- jaxb-runtime to use latest version to avoid maven pulling random jaxb-runtime version for ehcache.

- Compare basic auth and ssl passwords if system property is set with com.axway.apimanager.api.model.disable.confidential.fields=false

Author: rathnapandi

modules/apim-adapter/src/main/java/com/axway/apim/adapter/apis/APIManagerAPIAdapter.java

@@ -402,6 +402,8 @@ public void addQuotaConfiguration(API api, boolean addQuota) throws AppException
         try {
             applicationQuota = quotaAdapter.getQuota(APIManagerQuotaAdapter.Quota.APPLICATION_DEFAULT.getQuotaId(), api, false, false); // Get the Application-Default-Quota
             systemQuota = quotaAdapter.getQuota(APIManagerQuotaAdapter.Quota.SYSTEM_DEFAULT.getQuotaId(), api, false, false); // Get the Application-Default-QuotagetQuotaFromAPIManager(); // Get the System-Default-Quota
+            translateMethodIdsToName(applicationQuota, api.getId());
+            translateMethodIdsToName(systemQuota, api.getId());
             api.setApplicationQuota(applicationQuota);
             api.setSystemQuota(systemQuota);
         } catch (AppException e) {
@@ -410,6 +412,16 @@ public void addQuotaConfiguration(API api, boolean addQuota) throws AppException
         }
     }
 
+    public void translateMethodIdsToName(APIQuota apiQuota, String apiId) throws AppException {
+        if(apiQuota != null) {
+            APIManagerAPIMethodAdapter methodAdapter = APIManagerAdapter.getInstance().getMethodAdapter();
+            List<QuotaRestriction> quotaRestrictions = apiQuota.getRestrictions();
+            for (QuotaRestriction quotaRestriction : quotaRestrictions) {
+                quotaRestriction.setMethod(methodAdapter.getMethodForId(apiId, quotaRestriction.getApiId()).getName());
+            }
+        }
+    }
+
     private void addExistingClientAppQuotas(API api, boolean addQuota) throws AppException {
         if (!addQuota || !APIManagerAdapter.getInstance().hasAdminAccount()) return;
         if (api.getApplications() == null || api.getApplications().isEmpty()) return;
@@ -418,8 +430,9 @@ private void addExistingClientAppQuotas(API api, boolean addQuota) throws AppExc
         } else {
             LOG.info("Loading application quotas for {} subscribed applications.", api.getApplications().size());
         }
+        APIManagerQuotaAdapter quotaAdapter = APIManagerAdapter.getInstance().getQuotaAdapter();
         for (ClientApplication app : api.getApplications()) {
-            APIQuota appQuota = APIManagerAdapter.getInstance().getQuotaAdapter().getQuota(app.getId(), null, true, true);
+            APIQuota appQuota = quotaAdapter.getQuota(app.getId(), null, true, true);
             app.setAppQuota(appQuota);
         }
     }

modules/apim-adapter/src/main/java/com/axway/apim/api/model/AuthenticationProfile.java

@@ -9,6 +9,7 @@
 
 public class AuthenticationProfile {
 
+    public static final String PASSWORD = "password";
     private String name;
 
     private boolean isDefault;
@@ -64,16 +65,20 @@ public boolean equals(Object other) {
             Map<String, Object> thisParameters = this.getParameters();
             otherParameters.remove("_id_");
             thisParameters.remove("_id_");
-            if(StringUtils.equals(authenticationProfile.getName(), this.getName())
-                    && authenticationProfile.getIsDefault() == this.getIsDefault()
-                    && StringUtils.equals(authenticationProfile.getType().name(), this.getType().name())){
-                if(authenticationProfile.getType().equals(AuthType.ssl) || authenticationProfile.getType().equals(AuthType.http_basic)){
+            if (StringUtils.equals(authenticationProfile.getName(), this.getName())
+                && authenticationProfile.getIsDefault() == this.getIsDefault()
+                && StringUtils.equals(authenticationProfile.getType().name(), this.getType().name())) {
+                if (authenticationProfile.getType().equals(AuthType.ssl) || authenticationProfile.getType().equals(AuthType.http_basic)) {
                     Map<String, Object> otherParametersCopy = new HashMap<>(otherParameters);
-                    otherParametersCopy.remove("password");
                     Map<String, Object> thisParametersCopy = new HashMap<>(thisParameters);
-                    thisParametersCopy.remove("password");
+                    // Passwords are no longer exposed by API-Manager REST-API - Can't use it anymore to compare the state, but can be overridden by setting
+                    // system property com.axway.apimanager.api.model.disable.confidential.fields=false in API Gateway
+                    if (otherParametersCopy.get(PASSWORD) == null || thisParametersCopy.get(PASSWORD) == null) {
+                        otherParametersCopy.remove(PASSWORD);
+                        thisParametersCopy.remove(PASSWORD);
+                    }
                     return otherParametersCopy.equals(thisParametersCopy);
-                }else {
+                } else {
                     return otherParameters.equals(thisParameters);
                 }
             }
@@ -90,7 +95,7 @@ public String toString() {
             parametersString = "{trustAll=" + this.getParameters().get("trustAll") + ", password=" + Utils.getEncryptedPassword() + ", pfx=" + pfx + "}";
         }
         return "AuthenticationProfile [name=" + name + ", isDefault=" + isDefault + ", parameters=" + parametersString
-                + ", type=" + type + "]";
+            + ", type=" + type + "]";
     }
 
     @Override

modules/apim-adapter/src/main/java/com/axway/apim/lib/utils/Utils.java

@@ -273,18 +273,18 @@ public static void addCustomPropertiesForEntity(List<? extends CustomPropertiesE
         if (filter.getCustomProperties() == null || entities.isEmpty()) {
             return;
         }
-        Map<String, JsonNode> enitityAsJsonMappedWithId = new HashMap<>();
+        Map<String, JsonNode> entityAsJsonMappedWithId = new HashMap<>();
         JsonNode jsonPayload = mapper.readTree(json);
         // Create a map based on the API-ID containing the original JSON-Payload received from API-Manager
         for (JsonNode node : jsonPayload) {
             String apiId = node.get("id").asText();
-            enitityAsJsonMappedWithId.put(apiId, node);
+            entityAsJsonMappedWithId.put(apiId, node);
         }
         Map<String, String> customProperties = new LinkedHashMap<>();
         // Iterate over all APIs (at this point not yet having the custom-properties serialized)
         for (CustomPropertiesEntity entity : entities) {
             // Get the original JSON-Payload for the current API fetched from API-Manager
-            JsonNode node = enitityAsJsonMappedWithId.get(entity.getId());
+            JsonNode node = entityAsJsonMappedWithId.get(entity.getId());
             // Iterate over all requested Custom-Properties that should be returned
             for (String customPropKey : filter.getCustomProperties()) {
                 // Try to get the value for that custom property from the JSON-Payload

pom.xml

@@ -231,11 +231,18 @@
                 <groupId>org.ehcache</groupId>
                 <artifactId>ehcache</artifactId>
                 <version>3.10.8</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.glassfish.jaxb</groupId>
+                        <artifactId> jaxb-runtime</artifactId>
+                    </exclusion>
+                </exclusions>
             </dependency>
+            <!-- used by ehcache to read xml configuration-->
             <dependency>
                 <groupId>org.glassfish.jaxb</groupId>
                 <artifactId>jaxb-runtime</artifactId>
-                <version>2.3.8</version>
+                <version>4.0.5</version>
             </dependency>
             <!-- Used by olingo -->
             <dependency>