Merge branch 'application-mgt-new' into 'application-mgt-new'

Fix store API deploying issue

See merge request entgra/carbon-device-mgt!13

components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/dao/common/Util.java

@@ -202,19 +202,4 @@ public class Util {
             }
         }
     }
-
-    public static PaginationRequest validateCommentListPageSize(PaginationRequest paginationRequest) throws
-            ReviewManagementException {
-        if (paginationRequest.getLimit() == 0) {
-            Configuration commentManagementConfig = ConfigurationManager.getInstance().getConfiguration();
-            if (commentManagementConfig != null) {
-                paginationRequest.setLimit(
-                        commentManagementConfig.getPaginationConfiguration().getCommentListPageSize());
-            } else {
-                throw new ReviewManagementException(
-                        "Application Management configuration has not initialized. Please check the application-mgt.xml file.");
-            }
-        }
-        return paginationRequest;
-    }
 }

components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/dao/impl/Review/ReviewDAOImpl.java

@@ -205,11 +205,11 @@ public class ReviewDAOImpl extends AbstractDAOImpl implements ReviewDAO {
         try {
             conn = this.getDBConnection();
             sql = "SELECT AP_APP_REVIEW.ID AS ID, AP_APP_REVIEW.COMMENT AS COMMENT, "
-                    + "AP_APP_REVIEW.CREATED_BY AS CREATED_BY, AP_APP_REVIEW.MODIFIED_BY AS MODIFIED_BY, "
+                    + "AP_APP_REVIEW.CREATED_AT AS CREATED_AT, AP_APP_REVIEW.MODIFIED_AT AS MODIFIED_AT, "
-                    + "AP_APP_REVIEW.PARENT_ID AS PARENT_ID FROM AP_APP_REVIEW, AP_APP_RELEASE WHERE "
+                    + "AP_APP_REVIEW.USERNAME AS USERNAME AP_APP_REVIEW.PARENT_ID AS PARENT_ID "
-                    + "AP_APP_REVIEW.AP_APP_RELEASE_ID=AP_APP_RELEASE.ID AND AP_APP_RELEASE.UUID =? AND "
+                    + "FROM AP_APP_REVIEW, AP_APP_RELEASE WHERE AP_APP_REVIEW.AP_APP_RELEASE_ID=AP_APP_RELEASE.ID AND "
-                    + "AP_APP_REVIEW.TENANT_ID = ? AND AP_APP_REVIEW.TENANT_ID = AP_APP_RELEASE.TENANT_ID "
+                    + "AP_APP_RELEASE.UUID =? AND AP_APP_REVIEW.TENANT_ID = ? AND "
-                    + "LIMIT ? OFFSET ?;";
+                    + "AP_APP_REVIEW.TENANT_ID = AP_APP_RELEASE.TENANT_ID LIMIT ? OFFSET ?;";
             statement = conn.prepareStatement(sql);
             statement.setString(1, uuid);
             statement.setInt(2, tenantId);
@@ -219,8 +219,11 @@ public class ReviewDAOImpl extends AbstractDAOImpl implements ReviewDAO {
             while (rs.next()) {
                 Review review = new Review();
                 review.setId(rs.getInt("ID"));
-                review.setComment(rs.getString("COMMENT_TEXT"));
+                review.setComment(rs.getString("COMMENT"));
-                review.setUsername(rs.getString("CREATED_BY"));
+                review.setCreatedAt(rs.getTimestamp("CREATED_AT"));
+                review.setModifiedAt(rs.getTimestamp("MODIFIED_AT"));
+                review.setParentId(rs.getInt("PARENT_ID"));
+                review.setUsername(rs.getString("USERNAME"));
                 reviews.add(review);
             }
         }  catch (DBConnectionException e) {

components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/impl/ReviewManagerImpl.java

