency> block for org.json from the pom.xml to eliminate the unused
artifact and its known HIGH-severity vulnerabilities, then run mvn -q
dependency:tree or mvn -q -DskipTests test to verify no compile/test errors and
commit the updated pom.xml.

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (7)

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java (5)

16-16: Add a private constructor to prevent instantiation.

Utility classes with only static methods should declare a private constructor to prevent accidental instantiation.

Apply this diff:

 public class CommonConsentValidationUtil {
+
+    private CommonConsentValidationUtil() {
+        // Utility class
+    }

---

25-25: Add null check for the object parameter.

If object is null, objectMapper.writeValueAsString(null) will produce the string "null", and the JSONObject constructor will throw an exception. Consider adding explicit null handling.

Apply this diff:

     public static JSONObject convertObjectToJson(Object object) throws JsonProcessingException {
+        if (object == null) {
+            throw new IllegalArgumentException("Object cannot be null");
+        }
         // Convert Object to JSON string

---

28-31: Consider avoiding two-step serialization.

Serializing to a String and then parsing into org.json.JSONObject is inefficient. If you need Jackson's JsonNode instead, you can use OBJECT_MAPPER.valueToTree(object). Alternatively, evaluate whether org.json.JSONObject is necessary or if Jackson's tree model would suffice.

---

41-41: Add null checks for parameters.

If baseURL or parameters is null, this method will throw a NullPointerException. Add null checks or document the preconditions.

Apply this diff (if you decide to keep the method):

     private static String buildRequestURL(String baseURL, Map<String, String> parameters) {
+        if (baseURL == null) {
+            throw new IllegalArgumentException("baseURL cannot be null");
+        }
+        if (parameters == null) {
+            throw new IllegalArgumentException("parameters cannot be null");
+        }

---

16-54: Consider splitting this class by responsibility.

The class combines two unrelated utilities: JSON serialization (convertObjectToJson) and URL construction (buildRequestURL). Consider separating these into focused classes like JsonUtil and UrlUtil to improve cohesion and maintainability.

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/ErrorUtil.java (2)

6-6: Consider renaming the class to better reflect its purpose.

The class is named ErrorUtil but contains methods for both error responses (getErrorDataObject) and success responses (getSuccessResponse). Consider renaming to ResponseUtil or JsonResponseUtil to more accurately reflect its dual purpose.

---

8-21: Add parameter validation and complete javadoc.

The method has the following areas for improvement:

1. The @return javadoc tag (line 13) is empty. Add a description like "JSON object containing error details".
2. No null checks on errorMessage and errorDescription parameters. If nulls are passed, they will be converted to the string "null" in the JSON output, which may not be the intended behavior.

Consider adding defensive parameter validation to ensure robustness, especially since this is template code.

Apply this diff to add null checks:

 public static JSONObject getErrorDataObject(String errorMessage, String errorDescription) {
-
+    if (errorMessage == null || errorDescription == null) {
+        throw new IllegalArgumentException("Error message and description cannot be null");
+    }
     JSONObject data = new JSONObject();
     data.put("errorMessage", errorMessage);
     data.put("errorDescription", errorDescription);
     return data;
 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ac660cb and eb8e053.

📒 Files selected for processing (2)

• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java (1 hunks)
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/ErrorUtil.java (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build-repo-check

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Reuse ObjectMapper as a static final field.

Creating a new ObjectMapper instance on every method call is inefficient. ObjectMapper is thread-safe and expensive to instantiate, so it should be reused as a static final field.

