diff --git a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/DefaultAPIHandler.java b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/DefaultAPIHandler.java index 8fcbeaef86c8..8b341dc2a90d 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/DefaultAPIHandler.java +++ b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/DefaultAPIHandler.java @@ -28,6 +28,7 @@ import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.common.gateway.constants.HealthCheckConstants; import org.wso2.carbon.apimgt.common.gateway.constants.JWTConstants; +import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants; import org.wso2.carbon.apimgt.gateway.InMemoryAPIDeployer; import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder; import org.wso2.carbon.apimgt.gateway.utils.GatewayUtils; @@ -88,6 +89,7 @@ public boolean handleRequestInFlow(MessageContext messageContext) { String selectedPath = selectedAPIS.firstKey(); API selectedAPI = selectedAPIS.get(selectedPath); if (selectedAPI != null) { + messageContext.setProperty(APIMgtGatewayConstants.API_OBJECT, selectedAPI); if (GatewayUtils.isOnDemandLoading()) { if (!selectedAPI.isDeployed()) { synchronized ("LoadAPI_".concat(selectedAPI.getContext()).intern()) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/Utils.java b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/Utils.java index 11b5906dfcb4..c7a7c58bfd0c 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/Utils.java +++ b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/Utils.java @@ -79,7 +79,21 @@ import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.TreeMap; import javax.cache.Caching; import javax.xml.namespace.QName; @@ -822,17 +836,19 @@ public static API getAPIByContext(MessageContext messageContext) { */ public static Set getAcceptableResources(Resource[] allAPIResources, String httpMethod, String corsRequestMethod) { - Set acceptableResources = new LinkedHashSet<>(); + List acceptableResourcesList = new LinkedList<>(); for (Resource resource : allAPIResources) { //If the requesting method is OPTIONS or if the Resource contains the requesting method - String [] resourceMethods = resource.getMethods(); - if ((RESTConstants.METHOD_OPTIONS.equals(httpMethod) && resourceMethods != null - && Arrays.asList(resourceMethods).contains(corsRequestMethod)) - || (resourceMethods != null && Arrays.asList(resourceMethods).contains(httpMethod))) { - acceptableResources.add(resource); + if (resource.getMethods() != null && Arrays.asList(resource.getMethods()).contains(httpMethod) && + RESTConstants.METHOD_OPTIONS.equals(httpMethod)) { + acceptableResourcesList.add(0, resource); + } else if ((RESTConstants.METHOD_OPTIONS.equals(httpMethod) && resource.getMethods() != null && + Arrays.asList(resource.getMethods()).contains(corsRequestMethod)) || + (resource.getMethods() != null && Arrays.asList(resource.getMethods()).contains(httpMethod))) { + acceptableResourcesList.add(resource); } } - return acceptableResources; + return new LinkedHashSet<>(acceptableResourcesList); } /** diff --git a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/APIKeyValidator.java b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/APIKeyValidator.java index f28610937922..b7884651ac12 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/APIKeyValidator.java +++ b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/APIKeyValidator.java @@ -59,6 +59,7 @@ import java.util.Arrays; import java.util.LinkedHashMap; import java.util.LinkedHashSet; +import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Set; @@ -399,16 +400,21 @@ public List findMatchingVerb(MessageContext synCtx) throws Resource if (selectedApi != null) { Resource[] selectedAPIResources = selectedApi.getResources(); - Set acceptableResources = new LinkedHashSet(); + List acceptableResourcesList = new LinkedList<>(); for (Resource resource : selectedAPIResources) { //If the requesting method is OPTIONS or if the Resource contains the requesting method - if (RESTConstants.METHOD_OPTIONS.equals(httpMethod) || + if (RESTConstants.METHOD_OPTIONS.equals(httpMethod) && (resource.getMethods() != null && Arrays.asList(resource.getMethods()).contains(httpMethod))) { - acceptableResources.add(resource); + acceptableResourcesList.add(0, resource); + } else if (RESTConstants.METHOD_OPTIONS.equals(httpMethod) || + (resource.getMethods() != null && Arrays.asList(resource.getMethods()).contains(httpMethod))) { + acceptableResourcesList.add(resource); } } + Set acceptableResources = new LinkedHashSet<>(acceptableResourcesList); + if (acceptableResources.size() > 0) { for (RESTDispatcher dispatcher : RESTUtils.getDispatchers()) { Resource resource = dispatcher.findResource(synCtx, acceptableResources);