Hi Shashika,
There were some exception handling implementation is around above mentioned
implementation and I put PrivilegedCarbonContext.endTenantFlow() inside the
finally block.
Thanks.
On Thu, May 21, 2015 at 9:58 AM, Shashika Karunatilaka <shashi...@wso2.com>
wrote:
> HI Thilini,
>
> Did you ended this started tenant flow
>
> Thanks
>
> On Thu, May 21, 2015 at 9:53 AM, Thilini Cooray <thili...@wso2.com> wrote:
>
>> Hi,
>>
>> I was able to resolve the issue with the support of IS team.
>>
>> The problem has occurred because I was trying to authenticate a user of a
>> different tenant domain using an admin of super tenant.
>> IS maintains tenant isolation, therefore it cannot be done.
>>
>> So for each tenant domain we need to start a separate tenant flow and do
>> the authentication within the flow of the tenant domain of the current user.
>> After authentication, I retrieved all roles of the authenticated user and
>> checked whether he has admin role.
>>
>> Following is the implementation.
>>
>> String tenantDomain = MultitenantUtils.getTenantDomain(username);
>> PrivilegedCarbonContext.startTenantFlow();
>> PrivilegedCarbonContext.getThreadLocalCarbonContext()
>> .setTenantDomain(tenantDomain, true);
>>
>> UserStoreManager userstoremanager =
>> CarbonContext.getThreadLocalCarbonContext().getUserRealm()
>> .getUserStoreManager();
>>
>> String tenantAwareUsername =
>> MultitenantUtils.getTenantAwareUsername(username);
>>
>> //authenticate user provided credentials
>> if (userstoremanager.authenticate(tenantAwareUsername, password)) {
>> log.info(username + " user authenticated successfully");
>> //Get admin role name of the current domain
>> String adminRoleName =
>>
>> CarbonContext.getCurrentContext().getUserRealm().getRealmConfiguration()
>> .getAdminRoleName();
>>
>> String[] userRoles =
>> userstoremanager.getRoleListOfUser(tenantAwareUsername);
>>
>> //user is only authorized for exporting and importing if he is an admin
>> of his
>> // domain
>> if (Arrays.asList(userRoles).contains(adminRoleName)) {
>> log.info(username + " is authorized to import and export APIs");
>> }
>> }
>>
>> Thanks.
>>
>>
>> On Thu, May 14, 2015 at 8:15 PM, Darshana Gunawardana <darsh...@wso2.com>
>> wrote:
>>
>>> On Thu, May 14, 2015 at 6:38 PM, Thilini Cooray <thili...@wso2.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I am implementing API export feature for APIM.
>>>>
>>>> I want to check whether a logged in user has admin role, because we are
>>>> going to allow only admin users to export and import APIs.
>>>>
>>>
>>> If a particular feature needed to restricted, we usually done using
>>> permission based manner. ie. To access RemoteUserStoreManager
>>> functionalities, user needed to have /permission/admin/configure/security"
>>> permission.
>>>
>>>
>>>> Following is the source which I tried. But
>>>> userStoreManager.authenticate(username,
>>>> password) does not authenticate tenant admins.
>>>>
>>>
>>> The authenticate method of the remote RemoteUserStoreManagerService does
>>> not create a session for given username password, rather just check whether
>>> given credentials are correct.
>>>
>>> The sample [1] can use as a reference to authenticate and invoke methods
>>> in RemoteUserStoreManagerService.
>>>
>>> [1]
>>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/user-mgt/remote-user-mgt/src/main/java/org/wso2/remoteum/sample/RemoteUMClient.java
>>>
>>> Thanks,
>>> Darshana.
>>>
>>>
>>>> I get the session cookie by login using super tenant credentials.
>>>>
>>>> Any help is appreciated.
>>>>
>>>> Thank you.
>>>>
>>>>
>>>> ServiceClient serviceClient;
>>>> Options option;
>>>>
>>>> RemoteUserStoreManagerServiceStub userStoreManager =
>>>> new RemoteUserStoreManagerServiceStub(null, SERVICE_URL +
>>>>
>>>> "RemoteUserStoreManagerService");
>>>>
>>>> serviceClient = userStoreManager._getServiceClient();
>>>> option = serviceClient.getOptions();
>>>> option.setManageSession(true);
>>>>
>>>> option.setProperty(org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING,
>>>> sessionCookie);
>>>>
>>>> //Checking whether current user is authenticated and he has admin role
>>>> if (userStoreManager.authenticate(username, password)) {
>>>>
>>>> String adminRoleName =
>>>>
>>>> CarbonContext.getCurrentContext().getUserRealm().getRealmConfiguration()
>>>> .getAdminRoleName();
>>>>
>>>> if (userStoreManager.isExistingRole(adminRoleName)) {
>>>> userName = username;
>>>> LOG.info(username + " user authenticated successfully");
>>>> return true;
>>>> }
>>>> }
>>>>
>>>>
>>>> --
>>>> Best Regards,
>>>>
>>>> *Thilini Cooray*
>>>> Software Engineer
>>>> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194>
>>>> E-mail : thili...@wso2.com
>>>>
>>>> WSO2 Inc. www.wso2.com
>>>> lean.enterprise.middleware
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Software Engineer
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>>
>>
>>
>>
>> --
>> Best Regards,
>>
>> *Thilini Cooray*
>> Software Engineer
>> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194>
>> E-mail : thili...@wso2.com
>>
>> WSO2 Inc. www.wso2.com
>> lean.enterprise.middleware
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Shashika Prabath Karunatilaka,
> Software Engineer,
> WSO2, Inc: http://wso2.com/
> mobile : +94 77 7487792
>
--
Best Regards,
*Thilini Cooray*
Software Engineer
Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194>
E-mail : thili...@wso2.com
WSO2 Inc. www.wso2.com
lean.enterprise.middleware
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
