Example 36 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIUtilRolesTest method testCreateDefaultRoles.
@Test
public void testCreateDefaultRoles() throws Exception {
System.setProperty("carbon.home", APIUtilRolesTest.class.getResource("/").getFile());
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID);
final int tenantId = MultitenantConstants.SUPER_TENANT_ID;
final String tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
File siteConfFile = new File(Thread.currentThread().getContextClassLoader().getResource("tenant-conf.json").getFile());
String tenantConfValue = FileUtils.readFileToString(siteConfFile);
InputStream signUpConfStream = new FileInputStream(Thread.currentThread().getContextClassLoader().getResource("default-sign-up-config.xml").getFile());
ServiceReferenceHolder serviceReferenceHolder = Mockito.mock(ServiceReferenceHolder.class);
RealmService realmService = Mockito.mock(RealmService.class);
RegistryService registryService = Mockito.mock(RegistryService.class);
TenantManager tenantManager = Mockito.mock(TenantManager.class);
TenantIndexingLoader indexingLoader = Mockito.mock(TenantIndexingLoader.class);
UserRealm userRealm = Mockito.mock(UserRealm.class);
UserStoreManager userStoreManager = Mockito.mock(UserStoreManager.class);
RealmConfiguration realmConfiguration = Mockito.mock(RealmConfiguration.class);
APIMConfigService apimConfigService = Mockito.mock(APIMConfigService.class);
PowerMockito.mockStatic(PrivilegedCarbonContext.class);
PowerMockito.mockStatic(ServiceReferenceHolder.class);
PowerMockito.mockStatic(APIManagerComponent.class);
Mockito.when(ServiceReferenceHolder.getInstance()).thenReturn(serviceReferenceHolder);
Mockito.when(serviceReferenceHolder.getRealmService()).thenReturn(realmService);
Mockito.when(serviceReferenceHolder.getRegistryService()).thenReturn(registryService);
Mockito.when(serviceReferenceHolder.getIndexLoaderService()).thenReturn(indexingLoader);
Mockito.when(realmService.getTenantManager()).thenReturn(tenantManager);
Mockito.when(realmService.getBootstrapRealm()).thenReturn(userRealm);
Mockito.when(realmService.getTenantUserRealm(tenantId)).thenReturn(userRealm);
Mockito.when(userRealm.getUserStoreManager()).thenReturn(userStoreManager);
Mockito.when(userRealm.getRealmConfiguration()).thenReturn(realmConfiguration);
Mockito.when(realmConfiguration.getAdminUserName()).thenReturn("admin");
Mockito.when(tenantManager.getTenantId(tenantDomain)).thenReturn(tenantId);
Mockito.when(tenantManager.getDomain(tenantId)).thenReturn(tenantDomain);
Mockito.when(serviceReferenceHolder.getApimConfigService()).thenReturn(apimConfigService);
Mockito.when(apimConfigService.getTenantConfig(tenantDomain)).thenReturn(tenantConfValue);
Mockito.when(apimConfigService.getSelfSighupConfig(tenantDomain)).thenReturn(IOUtils.toString(signUpConfStream));
APIUtil.createDefaultRoles(tenantId);
String[] adminName = { "admin" };
Mockito.verify(userStoreManager, Mockito.atLeastOnce()).addRole(eq("Internal/publisher"), eq(adminName), new Permission[] { Mockito.any(Permission.class) });
Mockito.verify(userStoreManager, Mockito.atLeastOnce()).addRole(eq("Internal/subscriber"), eq(adminName), new Permission[] { Mockito.any(Permission.class) });
Mockito.verify(userStoreManager, Mockito.atLeastOnce()).addRole(eq("Internal/creator"), eq(adminName), new Permission[] { Mockito.any(Permission.class) });
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
Also used :
ServiceReferenceHolder(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
UserStoreManager(org.wso2.carbon.user.core.UserStoreManager)
FileInputStream(java.io.FileInputStream)
RealmConfiguration(org.wso2.carbon.user.core.config.RealmConfiguration)
TenantIndexingLoader(org.wso2.carbon.registry.indexing.service.TenantIndexingLoader)
UserRealm(org.wso2.carbon.user.core.UserRealm)
RealmService(org.wso2.carbon.user.core.service.RealmService)
Permission(org.wso2.carbon.user.api.Permission)
RegistryService(org.wso2.carbon.registry.core.service.RegistryService)
File(java.io.File)
TenantManager(org.wso2.carbon.user.core.tenant.TenantManager)
APIMConfigService(org.wso2.carbon.apimgt.impl.config.APIMConfigService)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 37 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIConsumerImpl method getDeniedTiers.