Apply this diff:

 public class CommonConsentValidationUtil {
+
+    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();

     private CommonConsentValidationUtil() {
         // Utility class
     }

     /**
      * Convert an object to a JSON object
      *
      * @param object the object to convert
      * @return JSONObject representation of the input object
      * @throws JsonProcessingException if JSON serialization fails
      */
     public static JSONObject convertObjectToJson(Object object) throws JsonProcessingException {
         if (object == null) {
             throw new IllegalArgumentException("Object cannot be null");
         }
         // Convert Object to JSON string
-        ObjectMapper objectMapper = new ObjectMapper();
-        String jsonString = objectMapper.writeValueAsString(object);
+        String jsonString = OBJECT_MAPPER.writeValueAsString(object);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ObjectMapper objectMapper = new ObjectMapper();
	String jsonString = objectMapper.writeValueAsString(object);
	public class CommonConsentValidationUtil {
	private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
	private CommonConsentValidationUtil() {
	// Utility class
	}
	/**
	* Convert an object to a JSON object
	*
	* @param object the object to convert
	* @return JSONObject representation of the input object
	* @throws JsonProcessingException if JSON serialization fails
	*/
	public static JSONObject convertObjectToJson(Object object) throws JsonProcessingException {
	if (object == null) {
	throw new IllegalArgumentException("Object cannot be null");
	}
	// Convert Object to JSON string
	String jsonString = OBJECT_MAPPER.writeValueAsString(object);

🤖 Prompt for AI Agents

In
toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java
around lines 27-28, replace the per-call new ObjectMapper() with a shared static
final ObjectMapper: add a private static final ObjectMapper OBJECT_MAPPER = new
ObjectMapper() as a class-level field and update usages to call
OBJECT_MAPPER.writeValueAsString(object); ensure the field is reused by all
methods in this class (and remove the local instantiation).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix incomplete Javadoc.

The Javadoc is missing descriptions for the parameters and return value.

Apply this diff:

     /**
      * Build the complete URL with query parameters sent in the map.
      *
-     * @param baseURL    the base URL
-     * @param parameters map of parameters
-     * @return the output URL
+     * @param baseURL    the base URL without query parameters
+     * @param parameters map of query parameter key-value pairs
+     * @return the complete URL with encoded query parameters
      */

🤖 Prompt for AI Agents

In
toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java
around lines 34 to 40, the Javadoc for the method that builds a URL is
incomplete: add @param descriptions for baseURL (the base URL to which query
parameters will be appended) and parameters (map of query parameter names and
values to include), and add a @return description (the fully assembled URL
string with query parameters). Ensure the tags use the exact parameter names and
provide concise descriptions.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Remove unused private method.

The buildRequestURL method is private and has no callers within this class, making it dead code. Remove it unless you plan to use it soon.

Run the following script to confirm there are no usages:

---

🏁 Script executed:

#!/bin/bash
# Search for any calls to buildRequestURL in the codebase
rg -nP '\bbuildRequestURL\s*\(' --type=java

Length of output: 212

---

Remove unused private method buildRequestURL.

The buildRequestURL method at lines 41-52 has no callers anywhere in the codebase. Remove this dead code.

🤖 Prompt for AI Agents

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java
lines 41-52: the private method buildRequestURL is unused in the codebase;
remove the entire private method declaration (including its signature and body)
and any associated imports that become unused (e.g., NameValuePair,
BasicNameValuePair, URLEncodedUtils, StandardCharsets, ArrayList, List, Map) to
clean up dead code and imports.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid malformed URL with trailing '?' when parameters are empty.

If all entries in parameters are null or the map is empty, queries will be an empty string, resulting in a URL like "baseURL?" with a trailing question mark.

Apply this diff (if you decide to keep the method):

         String queries = URLEncodedUtils.format(pairs, StandardCharsets.UTF_8);
-        return baseURL + "?" + queries;
+        return queries.isEmpty() ? baseURL : baseURL + "?" + queries;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	String queries = URLEncodedUtils.format(pairs, StandardCharsets.UTF_8);
	return baseURL + "?" + queries;
	String queries = URLEncodedUtils.format(pairs, StandardCharsets.UTF_8);
	return queries.isEmpty() ? baseURL : baseURL + "?" + queries;

🤖 Prompt for AI Agents

In
toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java
around lines 50-51, the method appends "?" even when the encoded query string is
empty which yields a malformed URL with a trailing '?'; modify the return logic
to check if the encoded queries string is empty (or blank) and if so return
baseURL as-is, otherwise return baseURL + "?" + queries (also ensure null-safe
handling of the parameters/pairs creation so queries is never null).

