Documentation Bug Fix Blog Post Real-World App Certification Contact
WSO2 Engineering Internship

My Journey with
WSO2 Products

A comprehensive portfolio of my open-source contributions, bug fixes, technical writing, and real-world implementation of WSO2 technologies.

Explore Contributions

1. Enhancing Documentation

Clear, accurate documentation is the backbone of any great product. I actively contributed to the WSO2 API Manager documentation by resolving open issues and improving clarity.

PR #11559

Fixed inaccuracies and updated configurations in the APIM documentation to ensure developers have a seamless onboarding experience.

wso2/docs-apim/pull/11559

PR #11560

Resolved missing steps in a tutorial and clarified specific deployment architectures for API Manager.

wso2/docs-apim/pull/11560

PR #11561

Addressed formatting issues and broken links within the developer guide, enhancing overall readability.

wso2/docs-apim/pull/11561

2. Core Product Bug Fix

Diving into the source code of WSO2 API Manager to resolve a critical runtime issue related to JWT Claim Based Access Control.

The Problem (Issue #5126)

When users authenticated, modern Identity Providers passed multiple roles as a JSON array in the JWT (e.g., "roles": ["value1", "value2"]). The API Gateway's `ClaimBasedResourceAccessValidationMediator` assumed claims were simple Strings.

When it tried to cast a `List` (Collection) to a `String`, it threw a ClassCastException, crashing the Gateway thread and returning an HTTP 500 Internal Server Error instead of safely blocking the request (403 Forbidden).

The Solution (PR #13913)

I rewrote the claim extraction logic to be type-aware using Java's instanceof. I built a helper mechanism to safely flatten any incoming data type (String, Collection, or Array) into a List<String>.

// Safe extraction logic introduced if (claimValueObj instanceof String) { claimValues.add((String) claimValueObj); } else if (claimValueObj instanceof Collection ) { for (Object item : (Collection) claimValueObj) { if (item != null) claimValues.add(String.valueOf(item)); } }

This prevents crashes, gracefully looping through the array and returning a proper 403 Forbidden if validation fails. Tested extensively via JUnit and Gateway smoke tests.


wso2/carbon-apimgt/pull/13913

3. Evangelizing the Technology

Sharing knowledge with the developer community through technical writing.

How I used WSO2 API Gateway & Choreo Analytics to Secure My SaaS License Server

A detailed, step-by-step article explaining how I leveraged WSO2's powerful API Management capabilities to build a secure, robust gateway for my SaaS product, complete with real-time insights from Choreo.

Read on Medium View on LinkedIn View on My Portfolio

4. Real-World Implementation

I successfully deployed WSO2 API Gateway and Choreo Analytics in a production-like environment to secure and monitor my SaaS product's License Server.

This architecture ensures secure API invocations utilizing robust authentication protocols, rate limiting, and comprehensive observability via Choreo. Below are screenshots demonstrating the active implementation.

5. Professional Certification

Validating my knowledge through official WSO2 channels.

WSO2 API Manager 4.7 Developer Fundamentals

Status: Currently Following Course

I am actively completing the practitioner-level certification course. Upon completion, I will sit for the official certification exam to formalize my expertise in API development and management.

Get in Touch

I'm always excited to take on new projects and collaborate with innovative minds.

rav.business.lak@gmail.com +94 78 288 3974