diff --git a/components/org.wso2.carbon.identity.oauth.dcr/pom.xml b/components/org.wso2.carbon.identity.oauth.dcr/pom.xml
index 31216140c6f..21253b8fdfe 100644
--- a/components/org.wso2.carbon.identity.oauth.dcr/pom.xml
+++ b/components/org.wso2.carbon.identity.oauth.dcr/pom.xml
@@ -126,7 +126,10 @@
org.wso2.carbon.identity.framework
org.wso2.carbon.identity.configuration.mgt.core
-
+
+ org.wso2.carbon.identity.organization.management.core
+ org.wso2.carbon.identity.organization.management.service
+
@@ -165,6 +168,7 @@
org.wso2.carbon.identity.application.common.model;version="${carbon.identity.framework.imp.pkg.version.range}",
org.wso2.carbon.identity.application.mgt.*;version="${carbon.identity.framework.imp.pkg.version.range}",
org.wso2.carbon.identity.application.authentication.framework.*;version="${carbon.identity.framework.imp.pkg.version.range}",
+ org.wso2.carbon.identity.organization.management.service.*; version="${carbon.identity.organization.management.core.version.range}",
javax.servlet.http; version="${imp.pkg.version.javax.servlet}",
org.wso2.carbon.user.api; version="${carbon.user.api.imp.pkg.version.range}",
org.wso2.carbon.identity.oauth.*;version="${identity.inbound.auth.oauth.imp.pkg.version.range}",
diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/DCRMConstants.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/DCRMConstants.java
index 83b32bb5e0d..8eabb696ce1 100644
--- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/DCRMConstants.java
+++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/DCRMConstants.java
@@ -60,7 +60,8 @@ public enum ErrorMessages {
SIGNATURE_VALIDATION_FAILED("Signature validation failed for the software statement"),
MANDATORY_SOFTWARE_STATEMENT("Mandatory software statement is missing"),
FAILED_TO_READ_SSA("Error occurred while reading the software statement"),
- ADDITIONAL_ATTRIBUTE_ERROR("Error occurred while handling additional attributes");
+ ADDITIONAL_ATTRIBUTE_ERROR("Error occurred while handling additional attributes"),
+ FAILED_TO_RESOLVE_TENANT_DOMAIN("Error while resolving tenant domain from the organization id: %s");
private final String message;
private final String errorCode;
diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/internal/DCRDataHolder.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/internal/DCRDataHolder.java
index eaaf88e4f68..25bf98dbe34 100644
--- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/internal/DCRDataHolder.java
+++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/internal/DCRDataHolder.java
@@ -23,6 +23,7 @@
import org.wso2.carbon.identity.oauth.dcr.handler.RegistrationHandler;
import org.wso2.carbon.identity.oauth.dcr.handler.UnRegistrationHandler;
import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder;
+import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import java.util.ArrayList;
import java.util.List;
@@ -33,7 +34,6 @@
* This was deprecated as part of deprecating the legacy identity/register DCR endpoint.
* The recommendation is to use /identity/oauth2/dcr/v1.1 instead.
*/
-@Deprecated
public class DCRDataHolder {
private static DCRDataHolder thisInstance = new DCRDataHolder();
@@ -42,6 +42,7 @@ public class DCRDataHolder {
private List unRegistrationHandlerList = new ArrayList<>();
private List tokenBinders = new ArrayList<>();
private ConfigurationManager configurationManager;
+ private OrganizationManager organizationManager;
private DCRDataHolder() {
@@ -111,4 +112,14 @@ public void setConfigurationManager(ConfigurationManager configurationManager) {
this.configurationManager = configurationManager;
}
+
+ public OrganizationManager getOrganizationManager() {
+
+ return organizationManager;
+ }
+
+ public void setOrganizationManager(OrganizationManager organizationManager) {
+
+ this.organizationManager = organizationManager;
+ }
}
diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/internal/DCRServiceComponent.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/internal/DCRServiceComponent.java
index fedd5a94b7f..6a0b63318a1 100644
--- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/internal/DCRServiceComponent.java
+++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/internal/DCRServiceComponent.java
@@ -42,6 +42,7 @@
import org.wso2.carbon.identity.oauth.dcr.processor.DCRProcessor;
import org.wso2.carbon.identity.oauth.dcr.service.DCRMService;
import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder;
+import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
/**
* OAuth DCRM service component.