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

🧩 Analysis chain

Complete javadoc, add null checks, and verify reflection-based JSON conversion.

Several improvements needed:

1. The @return javadoc tag (line 27) is empty. Add a description like "JSON object containing success response".
2. No null check on the requestId parameter. Consider validating input.
3. Line 35 uses new JSONObject(successResponse), which relies on reflection to convert the SuccessResponse object to JSON. This assumes the generated model has proper getter methods and is structured appropriately for this conversion.

Verify that the generated SuccessResponse model works correctly with the reflection-based JSONObject constructor by running the following:

Consider adding a null check for the requestId parameter:

 public static JSONObject getSuccessResponse(String requestId) {
-
+    if (requestId == null) {
+        throw new IllegalArgumentException("Request ID cannot be null");
+    }
     SuccessResponse successResponse = new SuccessResponse();
     successResponse.setResponseId(requestId);
     successResponse.setStatus(SuccessResponse.StatusEnum.SUCCESS);

---

🏁 Script executed:

#!/bin/bash
# Description: Verify the SuccessResponse model has proper getters for JSONObject reflection

# Find and examine the SuccessResponse class
fd -t f "SuccessResponse.java" --exec cat {}

Length of output: 4271

---

Complete javadoc and add null check for requestId parameter.

1. The @return javadoc tag (line 27) is empty. Add a description like "JSON object containing success response".
2. No null check on the requestId parameter. Add validation to handle null input defensively:

 public static JSONObject getSuccessResponse(String requestId) {
+    if (requestId == null) {
+        throw new IllegalArgumentException("Request ID cannot be null");
+    }
     SuccessResponse successResponse = new SuccessResponse();
     successResponse.setResponseId(requestId);
     successResponse.setStatus(SuccessResponse.StatusEnum.SUCCESS);

The reflection-based new JSONObject(successResponse) conversion is safe—the generated SuccessResponse model has proper Jackson annotations (@JsonProperty, @JsonCreator) and correctly-named getters (getResponseId(), getStatus()), enabling proper reflection-based serialization.

🤖 Prompt for AI Agents

In
toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/ErrorUtil.java
around lines 23 to 36, the getSuccessResponse method has an empty @return
javadoc and no null check for the requestId parameter; update the Javadoc
@return to read "JSON object containing success response" and add a defensive
null check for requestId at the top of the method (e.g., if requestId is null) —
throw an IllegalArgumentException with a clear message like "requestId must not
be null" (or alternatively return a meaningful error JSONObject per project
conventions) before constructing SuccessResponse, then proceed to set responseId
and status and return the JSONObject as before.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

toolkit-template/pom.xml (2)

1-8: Add parent POM reference and align project coordinates to integrate with parent project.

This module is missing a parent reference, preventing inheritance of the parent POM's shared configuration and dependencyManagement. Additionally, the groupId is inconsistent with the parent project (org.wso2.financial.services.accelerator) and the version format (v1.0.2) is non-standard for Maven.

Apply this diff to establish the parent relationship and align coordinates:

 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.wso2.financial.services.accelerator</groupId>
+    <artifactId>financial-services</artifactId>
+    <version>4.1.2-SNAPSHOT</version>
+    <relativePath>../pom.xml</relativePath>
+  </parent>
+
-  <groupId>org.openapitools</groupId>
+  <groupId>org.wso2.financial.services.accelerator</groupId>
   <artifactId>openapi-jaxrs-server</artifactId>
   <packaging>war</packaging>
   <name>openapi-jaxrs-server</name>
-  <version>v1.0.2</version>

Note: Version should be inherited from parent, removing the need for the explicit <version> element.

---

131-135: Remove org.json dependency: unused and carries HIGH-severity security vulnerabilities.

