Unexpected warnings with usage of new OpenAPI Validation Assertion
search cancel

Unexpected warnings with usage of new OpenAPI Validation Assertion


Article ID: 366865


Updated On:


CA API Gateway


After upgrading the 10.1 CR0X gateways, there is an unknown WARNING level log entry on several services. The following messages can be found in the logs (example):

WARNING com.atlassian.oai.validator.interaction.request.SecurityValidator: Operation 'GET /sample/api/' defines a 'security' block but no 'securitySchemes' are defined

The execution of the policy is not stopped by this warning but why is this logged? What is the impact since multiple services produce this warning on a regular basis, filling up the audit system?


 API Gateway:10.1 CR04, 11.x


These messages can be safely ignored. The gateway does not use this part of the Atlassian library. The security check is done in a custom function because the Atlassian library does not support all types we need. Due to this, we set the securityscheme in the Atlassian request check to 'null' which causes these warning messages.

The message can be suppressed by setting the Atlassian java class logging to severe. To do this, adjust the log level in the Cluster Wide Property "log.levels" and add the following:

com.atlassian.oai.validator.interaction.request.SecurityValidator.level = SEVERE