@@ -52,7 +53,6 @@
name = "identity.oauth.dcr",
immediate = true
)
-@Deprecated
public class DCRServiceComponent {
private static final Log log = LogFactory.getLog(DCRServiceComponent.class);
@@ -254,4 +254,23 @@ protected void unregisterConfigurationManager(ConfigurationManager configuration
log.debug("Unregistering the ConfigurationManager in DCR Service Component.");
DCRDataHolder.getInstance().setConfigurationManager(null);
}
+
+ @Reference(
+ name = "organization.service",
+ service = OrganizationManager.class,
+ cardinality = ReferenceCardinality.MANDATORY,
+ policy = ReferencePolicy.DYNAMIC,
+ unbind = "unsetOrganizationManager"
+ )
+ protected void setOrganizationManager(OrganizationManager organizationManager) {
+
+ DCRDataHolder.getInstance().setOrganizationManager(organizationManager);
+ log.debug("Set the organization management service.");
+ }
+
+ protected void unsetOrganizationManager(OrganizationManager organizationManager) {
+
+ DCRDataHolder.getInstance().setOrganizationManager(null);
+ log.debug("Unset organization management service.");
+ }
}
diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java
index 8e2c9c147f7..6fb2c8f7992 100644
--- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java
+++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java
@@ -64,6 +64,7 @@
import org.wso2.carbon.identity.oauth2.OAuth2Constants;
import org.wso2.carbon.identity.oauth2.util.JWTSignatureValidationUtils;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
+import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.user.api.UserStoreException;
import java.lang.reflect.InvocationTargetException;
@@ -105,12 +106,23 @@ public class DCRMService {
*/
public Application getApplication(String clientId) throws DCRMException {
- validateRequestTenantDomain(clientId);
+ String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String applicationResidentOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(applicationResidentOrgId)) {
+ try {
+ tenantDomain = DCRDataHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(applicationResidentOrgId);
+ } catch (OrganizationManagementException e) {
+ throw DCRMUtils.generateServerException(
+ DCRMConstants.ErrorMessages.FAILED_TO_RESOLVE_TENANT_DOMAIN, applicationResidentOrgId, e);
+ }
+ }
+ validateRequestTenantDomain(clientId, tenantDomain);
OAuthConsumerAppDTO consumerAppDTO = getApplicationById(
- clientId, DCRMUtils.isApplicationRolePermissionRequired());
+ clientId, DCRMUtils.isApplicationRolePermissionRequired(), tenantDomain);
// Get the jwksURI from the service provider.
String applicationName = consumerAppDTO.getApplicationName();
- String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
ServiceProvider serviceProvider = getServiceProvider(applicationName, tenantDomain);
String jwksURI = serviceProvider.getJwksUri();
if (StringUtils.isNotEmpty(jwksURI)) {
@@ -157,6 +169,17 @@ public Application getApplicationByName(String clientName) throws DCRMException
}
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String applicationResidentOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(applicationResidentOrgId)) {
+ try {
+ tenantDomain = DCRDataHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(applicationResidentOrgId);
+ } catch (OrganizationManagementException e) {
+ throw DCRMUtils.generateServerException(
+ DCRMConstants.ErrorMessages.FAILED_TO_RESOLVE_TENANT_DOMAIN, applicationResidentOrgId, e);
+ }
+ }
if (!isServiceProviderExist(clientName, tenantDomain)) {
throw DCRMUtils.generateClientException(
DCRMConstants.ErrorMessages.NOT_FOUND_APPLICATION_WITH_NAME, clientName);
@@ -203,10 +226,21 @@ public Application registerApplication(ApplicationRegistrationRequest registrati
*/
public void deleteApplication(String clientId) throws DCRMException {
- validateRequestTenantDomain(clientId);
- OAuthConsumerAppDTO appDTO = getApplicationById(clientId);
- String applicationOwner = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String applicationResidentOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(applicationResidentOrgId)) {
+ try {
+ tenantDomain = DCRDataHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(applicationResidentOrgId);
+ } catch (OrganizationManagementException e) {
+ throw DCRMUtils.generateServerException(
+ DCRMConstants.ErrorMessages.FAILED_TO_RESOLVE_TENANT_DOMAIN, applicationResidentOrgId, e);
+ }
+ }
+ validateRequestTenantDomain(clientId, tenantDomain);
+ OAuthConsumerAppDTO appDTO = getApplicationById(clientId, tenantDomain);
+ String applicationOwner = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
String spName;
try {
spName = DCRDataHolder.getInstance().getApplicationManagementService()
@@ -241,9 +275,22 @@ public void deleteApplication(String clientId) throws DCRMException {
*/
public Application updateApplication(ApplicationUpdateRequest updateRequest, String clientId) throws DCRMException {
- validateRequestTenantDomain(clientId);
- OAuthConsumerAppDTO appDTO = getApplicationById(clientId);
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ boolean isSubOrgApp = false;
+ String applicationResidentOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(applicationResidentOrgId)) {
+ try {
+ tenantDomain = DCRDataHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(applicationResidentOrgId);
+ isSubOrgApp = true;
+ } catch (OrganizationManagementException e) {
+ throw DCRMUtils.generateServerException(
+ DCRMConstants.ErrorMessages.FAILED_TO_RESOLVE_TENANT_DOMAIN, applicationResidentOrgId, e);
+ }
+ }
+ validateRequestTenantDomain(clientId, tenantDomain);
+ OAuthConsumerAppDTO appDTO = getApplicationById(clientId, tenantDomain);
String applicationOwner = StringUtils.isNotBlank(updateRequest.getExtApplicationOwner()) ?
