From b4d17b888b217335af06fd479b0c4510ff0f0bd5 Mon Sep 17 00:00:00 2001
From: harshanl <harshan@wso2.com>
Date: Fri, 20 Nov 2015 00:43:01 +0530
Subject: [PATCH] fixed secondary user-store related issues & multi-tenancy
 issues

---
 .../DeviceAccessAuthorizationServiceImpl.java   | 17 +++++++++++------
 .../policy/mgt/core/util/PolicyManagerUtil.java |  2 +-
 .../framework/WebappAuthenticationValve.java    |  2 +-
 .../authenticator/OAuthAuthenticator.java       |  4 ++--
 4 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
index 47f1a8024e..857f0f63e9 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
@@ -31,6 +31,7 @@ import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
 import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
 import org.wso2.carbon.user.api.UserRealm;
 import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
 
 import java.util.HashMap;
 import java.util.List;
@@ -215,7 +216,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
         UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
         if (userRealm != null && userRealm.getAuthorizationManager() != null) {
             return userRealm.getAuthorizationManager()
-                            .isUserAuthorized(username, PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION),
+                            .isUserAuthorized(removeTenantDomain(username), PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION),
                                               PermissionMethod.UI_EXECUTE);
         }
         return false;
@@ -224,15 +225,19 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
     private String getUserName() {
         String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
         if (username != null && !username.isEmpty()) {
-            String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
-            if (username.endsWith(tenantDomain)) {
-                return username.substring(0, username.lastIndexOf("@"));
-            }
-            return username;
+            return removeTenantDomain(username);
         }
         return null;
     }
 
+    private String removeTenantDomain(String username) {
+        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+        if (username.endsWith(tenantDomain)) {
+            return username.substring(0, username.lastIndexOf("@"));
+        }
+        return username;
+    }
+
     private int getTenantId() {
         return CarbonContext.getThreadLocalCarbonContext().getTenantId();
     }
diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java
index 990cb24875..26fd3db790 100644
--- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java
+++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java
@@ -207,7 +207,7 @@ public class PolicyManagerUtil {
             if (configuration != null && !configuration.isEmpty()) {
                 for (ConfigurationEntry cEntry : configuration) {
                     if (cEntry.getName().equalsIgnoreCase(MONITORING_FREQUENCY)) {
-                        monitoringFrequency = (int) cEntry.getValue();
+                        monitoringFrequency = Integer.parseInt((String)cEntry.getValue());
                     }
                 }
             }
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
index 25ef416506..da8b4cfabc 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
@@ -139,7 +139,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
                     msg = authenticationInfo.getMessage();
                     response.setHeader("WWW-Authenticate", msg);
                 }
-                log.error(msg);
+                log.error(msg + " , API : " + request.getRequestURI());
                 AuthenticationFrameworkUtil
                         .handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED,
                                         msg);
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
index adc31a9c14..ca8eb6c700 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
@@ -112,9 +112,9 @@ public class OAuthAuthenticator implements WebappAuthenticator {
                 if (oAuth2TokenValidationResponseDTO.isValid()) {
                     String username = oAuth2TokenValidationResponseDTO.getAuthorizedUser();
                     //Remove the userstore domain from username
-                    if (username.contains("/")) {
+                    /*if (username.contains("/")) {
                         username = username.substring(username.indexOf('/') + 1);
-                    }
+                    }*/
                     authenticationInfo.setUsername(username);
                     authenticationInfo.setTenantDomain(MultitenantUtils.getTenantDomain(username));
                     authenticationInfo.setTenantId(Utils.getTenantIdOFUser(username));