The declared dependency org.json:json 20210307 is both unused in the codebase (verified by past review) and carries two HIGH-severity CVEs:

• GHSA-3vqj-43w4-2q58: JSON stack overflow vulnerability
• GHSA-4jq9-2xhw-jpx7: DoS vulnerability in JSON-JAVA

This version from 2021 is significantly outdated. Retaining an unused, vulnerable dependency creates unnecessary security risk.

Apply this diff to remove the unused dependency:

-    <dependency>
-        <groupId>org.json</groupId>
-        <artifactId>json</artifactId>
-        <version>20210307</version>
-    </dependency>

🧹 Nitpick comments (1)

toolkit-template/pom.xml (1)

10-53: Align plugin versions with parent POM via dependencyManagement after adding parent reference.

Plugin versions (build-helper-maven-plugin 1.9.1 from 2013, maven-failsafe-plugin 2.6 from ~2011) are significantly outdated. After adding the parent POM reference, these should be managed by the parent's pluginManagement to ensure consistency across modules.

Once the parent reference is added, consider removing hardcoded plugin versions and allowing the parent's pluginManagement to provide current, tested versions. Verify in the parent POM what plugin versions are defined.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eb8e053 and 6e1df27.

📒 Files selected for processing (1)

• toolkit-template/pom.xml (1 hunks)

🧰 Additional context used

🪛 OSV Scanner (2.2.4)

toolkit-template/pom.xml

[HIGH] 1-1: org.json:json 20210307: json stack overflow vulnerability

(GHSA-3vqj-43w4-2q58)

---

[HIGH] 1-1: org.json:json 20210307: Java: DoS Vulnerability in JSON-JAVA

(GHSA-4jq9-2xhw-jpx7)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build-repo-check

🔇 Additional comments (1)

toolkit-template/pom.xml (1)

99-118: Verify: TestNG 6.8.8 update is needed, but parent POM prerequisite is missing from current file.

TestNG 6.8.8 (released February 2014) is outdated; current stable is 7.11.0 (February 2025). The underlying concern is valid.

However, the review recommends removing the hardcoded version "after adding the parent POM reference"—but toolkit-template/pom.xml currently has no parent element or dependencyManagement section. This prerequisite cannot be verified in the file under review.

Before applying the suggested diff, confirm:

1. Is a parent POM reference being added to toolkit-template/pom.xml as part of this PR?
2. If yes, does the parent declare TestNG 7.10.1 or newer in its dependencyManagement?
3. If no parent is being added, update the hardcoded version directly to 7.10.2 or 7.11.0.

[imesh94]

Add license header

[iamSahdoon]

Added the license header.
Commit Id: ef9976d

[iamSahdoon]

Added license header.
Commit Id: ef9976d

[imesh94]

Add class comment

[iamSahdoon]

Added the class comment.
Commit Id: ef9976d

[imesh94]

Why have we made this private?

[iamSahdoon]

In some regional toolkits it was private, but I changed it to public.
Commit Id: ef9976d

[imesh94]

Add license header

[iamSahdoon]

Added license header.
Commit Id: ef9976d

[imesh94]

Add class comment

[iamSahdoon]

Added the class comment.
Commit Id: ef9976d

[imesh94]

Update readme to match the usage of the toolkit template

[iamSahdoon]

updated the readme.
Commit Id: ef9976d

[imesh94]

Add license header

[iamSahdoon]

Added license header.
Commit Id: ef9976d

[imesh94]

Move versions to the root pom

[iamSahdoon]

Moved version.
Commit Id: ef9976d

[imesh94]

Fix formatting

[iamSahdoon]

Fixed formatting.
Commit Id: ef9976d

[imesh94]

Move the versions to the root pom. Define version variables.

[imesh94]

Remove this and add template implementation. Check all API classes

[coderabbitai]

Actionable comments posted: 6

♻️ Duplicate comments (4)

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java (2)

50-56: Reuse ObjectMapper as a static final field.

Creating a new ObjectMapper instance on every method call is inefficient. ObjectMapper is thread-safe and expensive to instantiate.