updateRequest.getExtApplicationOwner() :
PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
@@ -303,7 +350,7 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str
}
// Update the service provider properties list with the display name property.
- updateServiceProviderPropertyList(sp, updateRequest.getExtApplicationDisplayName());
+ updateServiceProviderPropertyList(sp, updateRequest.getExtApplicationDisplayName(), isSubOrgApp);
// Update jwksURI.
if (StringUtils.isNotEmpty(updateRequest.getJwksURI())) {
sp.setJwksUri(updateRequest.getJwksURI());
@@ -426,7 +473,7 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str
throw DCRMUtils.generateServerException(
DCRMConstants.ErrorMessages.FAILED_TO_UPDATE_APPLICATION, clientId, e);
}
- OAuthConsumerAppDTO oAuthConsumerAppDTO = getApplicationById(clientId);
+ OAuthConsumerAppDTO oAuthConsumerAppDTO = getApplicationById(clientId, tenantDomain);
// Setting the jwksURI to be sent in the response.
oAuthConsumerAppDTO.setJwksURI(updateRequest.getJwksURI());
Application application = buildResponse(oAuthConsumerAppDTO, tenantDomain);
@@ -448,11 +495,22 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str
* @param serviceProvider Service provider.
* @param applicationDisplayName Application display name.
*/
- private void updateServiceProviderPropertyList(ServiceProvider serviceProvider, String applicationDisplayName) {
+ private void updateServiceProviderPropertyList(ServiceProvider serviceProvider, String applicationDisplayName,
+ boolean isSubOrgApp) {
// Retrieve existing service provider properties.
ServiceProviderProperty[] serviceProviderProperties = serviceProvider.getSpProperties();
+ boolean isSubOrgAppPropSet = Arrays.stream(serviceProviderProperties)
+ .anyMatch(property -> property.getName().equals("isSubOrgApp"));
+ if (!isSubOrgAppPropSet) {
+ ServiceProviderProperty isSubOrgAppProp = new ServiceProviderProperty();
+ isSubOrgAppProp.setName("isSubOrgApp");
+ isSubOrgAppProp.setValue(String.valueOf(isSubOrgApp));
+ serviceProviderProperties = (ServiceProviderProperty[]) ArrayUtils.add(serviceProviderProperties,
+ isSubOrgAppProp);
+ }
+
boolean isDisplayNameSet = Arrays.stream(serviceProviderProperties)
.anyMatch(property -> property.getName().equals(APP_DISPLAY_NAME));
if (!isDisplayNameSet) {
@@ -489,12 +547,13 @@ private String getDisplayNameProperty(ServiceProvider serviceProvider) {
return displayNameProperty.map(ServiceProviderProperty::getValue).orElse(null);
}
- private OAuthConsumerAppDTO getApplicationById(String clientId) throws DCRMException {
+ private OAuthConsumerAppDTO getApplicationById(String clientId, String tenantDomain) throws DCRMException {
- return getApplicationById(clientId, true);
+ return getApplicationById(clientId, true, tenantDomain);
}
- private OAuthConsumerAppDTO getApplicationById(String clientId, boolean isApplicationRolePermissionRequired)
+ private OAuthConsumerAppDTO getApplicationById(String clientId, boolean isApplicationRolePermissionRequired,
+ String tenantDomain)
throws DCRMException {
if (StringUtils.isEmpty(clientId)) {
@@ -504,7 +563,7 @@ private OAuthConsumerAppDTO getApplicationById(String clientId, boolean isApplic
}
try {
- OAuthConsumerAppDTO dto = oAuthAdminService.getOAuthApplicationData(clientId);
+ OAuthConsumerAppDTO dto = oAuthAdminService.getOAuthApplicationData(clientId, tenantDomain);
if (dto == null || StringUtils.isEmpty(dto.getApplicationName())) {
throw DCRMUtils.generateClientException(
DCRMConstants.ErrorMessages.NOT_FOUND_APPLICATION_WITH_ID, clientId);
@@ -531,6 +590,20 @@ private Application createOAuthApplication(ApplicationRegistrationRequest regist
PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String applicationResidentOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ boolean isSubOrgApp = false;
+
+ if (StringUtils.isNotEmpty(applicationResidentOrgId)) {
+ try {
+ tenantDomain = DCRDataHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(applicationResidentOrgId);
+ isSubOrgApp = true;
