Fixed EMM-939

9 years ago · 5af6f314d0
parent 5fd9e87dc8
commit 5af6f314d0
2 changed files with 6 additions and 1 deletions
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
+++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
@ -81,11 +81,12 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
            User authzUser = accessTokenDO.getAuthzUser();
            if ((permission != null) && (authzUser != null)) {
                String username = authzUser.getUserName();
+                String userStore = authzUser.getUserStoreDomain();
                int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain());
                UserRealm userRealm = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
                if (userRealm != null && userRealm.getAuthorizationManager() != null) {
                    status = userRealm.getAuthorizationManager()
-                                      .isUserAuthorized(username, permission.getPath(),
+                                      .isUserAuthorized(userStore +"/"+ username, permission.getPath(),
                                                        PermissionMethod.UI_EXECUTE);
                }
            }
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
@ -111,6 +111,10 @@ public class OAuthAuthenticator implements WebappAuthenticator {
                        AuthenticatorFrameworkDataHolder.getInstance().getoAuth2TokenValidationService().validate(dto);
                if (oAuth2TokenValidationResponseDTO.isValid()) {
                    String username = oAuth2TokenValidationResponseDTO.getAuthorizedUser();
+                    //Remove the userstore domain from username
+                    if (username.contains("/")) {
+                        username = username.substring(username.indexOf('/') + 1);
+                    }
                    authenticationInfo.setUsername(username);
                    authenticationInfo.setTenantDomain(MultitenantUtils.getTenantDomain(username));
                    authenticationInfo.setTenantId(Utils.getTenantIdOFUser(username));