HI Thilini,
Did you ended this started tenant flow
Thanks
On Thu, May 21, 2015 at 9:53 AM, Thilini Cooray <thili...@wso2.com> wrote:
> Hi,
>
> I was able to resolve the issue with the support of IS team.
>
> The problem has occurred because I was trying to authenticate a user of a
> different tenant domain using an admin of super tenant.
> IS maintains tenant isolation, therefore it cannot be done.
>
> So for each tenant domain we need to start a separate tenant flow and do
> the authentication within the flow of the tenant domain of the current user.
> After authentication, I retrieved all roles of the authenticated user and
> checked whether he has admin role.
>
> Following is the implementation.
>
> String tenantDomain = MultitenantUtils.getTenantDomain(username);
> PrivilegedCarbonContext.startTenantFlow();
> PrivilegedCarbonContext.getThreadLocalCarbonContext()
> .setTenantDomain(tenantDomain, true);
>
> UserStoreManager userstoremanager =
> CarbonContext.getThreadLocalCarbonContext().getUserRealm()
> .getUserStoreManager();
>
> String tenantAwareUsername =
> MultitenantUtils.getTenantAwareUsername(username);
>
> //authenticate user provided credentials
> if (userstoremanager.authenticate(tenantAwareUsername, password)) {
> log.info(username + " user authenticated successfully");
> //Get admin role name of the current domain
> String adminRoleName =
>
> CarbonContext.getCurrentContext().getUserRealm().getRealmConfiguration()
> .getAdminRoleName();
>
> String[] userRoles =
> userstoremanager.getRoleListOfUser(tenantAwareUsername);
>
> //user is only authorized for exporting and importing if he is an admin of
> his
> // domain
> if (Arrays.asList(userRoles).contains(adminRoleName)) {
> log.info(username + " is authorized to import and export APIs");
> }
> }
>
> Thanks.
>
>
> On Thu, May 14, 2015 at 8:15 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> On Thu, May 14, 2015 at 6:38 PM, Thilini Cooray <thili...@wso2.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I am implementing API export feature for APIM.
>>>
>>> I want to check whether a logged in user has admin role, because we are
>>> going to allow only admin users to export and import APIs.
>>>
>>
>> If a particular feature needed to restricted, we usually done using
>> permission based manner. ie. To access RemoteUserStoreManager
>> functionalities, user needed to have /permission/admin/configure/security"
>> permission.
>>
>>
>>> Following is the source which I tried. But
>>> userStoreManager.authenticate(username,
>>> password) does not authenticate tenant admins.
>>>
>>
>> The authenticate method of the remote RemoteUserStoreManagerService does
>> not create a session for given username password, rather just check whether
>> given credentials are correct.
>>
>> The sample [1] can use as a reference to authenticate and invoke methods
>> in RemoteUserStoreManagerService.
>>
>> [1]
>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/user-mgt/remote-user-mgt/src/main/java/org/wso2/remoteum/sample/RemoteUMClient.java
>>
>> Thanks,
>> Darshana.
>>
>>
>>> I get the session cookie by login using super tenant credentials.
>>>
>>> Any help is appreciated.
>>>
>>> Thank you.
>>>
>>>
>>> ServiceClient serviceClient;
>>> Options option;
>>>
>>> RemoteUserStoreManagerServiceStub userStoreManager =
>>> new RemoteUserStoreManagerServiceStub(null, SERVICE_URL +
>>>
>>> "RemoteUserStoreManagerService");
>>>
>>> serviceClient = userStoreManager._getServiceClient();
>>> option = serviceClient.getOptions();
>>> option.setManageSession(true);
>>>
>>> option.setProperty(org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING,
>>> sessionCookie);
>>>
>>> //Checking whether current user is authenticated and he has admin role
>>> if (userStoreManager.authenticate(username, password)) {
>>>
>>> String adminRoleName =
>>>
>>> CarbonContext.getCurrentContext().getUserRealm().getRealmConfiguration()
>>> .getAdminRoleName();
>>>
>>> if (userStoreManager.isExistingRole(adminRoleName)) {
>>> userName = username;
>>> LOG.info(username + " user authenticated successfully");
>>> return true;
>>> }
>>> }
>>>
>>>
>>> --
>>> Best Regards,
>>>
>>> *Thilini Cooray*
>>> Software Engineer
>>> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194>
>>> E-mail : thili...@wso2.com
>>>
>>> WSO2 Inc. www.wso2.com
>>> lean.enterprise.middleware
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Software Engineer
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>
>
>
>
> --
> Best Regards,
>
> *Thilini Cooray*
> Software Engineer
> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194>
> E-mail : thili...@wso2.com
>
> WSO2 Inc. www.wso2.com
> lean.enterprise.middleware
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Shashika Prabath Karunatilaka,
Software Engineer,
WSO2, Inc: http://wso2.com/
mobile : +94 77 7487792
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