+ } catch (OrganizationManagementException e) {
+ throw DCRMUtils.generateServerException(
+ DCRMConstants.ErrorMessages.FAILED_TO_RESOLVE_TENANT_DOMAIN, applicationResidentOrgId, e);
+ }
+ }
/*
* ApplicationOwner will be null and a server error is thrown when creating an app, if the api authentication/
@@ -566,7 +639,7 @@ private Application createOAuthApplication(ApplicationRegistrationRequest regist
}
if (StringUtils.isNotEmpty(registrationRequest.getConsumerKey()) && isClientIdExist(
- registrationRequest.getConsumerKey())) {
+ registrationRequest.getConsumerKey(), tenantDomain)) {
throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.CONFLICT_EXISTING_CLIENT_ID,
registrationRequest.getConsumerKey());
}
@@ -636,7 +709,8 @@ private Application createOAuthApplication(ApplicationRegistrationRequest regist
}
// Update the service provider properties list with the display name property.
- updateServiceProviderPropertyList(serviceProvider, registrationRequest.getExtApplicationDisplayName());
+ updateServiceProviderPropertyList(serviceProvider, registrationRequest.getExtApplicationDisplayName(),
+ isSubOrgApp);
// Store jwksURI.
if (StringUtils.isNotEmpty(registrationRequest.getJwksURI())) {
serviceProvider.setJwksUri(registrationRequest.getJwksURI());
@@ -941,10 +1015,10 @@ private boolean isServiceProviderExist(String serviceProviderName, String tenant
* @return true if application exists with the client id.
* @throws DCRMException in case of failure.
*/
- private boolean isClientIdExist(String clientId) throws DCRMException {
+ private boolean isClientIdExist(String clientId, String tenantDomain) throws DCRMException {
try {
- OAuthConsumerAppDTO dto = oAuthAdminService.getOAuthApplicationData(clientId);
+ OAuthConsumerAppDTO dto = oAuthAdminService.getOAuthApplicationData(clientId, tenantDomain);
return dto != null && StringUtils.isNotBlank(dto.getApplicationName());
} catch (IdentityOAuthAdminException e) {
if (e.getCause() instanceof InvalidOAuthClientException) {
@@ -1145,6 +1219,17 @@ private boolean isUserAuthorized(String clientId) throws DCRMServerException {
try {
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String applicationResidentOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(applicationResidentOrgId)) {
+ try {
+ tenantDomain = DCRDataHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(applicationResidentOrgId);
+ } catch (OrganizationManagementException e) {
+ throw DCRMUtils.generateServerException(
+ DCRMConstants.ErrorMessages.FAILED_TO_RESOLVE_TENANT_DOMAIN, applicationResidentOrgId, e);
+ }
+ }
String spName = DCRDataHolder.getInstance().getApplicationManagementService()
.getServiceProviderNameByClientId(clientId, DCRMConstants.OAUTH2, tenantDomain);
String threadLocalUserName = CarbonContext.getThreadLocalCarbonContext().getUsername();
@@ -1176,10 +1261,10 @@ private static boolean clientIdMatchesRegex(String clientId, String clientIdVali
* @param clientId Consumer key of application.
* @throws DCRMException DCRMException
*/
- private void validateRequestTenantDomain(String clientId) throws DCRMException {
+ private void validateRequestTenantDomain(String clientId, String tenantDomain) throws DCRMException {
try {
- String tenantDomainOfApp = OAuth2Util.getTenantDomainOfOauthApp(clientId);
+ String tenantDomainOfApp = OAuth2Util.getTenantDomainOfOauthApp(clientId, tenantDomain);
OAuth2Util.validateRequestTenantDomain(tenantDomainOfApp);
} catch (InvalidOAuthClientException e) {
throw new DCRMClientException(DCRMConstants.ErrorMessages.TENANT_DOMAIN_MISMATCH.getErrorCode(),
diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/util/DCRMUtils.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/util/DCRMUtils.java
index 7e2df76179e..beb611f1de1 100644
--- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/util/DCRMUtils.java
+++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/util/DCRMUtils.java
@@ -37,7 +37,6 @@
* This was deprecated as part of deprecating the legacy identity/register DCR endpoint.
