Skip to content

Commit

Permalink
fix basic authentication in new runtime
Browse files Browse the repository at this point in the history
  • Loading branch information
ThaminduR committed Oct 26, 2023
1 parent 5fda947 commit ad988e5
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.authz.service.AuthorizationContext;
import org.wso2.carbon.identity.authz.service.AuthorizationResult;
Expand All @@ -33,6 +35,8 @@
import org.wso2.carbon.identity.core.handler.AbstractIdentityHandler;
import org.wso2.carbon.identity.core.handler.InitConfig;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.util.AuthzUtil;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
Expand Down Expand Up @@ -76,11 +80,23 @@ public AuthorizationResult handleAuthorization(AuthorizationContext authorizatio
// If the scopes are configured for the API, it gets the first priority
if (isScopeValidationRequired(authorizationContext, validateScope)) {
validateScopes(authorizationContext, authorizationResult, allowedScopes);
} else if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
if (StringUtils.isNotBlank(permissionString) || authorizationContext.getRequiredScopes().size() == 0) {
validatePermissions(authorizationResult, user, permissionString, tenantUserRealm);
}
} else {
AuthenticatedUser authenticatedUser = new AuthenticatedUser(user);
String userId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserId();
if (userId != null) {
authenticatedUser.setUserId(userId);
boolean isAuthorized = AuthzUtil.isUserAuthorized(authenticatedUser,
authorizationContext.getRequiredScopes());
if (isAuthorized) {
authorizationResult.setAuthorizationStatus(AuthorizationStatus.GRANT);
}
}
}
if (StringUtils.isNotBlank(permissionString) || authorizationContext.getRequiredScopes().size() == 0) {
validatePermissions(authorizationResult, user, permissionString, tenantUserRealm);
}
} catch (UserStoreException e) {
} catch (UserStoreException | IdentityOAuth2Exception e) {
String errorMessage = "Error occurred while trying to authorize, " + e.getMessage();
log.error(errorMessage);
throw new AuthzServiceServerException(errorMessage, e);
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -348,7 +348,7 @@
<identity.framework.version>5.25.393</identity.framework.version>
<carbon.identity.package.import.version.range>[5.17.8, 7.0.0)</carbon.identity.package.import.version.range>

<org.wso2.carbon.identity.oauth.version>6.11.128</org.wso2.carbon.identity.oauth.version>
<org.wso2.carbon.identity.oauth.version>6.11.167-SNAPSHOT</org.wso2.carbon.identity.oauth.version>
<org.wso2.carbon.identity.oauth.import.version.range>[6.2.18, 7.0.0)
</org.wso2.carbon.identity.oauth.import.version.range>

Expand Down

0 comments on commit ad988e5

Please sign in to comment.