Jersey2: Move setting of authentication parameters before generating target URL to consider API keys in URL parameters

[jheyens]

A bug in ApiClient.musache causes API-keys to be ignored when generating from an OpenAPI-specification file with an ApiKey securityScheme:

{
  "openapi" : "3.0.0",
  "security" : [ {
    "ApiKey" : [ ]
  } ],
[...]
  "components" : {
    "securitySchemes" : {
      "ApiKey" : {
        "type" : "apiKey",
        "description" : "Description",
        "name" : "apiKey",
        "in" : "query"
      }
    }
  }
}

The generated code applies the query parameters to the WebTarget at ApiClient.mustache:1235, but the query parameters do not yet contain the API-key parameter, which is only added afterwards in ApiClient.mustache:1271.
The fix proposed in this PR is to apply all authentication settings before adding query parameters, resulting in query-parameter-based authentication schemes being added to the target URL.

PR checklist

• Read the contribution guidelines.
• Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community.
• Run the following to build the project and update samples:

  ./mvnw clean package || exit
  ./bin/generate-samples.sh ./bin/configs/*.yaml || exit
  ./bin/utils/export_docs_generators.sh || exit
  

  (For Windows users, please run the script in Git BASH)
  Commit all changed files.
  This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
  These must match the expectations made by your contribution.
  You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example ./bin/generate-samples.sh bin/configs/java*.
  IMPORTANT: Do NOT purge/delete any folders/files (e.g. tests) when regenerating the samples as manually written tests may be removed.
• File the PR against the correct branch: master (upcoming 7.x.0 minor release - breaking changes with fallbacks), 8.0.x (breaking changes without fallbacks)
• If your PR is targeting a particular programming language, @mention the technical committee members, so they are more likely to review the pull request.

@bbdouglas @sreeshas @jfiala @lukoyanov @cbornet @jeff9finger @karismann @Zomzog @lwlee2608 @martin-mfg

[martin-mfg]

Hi @jheyens, thanks for the PR!

[jheyens]

@martin-mfg Could you rerun the CirceCI-Checks? node0 failed due to something that looks like a connection error?

[martin-mfg]

@martin-mfg Could you rerun the CirceCI-Checks? node0 failed due to something that looks like a connection error?

I reran the pipelines in martin-mfg#69, and they are all green. I can't trigger a rerun here because only maintainers can do this. But the confirmation from the rerun in my fork should be enough.

[jheyens]

Hi @martin-mfg,

I am not entirely sure if I did everything required to merge this PR and #20687. Github shows me both " ✔️ 1 approval" but also "7 workflows awaiting approval". Do I need to do anything else or are we waiting for a maintainer to approve and merge this?

[martin-mfg]

Do I need to do anything else or are we waiting for a maintainer to approve and merge this?

There's nothing for you to do. We just need to wait for a maintainer to merge your PRs.