From ad988e5bd7b41aa898ee23f39910283136365019 Mon Sep 17 00:00:00 2001 From: Thamindu Aluthwala Date: Thu, 26 Oct 2023 17:45:10 +0530 Subject: [PATCH] fix basic authentication in new runtime --- .../service/handler/AuthorizationHandler.java | 24 +++++++++++++++---- pom.xml | 2 +- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/components/org.wso2.carbon.identity.authz.service/src/main/java/org/wso2/carbon/identity/authz/service/handler/AuthorizationHandler.java b/components/org.wso2.carbon.identity.authz.service/src/main/java/org/wso2/carbon/identity/authz/service/handler/AuthorizationHandler.java index f5b90e6c..9a3dbddf 100644 --- a/components/org.wso2.carbon.identity.authz.service/src/main/java/org/wso2/carbon/identity/authz/service/handler/AuthorizationHandler.java +++ b/components/org.wso2.carbon.identity.authz.service/src/main/java/org/wso2/carbon/identity/authz/service/handler/AuthorizationHandler.java @@ -24,6 +24,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; import org.wso2.carbon.identity.application.common.model.User; import org.wso2.carbon.identity.authz.service.AuthorizationContext; import org.wso2.carbon.identity.authz.service.AuthorizationResult; @@ -33,6 +35,8 @@ import org.wso2.carbon.identity.core.handler.AbstractIdentityHandler; import org.wso2.carbon.identity.core.handler.InitConfig; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; +import org.wso2.carbon.identity.oauth2.util.AuthzUtil; import org.wso2.carbon.user.api.AuthorizationManager; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; @@ -76,11 +80,23 @@ public AuthorizationResult handleAuthorization(AuthorizationContext authorizatio // If the scopes are configured for the API, it gets the first priority if (isScopeValidationRequired(authorizationContext, validateScope)) { validateScopes(authorizationContext, authorizationResult, allowedScopes); + } else if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) { + if (StringUtils.isNotBlank(permissionString) || authorizationContext.getRequiredScopes().size() == 0) { + validatePermissions(authorizationResult, user, permissionString, tenantUserRealm); + } + } else { + AuthenticatedUser authenticatedUser = new AuthenticatedUser(user); + String userId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserId(); + if (userId != null) { + authenticatedUser.setUserId(userId); + boolean isAuthorized = AuthzUtil.isUserAuthorized(authenticatedUser, + authorizationContext.getRequiredScopes()); + if (isAuthorized) { + authorizationResult.setAuthorizationStatus(AuthorizationStatus.GRANT); + } + } } - if (StringUtils.isNotBlank(permissionString) || authorizationContext.getRequiredScopes().size() == 0) { - validatePermissions(authorizationResult, user, permissionString, tenantUserRealm); - } - } catch (UserStoreException e) { + } catch (UserStoreException | IdentityOAuth2Exception e) { String errorMessage = "Error occurred while trying to authorize, " + e.getMessage(); log.error(errorMessage); throw new AuthzServiceServerException(errorMessage, e); diff --git a/pom.xml b/pom.xml index eb49dbd6..883b4ef8 100644 --- a/pom.xml +++ b/pom.xml @@ -348,7 +348,7 @@ 5.25.393 [5.17.8, 7.0.0) - 6.11.128 + 6.11.167-SNAPSHOT [6.2.18, 7.0.0)