Apply this diff to use a shared static instance:

 public class CommonConsentValidationUtil {
+    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();

     /**
      * Converts a generic Java object to a {@link JSONObject}.
      *
      * @param object the Java object to be converted to JSON
      * @return a {@link JSONObject} representation of the given object
      * @throws JsonProcessingException if the object cannot be serialized to a JSON string
      */
     public static JSONObject convertObjectToJson(Object object) throws JsonProcessingException {
-        ObjectMapper objectMapper = new ObjectMapper();
-        String jsonString = objectMapper.writeValueAsString(object);
+        String jsonString = OBJECT_MAPPER.writeValueAsString(object);
         return new JSONObject(jsonString);
     }

---

74-75: Avoid malformed URL with trailing '?' when parameters are empty.

If all entries in parameters are null or the map is empty, queries will be an empty string, resulting in a URL like "baseURL?" with a trailing question mark.

Apply this diff:

         String queries = URLEncodedUtils.format(pairs, StandardCharsets.UTF_8);
-        return baseURL + "?" + queries;
+        return queries.isEmpty() ? baseURL : baseURL + "?" + queries;

toolkit-template/pom.xml (1)

99-102: Remove org.json dependency with known security vulnerabilities.

The org.json:json 20210307 dependency has two known HIGH-severity vulnerabilities (GHSA-3vqj-43w4-2q58 and GHSA-4jq9-2xhw-jpx7). This version is from 2021 and significantly outdated. The parent POM now manages this dependency at line 312-315 with version property ${json.version} set to 20210307 (line 728). The vulnerabilities affect both the module and parent POM.

Upgrade to a current version (latest stable is 20240303 or newer) in the parent POM's version property, or remove this dependency entirely if it's not essential. Based on verification in past comments, usage of org.json (JSONObject/JSONArray) was found in CommonConsentValidationUtil.java, so the dependency is required but must be upgraded.

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/ErrorUtil.java (1)

103-109: Guard against null request IDs.

A null requestId slips through here, producing a “success” payload with no identifier and violating the method contract. Add a defensive check before constructing the model.

Apply this diff:

     public static JSONObject getSuccessResponse(String requestId) {
+        if (requestId == null) {
+            throw new IllegalArgumentException("requestId must not be null");
+        }
 
         SuccessResponse successResponse = new SuccessResponse();
         successResponse.setResponseId(requestId);

🧹 Nitpick comments (4)

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/PopulateConsentAuthorizeScreenApiImpl.java (1)

29-35: Track implementation of stub method.

The method returns a hardcoded "magic!" response, which is appropriate for initial scaffolding but requires actual implementation.

Do you want me to open a tracking issue for implementing the consent authorization screen population logic? The implementation should:

• Validate the request body
• Initialize consent flow state
• Construct proper response with consent details
• Handle errors appropriately

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/ValidateAuthorizationRequestApiImpl.java (1)

29-35: Track implementation of stub method.

The method returns a hardcoded "magic!" response. Actual implementation should validate the authorization request according to OAuth 2.0/OIDC specifications and return appropriate validation results.

Do you want me to open a tracking issue for implementing the authorization request validation logic?

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/ValidateConsentAccessApiImpl.java (1)

29-35: Track implementation of stub method.

The method returns a hardcoded "magic!" response. Actual implementation should validate consent for account-related requests and return appropriate validation results.

Do you want me to open a tracking issue for implementing the consent access validation logic?

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/IssueRefreshTokenApiImpl.java (1)

30-36: Track implementation of stub method.

The method returns a hardcoded "magic!" response. Actual implementation should determine whether to issue a refresh token based on consent validity and OAuth 2.0 requirements.

Do you want me to open a tracking issue for implementing the refresh token issuance logic?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6e1df27 and ef9976d.

