bug fix for api key authenticator

wso2 · Mar 20, 2024 · 79ec74c · 79ec74c
1 parent 1476954
commit 79ec74c
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/...o2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyAuthenticator.java b/...o2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyAuthenticator.java
@@ -209,9 +209,12 @@ private AuthenticationContext processAPIKey(RequestContext requestContext, Strin
                 APIKeyValidationInfoDTO validationInfoDto;
                 log.debug("Validating subscription for API Key against subscription store."
                         + " context: {} version: {}", apiContext, apiVersion);
-                validationInfoDto = KeyValidator.validateSubscription(apiUuid, apiContext,
-                        requestContext.getMatchedAPI(), payload);
-                if (!requestContext.getMatchedAPI().isSystemAPI()) {
+                boolean isGatewayLevelSubscriptionValidationEnabled = ConfigHolder.getInstance().getConfig()
+                        .getMandateSubscriptionValidation();
+                if (!requestContext.getMatchedAPI().isSystemAPI() && (isGatewayLevelSubscriptionValidationEnabled || requestContext.getMatchedAPI()
+                        .isSubscriptionValidation())) {
+//                    validationInfoDto = KeyValidator.validateSubscription(apiUuid, apiContext,
+//                                requestContext.getMatchedAPI(), payload);
                     log.debug("Validating subscription for API Key using JWT claims against invoked API info."
                             + " context: {} version: {}", apiContext, apiVersion);
                     validationInfoDto = getAPIKeyValidationDTO(requestContext, payload);