* The recommendation is to use /identity/oauth2/dcr/v1.1 instead.
*/
-@Deprecated
public class DCRMUtils {
private static final Log log = LogFactory.getLog(DCRMUtils.class);
diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java
index 87c456aaf23..1678df7280b 100644
--- a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java
+++ b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java
@@ -199,12 +199,12 @@ public void getApplicationEmptyClientIdTest() throws DCRMException {
public void getApplicationNullDTOTest(String dtoStatus) throws Exception {
if (dtoStatus == null) {
- when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey)).thenReturn(null);
+ when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey, dummyTenantDomain)).thenReturn(null);
lenient().when(mockOAuthAdminService.getAllOAuthApplicationData()).thenReturn(new OAuthConsumerAppDTO[0]);
} else {
OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO();
dto.setApplicationName("");
- when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey)).thenReturn(dto);
+ when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey, dummyTenantDomain)).thenReturn(dto);
lenient().when(mockOAuthAdminService.getAllOAuthApplicationData())
.thenReturn(new OAuthConsumerAppDTO[]{dto});
}
@@ -222,7 +222,7 @@ public void getApplicationNullDTOTest(String dtoStatus) throws Exception {
public void getApplicationDTOTestWithIOAException() throws Exception {
doThrow(new IdentityOAuthAdminException("")).when(mockOAuthAdminService)
- .getOAuthApplicationData(dummyConsumerKey);
+ .getOAuthApplicationData(dummyConsumerKey, dummyTenantDomain);
lenient().when(mockOAuthAdminService.getAllOAuthApplicationData()).thenReturn(new OAuthConsumerAppDTO[0]);
setInternalState(dcrmService, "oAuthAdminService", mockOAuthAdminService);
@@ -239,7 +239,7 @@ public void getApplicationDTOTestWithIOAException() throws Exception {
public void getApplicationDTOTestWithIOCException() throws Exception {
doThrow(new IdentityOAuthAdminException("", new InvalidOAuthClientException(""))).when(mockOAuthAdminService)
- .getOAuthApplicationData(dummyConsumerKey);
+ .getOAuthApplicationData(dummyConsumerKey, dummyTenantDomain);
lenient().when(mockOAuthAdminService.getAllOAuthApplicationData()).thenReturn(new OAuthConsumerAppDTO[0]);
setInternalState(dcrmService, "oAuthAdminService", mockOAuthAdminService);
@@ -256,7 +256,7 @@ public void getApplicationDTOTestWithIOCException() throws Exception {
public void getApplicationDTOTestUserUnauthorized() throws Exception {
setInternalState(dcrmService, "oAuthAdminService", mockOAuthAdminService);
- when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey)).thenReturn(dto);
+ when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey, dummyTenantDomain)).thenReturn(dto);
when(dto.getApplicationName()).thenReturn(dummyClientName);
try {
@@ -276,7 +276,7 @@ public void isUserAuthorizedTestWithIAMException() throws IdentityOAuthAdminExce
UserStoreException, NoSuchFieldException, IllegalAccessException {
setInternalState(dcrmService, "oAuthAdminService", mockOAuthAdminService);
- when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey)).thenReturn(dto);
+ when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey, dummyTenantDomain)).thenReturn(dto);
when(dto.getApplicationName()).thenReturn(dummyClientName);
try {
@@ -304,7 +304,7 @@ public void getApplicationDTOTest(String roleAudience) throws Exception {
dto.setCallbackUrl(dummyCallbackUrl);
dto.setUsername(dummyUserName.concat("@").concat(dummyTenantDomain));
- when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey)).thenReturn(dto);
+ when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey, dummyTenantDomain)).thenReturn(dto);
setInternalState(dcrmService, "oAuthAdminService", mockOAuthAdminService);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserRealm(mockedUserRealm);
when(mockedUserRealm.getUserStoreManager()).thenReturn(mockedUserStoreManager);
@@ -328,7 +328,8 @@ public void getApplicationDTOTest(String roleAudience) throws Exception {
public void validateRequestTenantDomainTestWitInvalidOAuthClientException()
throws IdentityOAuth2Exception, InvalidOAuthClientException {
- when(OAuth2Util.getTenantDomainOfOauthApp(dummyConsumerKey)).thenThrow(new InvalidOAuthClientException(""));
+ when(OAuth2Util.getTenantDomainOfOauthApp(dummyConsumerKey, dummyTenantDomain)).