@@ -34,7 +34,6 @@ import org.wso2.carbon.device.application.mgt.common.services.*;
 import org.wso2.carbon.device.application.mgt.core.dao.ApplicationReleaseDAO;
 import org.wso2.carbon.device.application.mgt.core.dao.ReviewDAO;
 import org.wso2.carbon.device.application.mgt.core.dao.common.ApplicationManagementDAOFactory;
-import org.wso2.carbon.device.application.mgt.core.dao.common.Util;
 import org.wso2.carbon.device.application.mgt.core.exception.ApplicationManagementDAOException;
 import org.wso2.carbon.device.application.mgt.core.exception.ReviewManagementDAOException;
 import org.wso2.carbon.device.application.mgt.core.internal.DataHolder;
@@ -176,7 +175,7 @@ public class ReviewManagerImpl implements ReviewManager {
         }
         try {
             ConnectionManagerUtil.openDBConnection();
-            reviews = this.reviewDAO.getAllReviews(uuid, Util.validateCommentListPageSize(request), tenantId);
+            reviews = this.reviewDAO.getAllReviews(uuid, request, tenantId);
 
             for (Review review : reviews) {
                 if (hierarchicalReviewSet.containsKey(review.getParentId())) {

components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/pom.xml

@@ -55,7 +55,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-antrun-plugin</artifactId>
-                        <version>1.7</version>
+                        <version>1.8</version>
                         <executions>
                             <execution>
                                 <phase>compile</phase>

components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/ApiOriginFilter.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.application.mgt.publisher.api;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class ApiOriginFilter implements Filter {
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+        HttpServletResponse res = (HttpServletResponse) response;
+        res.addHeader("Access-Control-Allow-Origin", "*");
+        res.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
+        res.addHeader("Access-Control-Allow-Headers", "Content-Type");
+        chain.doFilter(request, response);
+    }
+
+    public void destroy() {
+        //do nothing
+    }
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+        //do nothing
+    }
+}

components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/webapp/WEB-INF/cxf-servlet.xml

@@ -36,7 +36,7 @@
     </jaxrs:server>
 
     <bean id="swaggerConfig" class="io.swagger.jaxrs.config.BeanConfig">
-        <property name="resourcePackage" value="org.wso2.carbon.device.application.mgt"/>
+        <property name="resourcePackage" value="org.wso2.carbon.device.application.mgt.publisher.api"/>
         <property name="version" value="1.0"/>
         <property name="host" value="localhost:9443"/>
         <property name="schemes" value="https" />

components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/webapp/WEB-INF/web.xml

@@ -46,6 +46,17 @@
         <param-value>true</param-value>
     </context-param>
 
+    <!-- Below configuration is used to redirect http requests to https -->
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>ApplicationMgt-Admin</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
     <!--publish to apim-->
     <context-param>
         <param-name>managed-api-enabled</param-name>
@@ -61,20 +72,8 @@
     </context-param>
 
     <filter>
-        <filter-name>CorsFilter</filter-name>
+        <filter-name>ApiOriginFilter</filter-name>
-        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+        <filter-class>org.wso2.carbon.device.application.mgt.publisher.api.ApiOriginFilter</filter-class>
-        <init-param>
-            <param-name>cors.allowed.origins</param-name>
-            <param-value>*</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.allowed.methods</param-name>
-            <param-value>GET,POST,DELETE,PUT</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.allowed.headers</param-name>
-            <param-value>Content-Type</param-value>
-        </init-param>
     </filter>
 
     <filter>
@@ -114,7 +113,7 @@
     </filter-mapping>
 
     <filter-mapping>
-        <filter-name>CorsFilter</filter-name>
+        <filter-name>ApiOriginFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 

components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/pom.xml

@@ -55,7 +55,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-antrun-plugin</artifactId>
-                        <version>1.7</version>
+                        <version>1.8</version>
                         <executions>
                             <execution>
                                 <phase>compile</phase>
@@ -85,7 +85,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>1.2.1</version>
+                        <version>1.5.0</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>
@@ -176,6 +176,7 @@
         <dependency>
             <groupId>org.wso2.carbon.devicemgt</groupId>
             <artifactId>org.wso2.carbon.device.mgt.common</artifactId>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>io.swagger</groupId>

components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/ApiOriginFilter.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.application.mgt.store.api;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class ApiOriginFilter implements Filter {
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+        HttpServletResponse res = (HttpServletResponse) response;
+        res.addHeader("Access-Control-Allow-Origin", "*");
+        res.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
+        res.addHeader("Access-Control-Allow-Headers", "Content-Type");
+        chain.doFilter(request, response);
+    }
+
+    public void destroy() {
+        //do nothing
+    }
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+        //do nothing
+    }
+}

components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/ValidationInterceptor.java

