Java Code Examples for org.wso2.carbon.context.PrivilegedCarbonContext#setTenantId()
The following examples show how to use
org.wso2.carbon.context.PrivilegedCarbonContext#setTenantId() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BaseCache.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
/** * Retrieves a cache entry. * * @param key CacheKey * @return Cached entry. */ public V getValueFromCache(K key) { if (!isEnabled()) { return null; } if (key == null) { return null; } try { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext .getThreadLocalCarbonContext(); carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); Cache<K, V> cache = getBaseCache(); if (cache != null && cache.get(key) != null) { return (V) cache.get(key); } return null; } finally { PrivilegedCarbonContext.endTenantFlow(); } }
Example 2
Source File: EntitlementEngineCache.java From carbon-identity with Apache License 2.0 | 6 votes |
public EntitlementEngine get(int key) { try { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); EntitlementEngine entitlementEngine = getEntitlementCache().get(key); if (entitlementEngine != null) { if (log.isDebugEnabled()) { log.debug("Cache : " + ENTITLEMENT_ENGINE_CACHE + " is HIT " + "for tenantId : " + key); } } else { if (log.isDebugEnabled()) { log.debug("Cache : " + ENTITLEMENT_ENGINE_CACHE + " is MISSED " + "for tenantId : " + key); } } return entitlementEngine; } finally { PrivilegedCarbonContext.endTenantFlow(); } }
Example 3
Source File: StratosApiV41Utils.java From attic-stratos with Apache License 2.0 | 6 votes |
private static void clearMetadata(String applicationId) throws RestAPIException { PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); ctx.setTenantId(MultitenantConstants.SUPER_TENANT_ID); ctx.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); String resourcePath = METADATA_REG_PATH + applicationId; Registry registry = (UserRegistry) PrivilegedCarbonContext.getThreadLocalCarbonContext() .getRegistry(RegistryType.SYSTEM_GOVERNANCE); try { registry.beginTransaction(); if (registry.resourceExists(resourcePath)) { registry.delete(resourcePath); log.info(String.format("Application metadata removed: [application-id] %s", applicationId)); } registry.commitTransaction(); } catch (RegistryException e) { try { registry.rollbackTransaction(); } catch (RegistryException e1) { log.error("Could not rollback transaction", e1); } throw new RestAPIException( String.format("Application metadata removed: [application-id] %s", applicationId), e); } }
Example 4
Source File: BaseCache.java From carbon-identity with Apache License 2.0 | 6 votes |
/** * Add a cache entry. * * @param key Key which cache entry is indexed. * @param entry Actual object where cache entry is placed. */ public void addToCache(K key, V entry) { if (!isEnabled()) { return; } try { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext .getThreadLocalCarbonContext(); carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); // Element already in the cache. Remove it first Cache<K, V> cache = getBaseCache(); if (cache != null) { cache.put(key, entry); } } finally { PrivilegedCarbonContext.endTenantFlow(); } }
Example 5
Source File: EntitlementEngineCache.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
public boolean contains(int key) { try { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); boolean contain = getEntitlementCache().containsKey(key); if (contain) { if (log.isDebugEnabled()) { log.debug("Cache : " + ENTITLEMENT_ENGINE_CACHE + " is HIT " + "for tenantId : " + key); } } else { if (log.isDebugEnabled()) { log.debug("Cache : " + ENTITLEMENT_ENGINE_CACHE + " is MISSED " + "for tenantId : " + key); } } return contain; } finally { PrivilegedCarbonContext.endTenantFlow(); } }
Example 6
Source File: BaseCache.java From carbon-identity with Apache License 2.0 | 6 votes |
/** * Retrieves a cache entry. * * @param key CacheKey * @return Cached entry. */ public V getValueFromCache(K key) { if (!isEnabled()) { return null; } if(key == null) { return null; } try { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext .getThreadLocalCarbonContext(); carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); Cache<K, V> cache = getBaseCache(); if (cache != null && cache.get(key) != null) { return (V) cache.get(key); } return null; } finally { PrivilegedCarbonContext.endTenantFlow(); } }
Example 7
Source File: ServiceUtils.java From product-private-paas with Apache License 2.0 | 5 votes |
