From 3f84931d2517742358b869b98d123871b73d7870 Mon Sep 17 00:00:00 2001 From: Shan Chathusanda Jayathilaka Date: Tue, 3 Dec 2024 22:02:23 +0530 Subject: [PATCH] Allow access to the tenant perspective APIs --- .../valve/TenantContextRewriteValve.java | 84 ++++++++++++++++++- pom.xml | 2 +- 2 files changed, 83 insertions(+), 3 deletions(-) diff --git a/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java b/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java index e956cdc8..2b0d82d0 100644 --- a/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java +++ b/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java @@ -23,6 +23,7 @@ import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.valves.ValveBase; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -30,6 +31,7 @@ import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.identity.base.IdentityRuntimeException; +import org.wso2.carbon.identity.context.rewrite.bean.OrganizationRewriteContext; import org.wso2.carbon.identity.context.rewrite.bean.RewriteContext; import org.wso2.carbon.identity.context.rewrite.internal.ContextRewriteValveServiceComponentHolder; import org.wso2.carbon.identity.core.util.IdentityConfigParser; @@ -41,8 +43,10 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Collections; +import java.util.Comparator; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.regex.Pattern; import javax.servlet.ServletException; @@ -59,6 +63,7 @@ public class TenantContextRewriteValve extends ValveBase { private static List contextsToRewrite; + private static List contextsToRewriteInTenantPerspective; private static List contextListToOverwriteDispatch; private static List ignorePathListForOverwriteDispatch; private static List organizationRoutingOnlySupportedAPIPaths; @@ -73,6 +78,7 @@ protected synchronized void startInternal() throws LifecycleException { super.startInternal(); // Initialize the tenant context rewrite valve. contextsToRewrite = getContextsToRewrite(); + contextsToRewriteInTenantPerspective = getContextsToRewriteInTenantPerspective(); contextListToOverwriteDispatch = getContextListToOverwriteDispatchLocation(); ignorePathListForOverwriteDispatch = getIgnorePathListForOverwriteDispatch(); isTenantQualifiedUrlsEnabled = isTenantQualifiedUrlsEnabled(); @@ -110,6 +116,26 @@ public void invoke(Request request, Response response) throws IOException, Servl } } + outerLoop: + for (OrganizationRewriteContext context : contextsToRewriteInTenantPerspective) { + Pattern patternTenantPerspective = Pattern.compile("^/t/[^/]+/o/[a-f0-9\\-]+?" + context.getContext()); + if (patternTenantPerspective.matcher(requestURI).find() && CollectionUtils.isNotEmpty(context.getSubPaths())) { + for (Pattern subPath : context.getSubPaths()) { + if (subPath.matcher(requestURI).find()) { + isContextRewrite = true; + isWebApp = context.isWebApp(); + contextToForward = context.getContext(); + int startIndex = requestURI.indexOf("/o/") + 3; + int endIndex = requestURI.indexOf("/", startIndex); + String appOrgId = requestURI.substring(startIndex, endIndex); + PrivilegedCarbonContext.getThreadLocalCarbonContext(). + setApplicationResidentOrganizationId(appOrgId); + break outerLoop; + } + } + } + } + String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); try { MDC.put(TENANT_DOMAIN, tenantDomain); @@ -135,7 +161,8 @@ public void invoke(Request request, Response response) throws IOException, Servl Ex-: Request: /t//o/api/server/v1/applications --> /o/server/v1/applications */ if (!requestURI.startsWith(ORGANIZATION_PATH_PARAM) && - requestURI.contains(ORGANIZATION_PATH_PARAM)) { + requestURI.contains(ORGANIZATION_PATH_PARAM) && + !isOrganizationIdAvailableInTenantPerspective(requestURI)) { dispatchLocation = "/o" + dispatchLocation; } if (contextListToOverwriteDispatch.contains(contextToForward) && !isIgnorePath(dispatchLocation)) { @@ -151,7 +178,10 @@ public void invoke(Request request, Response response) throws IOException, Servl requestURI = requestURI.replace(carbonWebContext + "/", ""); } //Servlet - requestURI = requestURI.replace("/t/" + tenantDomain, ""); + if (StringUtils.isEmpty(PrivilegedCarbonContext.getThreadLocalCarbonContext() + .getApplicationResidentOrganizationId())) { + requestURI = requestURI.replace("/t/" + tenantDomain, ""); + } request.getRequestDispatcher(requestURI).forward(request, response); } } @@ -311,4 +341,54 @@ private void handleRestrictedTenantDomainErrorResponse(Request request, Response response.getWriter().print(errorPage); } } + + private List getContextsToRewriteInTenantPerspective() { + + List organizationRewriteContexts = new ArrayList<>(); + Map configuration = IdentityConfigParser.getInstance().getConfiguration(); + Object webAppBasePathContexts = configuration.get("OrgContextsToRewriteInTenantPerspective.WebApp.Context." + + "BasePath"); + setOrganizationRewriteContexts(organizationRewriteContexts, webAppBasePathContexts, true); + + Object webAppSubPathContexts = configuration.get("OrgContextsToRewriteInTenantPerspective.WebApp.Context." + + "SubPaths.Path"); + setSubPathContexts(organizationRewriteContexts, webAppSubPathContexts); + + return organizationRewriteContexts; + } + + private void setOrganizationRewriteContexts(List organizationRewriteContexts, + Object basePathContexts, boolean isWebApp) { + + if (basePathContexts != null) { + if (basePathContexts instanceof ArrayList) { + for (String context : (ArrayList) basePathContexts) { + organizationRewriteContexts.add(new OrganizationRewriteContext(isWebApp, context)); + } + } else { + organizationRewriteContexts.add(new OrganizationRewriteContext(isWebApp, + basePathContexts.toString())); + } + } + } + + private void setSubPathContexts(List organizationRewriteContexts, + Object subPathContexts) { + + if (subPathContexts instanceof ArrayList) { + for (String subPath : (ArrayList) subPathContexts) { + Optional maybeOrgRewriteContext = organizationRewriteContexts.stream() + .filter(rewriteContext -> subPath.startsWith(rewriteContext.getContext())) + .max(Comparator.comparingInt(rewriteContext -> rewriteContext.getContext().length())); + maybeOrgRewriteContext.ifPresent( + organizationRewriteContext -> organizationRewriteContext.addSubPath( + Pattern.compile("^/t/[^/]+/o/[a-f0-9\\-]+" + subPath))); + } + } + } + + private boolean isOrganizationIdAvailableInTenantPerspective(String requestURI) { + + return Pattern.compile("^/t/[^/]+/o/[a-f0-9\\-]+?").matcher(requestURI).find(); + } } diff --git a/pom.xml b/pom.xml index 18b280f8..c65f8c22 100644 --- a/pom.xml +++ b/pom.xml @@ -452,7 +452,7 @@ [1.5.1, 2.0.0) - 4.9.17 + 4.10.26 4.9.0 [4.5.0, 5.0.0)