@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.wso2.carbon.device.application.mgt.store.api;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.jaxrs.lifecycle.ResourceProvider;
+import org.apache.cxf.jaxrs.model.ClassResourceInfo;
+import org.apache.cxf.jaxrs.model.OperationResourceInfo;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageContentsList;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+
+import javax.validation.ConstraintViolation;
+import javax.validation.ConstraintViolationException;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
+import javax.validation.executable.ExecutableValidator;
+import java.lang.reflect.Method;
+import java.util.List;
+import java.util.Set;
+
+public class ValidationInterceptor extends AbstractPhaseInterceptor<Message> {
+    private Log log = LogFactory.getLog(getClass());
+    private Validator validator = null; //validator interface is thread-safe
+
+    public ValidationInterceptor() {
+        super(Phase.PRE_INVOKE);
+        ValidatorFactory defaultFactory = Validation.buildDefaultValidatorFactory();
+        validator = defaultFactory.getValidator();
+        if (validator == null) {
+            log.warn("Bean Validation provider could not be found, no validation will be performed");
+        } else {
+            log.debug("Validation In-Interceptor initialized successfully");
+        }
+    }
+
+    @Override
+    public void handleMessage(Message message) throws Fault {
+        final OperationResourceInfo operationResource = message.getExchange().get(OperationResourceInfo.class);
+        if (operationResource == null) {
+            log.info("OperationResourceInfo is not available, skipping validation");
+            return;
+        }
+
+        final ClassResourceInfo classResource = operationResource.getClassResourceInfo();
+        if (classResource == null) {
+            log.info("ClassResourceInfo is not available, skipping validation");
+            return;
+        }
+
+        final ResourceProvider resourceProvider = classResource.getResourceProvider();
+        if (resourceProvider == null) {
+            log.info("ResourceProvider is not available, skipping validation");
+            return;
+        }
+
+        final List<Object> arguments = MessageContentsList.getContentsList(message);
+        final Method method = operationResource.getAnnotatedMethod();
+        final Object instance = resourceProvider.getInstance(message);
+        if (method != null && arguments != null) {
+            //validate the parameters(arguments) over the invoked method
+            validate(method, arguments.toArray(), instance);
+
+            //validate the fields of each argument
+            for (Object arg : arguments) {
+                if (arg != null)
+                    validate(arg);
+            }
+        }
+
+    }
+
+    public <T> void validate(final Method method, final Object[] arguments, final T instance) {
+        if (validator == null) {
+            log.warn("Bean Validation provider could not be found, no validation will be performed");
+            return;
+        }
+
+        ExecutableValidator methodValidator = validator.forExecutables();
+        Set<ConstraintViolation<T>> violations = methodValidator.validateParameters(instance,
+                method, arguments);
+
+        if (!violations.isEmpty()) {
+            throw new ConstraintViolationException(violations);
+        }
+    }
+
+    public <T> void validate(final T object) {
+        if (validator == null) {
+            log.warn("Bean Validation provider could be found, no validation will be performed");
+            return;
+        }
+
+        Set<ConstraintViolation<T>> violations = validator.validate(object);
+
+        if (!violations.isEmpty()) {
+            throw new ConstraintViolationException(violations);
+        }
+    }
+
+    public void handleFault(Message messageParam) {
+    }
+}

components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/ReviewManagementAPI.java

