Hi All,
I am working on a jira [1] which is related with an exception that is
thrown when trying to add a user/role in tenant mode using EMM console.
This is particularly happens when we call the admin service to get the
secondary user store configurations related to particular tenant [2].
Following is the root cause behind this exception,
*Caused by: java.lang.SecurityException: Illegal access attempt to cache ]
owned by tenant*
*{[test.com <http://test.com>],[1]} by tenant {[test.com
<http://test.com>],[-1234]}*
When trying to access the cache, the caller's tenant id has changed to
super-tenant id, although tenant domain is correct. I tried to start the
tenant flow before calling the admin service, but still I got the same
error. While debugging I found, [3] is the point where the tenant domain is
set to correct domain, while the tenant id still set to super-tenant id.
Locally I changed that particular line as per below,
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
userTenantDomain,*true*);
After that I could get the secondary user-store configurations related to
that particular tenant. Is this a bug from carbon-level or is there any
work-around to avoid this? Any comments or suggestions on this regard is
highly appreciated.
[1] https://wso2.org/jira/browse/EMM-1762
[2]
https://github.com/wso2/carbon-device-mgt/blob/master/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js#L607
[3]
https://github.com/wso2/carbon-kernel/blob/v4.4.9/core/org.wso2.carbon.server.admin/src/main/java/org/wso2/carbon/server/admin/module/handler/AuthenticationHandler.java#L93
Thanks.
Regards,
Megala
--
Megala Uthayakumar
Software Engineer
Mobile : 0779967122
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
