HI Thilini, Did you ended this started tenant flow
Thanks On Thu, May 21, 2015 at 9:53 AM, Thilini Cooray <thili...@wso2.com> wrote: > Hi, > > I was able to resolve the issue with the support of IS team. > > The problem has occurred because I was trying to authenticate a user of a > different tenant domain using an admin of super tenant. > IS maintains tenant isolation, therefore it cannot be done. > > So for each tenant domain we need to start a separate tenant flow and do > the authentication within the flow of the tenant domain of the current user. > After authentication, I retrieved all roles of the authenticated user and > checked whether he has admin role. > > Following is the implementation. > > String tenantDomain = MultitenantUtils.getTenantDomain(username); > PrivilegedCarbonContext.startTenantFlow(); > PrivilegedCarbonContext.getThreadLocalCarbonContext() > .setTenantDomain(tenantDomain, true); > > UserStoreManager userstoremanager = > CarbonContext.getThreadLocalCarbonContext().getUserRealm() > .getUserStoreManager(); > > String tenantAwareUsername = > MultitenantUtils.getTenantAwareUsername(username); > > //authenticate user provided credentials > if (userstoremanager.authenticate(tenantAwareUsername, password)) { > log.info(username + " user authenticated successfully"); > //Get admin role name of the current domain > String adminRoleName = > > CarbonContext.getCurrentContext().getUserRealm().getRealmConfiguration() > .getAdminRoleName(); > > String[] userRoles = > userstoremanager.getRoleListOfUser(tenantAwareUsername); > > //user is only authorized for exporting and importing if he is an admin of > his > // domain > if (Arrays.asList(userRoles).contains(adminRoleName)) { > log.info(username + " is authorized to import and export APIs"); > } > } > > Thanks. > > > On Thu, May 14, 2015 at 8:15 PM, Darshana Gunawardana <darsh...@wso2.com> > wrote: > >> On Thu, May 14, 2015 at 6:38 PM, Thilini Cooray <thili...@wso2.com> >> wrote: >> >>> Hi, >>> >>> I am implementing API export feature for APIM. >>> >>> I want to check whether a logged in user has admin role, because we are >>> going to allow only admin users to export and import APIs. >>> >> >> If a particular feature needed to restricted, we usually done using >> permission based manner. ie. To access RemoteUserStoreManager >> functionalities, user needed to have /permission/admin/configure/security" >> permission. >> >> >>> Following is the source which I tried. But >>> userStoreManager.authenticate(username, >>> password) does not authenticate tenant admins. >>> >> >> The authenticate method of the remote RemoteUserStoreManagerService does >> not create a session for given username password, rather just check whether >> given credentials are correct. >> >> The sample [1] can use as a reference to authenticate and invoke methods >> in RemoteUserStoreManagerService. >> >> [1] >> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/user-mgt/remote-user-mgt/src/main/java/org/wso2/remoteum/sample/RemoteUMClient.java >> >> Thanks, >> Darshana. >> >> >>> I get the session cookie by login using super tenant credentials. >>> >>> Any help is appreciated. >>> >>> Thank you. >>> >>> >>> ServiceClient serviceClient; >>> Options option; >>> >>> RemoteUserStoreManagerServiceStub userStoreManager = >>> new RemoteUserStoreManagerServiceStub(null, SERVICE_URL + >>> >>> "RemoteUserStoreManagerService"); >>> >>> serviceClient = userStoreManager._getServiceClient(); >>> option = serviceClient.getOptions(); >>> option.setManageSession(true); >>> >>> option.setProperty(org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING, >>> sessionCookie); >>> >>> //Checking whether current user is authenticated and he has admin role >>> if (userStoreManager.authenticate(username, password)) { >>> >>> String adminRoleName = >>> >>> CarbonContext.getCurrentContext().getUserRealm().getRealmConfiguration() >>> .getAdminRoleName(); >>> >>> if (userStoreManager.isExistingRole(adminRoleName)) { >>> userName = username; >>> LOG.info(username + " user authenticated successfully"); >>> return true; >>> } >>> } >>> >>> >>> -- >>> Best Regards, >>> >>> *Thilini Cooray* >>> Software Engineer >>> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194> >>> E-mail : thili...@wso2.com >>> >>> WSO2 Inc. www.wso2.com >>> lean.enterprise.middleware >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Regards, >> >> >> *Darshana Gunawardana*Software Engineer >> WSO2 Inc.; http://wso2.com >> >> *E-mail: darsh...@wso2.com <darsh...@wso2.com>* >> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >> > > > > -- > Best Regards, > > *Thilini Cooray* > Software Engineer > Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194> > E-mail : thili...@wso2.com > > WSO2 Inc. www.wso2.com > lean.enterprise.middleware > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev