From 56a509ad97f7864c277e30fa1080dc46e6ee5454 Mon Sep 17 00:00:00 2001
From: sadilchamishka <sandilchamishka@gmail.com>
Date: Mon, 27 Nov 2023 15:16:18 +0530
Subject: [PATCH] Address review comments

---
 .../carbon/identity/context/rewrite/util/Utils.java | 11 ++++++++---
 .../valve/OrganizationContextRewriteValve.java      | 13 ++++++++-----
 .../rewrite/valve/TenantContextRewriteValve.java    |  8 ++++----
 3 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/util/Utils.java b/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/util/Utils.java
index e9e2765a..b398843f 100644
--- a/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/util/Utils.java
+++ b/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/util/Utils.java
@@ -77,11 +77,16 @@ public static void handleErrorResponse(int errorCode, String errorMessage, Strin
         response.getWriter().print(errorResponse);
     }
 
-    public static boolean isOrganizationPerspectiveResourceAccess() {
+    /**
+     * Check whether the requesting for organization resources under super tenant.
+     *
+     * @return True if the request send for accessing an organization of the super tenant.
+     */
+    public static boolean isAccessingSuperTenantOrganization() {
 
-        // The root tenant domain is set for organization perspective resource access requests.
+        // The root tenant domain is set when accessing organization resources.
         String rootTenantDomain = (String) IdentityUtil.threadLocalProperties.get()
                 .get(OrganizationManagementConstants.ROOT_TENANT_DOMAIN);
-        return StringUtils.isNotEmpty(rootTenantDomain);
+        return MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(rootTenantDomain);
     }
 }
diff --git a/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/OrganizationContextRewriteValve.java b/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/OrganizationContextRewriteValve.java
index 022b17e7..bab84335 100644
--- a/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/OrganizationContextRewriteValve.java
+++ b/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/OrganizationContextRewriteValve.java
@@ -49,7 +49,7 @@
 import static org.wso2.carbon.identity.context.rewrite.constant.RewriteConstants.TENANT_ID;
 import static org.wso2.carbon.identity.context.rewrite.util.Utils.getOrganizationDomainFromURL;
 import static org.wso2.carbon.identity.context.rewrite.util.Utils.handleErrorResponse;
-import static org.wso2.carbon.identity.context.rewrite.util.Utils.isOrganizationPerspectiveResourceAccess;
+import static org.wso2.carbon.identity.context.rewrite.util.Utils.isAccessingSuperTenantOrganization;
 import static org.wso2.carbon.identity.core.util.IdentityCoreConstants.TENANT_NAME_FROM_CONTEXT;
 
 /**
@@ -76,6 +76,13 @@ public void invoke(Request request, Response response) throws IOException, Servl
         boolean subPathsConfigured = false;
         boolean isWebApp = false;
 
+        /* Organization context rewrite valve can be skipped when organization resources of the super tenant are
+         accessed. Ex - /o/api/server/v1/applications */
+        if (isAccessingSuperTenantOrganization()) {
+            getNext().invoke(request, response);
+            return;
+        }
+
         if (ContextRewriteValveServiceComponentHolder.getInstance().isOrganizationManagementEnabled() &&
                 StringUtils.startsWith(requestURI, ORGANIZATION_PATH_PARAM)) {
             for (OrganizationRewriteContext organizationRewriteContext : orgContextsToRewrite) {
@@ -108,10 +115,6 @@ public void invoke(Request request, Response response) throws IOException, Servl
             the base paths and any sub paths that might be defined under them.
              */
             if (!orgRoutingPathSupported || (subPathsConfigured && !orgRoutingSubPathSupported)) {
-                if (isOrganizationPerspectiveResourceAccess()) {
-                    getNext().invoke(request, response);
-                    return;
-                }
                 handleErrorResponse(HttpServletResponse.SC_NOT_FOUND, "Organization specific routing failed.",
                         "Unsupported organization specific routing endpoint.", response);
                 return;
diff --git a/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java b/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java
index 12b70fd4..85518b53 100644
--- a/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java
+++ b/components/org.wso2.carbon.identity.context.rewrite.valve/src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java
@@ -52,7 +52,7 @@
 import static org.wso2.carbon.identity.context.rewrite.constant.RewriteConstants.SUPER_TENANT_QUALIFIED_REQUEST;
 import static org.wso2.carbon.identity.context.rewrite.constant.RewriteConstants.TENANT_DOMAIN;
 import static org.wso2.carbon.identity.context.rewrite.constant.RewriteConstants.TENANT_ID;
-import static org.wso2.carbon.identity.context.rewrite.util.Utils.isOrganizationPerspectiveResourceAccess;
+import static org.wso2.carbon.identity.context.rewrite.util.Utils.isAccessingSuperTenantOrganization;
 import static org.wso2.carbon.identity.core.util.IdentityCoreConstants.ENABLE_TENANT_QUALIFIED_URLS;
 import static org.wso2.carbon.identity.core.util.IdentityCoreConstants.TENANT_NAME_FROM_CONTEXT;
 
@@ -87,9 +87,9 @@ public void invoke(Request request, Response response) throws IOException, Servl
         boolean isContextRewrite = false;
         boolean isWebApp = false;
 
-        /* The organization perspective resource accessed with organization qualified URL is prefixed
-           with super tenant qualified URL. /o/... -> /t/<carbon.super>/o/... */
-        if (StringUtils.startsWith(requestURI, ORGANIZATION_PATH_PARAM) && isOrganizationPerspectiveResourceAccess()) {
+        /* If super tenant domain organization resource accessed with organization qualified URL, it is prefixed
+           with super tenant domain qualifier. /o/... -> /t/<carbon.super>/o/... */
+        if (StringUtils.startsWith(requestURI, ORGANIZATION_PATH_PARAM) && isAccessingSuperTenantOrganization()) {
             requestURI = requestURI.replace(ORGANIZATION_PATH_PARAM, SUPER_TENANT_QUALIFIED_REQUEST);
         }