Restricts if carbon.super added to URL when relevant config is disabled

wso2-extensions · Oct 11, 2023 · 1435682 · 1435682
1 parent 067e314
commit 1435682
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/...c/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java b/...c/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java
@@ -139,6 +139,19 @@ public void invoke(Request request, Response response) throws IOException, Servl
             if (tenantDomain != null &&
                     !tenantManager.isTenantActive(IdentityTenantUtil.getTenantId(tenantDomain))) {
                 handleInvalidTenantDomainErrorResponse(response, HttpServletResponse.SC_NOT_FOUND, tenantDomain);
+            } else if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
+                boolean isSuperTenantRequiredInUrl = IdentityTenantUtil.isSuperTenantRequiredInUrl();
+                boolean isSuperTenantAppendedInUrl = requestURI.contains("t/" +
+                        MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
+                if ((!isSuperTenantRequiredInUrl && isSuperTenantAppendedInUrl) ||
+                        (isSuperTenantRequiredInUrl && !isSuperTenantAppendedInUrl)) {
+                    if (log.isDebugEnabled()) {
+                        log.debug("/t/carbon.super should be append to the request URL only if the Tenant qualified URL " +
+                                "feature is enabled and AppendSuperTenantInUrl configuration is enabled. Hence " +
+                                "restricting the access to super tenant.");
+                    }
+                    handleRestrictedTenantDomainErrorResponse(request, response);
+                }
             } else {
                 IdentityUtil.threadLocalProperties.get().put(TENANT_NAME_FROM_CONTEXT, tenantDomain);
 

diff --git a/pom.xml b/pom.xml
@@ -345,7 +345,7 @@
         <org.wso2.carbon.identity.cors.valve.version>${project.version}</org.wso2.carbon.identity.cors.valve.version>
 
         <!--Carbon identity version-->
-        <identity.framework.version>5.25.358</identity.framework.version>
+        <identity.framework.version>5.25.380</identity.framework.version>
         <carbon.identity.package.import.version.range>[5.17.8, 7.0.0)</carbon.identity.package.import.version.range>
 
         <org.wso2.carbon.identity.oauth.version>6.11.128</org.wso2.carbon.identity.oauth.version>