private static PrivilegedCarbonContext setTenantInfomationToPrivilegedCC(String tenantDomain, int tenantId, String username) { // setting the correct tenant info for downstream code.. PrivilegedCarbonContext privilegedCC = PrivilegedCarbonContext.getThreadLocalCarbonContext(); privilegedCC.setTenantDomain(tenantDomain); privilegedCC.setTenantId(tenantId); privilegedCC.setUsername(username); return privilegedCC; }
Example 8
Source File: RegistryManager.java From attic-stratos with Apache License 2.0 | 5 votes |
/** * Persist a serializable object in the registry with the given resource path. * * @param serializableObject object to be persisted. */ public synchronized void persist(String resourcePath, Serializable serializableObject) throws RegistryException { if (log.isDebugEnabled()) { log.debug(String.format("Persisting resource in registry: [resource-path] %s", resourcePath)); } Registry registry = getRegistry(); try { PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); ctx.setTenantId(MultitenantConstants.SUPER_TENANT_ID); ctx.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); registry.beginTransaction(); Resource nodeResource = registry.newResource(); nodeResource.setContent(serializeToByteArray(serializableObject)); registry.put(resourcePath, nodeResource); registry.commitTransaction(); if (log.isDebugEnabled()) { log.debug(String.format("Resource persisted successfully in registry: [resource-path] %s", resourcePath)); } } catch (Exception e) { try { registry.rollbackTransaction(); }catch (Exception e1){ if (log.isErrorEnabled()) { log.error("Could not rollback transaction", e1); } } String msg = "Failed to persist resource in registry: " + resourcePath; throw new RegistryException(msg, e); } }
Example 9
Source File: RegistryManager.java From attic-stratos with Apache License 2.0 | 5 votes |
/** * Persist a serializable object in the registry with the given resource path. * * @param serializableObject object to be persisted. */ public synchronized void persist(String resourcePath, Serializable serializableObject) throws RegistryException { if (log.isDebugEnabled()) { log.debug(String.format("Persisting resource in registry: [resource-path] %s", resourcePath)); } Registry registry = getRegistry(); try { PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); ctx.setTenantId(MultitenantConstants.SUPER_TENANT_ID); ctx.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); registry.beginTransaction(); Resource nodeResource = registry.newResource(); nodeResource.setContent(serializeToByteArray(serializableObject)); registry.put(resourcePath, nodeResource); registry.commitTransaction(); if (log.isDebugEnabled()) { log.debug(String.format("Resource persisted successfully in registry: [resource-path] %s", resourcePath)); } } catch (Exception e) { try { registry.rollbackTransaction(); } catch (Exception e1){ if (log.isErrorEnabled()) { log.error("Could not rollback transaction", e1); } } String msg = "Failed to persist resource in registry: " + resourcePath; throw new RegistryException(msg, e); } }
Example 10
Source File: UserMgtInitializer.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
public void start(BundleContext bc, RegistryService registryService) throws Exception { PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); addPermissions(registryService); }
Example 11
Source File: WebappAuthenticationValve.java From carbon-device-mgt with Apache License 2.0 | 5 votes |
@Override public void invoke(Request request, Response response, CompositeValve compositeValve) { if (this.isContextSkipped(request) || this.skipAuthentication(request)) { this.getNext().invoke(request, response, compositeValve); return; } WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request); if (authenticator == null) { String msg = "Failed to load an appropriate authenticator to authenticate the request"; AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg); return; } AuthenticationInfo authenticationInfo = authenticator.authenticate(request, response); if (isManagedAPI(request) && (authenticationInfo.getStatus() == WebappAuthenticator.Status.CONTINUE || authenticationInfo.getStatus() == WebappAuthenticator.Status.SUCCESS)) { WebappAuthenticator.Status status = WebappTenantAuthorizer.authorize(request, authenticationInfo); authenticationInfo.setStatus(status); } if (authenticationInfo.getTenantId() != -1) { try { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext privilegedCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); privilegedCarbonContext.setTenantId(authenticationInfo.getTenantId()); privilegedCarbonContext.setTenantDomain(authenticationInfo.getTenantDomain()); privilegedCarbonContext.setUsername(authenticationInfo.getUsername()); this.processRequest(request, response, compositeValve, authenticationInfo); } finally { PrivilegedCarbonContext.endTenantFlow(); } } else { this.processRequest(request, response, compositeValve, authenticationInfo); } }
