Revamp dependency usages for JSON processing ( Json, Jaxson, ...)

[dushaniw]

Problem

When building the product, there are a number of JSON processing dependencies which will be packed as JARs. Since these dependencies can be exposed to vulnerabilities, proper maintenance is a must.

Solution

In this effort, unused old dependencies need to be removed and the usages should be confined to a limited set of JSON dependencies. By revamping dependency usage for JSON processing, this repeated effort can be minimized.

Affected Component

APIM

Version

4.2.0

Implementation

A research on dependency usages for JSON processing is needed at the beginning of the task. After identifying the dependencies and use cases, it is possible to revamp the dependency usage for JSON processing.

Sub Tasks

• [x] https://github.com/wso2/api-manager/issues/296
• [ ] https://github.com/wso2/api-manager/issues/310
• [ ] https://github.com/wso2/api-manager/issues/441

[tharikaGitHub]

Due to the following reasons we will not be fixing this issue https://github.com/wso2/api-manager/issues/310.

1. jackson-jaxrs related jars cannot be removed from the lib/runtimes/cxf3 folder because that is required by cxf.
2. There is an issue with loading time if all jars are added to plugins instead of /lib
3. When moving all the jackson jars in to the /lib folder, instead of modifying the bundles.info file while building the product it is good if we can do it while building the features. But seems this is not possible.