+ thenThrow(new InvalidOAuthClientException(""));
try {
dcrmService.getApplication(dummyConsumerKey);
} catch (DCRMException ex) {
@@ -343,7 +344,8 @@ public void validateRequestTenantDomainTestWitInvalidOAuthClientException()
public void validateRequestTenantDomainTestWitIdentityOAuth2Exception()
throws IdentityOAuth2Exception, InvalidOAuthClientException {
- when(OAuth2Util.getTenantDomainOfOauthApp(dummyConsumerKey)).thenThrow(new IdentityOAuth2Exception(""));
+ when(OAuth2Util.getTenantDomainOfOauthApp(dummyConsumerKey, dummyTenantDomain)).
+ thenThrow(new IdentityOAuth2Exception(""));
try {
dcrmService.getApplication(dummyConsumerKey);
} catch (DCRMException ex) {
@@ -535,7 +537,7 @@ public void registerApplicationTestWithExistClientId() throws Exception {
applicationRegistrationRequest.setGrantTypes(dummyGrantTypes);
applicationRegistrationRequest.setConsumerKey(dummyConsumerKey);
setInternalState(dcrmService, "oAuthAdminService", mockOAuthAdminService);
- when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey))
+ when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey, dummyTenantDomain))
.thenReturn(dto);
when(dto.getApplicationName()).thenReturn(dummyClientName);
@@ -915,7 +917,8 @@ public void isClientIdExistTestWithIdentityOAuthAdminException() throws Exceptio
setInternalState(dcrmService, "oAuthAdminService", mockOAuthAdminService);
IdentityOAuthAdminException identityOAuthAdminException = mock(IdentityOAuthAdminException.class);
- doThrow(identityOAuthAdminException).when(mockOAuthAdminService).getOAuthApplicationData(dummyConsumerKey);
+ doThrow(identityOAuthAdminException).when(mockOAuthAdminService).getOAuthApplicationData(dummyConsumerKey,
+ dummyTenantDomain);
try {
dcrmService.registerApplication(applicationRegistrationRequest);
} catch (IdentityException ex) {
@@ -974,7 +977,7 @@ private OAuthConsumerAppDTO registerApplicationTestWithFailedToUpdateSP() throws
lenient().when(mockOAuthAdminService
.getOAuthApplicationDataByAppName(dummyClientName)).thenReturn(oAuthConsumerApp);
lenient().when(mockOAuthAdminService
- .getOAuthApplicationData("dummyConsumerKey")).thenReturn(oAuthConsumerApp);
+ .getOAuthApplicationData("dummyConsumerKey", dummyTenantDomain)).thenReturn(oAuthConsumerApp);
lenient().when(mockOAuthAdminService.getAllOAuthApplicationData())
.thenReturn(new OAuthConsumerAppDTO[]{oAuthConsumerApp});
lenient().when(mockOAuthAdminService.registerAndRetrieveOAuthApplicationData(any(OAuthConsumerAppDTO.class))).
@@ -1107,7 +1110,7 @@ private OAuthConsumerAppDTO updateApplication()
dto.setCallbackUrl(dummyCallbackUrl);
dto.setUsername(dummyUserName.concat("@").concat(dummyTenantDomain));
- when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey)).thenReturn(dto);
+ when(mockOAuthAdminService.getOAuthApplicationData(dummyConsumerKey, dummyTenantDomain)).thenReturn(dto);
setInternalState(dcrmService, "oAuthAdminService", mockOAuthAdminService);
ServiceProvider serviceProvider = new ServiceProvider();
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminService.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminService.java
index a21135cb428..369ab4f6fd8 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminService.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminService.java
@@ -88,6 +88,24 @@ public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey) throws Id
}
}
+ /**
+ * Get OAuth application data by the consumer key and tenant domain.
+ *
+ * @param consumerKey Consumer Key.
+ * @param tenantDomain Tenant Domain.
+ * @return OAuthConsumerAppDTO with application information.
+ * @throws IdentityOAuthAdminException Error when reading application information from persistence store.
+ */
+ public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey, String tenantDomain)
+ throws IdentityOAuthAdminException {
+
+ try {
+ return oAuthAdminServiceImpl.getOAuthApplicationData(consumerKey, tenantDomain);
+ } catch (IdentityOAuthAdminException ex) {
+ throw handleError(ex);
+ }
+ }
+
/**
* Get OAuth application data by the application name.