Example 12
Source File: MetadataApiRegistry.java From attic-stratos with Apache License 2.0 | 5 votes |
private List<Property> getRegistryResourceProperties(String registryResourcePath, String applicationId) throws RegistryException, MetadataException { Registry tempRegistry = getRegistry(); if (!tempRegistry.resourceExists(registryResourcePath)) { return null; } // We are using only super tenant registry to persist PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); ctx.setTenantId(MultitenantConstants.SUPER_TENANT_ID); ctx.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); Resource regResource = tempRegistry.get(registryResourcePath); ArrayList<Property> newProperties = new ArrayList<>(); Properties props = regResource.getProperties(); Enumeration<?> x = props.propertyNames(); while (x.hasMoreElements()) { String key = (String) x.nextElement(); List<String> values = regResource.getPropertyValues(key); Property property = new Property(); property.setKey(key); String[] valueArr = new String[values.size()]; property.setValues(values.toArray(valueArr)); newProperties.add(property); } return newProperties; }
Example 13
Source File: PolicyPublishExecutor.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
public void run() { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext context = PrivilegedCarbonContext.getThreadLocalCarbonContext(); context.setTenantDomain(tenantDomain); context.setTenantId(tenantId); context.setUsername(userName); try { publish(); } finally { PrivilegedCarbonContext.endTenantFlow(); } }
Example 14
Source File: ProxyTimerTask.java From carbon-commons with Apache License 2.0 | 4 votes |
public void run() { synchronized (axisConfig) { PrivilegedCarbonContext.startTenantFlow(); try { PrivilegedCarbonContext privilegedCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); privilegedCarbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); privilegedCarbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); AxisServiceGroup proxyAxisServiceGroup = axisConfig.getServiceGroup(WSDL2FormGenerator.TRYIT_SG_NAME); if (proxyAxisServiceGroup != null) { List removeServiceList = new ArrayList(); for (Iterator iterator = proxyAxisServiceGroup.getServices(); iterator.hasNext();) { AxisService axisServce = (AxisService) iterator.next(); Long longTime = (Long) axisServce .getParameterValue(WSDL2FormGenerator.LAST_TOUCH_TIME); if ((System.currentTimeMillis() - longTime.longValue()) > WSDL2FormGenerator .PERIOD) { removeServiceList.add(axisServce.getName()); } } if (removeServiceList.size() > 0) { for (Iterator iterator = removeServiceList.iterator(); iterator.hasNext();) { String axisServiceName = (String) iterator.next(); proxyAxisServiceGroup.removeService(axisServiceName); } } boolean isLast = proxyAxisServiceGroup.getServices().hasNext(); if (!isLast) { axisConfig.removeServiceGroup(WSDL2FormGenerator.TRYIT_SG_NAME); } } } catch (AxisFault axisFault) { String msg = "Fault occured when manipulating Tryit proxy service group"; log.error(msg, axisFault); } finally { PrivilegedCarbonContext.endTenantFlow(); } } }
Example 15
Source File: OAuthHandler.java From carbon-identity with Apache License 2.0 | 4 votes |
public boolean isAuthenticated(Message message, ClassResourceInfo classResourceInfo) { // get the map of protocol headers Map protocolHeaders = (TreeMap) message.get(Message.PROTOCOL_HEADERS); // get the value for Authorization Header List authzHeaders = (ArrayList) protocolHeaders .get(SCIMConstants.AUTHORIZATION_HEADER); if (authzHeaders != null) { // get the authorization header value, if provided String authzHeader = (String) authzHeaders.get(0); // extract access token String accessToken = authzHeader.trim().substring(7).trim(); // validate access token try { OAuth2ClientApplicationDTO validationApp = this.validateAccessToken(accessToken); OAuth2TokenValidationResponseDTO validationResponse = null; if (validationApp != null) { validationResponse = validationApp.getAccessTokenValidationResponse(); } if (validationResponse != null && validationResponse.isValid()) { String userName = validationResponse.getAuthorizedUser(); authzHeaders.set(0, userName); // setup thread local variable to be consumed by the provisioning framework. RealmService realmService = (RealmService) PrivilegedCarbonContext .getThreadLocalCarbonContext().getOSGiService(RealmService.class); ThreadLocalProvisioningServiceProvider