diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java index af69a320ea1..2694ea069af 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java @@ -22,7 +22,7 @@ public final class Constants { public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer"; public static final String NO_MATCHING_AUTH_SCHEME = "noMatchedAuthScheme"; - public static final String PROXY_TENANT_ID = "ProxyTenantId"; + public static final String PROXY_TENANT_ID = "Proxy-Tenant-Id"; public static final class HTTPHeaders { private HTTPHeaders() { diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java index e09b7e9c862..1370482cd25 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java @@ -50,8 +50,9 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { @Override public void invoke(Request request, Response response, CompositeValve compositeValve) { - if (this.isContextSkipped(request) || this.skipAuthentication(request)) { - this.getNext().invoke(request, response, compositeValve); + if ((this.isContextSkipped(request) || this.skipAuthentication(request)) + && (StringUtils.isEmpty(request.getHeader(AUTHORIZE_PERMISSION)))) { + this.getNext().invoke(request, response, compositeValve); return; } @@ -109,7 +110,8 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { privilegedCarbonContext.setTenantId(authenticationInfo.getTenantId()); privilegedCarbonContext.setTenantDomain(authenticationInfo.getTenantDomain()); privilegedCarbonContext.setUsername(authenticationInfo.getUsername()); - if (authenticationInfo.isSuperTenantAdmin()) { + if (authenticationInfo.isSuperTenantAdmin() && request.getHeader(Constants + .PROXY_TENANT_ID) != null) { // If this is a call from super admin to an API and the ProxyTenantId is also // present, this is a call that is made with super admin credentials to call // an API on behalf of another tenant. Hence the actual tenants, details are