Fix access URL trimming in backend

[KethniiImasha]

Purpose

Applies URL trimming at the persistence layer in the application management service to prevent storage of access URLs with leading/trailing whitespace for user-created applications.
This works in conjunction with wso2/identity-apps#9544 to provide comprehensive coverage for both system apps and user-created applications.

Resolves: Related discussion in identity-apps PR #9544

Goals

Ensure access URLs are trimmed before persistence for all applications.
Maintain backward compatibility for already persisted data.
Centralize data normalization at the correct architectural layer.

Approach

Added access URL trimming in the application management service layer of identity-api-server before persisting application data.
Retained existing JSP-side trimming to safely handle legacy data already stored in the database.
This approach ensures clean data going forward while avoiding regressions.
No UI changes introduced.

User stories

As an application administrator, I want access URLs to be stored in a clean and consistent format so that applications behave reliably.
As a developer, I want URL normalization to be handled centrally without duplicating logic across consumers.

Developer Checklist (Mandatory)

• Complete the Developer Checklist in the related product-is issue to track any behavioral change or migration impact.

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

JDK: 11
OS: macOS
Database: Existing test setup
Browser: N/A

Learning

Reviewed WSO2 application management flow and identified the correct persistence-layer responsibility for data normalization, following layered architecture best practices.

Summary by CodeRabbit

• Bug Fixes

  • Trim and normalize access URLs during application creation, import, and update flows to remove leading/trailing whitespace and avoid empty values being persisted.

• Style

  • Improved code formatting and readability—spacing in string literals, array initializations, comments, and error message wrapping for clearer maintenance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Trimmed application access URLs before persistence in create, import, and patch flows; plus whitespace, formatting, and comment reflow changes within the same service file. No public API signature changes.

Changes

Cohort / File(s)	Summary
Application URL Trimming .../ServerApplicationManagementService.java	Added .trim() on access URL values in import, create, and patch flows; set access URL to null when empty after trimming to normalize persisted values.
Formatting & Documentation .../ServerApplicationManagementService.java	Reflowed comments and Javadoc, adjusted string literal/array formatting, and applied whitespace/indentation tweaks; no runtime behavioral changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

"I nibbled spaces, trimmed a URL,
Hopped through code to make it true.
Tiny paws fixed trailing ends,
Neat and tidy—honeyed trends.
A rabbit's cheer for tidy views! 🐇"

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 26.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding access URL trimming in the backend application management service layer.
Description check	✅ Passed	The description covers Purpose, Goals, Approach, and User stories with substantive detail, but several required template sections remain incomplete with placeholder content.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d99d07 and 925d47d.

📒 Files selected for processing (1)

• components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationManagementService.java

🚧 Files skipped from review as they are similar to previous changes (1)

• components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationManagementService.java

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wso2-engineering]

Log Improvement Suggestion No: 1

Suggested change

	String applicationId = null;
	try {
	// Trim access URL before persistence
	if (applicationModel.getAccessUrl() != null) {
	applicationModel.setAccessUrl(StringUtils.trim(applicationModel.getAccessUrl()));
	}
	ApplicationDTO applicationDTO = new ApiModelToServiceProvider().apply(applicationModel);
	try {
	// Trim access URL before persistence
	if (applicationModel.getAccessUrl() != null) {
	applicationModel.setAccessUrl(StringUtils.trim(applicationModel.getAccessUrl()));
	}
	log.info("Creating application with name: {}.", applicationModel.getName());
	ApplicationDTO applicationDTO = new ApiModelToServiceProvider().apply(applicationModel);

[wso2-engineering]

Log Improvement Suggestion No: 2

Suggested change

	if (applicationPatchModel != null) {
	// Trim access URL before persistence
	if (applicationPatchModel.getAccessUrl() != null) {
	applicationPatchModel.setAccessUrl(StringUtils.trim(applicationPatchModel.getAccessUrl()));
	}
	new UpdateServiceProvider().apply(appToUpdate, applicationPatchModel);
	if (applicationPatchModel != null) {
	// Trim access URL before persistence
	if (applicationPatchModel.getAccessUrl() != null) {
	applicationPatchModel.setAccessUrl(StringUtils.trim(applicationPatchModel.getAccessUrl()));
	}
	if (log.isDebugEnabled()) {
	log.debug("Patching application with id: {}.", applicationId);
	}
	new UpdateServiceProvider().apply(appToUpdate, applicationPatchModel);

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1
#### Log Improvement Suggestion No: 2

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationManagementService.java (1)

700-748: Add access URL trimming to doImportApplication for consistency.

The doImportApplication method parses a ServiceProvider from file without trimming the access URL, unlike createApplication and patchApplication which both trim it before persistence. This creates an inconsistency—imported files with whitespace in the access URL will be persisted as-is.

Trim the access URL after parsing:

ServiceProvider serviceProvider = parseSP(spFileContent, fileType, tenantDomain);
// Trim access URL for consistency with create/patch flows
if (serviceProvider.getAccessUrl() != null) {
    serviceProvider.setAccessUrl(StringUtils.trim(serviceProvider.getAccessUrl()));
}

🧹 Nitpick comments (1)

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationManagementService.java (1)

915-918: Consider handling empty strings after trimming.

The trimming logic is correctly placed before persistence. However, StringUtils.trim() on a whitespace-only string will return an empty string, which might still be persisted. Consider normalizing empty strings to null for consistency:

💡 Suggested improvement

             // Trim access URL before persistence
             if (applicationModel.getAccessUrl() != null) {
-                applicationModel.setAccessUrl(StringUtils.trim(applicationModel.getAccessUrl()));
+                String trimmedUrl = StringUtils.trimToNull(applicationModel.getAccessUrl());
+                applicationModel.setAccessUrl(trimmedUrl);
             }

Using StringUtils.trimToNull() would convert whitespace-only URLs to null, which may be more semantically correct for an optional URL field.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d84e927 and 2d99d07.

📒 Files selected for processing (1)

• components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationManagementService.java

🧰 Additional context used

🧬 Code graph analysis (1)

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationManagementService.java (3)

components/org.wso2.carbon.identity.api.server.notification.template/org.wso2.carbon.identity.rest.api.server.notification.template.v1/src/gen/java/org/wso2/carbon/identity/rest/api/server/notification/template/v1/model/TemplateType.java (1)

• TemplateType (33-124)

components/org.wso2.carbon.identity.api.server.common/src/main/java/org/wso2/carbon/identity/api/server/common/ContextLoader.java (1)

• ContextLoader (42-146)

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java (2)

• ApplicationManagementConstants (33-323)
• TemplateProperties (301-322)

🔇 Additional comments (3)

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationManagementService.java (3)

997-1000: Consistent trimming implementation with createApplication.

The trimming logic mirrors the createApplication implementation, which is good for consistency. If the suggestion to use StringUtils.trimToNull() is adopted in createApplication, apply the same change here for uniformity.

---

239-247: Formatting changes look fine.

The constructor and various method signature reformatting throughout the file improves readability without affecting functionality.

---

265-269: Minor formatting improvement for array initializations.

The spacing adjustments in array initializations improve consistency with Java conventions.

[KethniiImasha]

All AI-generated suggestions were manually reviewed. Relevant improvements were applied, and non-beneficial logging suggestions were intentionally excluded.

[KethniiImasha]

Hi team,
Could someone please review and approve this PR?
Thanks!

[pavinduLakshan]

HI @KethniiImasha, could you please undo the formatting changes that are irrelevant to the problem we are fixing in this PR? It's kinda hard to understand the actual changes you have done to fix the issue, that's why. Thanks in advance for your understanding!