⛔ Files ignored due to path filters (4)

• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/IssueRefreshTokenApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/PopulateConsentAuthorizeScreenApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateAuthorizationRequestApi.java is excluded by !**/generated/**
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/generated/api/ValidateConsentAccessApi.java is excluded by !**/generated/**

📒 Files selected for processing (9)

• pom.xml (6 hunks)
• toolkit-template/README.md (1 hunks)
• toolkit-template/pom.xml (1 hunks)
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/IssueRefreshTokenApiImpl.java (1 hunks)
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/PopulateConsentAuthorizeScreenApiImpl.java (1 hunks)
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/ValidateAuthorizationRequestApiImpl.java (1 hunks)
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/ValidateConsentAccessApiImpl.java (1 hunks)
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java (1 hunks)
• toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/ErrorUtil.java (1 hunks)

🧰 Additional context used

🪛 LanguageTool

toolkit-template/README.md

[grammar] ~27-~27: Ensure spelling is correct
Context: ...plate from the source code: 1. Install Java8 or above. 2. Install [Apache Maven 3.0....

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🪛 markdownlint-cli2 (0.18.1)

toolkit-template/README.md

23-23: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

🪛 OSV Scanner (2.2.4)

toolkit-template/pom.xml

[HIGH] 1-1: org.json:json 20210307: json stack overflow vulnerability

(GHSA-3vqj-43w4-2q58)

---

[HIGH] 1-1: org.json:json 20210307: Java: DoS Vulnerability in JSON-JAVA

(GHSA-4jq9-2xhw-jpx7)

🔇 Additional comments (3)

toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java (2)

84-91: LGTM!

The ISO 8601 validation logic is clean and correctly uses OffsetDateTime.parse to validate the date format.

---

99-107: Consider time-of-day granularity for consent expiration.

The current implementation converts the timestamp to a date and performs date-only comparison, which means a consent expiring at any time on a given day is considered valid for the entire day. For example, if validUntilDate represents "January 1, 2025 at 2:00 AM", the consent is treated as valid until January 2, 2025. If this date-level granularity is intentional, consider adding a comment to clarify. Otherwise, compare LocalDateTime or Instant directly to preserve time-of-day precision.

Example of time-preserving comparison:

     public static boolean isConsentExpired(long validUntilDate) {
-        LocalDateTime expDateTime = LocalDateTime.ofInstant(
-                Instant.ofEpochSecond(validUntilDate), ZoneOffset.UTC);
-        LocalDate expDate = expDateTime.toLocalDate();
-        LocalDate currDate = LocalDate.now(ZoneOffset.UTC);
-        return currDate.isAfter(expDate);
+        Instant expInstant = Instant.ofEpochSecond(validUntilDate);
+        Instant nowInstant = Instant.now();
+        return nowInstant.isAfter(expInstant);
     }

pom.xml (1)

279-321: LGTM!

The centralized dependency management for the new toolkit-template module dependencies follows Maven best practices. Version properties are correctly defined and referenced.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Upgrade org.json version to address HIGH-severity vulnerabilities.

The json.version property is set to 20210307 (line 728), which has known HIGH-severity vulnerabilities (GHSA-3vqj-43w4-2q58: stack overflow, GHSA-4jq9-2xhw-jpx7: DoS). This outdated version from 2021 is consumed by the new toolkit-template module.

Upgrade to the latest stable version to address these vulnerabilities:

-        <json.version>20210307</json.version>
+        <json.version>20240303</json.version>

Verify compatibility after upgrading and run tests to ensure no breaking changes.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In pom.xml around lines 311-315 (and update the json.version property at line
728), the project depends on org.json:json at an outdated 20210307 which has
HIGH-severity vulnerabilities; update the json.version property to the latest
stable release that includes the security fixes, ensure the dependency block
continues to reference ${json.version}, run a full build (mvn -U test or mvn
-DskipTests=false test) and the test suite to verify compatibility, and fix any
API changes caused by the upgraded library.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Align httpclient version with parent POM dependency management.

The httpclient dependency declares version 4.5.14 explicitly, but the parent POM manages a similar dependency (org.wso2.orbit.org.apache.httpcomponents:httpclient) at version 4.5.13.wso2v1 (line 686 in root pom.xml). Using a different artifact or version can cause classpath conflicts. Verify if this is the correct artifact or if you should use the orbit version managed by the parent.

