[OB4] Fix Tenant Creation Issue in OB 4.0.0 Accelerator

[VimukthiRajapaksha]

Purpose

This PR addresses the issue where newly created tenants in OB 4.0.0 Accelerator instances were being created in a disabled state and throws the org.wso2.financial.services.accelerator.common.exception.FinancialServicesException

Related Issues

#866

---

Development Checklist

1. Built complete solution with pull request in place.
2. Ran checkstyle plugin with pull request in place.
3. Ran Findbugs plugin with pull request in place.
4. Ran FindSecurityBugs plugin and verified report.
5. Formatted code according to WSO2 code style.
6. Have you verify the PR does't commit any keys, passwords, tokens, usernames, or other secrets?
7. Migration scripts written (if applicable).
8. Have you followed secure coding standards in WSO2 Secure Engineering Guidelines?

Testing Checklist

1. Written unit tests.
2. Documented test scenarios(link available in guides).
3. Written automation tests (link available in guides).
4. Verified tests in multiple database environments (if applicable).
5. Verified tests in multiple deployed specifications (if applicable).
6. Tested with OBBI enabled (if applicable).
7. Tested with specification regulatory conformance suites (if applicable).

Automation Test Details

Test Suite	Test Script IDs
Integration Suite	TCXXXXX, TCXXXX

Conformance Tests Details

Test Suite Name	Test Suite Version	Scenarios	Result
Security Suite	VX.X	Foo, Bar	Passed

Resources

Knowledge Base: https://sites.google.com/wso2.com/open-banking/

Guides: https://sites.google.com/wso2.com/open-banking/developer-guides

Summary by CodeRabbit

• New Features

  • Added regulatory classification support to Application Management.
  • Application operations now intelligently route based on regulatory status to optimize processing workflows.

• Improvements

  • Enhanced logging to track actions skipped for non-regulatory applications.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This change introduces regulatory compliance gating across multiple Application Management listener hooks. Service provider properties are evaluated to determine regulatory status, and non-regulatory applications skip further processing at designated checkpoints. Processing logic conditionally routes based on this regulatory flag.

Changes

Cohort / File(s)

Summary

Regulatory gating in application management listeners financial-services-accelerator/components/org.wso2.financial.services.accelerator.identity.extensions/src/main/java/org/wso2/financial/services/accelerator/identity/extensions/client/registration/application/listener/FSApplicationManagementListener.java

Added regulatory flag derivation from service provider properties across lifecycle hooks: doPreCreateApplication, doPostCreateApplication, doPreUpdateApplication, doPostGetServiceProvider, and doPostDeleteApplication. Non-regulatory applications short-circuit processing; regulatory applications proceed to updater invocation. Updated logging to indicate skipped actions for non-regulatory designations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Verify consistency of regulatory flag derivation logic across all five hooks
• Confirm conditional routing preserves existing error handling paths for both regulatory and non-regulatory flows
• Validate that service provider properties parsing is robust and handles edge cases
• Ensure logging additions correctly indicate skip scenarios without affecting performance or clarity

Poem

🐇 Regulatory gates now guard the path,
Each hook inspects with careful math,
Non-regulated flows bow and part,
While compliant apps play their part!
🏦✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The PR title mentions 'Fix Tenant Creation Issue' which aligns with the stated purpose, but the changes focus on regulatory gating in application management listeners, not directly on tenant creation.	Clarify whether the title accurately represents the primary change (regulatory gating in Application Management listeners) or if it should be more specific about the actual implementation.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description provides purpose and related issue link, but most testing checklist items are unchecked and automation/conformance test details contain only placeholders without actual test results.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1
#### Log Improvement Suggestion No: 2

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

financial-services-accelerator/components/org.wso2.financial.services.accelerator.identity.extensions/src/main/java/org/wso2/financial/services/accelerator/identity/extensions/client/registration/application/listener/FSApplicationManagementListener.java (4)

67-74: Regulatory gating in pre-create looks right; consider null-safe SP properties list

The early-return for non-regulatory applications matches the intent of skipping OB-specific setup, but Arrays.asList(serviceProvider.getSpProperties()) will throw if the backing array is ever null. A small defensive tweak here (and similarly in other methods) would make this more robust.

