Index: src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationFailureException.java =================================================================== --- src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationFailureException.java (revision 141175) +++ src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationFailureException.java (working copy) @@ -27,7 +27,8 @@ public enum AuthenticationFailureReason { INVALID_USER_NAME, INVALID_PASSWORD, - SYSTEM_ERROR + SYSTEM_ERROR, + RESERVED_TENANT_DOMAIN, } private AuthenticationFailureReason authenticationFailureReason; @@ -65,6 +66,10 @@ return "Authentication failed - System error occurred. Please check server logs for more details."; } + if (authenticationFailureReason == AuthenticationFailureReason.RESERVED_TENANT_DOMAIN) { + return "Authentication failed - System error occurred. Tenant domain name is reserved."; + } + throw new RuntimeException("Un-identified authentication failure reason"); } Index: src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java =================================================================== --- src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java (revision 141175) +++ src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java (working copy) @@ -82,6 +82,16 @@ return false; } + String domainNameFromUserName = CarbonAuthenticationUtil.extractTenantDomain(username); + if (domainNameFromUserName != null && + domainNameFromUserName.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { + if (log.isDebugEnabled()) { + log.debug("Authentication Failure..Provided tenant domain name is reserved.."); + } + throw new AuthenticationFailureException( + AuthenticationFailureException.AuthenticationFailureReason.RESERVED_TENANT_DOMAIN, + username); + } if (remoteAddress != null) { AuthenticationUtil.validateRemoteAddress(remoteAddress); } else { Index: src/main/java/org/wso2/carbon/core/services/authentication/AbstractAuthenticator.java =================================================================== --- src/main/java/org/wso2/carbon/core/services/authentication/AbstractAuthenticator.java (revision 141175) +++ src/main/java/org/wso2/carbon/core/services/authentication/AbstractAuthenticator.java (working copy) @@ -25,6 +25,7 @@ import org.osgi.framework.BundleContext; import org.osgi.util.tracker.ServiceTracker; import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.core.AbstractAdmin; import org.wso2.carbon.core.common.AuthenticationException; import org.wso2.carbon.core.security.AuthenticatorsConfiguration; @@ -95,7 +96,16 @@ throw new AuthenticationFailureException (AuthenticationFailureException.AuthenticationFailureReason.INVALID_USER_NAME); } - + String domainNameFromUserName = CarbonAuthenticationUtil.extractTenantDomain(userNameInRequest); + if (domainNameFromUserName != null && domainNameFromUserName.equals( + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { + if (log.isDebugEnabled()) { + log.debug("Authentication Failure..Provided tenant domain name is reserved.."); + } + throw new AuthenticationFailureException( + AuthenticationFailureException.AuthenticationFailureReason.RESERVED_TENANT_DOMAIN, + userNameInRequest); + } RealmService realmService; try { realmService = getRealmService(); Index: src/main/java/org/wso2/carbon/core/services/util/CarbonAuthenticationUtil.java =================================================================== --- src/main/java/org/wso2/carbon/core/services/util/CarbonAuthenticationUtil.java (revision 141175) +++ src/main/java/org/wso2/carbon/core/services/util/CarbonAuthenticationUtil.java (working copy) @@ -223,4 +223,12 @@ new LoginAttempt(username, tenantId, remoteAddress, new Date(), true, null); LoginStatDatabase.recordLoginAttempt(loginAttempt); } + + public static String extractTenantDomain(String userName){ + if (userName.contains("@")) { + String tenantDomain = userName.substring(userName.lastIndexOf('@') + 1); + return tenantDomain; + } + return null; + } }