Restrict inbound protocols for the sub organization applications

wso2 · Jan 7, 2025 · 3f4e3cc · 3f4e3cc
1 parent 8960263
commit 3f4e3cc
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 10 deletions.
diff --git a/.../main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java b/.../main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java
@@ -94,6 +94,7 @@
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
 import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
 import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
+import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
 import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
 import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
 import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
@@ -2667,7 +2668,7 @@ public String createApplication(ApplicationDTO applicationModel, String tenantDo
         try {
             ServiceProvider application = applicationModel.getServiceProvider();
              addedInbounds = addInboundAuthenticationProtocolsToApplication(
-                    application, applicationModel.getInboundProtocolConfigurationDto());
+                    application, applicationModel.getInboundProtocolConfigurationDto(), tenantDomain);
 
             return createApplication(application, tenantDomain, username);
         } catch (IdentityApplicationManagementException identityApplicationManagementException) {
@@ -2683,7 +2684,7 @@ public String createApplication(ApplicationDTO applicationModel, String tenantDo
     }
 
     private List<InboundAuthenticationRequestConfig> addInboundAuthenticationProtocolsToApplication(
-            ServiceProvider application, InboundProtocolsDTO inboundProtocolsModel)
+            ServiceProvider application, InboundProtocolsDTO inboundProtocolsModel, String tenantDomain)
             throws IdentityApplicationManagementException {
 
         if (inboundProtocolsModel == null) {
@@ -2718,10 +2719,15 @@ private List<InboundAuthenticationRequestConfig> addInboundAuthenticationProtoco
         }
         InboundAuthenticationConfig alreadyAddedInboundConfigs = application.getInboundAuthenticationConfig();
         InboundAuthenticationConfig inboundAuthConfig = new InboundAuthenticationConfig();
-        if (alreadyAddedInboundConfigs != null) {
-            List<InboundAuthenticationRequestConfig> alreadyAddedInbounds =
-                    Arrays.asList(alreadyAddedInboundConfigs.getInboundAuthenticationRequestConfigs());
-            addedInbounds.addAll(alreadyAddedInbounds);
+        try {
+            if (alreadyAddedInboundConfigs != null && !OrganizationManagementUtil.isOrganization(tenantDomain)) {
+                List<InboundAuthenticationRequestConfig> alreadyAddedInbounds =
+                        Arrays.asList(alreadyAddedInboundConfigs.getInboundAuthenticationRequestConfigs());
+                addedInbounds.addAll(alreadyAddedInbounds);
+            }
+        } catch (OrganizationManagementException e) {
+            throw new IdentityApplicationManagementException("Error while checking the organization status of the " +
+                    "application: " + application.getApplicationName(), e);
         }
         inboundAuthConfig.setInboundAuthenticationRequestConfigs(
                 addedInbounds.toArray(new InboundAuthenticationRequestConfig[0])

diff --git a/...t/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java b/...t/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java
@@ -84,6 +84,7 @@
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
 import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
 import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
+import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
 import org.wso2.carbon.identity.secret.mgt.core.SecretManager;
 import org.wso2.carbon.identity.secret.mgt.core.SecretManagerImpl;
 import org.wso2.carbon.identity.secret.mgt.core.SecretResolveManager;
@@ -636,10 +637,14 @@ public void testCreateAndGetApplicationWithProtocolService() throws IdentityAppl
         // Mocking protocol service.
         ApplicationManagementServiceComponentHolder.getInstance().addApplicationInboundAuthConfigHandler(
                 customSAML2InboundAuthConfigHandler());
-
-        // Creating application.
-        applicationManagementService.createApplication(applicationDTOBuilder.build(), SUPER_TENANT_DOMAIN_NAME,
-                USERNAME_1);
+        try (MockedStatic<OrganizationManagementUtil> organizationMgtUtilMockedStatic =
+                     mockStatic(OrganizationManagementUtil.class)) {
+            organizationMgtUtilMockedStatic.when(() -> OrganizationManagementUtil.isOrganization(
+                    SUPER_TENANT_DOMAIN_NAME)).thenReturn(FALSE);
+            // Creating application.
+            applicationManagementService.createApplication(applicationDTOBuilder.build(), SUPER_TENANT_DOMAIN_NAME,
+                    USERNAME_1);
+        }
         ServiceProvider applicationByResourceId = applicationManagementService.getApplicationByResourceId(inputSP1
                 .getApplicationResourceId(), SUPER_TENANT_DOMAIN_NAME);
         Assert.assertEquals(applicationByResourceId.getApplicationName(), APPLICATION_NAME_1);