From f891168cc6be9ab47104694f52ba137fdde20e12 Mon Sep 17 00:00:00 2001 From: Shan Chathusanda Jayathilaka Date: Tue, 17 Dec 2024 23:46:30 +0530 Subject: [PATCH] Restrict inbound protocols for the sub organization applications --- .../mgt/ApplicationManagementServiceImpl.java | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java index c03f5d156af4..1917f3f1f28f 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java @@ -94,6 +94,7 @@ import org.wso2.carbon.identity.organization.management.service.OrganizationManager; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException; +import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil; import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants; import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService; import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException; @@ -2667,7 +2668,7 @@ public String createApplication(ApplicationDTO applicationModel, String tenantDo try { ServiceProvider application = applicationModel.getServiceProvider(); addedInbounds = addInboundAuthenticationProtocolsToApplication( - application, applicationModel.getInboundProtocolConfigurationDto()); + application, applicationModel.getInboundProtocolConfigurationDto(), tenantDomain); return createApplication(application, tenantDomain, username); } catch (IdentityApplicationManagementException identityApplicationManagementException) { @@ -2683,7 +2684,7 @@ public String createApplication(ApplicationDTO applicationModel, String tenantDo } private List addInboundAuthenticationProtocolsToApplication( - ServiceProvider application, InboundProtocolsDTO inboundProtocolsModel) + ServiceProvider application, InboundProtocolsDTO inboundProtocolsModel, String tenantDomain) throws IdentityApplicationManagementException { if (inboundProtocolsModel == null) { @@ -2718,10 +2719,15 @@ private List addInboundAuthenticationProtoco } InboundAuthenticationConfig alreadyAddedInboundConfigs = application.getInboundAuthenticationConfig(); InboundAuthenticationConfig inboundAuthConfig = new InboundAuthenticationConfig(); - if (alreadyAddedInboundConfigs != null) { - List alreadyAddedInbounds = - Arrays.asList(alreadyAddedInboundConfigs.getInboundAuthenticationRequestConfigs()); - addedInbounds.addAll(alreadyAddedInbounds); + try { + if (alreadyAddedInboundConfigs != null && !OrganizationManagementUtil.isOrganization(tenantDomain)) { + List alreadyAddedInbounds = + Arrays.asList(alreadyAddedInboundConfigs.getInboundAuthenticationRequestConfigs()); + addedInbounds.addAll(alreadyAddedInbounds); + } + } catch (OrganizationManagementException e) { + throw new IdentityApplicationManagementException("Error while checking the organization status of the " + + "application: " + application.getApplicationName(), e); } inboundAuthConfig.setInboundAuthenticationRequestConfigs( addedInbounds.toArray(new InboundAuthenticationRequestConfig[0])