serviceProvider = new ThreadLocalProvisioningServiceProvider(); serviceProvider.setServiceProviderName(validationApp.getConsumerKey()); serviceProvider .setServiceProviderType(ProvisioningServiceProviderType.OAUTH); serviceProvider.setClaimDialect(SCIMProviderConstants.DEFAULT_SCIM_DIALECT); serviceProvider.setTenantDomain(MultitenantUtils.getTenantDomain(userName)); IdentityApplicationManagementUtil .setThreadLocalProvisioningServiceProvider(serviceProvider); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); String tenantDomain = MultitenantUtils.getTenantDomain(userName); carbonContext.setUsername(MultitenantUtils.getTenantAwareUsername(userName)); carbonContext.setTenantId(realmService.getTenantManager().getTenantId(tenantDomain)); carbonContext.setTenantDomain(tenantDomain); return true; } } catch (Exception e) { String error = "Error in validating OAuth access token."; log.error(error, e); } } return false; }
Example 16
Source File: MetadataApiRegistry.java From attic-stratos with Apache License 2.0 | 4 votes |
public boolean removePropertyFromApplication(String applicationId, String propertyKey) throws RegistryException, MetadataException { Registry registry = getRegistry(); String resourcePath = mainResource + applicationId; Resource nodeResource; try { acquireWriteLock(applicationId); // We are using only super tenant registry to persist PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); ctx.setTenantId(MultitenantConstants.SUPER_TENANT_ID); ctx.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); if (registry.resourceExists(resourcePath)) { nodeResource = registry.get(resourcePath); if (nodeResource.getProperty(propertyKey) == null) { log.info(String.format("Registry property not found: [application-id] %s [key] %s ", applicationId, propertyKey)); return false; } else { nodeResource.removeProperty(propertyKey); registry.put(resourcePath, nodeResource); } } else { log.error("Registry resource not not found at " + resourcePath); return false; } log.info(String.format("Registry property removed: [application-id] %s, [key] %s", applicationId, propertyKey)); return true; } catch (Exception e) { throw new MetadataException( String.format("Could not remove registry resource: [resource-path] %s, [key] %s", resourcePath, propertyKey), e); } finally { try { releaseWriteLock(applicationId); } catch (MetadataException ignored) { } } }
Example 17
Source File: AbstractProvisioningConnectorFactory.java From carbon-identity with Apache License 2.0 | 4 votes |
/** * @param identityProviderName * @param provisoningProperties * @param tenantDomain * @return * @throws IdentityProvisioningException */ public AbstractOutboundProvisioningConnector getConnector(String identityProviderName, Property[] provisoningProperties, String tenantDomain) throws IdentityProvisioningException { String tenantDomainName = null; int tenantId = -1234; if (CarbonContext.getThreadLocalCarbonContext() != null) { tenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); } try { // maintain the provisioning connector cache in the super tenant. // at the time of provisioning there may not be an authenticated user in the system - // specially in the case of in-bound provisioning. PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext .getThreadLocalCarbonContext(); carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); ProvisioningConnectorCacheKey cacheKey = new ProvisioningConnectorCacheKey(identityProviderName, tenantDomain); ProvisioningConnectorCacheEntry entry = ProvisioningConnectorCache.getInstance().getValueFromCache(cacheKey); if (entry != null) { if (log.isDebugEnabled()) { log.debug("Provisioning cache HIT for " + identityProviderName + " of " + tenantDomain); } return entry.getProvisioningConnector(); } AbstractOutboundProvisioningConnector connector; Property idpName = new Property(); idpName.setName("identityProviderName"); idpName.setValue(identityProviderName); List<Property> provisioningPropertiesList = new ArrayList<>(Arrays.asList(provisoningProperties)); provisioningPropertiesList.add(idpName); Property[] provisioningProperties = new Property[provisioningPropertiesList.size()]; provisioningProperties = provisioningPropertiesList.toArray(provisioningProperties); connector = buildConnector(provisioningProperties); entry = new ProvisioningConnectorCacheEntry(); entry.setProvisioningConnector(connector); ProvisioningConnectorCache.getInstance().addToCache(cacheKey, entry); return connector; } finally { PrivilegedCarbonContext.endTenantFlow(); if (tenantDomain != null) { PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( tenantDomainName); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId); } } }