-        List<ServiceProviderProperty> spProperties = new ArrayList<>(Arrays.asList
-                    (serviceProvider.getSpProperties()));
+        ServiceProviderProperty[] spPropsArray = serviceProvider.getSpProperties();
+        List<ServiceProviderProperty> spProperties = spPropsArray != null
+                ? new ArrayList<>(Arrays.asList(spPropsArray))
+                : new ArrayList<>();

---

140-143: Use isRegulatory when invoking doPostCreateApplication for clarity

Here you compute isRegulatory but pass a hard-coded true into doPostCreateApplication. With the surrounding if (isRegulatory) this is functionally equivalent today, but passing the variable improves readability and keeps behavior correct if the gating logic is ever relaxed.

-            if (isRegulatory) {
-                identityDataHolder.getAbstractApplicationUpdater().doPostCreateApplication(true, serviceProvider,
-                        serviceProvider.getLocalAndOutBoundAuthenticationConfig(), tenantDomain, userName);
-            }
+            if (isRegulatory) {
+                identityDataHolder.getAbstractApplicationUpdater().doPostCreateApplication(isRegulatory,
+                        serviceProvider,
+                        serviceProvider.getLocalAndOutBoundAuthenticationConfig(), tenantDomain, userName);
+            }

---

204-211: Post-get gating is good; mirror the null-safe SP properties pattern

The regulatory check before doPostGetApplication is appropriate and matches the other hooks. As in pre-create, consider guarding against a null getSpProperties() array and possibly centralizing this into a small helper for reuse.

-            List<ServiceProviderProperty> spProperties = new ArrayList<>(Arrays.asList
-                    (serviceProvider.getSpProperties()));
+            ServiceProviderProperty[] spPropsArray = serviceProvider.getSpProperties();
+            List<ServiceProviderProperty> spProperties = spPropsArray != null
+                    ? new ArrayList<>(Arrays.asList(spPropsArray))
+                    : new ArrayList<>();

---

243-250: Post-delete gating is consistent; consider whether pre-delete should also skip non-reg apps

Skipping doPostDeleteApplication for non-regulatory applications matches the new pattern in other lifecycle hooks and avoids running regulatory-specific cleanup unnecessarily. One follow-up to think about: doPreDeleteApplication is still invoked for all apps—if that logic is also regulatory-specific, you may want a similar isRegulatory guard there for consistency.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e7fae32 and 60b3bfc.

📒 Files selected for processing (1)

• financial-services-accelerator/components/org.wso2.financial.services.accelerator.identity.extensions/src/main/java/org/wso2/financial/services/accelerator/identity/extensions/client/registration/application/listener/FSApplicationManagementListener.java (5 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

financial-services-accelerator/components/org.wso2.financial.services.accelerator.identity.extensions/src/main/java/org/wso2/financial/services/accelerator/identity/extensions/client/registration/application/listener/FSApplicationManagementListener.java (1)

financial-services-accelerator/components/org.wso2.financial.services.accelerator.identity.extensions/src/main/java/org/wso2/financial/services/accelerator/identity/extensions/client/registration/application/listener/util/ApplicationMgtListenerUtil.java (1)

• ApplicationMgtListenerUtil (31-114)

🔇 Additional comments (1)

financial-services-accelerator/components/org.wso2.financial.services.accelerator.identity.extensions/src/main/java/org/wso2/financial/services/accelerator/identity/extensions/client/registration/application/listener/FSApplicationManagementListener.java (1)

167-170: Pre-update regulatory gating aligns with pre-create behavior

Short-circuiting doPreUpdateApplication for non-regulatory applications is consistent with the pre-create path and should help avoid OB-specific updater logic for tenants that are not regulatory. No functional issues stand out here.