diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java index c03f5d156af4..1917f3f1f28f 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java @@ -94,6 +94,7 @@ import org.wso2.carbon.identity.organization.management.service.OrganizationManager; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException; +import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil; import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants; import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService; import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException; @@ -2667,7 +2668,7 @@ public String createApplication(ApplicationDTO applicationModel, String tenantDo try { ServiceProvider application = applicationModel.getServiceProvider(); addedInbounds = addInboundAuthenticationProtocolsToApplication( - application, applicationModel.getInboundProtocolConfigurationDto()); + application, applicationModel.getInboundProtocolConfigurationDto(), tenantDomain); return createApplication(application, tenantDomain, username); } catch (IdentityApplicationManagementException identityApplicationManagementException) { @@ -2683,7 +2684,7 @@ public String createApplication(ApplicationDTO applicationModel, String tenantDo } private List addInboundAuthenticationProtocolsToApplication( - ServiceProvider application, InboundProtocolsDTO inboundProtocolsModel) + ServiceProvider application, InboundProtocolsDTO inboundProtocolsModel, String tenantDomain) throws IdentityApplicationManagementException { if (inboundProtocolsModel == null) { @@ -2718,10 +2719,15 @@ private List addInboundAuthenticationProtoco } InboundAuthenticationConfig alreadyAddedInboundConfigs = application.getInboundAuthenticationConfig(); InboundAuthenticationConfig inboundAuthConfig = new InboundAuthenticationConfig(); - if (alreadyAddedInboundConfigs != null) { - List alreadyAddedInbounds = - Arrays.asList(alreadyAddedInboundConfigs.getInboundAuthenticationRequestConfigs()); - addedInbounds.addAll(alreadyAddedInbounds); + try { + if (alreadyAddedInboundConfigs != null && !OrganizationManagementUtil.isOrganization(tenantDomain)) { + List alreadyAddedInbounds = + Arrays.asList(alreadyAddedInboundConfigs.getInboundAuthenticationRequestConfigs()); + addedInbounds.addAll(alreadyAddedInbounds); + } + } catch (OrganizationManagementException e) { + throw new IdentityApplicationManagementException("Error while checking the organization status of the " + + "application: " + application.getApplicationName(), e); } inboundAuthConfig.setInboundAuthenticationRequestConfigs( addedInbounds.toArray(new InboundAuthenticationRequestConfig[0]) diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java index 78ca8e755346..46c556a07b83 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java @@ -84,6 +84,7 @@ import org.wso2.carbon.identity.organization.management.service.OrganizationManager; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException; +import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil; import org.wso2.carbon.identity.secret.mgt.core.SecretManager; import org.wso2.carbon.identity.secret.mgt.core.SecretManagerImpl; import org.wso2.carbon.identity.secret.mgt.core.SecretResolveManager; @@ -155,6 +156,7 @@ public class ApplicationManagementServiceImplTest { private static final String APPLICATION_TEMPLATE_VERSION_2 = "v1.0.1"; private static final String APPLICATION_INBOUND_AUTH_KEY_1 = "Test_auth_key1"; private static final String APPLICATION_INBOUND_AUTH_KEY_2 = "Test_auth_key2"; + private static final String APPLICATION_INBOUND_AUTH_KEY_OAUTH2 = "auth key"; private static final String APPLICATION_NAME_FILTER_1 = "name ew application1"; private static final String APPLICATION_NAME_FILTER_2 = "name co 2"; private static final String APPLICATION_NAME_FILTER_3 = "name ew application3"; @@ -617,9 +619,19 @@ public void testGetCountOfApplicationsWithFilterExcludingSystemPortals(String fi // Deleting all added applications. applicationManagementService.deleteApplications(SUPER_TENANT_ID); } - - @Test - public void testCreateAndGetApplicationWithProtocolService() throws IdentityApplicationManagementException { + + @DataProvider(name = "organizationDataProvider") + public Object[][] getOrganizationDataProvider() { + + return new Object[][]{ + {false}, + {true} + }; + } + + @Test(dataProvider = "organizationDataProvider") + public void testCreateAndGetApplicationWithProtocolService(boolean isOrganization) throws + IdentityApplicationManagementException { ApplicationDTO.Builder applicationDTOBuilder = new ApplicationDTO.Builder(); ServiceProvider inputSP1 = new ServiceProvider(); @@ -632,48 +644,83 @@ public void testCreateAndGetApplicationWithProtocolService() throws IdentityAppl InboundProtocolsDTO inbounds = setInboundProtocol(); inbounds.addProtocolConfiguration(() -> ApplicationConstants.StandardInboundProtocols.SAML2); applicationDTOBuilder.inboundProtocolConfigurationDto(inbounds); - - // Mocking protocol service. - ApplicationManagementServiceComponentHolder.getInstance().addApplicationInboundAuthConfigHandler( - customSAML2InboundAuthConfigHandler()); - - // Creating application. - applicationManagementService.createApplication(applicationDTOBuilder.build(), SUPER_TENANT_DOMAIN_NAME, - USERNAME_1); + + try (MockedStatic organizationMgtUtilMockedStatic = + mockStatic(OrganizationManagementUtil.class)) { + organizationMgtUtilMockedStatic.when(() -> OrganizationManagementUtil.isOrganization(anyString())). + thenReturn(isOrganization); + // Mocking protocol service. + ApplicationInboundAuthConfigHandler customSAML2InboundAuthConfigHandler = + customSAML2InboundAuthConfigHandler(isOrganization); + ApplicationInboundAuthConfigHandler customOAuth2InboundAuthConfigHandler = + customOAuth2InboundAuthConfigHandler(); + ApplicationManagementServiceComponentHolder.getInstance().addApplicationInboundAuthConfigHandler( + customSAML2InboundAuthConfigHandler); + if (isOrganization) { + ApplicationManagementServiceComponentHolder.getInstance().addApplicationInboundAuthConfigHandler( + customOAuth2InboundAuthConfigHandler); + } + // Creating application. + applicationManagementService.createApplication(applicationDTOBuilder.build(), SUPER_TENANT_DOMAIN_NAME, + USERNAME_1); + ApplicationManagementServiceComponentHolder.getInstance().removeApplicationInboundConfigHandler( + customSAML2InboundAuthConfigHandler); + ApplicationManagementServiceComponentHolder.getInstance().removeApplicationInboundConfigHandler( + customOAuth2InboundAuthConfigHandler); + } ServiceProvider applicationByResourceId = applicationManagementService.getApplicationByResourceId(inputSP1 .getApplicationResourceId(), SUPER_TENANT_DOMAIN_NAME); Assert.assertEquals(applicationByResourceId.getApplicationName(), APPLICATION_NAME_1); - // There should be 2 inbound protocol configurations. The one that already exists and the one that is created. - Assert.assertEquals(applicationByResourceId.getInboundAuthenticationConfig() - .getInboundAuthenticationRequestConfigs().length, 2); - for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : applicationByResourceId - .getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()) { - // This is the existing inbound protocol configuration. Validate the existing inbound protocol - // configuration is unchanged. - if (ApplicationConstants.StandardInboundProtocols.OAUTH2.equals(inboundAuthenticationRequestConfig - .getInboundAuthType())) { - Assert.assertEquals(inboundAuthenticationRequestConfig.getInboundAuthKey(), - "auth key"); - } - // This is the newly created inbound protocol configuration. Validate the newly created inbound protocol - // is added. - if (ApplicationConstants.StandardInboundProtocols.SAML2.equals(inboundAuthenticationRequestConfig - .getInboundAuthType())) { - Assert.assertEquals(inboundAuthenticationRequestConfig.getInboundAuthKey(), - APPLICATION_INBOUND_AUTH_KEY_1); + if (!isOrganization) { + /* + There should be 2 inbound protocol configurations. The one that already exists and the one that + is created. + */ + Assert.assertEquals(applicationByResourceId.getInboundAuthenticationConfig() + .getInboundAuthenticationRequestConfigs().length, 2); + for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : applicationByResourceId + .getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()) { + /* + This is the existing inbound protocol configuration. Validate the existing inbound protocol + configuration is unchanged. + */ + if (ApplicationConstants.StandardInboundProtocols.OAUTH2.equals(inboundAuthenticationRequestConfig + .getInboundAuthType())) { + Assert.assertEquals(inboundAuthenticationRequestConfig.getInboundAuthKey(), + APPLICATION_INBOUND_AUTH_KEY_OAUTH2); + } + /* + This is the newly created inbound protocol configuration. Validate the newly created inbound + protocol is added. + */ + if (ApplicationConstants.StandardInboundProtocols.SAML2.equals(inboundAuthenticationRequestConfig + .getInboundAuthType())) { + Assert.assertEquals(inboundAuthenticationRequestConfig.getInboundAuthKey(), + APPLICATION_INBOUND_AUTH_KEY_1); + } } + } else { + /* + There should be 1 inbound protocol configurations since in the sub organization level, saml inbound + protocol configurations are not allowed. + */ + Assert.assertEquals(applicationByResourceId.getInboundAuthenticationConfig() + .getInboundAuthenticationRequestConfigs().length, 1); + InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = applicationByResourceId + .getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()[0]; + Assert.assertEquals(inboundAuthenticationRequestConfig.getInboundAuthKey(), + APPLICATION_INBOUND_AUTH_KEY_OAUTH2); } - applicationManagementService.deleteApplications(SUPER_TENANT_ID); } - private ApplicationInboundAuthConfigHandler customSAML2InboundAuthConfigHandler() { + private ApplicationInboundAuthConfigHandler customSAML2InboundAuthConfigHandler(boolean isOrganization) { return new ApplicationInboundAuthConfigHandler() { @Override public boolean canHandle(InboundProtocolsDTO inboundProtocolsDTO) { - return true; + return !isOrganization; } @Override @@ -717,6 +764,56 @@ public InboundProtocolConfigurationDTO handleConfigRetrieval(String appId) }; } + private ApplicationInboundAuthConfigHandler customOAuth2InboundAuthConfigHandler() { + + return new ApplicationInboundAuthConfigHandler() { + @Override + public boolean canHandle(InboundProtocolsDTO inboundProtocolsDTO) { + + return true; + } + + @Override + public boolean canHandle(String protocolName) { + + return ApplicationConstants.StandardInboundProtocols.OAUTH2.equals(protocolName); + } + + @Override + public InboundAuthenticationRequestConfig handleConfigCreation(ServiceProvider serviceProvider, + InboundProtocolsDTO inboundProtocolsDTO) + throws IdentityApplicationManagementException { + + InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new + InboundAuthenticationRequestConfig(); + inboundAuthenticationRequestConfig.setInboundAuthKey(APPLICATION_INBOUND_AUTH_KEY_OAUTH2); + inboundAuthenticationRequestConfig.setInboundAuthType( + ApplicationConstants.StandardInboundProtocols.OAUTH2); + return inboundAuthenticationRequestConfig; + } + + @Override + public InboundAuthenticationRequestConfig handleConfigUpdate( + ServiceProvider application, InboundProtocolConfigurationDTO inboundProtocolsDTO) + throws IdentityApplicationManagementException { + + return null; + } + + @Override + public void handleConfigDeletion(String appId) throws IdentityApplicationManagementException { + + } + + @Override + public InboundProtocolConfigurationDTO handleConfigRetrieval(String appId) + throws IdentityApplicationManagementException { + + return null; + } + }; + } + @DataProvider(name = "getSAMLApplicationDataProvider") public Object[][] getSAMLApplicationDataProvider() {