Example 18
Source File: AbstractProvisioningConnectorFactory.java From carbon-identity with Apache License 2.0 | 4 votes |
/** * @param identityProviderName * @param tenantDomain * @throws IdentityProvisioningException */ public void destroyConnector(String identityProviderName, String tenantDomain) throws IdentityProvisioningException { String tenantDomainName = null; int tenantId = -1234; if (CarbonContext.getThreadLocalCarbonContext() != null) { tenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); } try { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext .getThreadLocalCarbonContext(); carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); ProvisioningConnectorCacheKey cacheKey = new ProvisioningConnectorCacheKey(identityProviderName, tenantDomain); ProvisioningConnectorCacheEntry entry = ProvisioningConnectorCache.getInstance().getValueFromCache(cacheKey); if (entry != null) { ProvisioningConnectorCache.getInstance().clearCacheEntry(cacheKey); if (log.isDebugEnabled()) { log.debug("Provisioning cached entry removed for idp " + identityProviderName + " from the connector " + getConnectorType()); } } else { if (log.isDebugEnabled()) { log.debug("Provisioning cached entry not found for idp " + identityProviderName + " from the connector " + getConnectorType()); } } } finally { PrivilegedCarbonContext.endTenantFlow(); if (tenantDomain != null) { PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( tenantDomainName); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId); } } }
Example 19
Source File: StratosAuthenticationHandler.java From product-private-paas with Apache License 2.0 | 4 votes |
/** * Authenticate the user against the user store. Once authenticate, populate the {@link org.wso2.carbon.context.CarbonContext} * to be used by the downstream code. * * @param message * @param classResourceInfo * @return */ public Response handle(Message message, ClassResourceInfo classResourceInfo) { // If Mutual SSL is enabled HttpServletRequest request = (HttpServletRequest) message.get("HTTP.REQUEST"); Object certObject = request.getAttribute("javax.servlet.request.X509Certificate"); AuthorizationPolicy policy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class); String username = policy.getUserName().trim(); String password = policy.getPassword().trim(); //sanity check if ((username == null) || username.equals("")) { log.error("username is seen as null/empty values."); return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic") .type(MediaType.APPLICATION_JSON).entity(Utils.buildMessage("Username cannot be null")).build(); } else if (certObject == null && ((password == null) || password.equals(""))) { log.error("password is seen as null/empty values."); return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic") .type(MediaType.APPLICATION_JSON).entity(Utils.buildMessage("password cannot be null")).build(); } try { RealmService realmService = ServiceHolder.getRealmService(); RegistryService registryService = ServiceHolder.getRegistryService(); String tenantDomain = MultitenantUtils.getTenantDomain(username); int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); UserRealm userRealm = null; if (certObject == null) { userRealm = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain); if (userRealm == null) { log.error("Invalid domain or unactivated tenant login"); // is this the correct HTTP code for this scenario ? (401) return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic"). type(MediaType.APPLICATION_JSON).entity(Utils.buildMessage("Tenant not found")).build(); } } username = MultitenantUtils.getTenantAwareUsername(username); if (certObject != null || userRealm.getUserStoreManager() .authenticate(username, password)) { // if authenticated // setting the correct tenant info for downstream code.. PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); carbonContext.setTenantDomain(tenantDomain); carbonContext.setTenantId(tenantId); carbonContext.setUsername(username); //populate the secuirtyContext of authenticated user SecurityContext securityContext = new StratosSecurityContext(username); message.put(SecurityContext.class, securityContext); // set the authenticated flag and let the request to continue AuthenticationContext.setAuthenticated(true); if (log.isDebugEnabled()) { log.debug("authenticated using the " + CookieBasedAuthenticationHandler.class.getName() + "for username :" + username + "tenantDomain : " + tenantDomain + " tenantId : " + tenantId); } return null; } else { log.warn("unable to authenticate the request"); // authentication failed, request the authetication, add the realm name if needed to the value of WWW-Authenticate return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic"). type(MediaType.APPLICATION_JSON) .entity(Utils.buildMessage("Authentication failed. Please " + "check your username/password")) .build(); } } catch (Exception exception) { log.error("Authentication failed", exception); // server error in the eyes of the client. Hence 5xx HTTP code. return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON). entity(Utils.buildMessage("Unexpected error. Please contact the system admin")).build(); } }
