From b4d17b888b217335af06fd479b0c4510ff0f0bd5 Mon Sep 17 00:00:00 2001 From: harshanl Date: Fri, 20 Nov 2015 00:43:01 +0530 Subject: [PATCH] fixed secondary user-store related issues & multi-tenancy issues --- .../DeviceAccessAuthorizationServiceImpl.java | 17 +++++++++++------ .../policy/mgt/core/util/PolicyManagerUtil.java | 2 +- .../framework/WebappAuthenticationValve.java | 2 +- .../authenticator/OAuthAuthenticator.java | 4 ++-- 4 files changed, 15 insertions(+), 10 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index 47f1a8024e..857f0f63e9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -31,6 +31,7 @@ import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; import java.util.HashMap; import java.util.List; @@ -215,7 +216,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori UserRealm userRealm = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId); if (userRealm != null && userRealm.getAuthorizationManager() != null) { return userRealm.getAuthorizationManager() - .isUserAuthorized(username, PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION), + .isUserAuthorized(removeTenantDomain(username), PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION), PermissionMethod.UI_EXECUTE); } return false; @@ -224,15 +225,19 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori private String getUserName() { String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); if (username != null && !username.isEmpty()) { - String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); - if (username.endsWith(tenantDomain)) { - return username.substring(0, username.lastIndexOf("@")); - } - return username; + return removeTenantDomain(username); } return null; } + private String removeTenantDomain(String username) { + String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); + if (username.endsWith(tenantDomain)) { + return username.substring(0, username.lastIndexOf("@")); + } + return username; + } + private int getTenantId() { return CarbonContext.getThreadLocalCarbonContext().getTenantId(); } diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java index 990cb24875..26fd3db790 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java @@ -207,7 +207,7 @@ public class PolicyManagerUtil { if (configuration != null && !configuration.isEmpty()) { for (ConfigurationEntry cEntry : configuration) { if (cEntry.getName().equalsIgnoreCase(MONITORING_FREQUENCY)) { - monitoringFrequency = (int) cEntry.getValue(); + monitoringFrequency = Integer.parseInt((String)cEntry.getValue()); } } } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java index 25ef416506..da8b4cfabc 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java @@ -139,7 +139,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { msg = authenticationInfo.getMessage(); response.setHeader("WWW-Authenticate", msg); } - log.error(msg); + log.error(msg + " , API : " + request.getRequestURI()); AuthenticationFrameworkUtil .handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index adc31a9c14..ca8eb6c700 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -112,9 +112,9 @@ public class OAuthAuthenticator implements WebappAuthenticator { if (oAuth2TokenValidationResponseDTO.isValid()) { String username = oAuth2TokenValidationResponseDTO.getAuthorizedUser(); //Remove the userstore domain from username - if (username.contains("/")) { + /*if (username.contains("/")) { username = username.substring(username.indexOf('/') + 1); - } + }*/ authenticationInfo.setUsername(username); authenticationInfo.setTenantDomain(MultitenantUtils.getTenantDomain(username)); authenticationInfo.setTenantId(Utils.getTenantIdOFUser(username));