I am using wso2 apim 3.1.0 I want to enable json schema validation for the json payload. I have referred to the belpw document for setting up json shema validation in wso2 apim https://m-saranki.medium.com/unboxing-json-schema-validator-320-2dd944dae6c0 . I am testing the below API for json schema validation
openapi: "3.0.1"
info:
title: "SampleAPI"
version: "1.2.3"
servers:
-
url: "/"
security:
-
default: []
paths:
/*:
get:
responses:
200:
description: "OK"
security:
-
default: []
x-auth-type: "Application & Application User"
x-throttling-tier: "Unlimited"
x-wso2-application-security:
security-types:
- "oauth2"
- "basic_auth"
optional: false
put:
responses:
200:
description: "OK"
security:
-
default: []
x-auth-type: "Application & Application User"
x-throttling-tier: "Unlimited"
x-wso2-application-security:
security-types:
- "oauth2"
- "basic_auth"
optional: false
post:
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/User"
required: false
responses:
200:
description: "OK"
security:
-
default: []
x-auth-type: "Application & Application User"
x-throttling-tier: "Unlimited"
x-wso2-application-security:
security-types:
- "oauth2"
- "basic_auth"
optional: false
delete:
responses:
200:
description: "OK"
security:
-
default: []
x-auth-type: "Application & Application User"
x-throttling-tier: "Unlimited"
x-wso2-application-security:
security-types:
- "oauth2"
- "basic_auth"
optional: false
patch:
responses:
200:
description: "OK"
security:
-
default: []
x-auth-type: "Application & Application User"
x-throttling-tier: "Unlimited"
x-wso2-application-security:
security-types:
- "oauth2"
- "basic_auth"
optional: false
components:
schemas:
User:
required:
- "id"
properties:
id:
type: "string"
format: "uuid"
name:
type: "string"
email:
type: "string"
format: "email"
dob:
type: "string"
format: "date"
securitySchemes:
default:
type: "oauth2"
flows:
implicit:
authorizationUrl: "https://test.com"
scopes: {}
x-wso2-auth-header: "Authorization"
x-wso2-cors:
corsConfigurationEnabled: false
accessControlAllowOrigins:
- "*"
accessControlAllowCredentials: false
accessControlAllowHeaders:
- "authorization"
- "Access-Control-Allow-Origin"
- "Content-Type"
- "SOAPAction"
- "apikey"
- "Credentials"
accessControlAllowMethods:
- "GET"
- "PUT"
- "POST"
- "DELETE"
- "PATCH"
- "OPTIONS"
x-wso2-production-endpoints:
urls:
- "http://localhost:9090/Cipango-CallAS/v1/sp/1/accounts/123/call"
type: "http"
x-wso2-sandbox-endpoints:
urls:
- "http://localhost:9090/Cipango-CallAS/v1/sp/1/accounts/123/call"
type: "http"
x-wso2-basePath: "/sample/1.2.3"
x-wso2-transports:
- "http"
- "https"
x-wso2-response-cache:
enabled: false
cacheTimeoutInSeconds: 300`
But when I trigger the request with correct json payload I am seeing the below error message
TID: [-1] [] [2021-10-19 16:14:48,136] WARN {org.apache.synapse.transport.passthru.SourceHandler} - I/O error: Received fatal alert: certificate_unknown
TID: [-1234] [] [2021-10-19 16:14:49,237] ERROR {org.apache.synapse.transport.passthru.ServerWorker} - Error processing POST request for : /sample/1.2.3. java.lang.IllegalArgumentException: JsonObject (through reference chain: com.google.gson.JsonArray["asBoolean"])
at com.fasterxml.jackson.databind.ObjectMapper._convert(ObjectMapper.java:3751)
at com.fasterxml.jackson.databind.ObjectMapper.convertValue(ObjectMapper.java:3669)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.extractReference_aroundBody26(SchemaValidator.java:547)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.extractReference(SchemaValidator.java:532)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.extractSchemaFromRequest_aroundBody18(SchemaValidator.java:327)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.extractSchemaFromRequest(SchemaValidator.java:297)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.getSchemaContent_aroundBody16(SchemaValidator.java:284)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.getSchemaContent(SchemaValidator.java:281)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.validateRequest_aroundBody8(SchemaValidator.java:211)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.validateRequest(SchemaValidator.java:209)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.handleRequest_aroundBody2(SchemaValidator.java:114)
at org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator.handleRequest(SchemaValidator.java:75)
at org.apache.synapse.rest.API.process(API.java:367)
at org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:149)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:327)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:98)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:368)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:427)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:182)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.fasterxml.jackson.databind.JsonMappingException: JsonObject (through reference chain: com.google.gson.JsonArray["asBoolean"])
at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:394)
at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:353)
at com.fasterxml.jackson.databind.ser.std.StdSerializer.wrapAndThrow(StdSerializer.java:316)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:727)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:155)
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize(DefaultSerializerProvider.java:480)
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:319)
at com.fasterxml.jackson.databind.ObjectMapper._convert(ObjectMapper.java:3729)
... 25 more
Caused by: java.lang.UnsupportedOperationException: JsonObject
at com.google.gson.JsonElement.getAsBoolean(JsonElement.java:153)
at com.google.gson.JsonArray.getAsBoolean(JsonArray.java:370)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:688)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:719)
... 29 more
Let me know what could be the issue here.
CodePudding user response:
- Explanation
I believe you are using wso2am-3.1.0 vanilla pack along with a custom sequence file which probably has a mediator using "json-eval($.)" expression. Please confirm. This is a known issue in the wso2am-3.0.0 and wso2am-3.1.0 vanilla packs.
This is becasue when we use json-eval($.) expression in a sequence in the <APIM_HOME>/repository/deployment/server/synapse-configs/default/sequences directory and when it gets deployed, the synapse is setting the GsonJsonProvider [1] to represent the JSON inside the Jayway JsonPath[2].
Since the GsonJsonProvider is getting loaded, even if we remove the particular sequence file which has the json-eval($.) expression in a property mediator, the issue will still persists until we restart the server.
But, if we do not use the json-eval($.) expression at all in a sequence in the <APIM_HOME>/repository/deployment/server/synapse-configs/default/sequences directory, we will not get the above error when we enable the JSON schema validation as the jsonsmartjsonprovider [3] is used to represent the JSON inside the Jayway JsonPath.
Since the JSON object representation is getting different in the error scenario, it throws the IllegalArgumentException in that case.
- Solution
You can approach one of the following solution as suggested below.
- This issue has been fixed in the latest WUM/updated pack. If you have the WSO2 subscription then you can get the latest update.
- You can deploy a new wso2am-3.1.0 vanilla pack and invoke the API calls without the sequence having json-eval($.) expression.