Example 20
Source File: StratosAuthenticationHandler.java From attic-stratos with Apache License 2.0 | 4 votes |
/** * Authenticate the user against the user store. Once authenticate, populate the {@link org.wso2.carbon.context.CarbonContext} * to be used by the downstream code. * * @param message * @param classResourceInfo * @return */ public Response handle(Message message, ClassResourceInfo classResourceInfo) { if (log.isDebugEnabled()) { log.debug(String.format("Authenticating request: [message-id] %s", message.getId())); } // If Mutual SSL is enabled HttpServletRequest request = (HttpServletRequest) message.get("HTTP.REQUEST"); Object certObject = request.getAttribute("javax.servlet.request.X509Certificate"); AuthorizationPolicy policy = message.get(AuthorizationPolicy.class); String username = policy.getUserName().trim(); String password = policy.getPassword().trim(); //sanity check if (StringUtils.isEmpty(username)) { log.error("username is seen as null/empty values"); return Response.status(Response.Status.UNAUTHORIZED) .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON) .entity(new ResponseMessageBean(ResponseMessageBean.ERROR, "Username cannot be null")).build(); } else if (certObject == null && (StringUtils.isEmpty(password))) { log.error("password is seen as null/empty values"); return Response.status(Response.Status.UNAUTHORIZED) .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON) .entity(new ResponseMessageBean(ResponseMessageBean.ERROR, "password cannot be null")).build(); } try { RealmService realmService = ServiceHolder.getRealmService(); RegistryService registryService = ServiceHolder.getRegistryService(); String tenantDomain = MultitenantUtils.getTenantDomain(username); int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); UserRealm userRealm = null; if (certObject == null) { userRealm = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain); if (userRealm == null) { log.error("Invalid domain or unactivated tenant login"); // is this the correct HTTP code for this scenario ? (401) return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic"). type(MediaType.APPLICATION_JSON).entity( new ResponseMessageBean(ResponseMessageBean.ERROR, "Tenant not found")).build(); } } username = MultitenantUtils.getTenantAwareUsername(username); if (certObject != null || userRealm.getUserStoreManager().authenticate(username, password)) { // if authenticated // setting the correct tenant info for downstream code.. PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); carbonContext.setTenantDomain(tenantDomain); carbonContext.setTenantId(tenantId); carbonContext.setUsername(username); //populate the secuirtyContext of authenticated user SecurityContext securityContext = new StratosSecurityContext(username); message.put(SecurityContext.class, securityContext); // set the authenticated flag and let the request to continue AuthenticationContext.setAuthenticated(true); if (log.isDebugEnabled()) { log.debug("Authenticated using the " + CookieBasedAuthenticationHandler.class.getName() + "for username :" + username + "tenantDomain : " + tenantDomain + " tenantId : " + tenantId); } return null; } else { log.warn(String.format("Unable to authenticate the request: [message-id] %s", message.getId())); // authentication failed, request the authetication, add the realm name if needed to the value of WWW-Authenticate return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic"). type(MediaType.APPLICATION_JSON).entity(new ResponseMessageBean(ResponseMessageBean.ERROR, "Authentication failed. Please check your username/password")).build(); } } catch (Exception exception) { log.error(String.format("Authentication failed: [message-id] %s", message.getId()), exception); // server error in the eyes of the client. Hence 5xx HTTP code. return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON). entity(new ResponseMessageBean(ResponseMessageBean.ERROR, "Unexpected error. Please contact the system admin")).build(); } }