*
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java
index 2e3c6414c72..bc02d308229 100755
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java
@@ -801,6 +801,17 @@ void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO, boolean enabl
}
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String applicationResidentOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(applicationResidentOrgId)) {
+ try {
+ tenantDomain = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(applicationResidentOrgId);
+ } catch (OrganizationManagementException e) {
+ throw handleError("Error while resolving tenant domain from the organization id: "
+ + applicationResidentOrgId, e);
+ }
+ }
OAuthAppDAO dao = new OAuthAppDAO();
OAuthAppDO oAuthAppDO;
@@ -2392,6 +2403,17 @@ AuthenticatedUser getAppOwner(OAuthConsumerAppDTO application,
// Since the app owner sent in OAuthConsumerAppDTO is a valid one we set the appOwner to be
// the one sent in the OAuthConsumerAppDTO.
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String applicationResidentOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(applicationResidentOrgId)) {
+ try {
+ tenantDomain = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(applicationResidentOrgId);
+ } catch (OrganizationManagementException e) {
+ throw handleError("Error while resolving tenant domain from the organization id: "
+ + applicationResidentOrgId, e);
+ }
+ }
Optional maybeAppOwner = OAuthUtil.getUser(tenantDomain, tenantAwareAppOwnerInRequest);
if (maybeAppOwner.isPresent()) {
appOwner = new AuthenticatedUser(maybeAppOwner.get());
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java
index 0044ac7cecc..82b1dd97faf 100755
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java
@@ -157,6 +157,16 @@ public void addOAuthApplication(OAuthAppDO consumerAppDO) throws IdentityOAuthAd
AuthenticatedUser appOwner = consumerAppDO.getAppOwner();
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String appOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(appOrgId)) {
+ try {
+ tenantDomain = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(appOrgId);
+ } catch (OrganizationManagementException e) {
+ throw handleError("Error occurred while resolving tenant domain for organization id: "
+ + appOrgId, e);
+ }
+ }
int spTenantId = IdentityTenantUtil.getTenantId(tenantDomain);
String userStoreDomain = appOwner.getUserStoreDomain();
if (!isDuplicateApplication(appOwner.getUserName(), spTenantId, userStoreDomain, consumerAppDO)) {
@@ -686,6 +696,18 @@ public OAuthAppDO getAppInformationByAppName(String appName, int tenantID)
OAuthAppDO oauthApp;
try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ String appOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(appOrgId)) {
+ try {
+ String tenantDomain = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(appOrgId);
+ tenantID = IdentityTenantUtil.getTenantId(tenantDomain);
+ } catch (OrganizationManagementException e) {
+ throw new IdentityOAuth2Exception("Error occurred while resolving tenant domain for " +
+ "organization id: " + appOrgId, e);
+ }
+ }
String sqlQuery = SQLQueries.OAuthAppDAOSQLQueries.GET_APP_INFO_BY_APP_NAME_WITH_PKCE;
try (PreparedStatement prepStmt = connection.prepareStatement(sqlQuery)) {
@@ -877,6 +899,18 @@ private void setValuesToStatementWithPKCEAndOwnerUpdate(OAuthAppDO oauthAppDO, P
prepStmt.setString(11, oauthAppDO.getAppOwner().getUserStoreDomain());
prepStmt.setString(12, persistenceProcessor.getProcessedClientId(oauthAppDO.getOauthConsumerKey()));
prepStmt.setInt(13, IdentityTenantUtil.getLoginTenantId());
+ String appOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(appOrgId)) {
+ try {
+ String tenantDomain = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(appOrgId);
+ prepStmt.setInt(13, IdentityTenantUtil.getTenantId(tenantDomain));
+ } catch (OrganizationManagementException e) {
+ throw new IdentityOAuth2Exception("Error occurred while resolving tenant domain for " +
+ "organization id: " + appOrgId, e);
+ }
+ }
}
private void setValuesToStatementWithPKCENoOwnerUpdate(OAuthAppDO oauthAppDO, PreparedStatement prepStmt)
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java
index 08982d55aa5..9e10ea85105 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java
@@ -2441,9 +2441,18 @@ public static OauthTokenIssuer getOAuthTokenIssuerForOAuthApp(String clientId)
OAuthAppDO appDO;
try {
- appDO = getAppInformationByClientId(clientId);
+ String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String applicationResidentOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(applicationResidentOrgId)) {
+ tenantDomain = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(applicationResidentOrgId);
+ }
+ appDO = getAppInformationByClientId(clientId, tenantDomain);
} catch (IdentityOAuth2Exception e) {
throw new IdentityOAuth2Exception("Error while retrieving app information for clientId: " + clientId, e);
+ } catch (OrganizationManagementException e) {
+ throw new IdentityOAuth2Exception("Error while resolving tenant domain from the organization id: ", e);
}
return getOAuthTokenIssuerForOAuthApp(appDO);
}
@@ -2619,6 +2628,32 @@ public static String getTenantDomainOfOauthApp(String clientId)
return getTenantDomainOfOauthApp(oAuthAppDO);
}
+ /**
+ * This is used to get the tenant domain of an application by clientId. Internally it uses the tenant present in
+ * the carbon context.
