Hi Shashika, There were some exception handling implementation is around above mentioned implementation and I put PrivilegedCarbonContext.endTenantFlow() inside the finally block.
Thanks. On Thu, May 21, 2015 at 9:58 AM, Shashika Karunatilaka <shashi...@wso2.com> wrote: > HI Thilini, > > Did you ended this started tenant flow > > Thanks > > On Thu, May 21, 2015 at 9:53 AM, Thilini Cooray <thili...@wso2.com> wrote: > >> Hi, >> >> I was able to resolve the issue with the support of IS team. >> >> The problem has occurred because I was trying to authenticate a user of a >> different tenant domain using an admin of super tenant. >> IS maintains tenant isolation, therefore it cannot be done. >> >> So for each tenant domain we need to start a separate tenant flow and do >> the authentication within the flow of the tenant domain of the current user. >> After authentication, I retrieved all roles of the authenticated user and >> checked whether he has admin role. >> >> Following is the implementation. >> >> String tenantDomain = MultitenantUtils.getTenantDomain(username); >> PrivilegedCarbonContext.startTenantFlow(); >> PrivilegedCarbonContext.getThreadLocalCarbonContext() >> .setTenantDomain(tenantDomain, true); >> >> UserStoreManager userstoremanager = >> CarbonContext.getThreadLocalCarbonContext().getUserRealm() >> .getUserStoreManager(); >> >> String tenantAwareUsername = >> MultitenantUtils.getTenantAwareUsername(username); >> >> //authenticate user provided credentials >> if (userstoremanager.authenticate(tenantAwareUsername, password)) { >> log.info(username + " user authenticated successfully"); >> //Get admin role name of the current domain >> String adminRoleName = >> >> CarbonContext.getCurrentContext().getUserRealm().getRealmConfiguration() >> .getAdminRoleName(); >> >> String[] userRoles = >> userstoremanager.getRoleListOfUser(tenantAwareUsername); >> >> //user is only authorized for exporting and importing if he is an admin >> of his >> // domain >> if (Arrays.asList(userRoles).contains(adminRoleName)) { >> log.info(username + " is authorized to import and export APIs"); >> } >> } >> >> Thanks. >> >> >> On Thu, May 14, 2015 at 8:15 PM, Darshana Gunawardana <darsh...@wso2.com> >> wrote: >> >>> On Thu, May 14, 2015 at 6:38 PM, Thilini Cooray <thili...@wso2.com> >>> wrote: >>> >>>> Hi, >>>> >>>> I am implementing API export feature for APIM. >>>> >>>> I want to check whether a logged in user has admin role, because we are >>>> going to allow only admin users to export and import APIs. >>>> >>> >>> If a particular feature needed to restricted, we usually done using >>> permission based manner. ie. To access RemoteUserStoreManager >>> functionalities, user needed to have /permission/admin/configure/security" >>> permission. >>> >>> >>>> Following is the source which I tried. But >>>> userStoreManager.authenticate(username, >>>> password) does not authenticate tenant admins. >>>> >>> >>> The authenticate method of the remote RemoteUserStoreManagerService does >>> not create a session for given username password, rather just check whether >>> given credentials are correct. >>> >>> The sample [1] can use as a reference to authenticate and invoke methods >>> in RemoteUserStoreManagerService. >>> >>> [1] >>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/user-mgt/remote-user-mgt/src/main/java/org/wso2/remoteum/sample/RemoteUMClient.java >>> >>> Thanks, >>> Darshana. >>> >>> >>>> I get the session cookie by login using super tenant credentials. >>>> >>>> Any help is appreciated. >>>> >>>> Thank you. >>>> >>>> >>>> ServiceClient serviceClient; >>>> Options option; >>>> >>>> RemoteUserStoreManagerServiceStub userStoreManager = >>>> new RemoteUserStoreManagerServiceStub(null, SERVICE_URL + >>>> >>>> "RemoteUserStoreManagerService"); >>>> >>>> serviceClient = userStoreManager._getServiceClient(); >>>> option = serviceClient.getOptions(); >>>> option.setManageSession(true); >>>> >>>> option.setProperty(org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING, >>>> sessionCookie); >>>> >>>> //Checking whether current user is authenticated and he has admin role >>>> if (userStoreManager.authenticate(username, password)) { >>>> >>>> String adminRoleName = >>>> >>>> CarbonContext.getCurrentContext().getUserRealm().getRealmConfiguration() >>>> .getAdminRoleName(); >>>> >>>> if (userStoreManager.isExistingRole(adminRoleName)) { >>>> userName = username; >>>> LOG.info(username + " user authenticated successfully"); >>>> return true; >>>> } >>>> } >>>> >>>> >>>> -- >>>> Best Regards, >>>> >>>> *Thilini Cooray* >>>> Software Engineer >>>> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194> >>>> E-mail : thili...@wso2.com >>>> >>>> WSO2 Inc. www.wso2.com >>>> lean.enterprise.middleware >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Regards, >>> >>> >>> *Darshana Gunawardana*Software Engineer >>> WSO2 Inc.; http://wso2.com >>> >>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>* >>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >>> >> >> >> >> -- >> Best Regards, >> >> *Thilini Cooray* >> Software Engineer >> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194> >> E-mail : thili...@wso2.com >> >> WSO2 Inc. www.wso2.com >> lean.enterprise.middleware >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Shashika Prabath Karunatilaka, > Software Engineer, > WSO2, Inc: http://wso2.com/ > mobile : +94 77 7487792 > -- Best Regards, *Thilini Cooray* Software Engineer Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194> E-mail : thili...@wso2.com WSO2 Inc. www.wso2.com lean.enterprise.middleware
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev