From 3f4e3cc428c2023df62f38b6ca8b02853c8d8527 Mon Sep 17 00:00:00 2001 From: Shan Chathusanda Jayathilaka Date: Tue, 17 Dec 2024 23:46:30 +0530 Subject: [PATCH] Restrict inbound protocols for the sub organization applications --- .../mgt/ApplicationManagementServiceImpl.java | 18 ++++++++++++------ .../ApplicationManagementServiceImplTest.java | 13 +++++++++---- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java index c03f5d156af4..1917f3f1f28f 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java @@ -94,6 +94,7 @@ import org.wso2.carbon.identity.organization.management.service.OrganizationManager; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException; +import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil; import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants; import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService; import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException; @@ -2667,7 +2668,7 @@ public String createApplication(ApplicationDTO applicationModel, String tenantDo try { ServiceProvider application = applicationModel.getServiceProvider(); addedInbounds = addInboundAuthenticationProtocolsToApplication( - application, applicationModel.getInboundProtocolConfigurationDto()); + application, applicationModel.getInboundProtocolConfigurationDto(), tenantDomain); return createApplication(application, tenantDomain, username); } catch (IdentityApplicationManagementException identityApplicationManagementException) { @@ -2683,7 +2684,7 @@ public String createApplication(ApplicationDTO applicationModel, String tenantDo } private List addInboundAuthenticationProtocolsToApplication( - ServiceProvider application, InboundProtocolsDTO inboundProtocolsModel) + ServiceProvider application, InboundProtocolsDTO inboundProtocolsModel, String tenantDomain) throws IdentityApplicationManagementException { if (inboundProtocolsModel == null) { @@ -2718,10 +2719,15 @@ private List addInboundAuthenticationProtoco } InboundAuthenticationConfig alreadyAddedInboundConfigs = application.getInboundAuthenticationConfig(); InboundAuthenticationConfig inboundAuthConfig = new InboundAuthenticationConfig(); - if (alreadyAddedInboundConfigs != null) { - List alreadyAddedInbounds = - Arrays.asList(alreadyAddedInboundConfigs.getInboundAuthenticationRequestConfigs()); - addedInbounds.addAll(alreadyAddedInbounds); + try { + if (alreadyAddedInboundConfigs != null && !OrganizationManagementUtil.isOrganization(tenantDomain)) { + List alreadyAddedInbounds = + Arrays.asList(alreadyAddedInboundConfigs.getInboundAuthenticationRequestConfigs()); + addedInbounds.addAll(alreadyAddedInbounds); + } + } catch (OrganizationManagementException e) { + throw new IdentityApplicationManagementException("Error while checking the organization status of the " + + "application: " + application.getApplicationName(), e); } inboundAuthConfig.setInboundAuthenticationRequestConfigs( addedInbounds.toArray(new InboundAuthenticationRequestConfig[0]) diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java index 78ca8e755346..b2cd2f198069 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java @@ -84,6 +84,7 @@ import org.wso2.carbon.identity.organization.management.service.OrganizationManager; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException; +import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil; import org.wso2.carbon.identity.secret.mgt.core.SecretManager; import org.wso2.carbon.identity.secret.mgt.core.SecretManagerImpl; import org.wso2.carbon.identity.secret.mgt.core.SecretResolveManager; @@ -636,10 +637,14 @@ public void testCreateAndGetApplicationWithProtocolService() throws IdentityAppl // Mocking protocol service. ApplicationManagementServiceComponentHolder.getInstance().addApplicationInboundAuthConfigHandler( customSAML2InboundAuthConfigHandler()); - - // Creating application. - applicationManagementService.createApplication(applicationDTOBuilder.build(), SUPER_TENANT_DOMAIN_NAME, - USERNAME_1); + try (MockedStatic organizationMgtUtilMockedStatic = + mockStatic(OrganizationManagementUtil.class)) { + organizationMgtUtilMockedStatic.when(() -> OrganizationManagementUtil.isOrganization( + SUPER_TENANT_DOMAIN_NAME)).thenReturn(FALSE); + // Creating application. + applicationManagementService.createApplication(applicationDTOBuilder.build(), SUPER_TENANT_DOMAIN_NAME, + USERNAME_1); + } ServiceProvider applicationByResourceId = applicationManagementService.getApplicationByResourceId(inputSP1 .getApplicationResourceId(), SUPER_TENANT_DOMAIN_NAME); Assert.assertEquals(applicationByResourceId.getApplicationName(), APPLICATION_NAME_1);