@@ -124,18 +124,17 @@ public interface ReviewManagementAPI {
                     name="uuid",
                     value="uuid of the application release.",
                     required = true)
-            @PathParam("uuid")
+            @PathParam("uuid") String uuid,
-                    String uuid,
             @ApiParam(
-                    name="offSet",
+                    name="offset",
-                    value="Starting review number.",defaultValue = "0")
+                    value="Starting review number.",
-            @QueryParam("offSet")
+                    defaultValue = "0")
-                    int offSet,
+            @QueryParam("offSet") int offSet,
             @ApiParam(
                     name="limit",
-                    value = "Limit of paginated reviews",defaultValue = "20")
+                    value = "Limit of paginated reviews",
-            @QueryParam("limit")
+                    defaultValue = "20")
-                    int limit);
+            @QueryParam("limit") int limit);
 
     @POST
     @Path("/{uuid}")

components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/ReviewManagementAPIImpl.java

@@ -35,6 +35,7 @@ import org.wso2.carbon.device.application.mgt.common.PaginationRequest;
 import org.wso2.carbon.device.application.mgt.common.exception.ApplicationManagementException;
 import org.wso2.carbon.device.application.mgt.common.exception.ReviewManagementException;
 
+import javax.ws.rs.DefaultValue;
 import javax.ws.rs.Path;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.PathParam;
@@ -58,8 +59,8 @@ public class ReviewManagementAPIImpl implements ReviewManagementAPI {
     @Path("/{uuid}")
     public Response getAllReviews(
             @PathParam("uuid") String uuid,
-            @QueryParam("offset") int offSet,
+            @DefaultValue("0") @QueryParam("offset") int offSet,
-            @QueryParam("limit") int limit) {
+            @DefaultValue("20") @QueryParam("limit") int limit) {
         ReviewManager reviewManager = APIUtil.getReviewManager();
         PaginationRequest request = new PaginationRequest(offSet, limit);
         try {

components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/webapp/WEB-INF/cxf-servlet.xml

@@ -18,29 +18,51 @@
   -->
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+       xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:cxf="http://cxf.apache.org/core"
-       xsi:schemaLocation="
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+         http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd">
-http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
 
     <jaxrs:server id="applicationMgtService" address="/">
         <jaxrs:serviceBeans>
             <ref bean="applicationMgtServiceBean"/>
-            <ref bean="lifecycleMgtServiceBean"/>
+            <ref bean="reviewMgtServiceBean"/>
             <ref bean="subscriptionMgtServiceBean"/>
+            <ref bean="swaggerResource"/>
         </jaxrs:serviceBeans>
         <jaxrs:providers>
             <ref bean="jsonProvider"/>
             <ref bean="multipartProvider"/>
+            <ref bean="swaggerWriter"/>
         </jaxrs:providers>
     </jaxrs:server>
 