+ *
+ * @param clientId Consumer key of Application.
+ * @return Tenant Domain.
+ * @throws IdentityOAuth2Exception Error while retrieving the application.
+ * @throws InvalidOAuthClientException If an application not found for the given client ID.
+ */
+ public static String getTenantDomainOfOauthApp(String clientId, String tenantDomain)
+ throws IdentityOAuth2Exception, InvalidOAuthClientException {
+
+ String appOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(appOrgId)) {
+ try {
+ tenantDomain = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(appOrgId);
+ } catch (OrganizationManagementException e) {
+ throw new IdentityOAuth2Exception("Error while resolving tenant domain for the organization ID: " +
+ appOrgId, e);
+ }
+ }
+ OAuthAppDO oAuthAppDO = getAppInformationByClientId(clientId, tenantDomain);
+ return getTenantDomainOfOauthApp(oAuthAppDO);
+ }
+
/**
* Get all the OAuth applications for the client ID.
*
@@ -3864,9 +3899,9 @@ public static ServiceProvider getServiceProvider(String clientId,
public static ServiceProvider getServiceProvider(String clientId) throws IdentityOAuth2Exception {
ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder.getApplicationMgtService();
- String tenantDomain = null;
+ String tenantDomain = IdentityTenantUtil.getTenantDomain(IdentityTenantUtil.getLoginTenantId());
try {
- tenantDomain = getTenantDomainOfOauthApp(clientId);
+ tenantDomain = getTenantDomainOfOauthApp(clientId, tenantDomain);
// Get the Service Provider.
return applicationMgtService.getServiceProviderByClientId(
clientId, IdentityApplicationConstants.OAuth2.NAME, tenantDomain);
@@ -4338,7 +4373,8 @@ public static String getIdTokenIssuer(String tenantDomain) throws IdentityOAuth2
public static String getIdTokenIssuer(String tenantDomain, boolean isMtlsRequest) throws IdentityOAuth2Exception {
- if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
+ if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled() && StringUtils.isEmpty(PrivilegedCarbonContext.
+ getThreadLocalCarbonContext().getApplicationResidentOrganizationId())) {
try {
return isMtlsRequest ? OAuthURL.getOAuth2MTLSTokenEPUrl() :
ServiceURLBuilder.create().addPath(OAUTH2_TOKEN_EP_URL).build().getAbsolutePublicURL();
@@ -4980,6 +5016,17 @@ public static void validateRequestTenantDomain(String tenantDomainOfApp) throws
if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
String tenantDomainFromContext = IdentityTenantUtil.resolveTenantDomain();
+ String appOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext().
+ getApplicationResidentOrganizationId();
+ if (StringUtils.isNotBlank(appOrgId)) {
+ try {
+ tenantDomainFromContext = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(appOrgId);
+ } catch (OrganizationManagementException e) {
+ throw new InvalidOAuthClientException("Error while resolving tenant domain from organization id: "
+ + appOrgId, e);
+ }
+ }
if (!StringUtils.equals(tenantDomainFromContext, tenantDomainOfApp)) {
// This means the tenant domain sent in the request and app's tenant domain do not match.
if (log.isDebugEnabled()) {
@@ -5327,6 +5374,17 @@ public static boolean isFapiConformantApp(String clientId)
return false;
}
String tenantDomain = IdentityTenantUtil.resolveTenantDomain();
+ String appOrgId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getApplicationResidentOrganizationId();
+ if (StringUtils.isNotEmpty(appOrgId)) {
+ try {
+ tenantDomain = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
+ .resolveTenantDomain(appOrgId);
+ } catch (OrganizationManagementException e) {
+ throw new InvalidOAuthClientException("Error while resolving tenant domain for the organization ID: " +
+ appOrgId, e);
+ }
+ }
OAuthAppDO oAuthAppDO = OAuth2Util.getAppInformationByClientId(clientId, tenantDomain);
return oAuthAppDO.isFapiConformanceEnabled();
}
diff --git a/pom.xml b/pom.xml
index cdaba135757..43e77bded67 100644
--- a/pom.xml
+++ b/pom.xml
@@ -933,7 +933,7 @@
1.2.4
- 4.10.22
+ 4.10.24
4.10.22
[4.10.22, 5.0.0)
[1.0.1, 2.0.0)