If the parent-managed version is correct, remove the version declaration:

     <dependency>
         <groupId>org.apache.httpcomponents</groupId>
         <artifactId>httpclient</artifactId>
-        <version>4.5.14</version>
         <scope>compile</scope>
     </dependency>

Otherwise, clarify why a different version or artifact is required.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<groupId>org.apache.httpcomponents</groupId>
	<artifactId>httpclient</artifactId>
	<version>4.5.14</version>
	<scope>compile</scope>
	<groupId>org.apache.httpcomponents</groupId>
	<artifactId>httpclient</artifactId>
	<scope>compile</scope>

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix spacing in Java version reference.

"Java8" should be "Java 8" for proper formatting.

Apply this diff:

-1. Install Java8 or above.
+1. Install Java 8 or above.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	1. Install Java8 or above.
	1. Install Java 8 or above.

🧰 Tools

🪛 LanguageTool

[grammar] ~27-~27: Ensure spelling is correct
Context: ...plate from the source code: 1. Install Java8 or above. 2. Install [Apache Maven 3.0....

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🤖 Prompt for AI Agents

In toolkit-template/README.md around line 27, the Java version reference "Java8"
is missing a space; update the text to "Java 8" so the line reads "Install Java
8 or above." to correct formatting and consistency.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix incorrect class-level Javadoc.

The class-level Javadoc says "Implementation class for Validate Pushed Authorization Request API" but the class is ValidateConsentAccessApiImpl and the method validates consent access, not pushed authorization requests.

Apply this diff:

 /**
- * Implementation class for Validate Pushed Authorization Request API.
+ * Implementation class for Validate Consent Access API.
  */

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	/**
	* Implementation class for Validate Pushed Authorization Request API.
	*/
	/**
	* Implementation class for Validate Consent Access API.
	*/

🤖 Prompt for AI Agents

In
toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/impls/ValidateConsentAccessApiImpl.java
around lines 24 to 26, the class-level Javadoc incorrectly describes this class
as implementing the "Validate Pushed Authorization Request API"; update the
comment to accurately describe the class purpose (e.g., "Implementation class
for Validate Consent Access API" or "Implementation for validating consent
access"), ensuring the wording matches the class name and its methods and
removing any mention of pushed authorization requests.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify usage of buildRequestURL method.

This method was previously flagged as unused. Since it's now public, verify that it has callers in the codebase or consider making it private/removing it if unused.

Run the following script to verify usage:

---

🏁 Script executed:

#!/bin/bash
# Search for calls to buildRequestURL across the codebase
rg -nP '\bbuildRequestURL\s*\(' --type=java -C3

Length of output: 1075

---

Let me verify more comprehensively by checking test files and method references:

Remove unused buildRequestURL method or verify internal usage.

The ripgrep search confirms this method has no callers in the codebase. Additionally, the method produces a URL with trailing ? when the parameters map is empty (e.g., baseURL + "?" + ""), which should be handled. Either remove this method if it's truly unused, or document its intended usage.

🤖 Prompt for AI Agents

In
toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/CommonConsentValidationUtil.java
around lines 65 to 76, the buildRequestURL method is unused and produces a
trailing '?' when parameters are empty; either safely remove the method after
confirming there are no callers (search whole repo and references) or update it
to handle empty/blank parameter maps by returning baseURL unchanged when no
query pairs exist, and add Javadoc describing intended behavior if you keep it.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Remove the commented-out method stub.

The legacy method stub left in comments creates noise in a brand-new utility. Please drop the commented code instead of keeping it around.

🤖 Prompt for AI Agents

In
toolkit-template/src/main/java/com.wso2.openbanking.toolkittemplate.extensions/utils/ErrorUtil.java
around lines 74 to 77, remove the commented-out legacy method stub (the
three-line block for getErrorResponse) so the file contains no dead commented
code; simply delete those commented lines and ensure surrounding formatting/line
numbers remain consistent.

[imesh94]

Suggested change

*