-    <bean id="applicationMgtServiceBean" class="org.wso2.carbon.device.application.mgt.publisher.api.services.impl.ApplicationManagementAPIImpl"/>
+    <bean id="swaggerConfig" class="io.swagger.jaxrs.config.BeanConfig">
-    <bean id="lifecycleMgtServiceBean" class="org.wso2.carbon.device.application.mgt.publisher.api.services.impl.LifecycleManagementAPIImpl" />
+        <property name="resourcePackage" value="org.wso2.carbon.device.application.mgt.store.api"/>
-    <bean id="subscriptionMgtServiceBean" class="org.wso2.carbon.device.application.mgt.publisher.api.services.impl.SubscriptionManagementAPIImpl"/>
+        <property name="version" value="1.0"/>
-    <bean id="jsonProvider" class="org.wso2.carbon.device.application.mgt.publisher.api.JSONMessageHandler"/>
+        <property name="host" value="localhost:9443"/>
-    <bean id="multipartProvider" class="org.wso2.carbon.device.application.mgt.publisher.api.MultipartCustomProvider"/>
+        <property name="schemes" value="https" />
+        <property name="basePath" value="/api/application-mgt-store/v1.0"/>
+        <property name="title" value="App Store Management Service API Definitions"/>
+        <property name="contact" value="dev@wso2.org"/>
+        <property name="license" value="Apache 2.0"/>
+        <property name="licenseUrl" value="http://www.apache.org/licenses/LICENSE-2.0.html"/>
+        <property name="scan" value="true"/>
+    </bean>
+
+    <bean id="ValidationInterceptor" class="org.wso2.carbon.device.application.mgt.store.api.ValidationInterceptor"/>
+    <bean id="swaggerWriter" class="io.swagger.jaxrs.listing.SwaggerSerializers" />
+    <bean id="swaggerResource" class="io.swagger.jaxrs.listing.ApiListingResource" />
+
+    <bean id="applicationMgtServiceBean" class="org.wso2.carbon.device.application.mgt.store.api.services.impl.ApplicationManagementAPIImpl"/>
+    <bean id="reviewMgtServiceBean" class="org.wso2.carbon.device.application.mgt.store.api.services.impl.ReviewManagementAPIImpl" />
+    <bean id="subscriptionMgtServiceBean" class="org.wso2.carbon.device.application.mgt.store.api.services.impl.SubscriptionManagementAPIImpl"/>
+    <bean id="jsonProvider" class="org.wso2.carbon.device.application.mgt.store.api.JSONMessageHandler"/>
+    <bean id="multipartProvider" class="org.wso2.carbon.device.application.mgt.store.api.MultipartCustomProvider"/>
+
+    <cxf:bus>
+        <cxf:inInterceptors>
+            <ref bean="ValidationInterceptor"/>
+        </cxf:inInterceptors>
+    </cxf:bus>
 
 </beans>
-
-

components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/webapp/WEB-INF/web.xml

@@ -19,14 +19,20 @@
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
          version="2.5">
-    <display-name>Application Management Webapp</display-name>
+    <display-name>App Store Management Webapp</display-name>
     <servlet>
-        <description>JAX-WS/JAX-RS Application Management Endpoint</description>
+        <description>JAX-WS/JAX-RS App Store Management Endpoint</description>
         <display-name>JAX-WS/JAX-RS Servlet</display-name>
         <servlet-name>CXFServlet</servlet-name>
         <servlet-class>
             org.apache.cxf.transport.servlet.CXFServlet
         </servlet-class>
+        <!-- configure a security filter -->
+        <init-param>
+            <param-name>swagger.security.filter</param-name>
+            <param-value>ApiAuthorizationFilterImpl</param-value>
+        </init-param>
+        <load-on-startup>1</load-on-startup>
      </servlet>
     <servlet-mapping>
         <servlet-name>CXFServlet</servlet-name>
@@ -40,6 +46,17 @@
         <param-value>true</param-value>
     </context-param>
 
+    <!-- Below configuration is used to redirect http requests to https -->
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>ApplicationMgt-Admin</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
     <!--publish to apim-->
     <context-param>
         <param-name>managed-api-enabled</param-name>
@@ -55,20 +72,8 @@
     </context-param>
 
     <filter>
-        <filter-name>CorsFilter</filter-name>
+        <filter-name>ApiOriginFilter</filter-name>
-        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+        <filter-class>org.wso2.carbon.device.application.mgt.store.api.ApiOriginFilter</filter-class>
-        <init-param>
-            <param-name>cors.allowed.origins</param-name>
-            <param-value>*</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.allowed.methods</param-name>
-            <param-value>GET,POST,DELETE,PUT</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.allowed.headers</param-name>
-            <param-value>Content-Type</param-value>
-        </init-param>
     </filter>
 
     <filter>
@@ -108,7 +113,7 @@
     </filter-mapping>
 
     <filter-mapping>
-        <filter-name>CorsFilter</filter-name>
+        <filter-name>ApiOriginFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 

pom.xml

@@ -2100,7 +2100,7 @@
         <jersey.version>1.9</jersey.version>
 
         <!-- Neethi version-->
-        <neethi.version>2.0.4</neethi.version>
+        <neethi.version>3.1.1</neethi.version>
         <neethi.wso2.version>2.0.4.wso2v4</neethi.wso2.version>
 
         <!-- Release plugin ID for github-->