Address review comments

wso2-extensions · Oct 17, 2023 · 4a89c46 · 4a89c46
1 parent c71a43a
commit 4a89c46
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/...ty.authz.valve/src/main/java/org/wso2/carbon/identity/authz/valve/AuthorizationValve.java b/...ty.authz.valve/src/main/java/org/wso2/carbon/identity/authz/valve/AuthorizationValve.java
@@ -83,6 +83,7 @@ public void invoke(Request request, Response response) throws IOException, Servl
 
             String requestURI = request.getRequestURI();
             String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+            // The below check on organization qualified resource access should be removed.
             if (!StringUtils.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, tenantDomain) &&
                     requestURI.startsWith(ORGANIZATION_PATH_PARAM) &&
                     org.wso2.carbon.identity.organization.management.service.util.Utils.useOrganizationRolesForValidation(
@@ -93,7 +94,7 @@ public void invoke(Request request, Response response) throws IOException, Servl
                  */
                 Object scopeValidationEnabled = authenticationContext.getParameter(OAUTH2_VALIDATE_SCOPE);
                 if (scopeValidationEnabled != null && Boolean.parseBoolean(scopeValidationEnabled.toString())) {
-                    if (!Utils.isUserAuthorizedOrganization(authenticationContext, request)) {
+                    if (!Utils.isUserAuthorizedForOrganization(authenticationContext, request)) {
                         if (log.isDebugEnabled()) {
                             log.debug("Authorization to " + request.getRequestURI() +
                                     " is denied because the used access token issued from a different tenant domain: " +

diff --git a/...n.identity.authz.valve/src/main/java/org/wso2/carbon/identity/authz/valve/util/Utils.java b/...n.identity.authz.valve/src/main/java/org/wso2/carbon/identity/authz/valve/util/Utils.java
@@ -91,7 +91,7 @@ public static boolean isUserBelongsToRequestedTenant(AuthenticationContext authe
         return tenantDomainFromURLMapping.equals(tenantDomain);
     }
 
-    public static boolean isUserAuthorizedOrganization(AuthenticationContext authenticationContext, Request request) {
+    public static boolean isUserAuthorizedForOrganization(AuthenticationContext authenticationContext, Request request) {
 
         User user = authenticationContext.getUser();
         if (user == null) {