/**
* Returns a list of tiers denied
* @param apiProviderTenantId tenant id of API provider
* @return Set<Tier>
*/
@Override
public Set<String> getDeniedTiers(int apiProviderTenantId) throws APIManagementException {
Set<String> deniedTiers = new HashSet<String>();
String[] currentUserRoles;
Set<TierPermissionDTO> tierPermissions = apiMgtDAO.getThrottleTierPermissions(apiProviderTenantId);
if (apiProviderTenantId == 0) {
apiProviderTenantId = tenantId;
}
if (apiProviderTenantId != 0) {
if (APIUtil.isOnPremResolver()) {
if (tenantId != apiProviderTenantId) {
// therefore any POLICY that have a permission attached marked as deny policy.
for (TierPermissionDTO tierPermission : tierPermissions) {
deniedTiers.add(tierPermission.getTierName());
}
return deniedTiers;
}
}
/* Get the roles of the Current User */
String userName = (userNameWithoutChange != null) ? userNameWithoutChange : username;
currentUserRoles = APIUtil.getListOfRoles(userName);
for (TierPermissionDTO tierPermission : tierPermissions) {
String type = tierPermission.getPermissionType();
List<String> currentRolesList = new ArrayList<String>(Arrays.asList(currentUserRoles));
String[] rolesList = tierPermission.getRoles();
List<String> roles = new ArrayList<>();
if (rolesList != null) {
roles = new ArrayList<>(Arrays.asList(rolesList));
}
currentRolesList.retainAll(roles);
if (APIConstants.TIER_PERMISSION_ALLOW.equals(type)) {
/* Current User is not allowed for this Tier*/
if (currentRolesList.isEmpty()) {
deniedTiers.add(tierPermission.getTierName());
}
} else {
/* Current User is denied for this Tier*/
if (currentRolesList.size() > 0) {
deniedTiers.add(tierPermission.getTierName());
}
}
}
}
return deniedTiers;
}
Also used :
TierPermissionDTO(org.wso2.carbon.apimgt.impl.dto.TierPermissionDTO)
ArrayList(java.util.ArrayList)
LinkedHashSet(java.util.LinkedHashSet)
HashSet(java.util.HashSet)
Example 38 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIThrottleHandler method doRoleBasedAccessThrottling.
private boolean doRoleBasedAccessThrottling(MessageContext synCtx, ConfigurationContext cc) {
boolean canAccess = true;
ThrottleDataHolder dataHolder = (ThrottleDataHolder) cc.getPropertyNonReplicable(ThrottleConstants.THROTTLE_INFO_KEY);
if (throttle.getThrottleContext(ThrottleConstants.ROLE_BASED_THROTTLE_KEY) == null) {
// skip role base throttling
return true;
}
ConcurrentAccessController cac = null;
if (isClusteringEnable) {
// for clustered env.,gets it from axis configuration context
cac = (ConcurrentAccessController) cc.getProperty(key);
}
if (!synCtx.isResponse()) {
// gets the remote caller role name
AuthenticationContext authContext = APISecurityUtils.getAuthenticationContext(synCtx);
String accessToken;
String consumerKey;
String authorizedUser;
String roleID;
String applicationId;
String applicationTier;
if (authContext != null) {
// Although the method says getApiKey, what is actually returned is the Bearer header (accessToken)
accessToken = authContext.getApiKey();
consumerKey = authContext.getConsumerKey();
authorizedUser = authContext.getUsername();
roleID = authContext.getTier();
applicationTier = authContext.getApplicationTier();
applicationId = authContext.getApplicationId();
if (accessToken == null || roleID == null) {
log.warn("No consumer key or role information found on the request - " + "Throttling not applied");
return true;
}
} else {
log.warn("No authentication context information found on the request - " + "Throttling not applied");
return true;
}
// Domain name based throttling
// check whether a configuration has been defined for this role name or not
// loads the ThrottleContext
ThrottleContext resourceContext = throttle.getThrottleContext(RESOURCE_THROTTLE_KEY);
if (resourceContext == null) {
log.warn("Unable to load throttle context");
return true;
}
// Loads the ThrottleConfiguration
ThrottleConfiguration config = resourceContext.getThrottleConfiguration();
if (config != null) {
String applicationRoleId = null;
// If an application level tier has been specified and it is not 'Unlimited'
if (applicationTier != null && !APIConstants.UNLIMITED_TIER.equals(applicationTier)) {
// Get the configuration role of the application
// applicationRoleId = config.getConfigurationKeyOfCaller(applicationTier);
applicationRoleId = applicationTier;
}
AccessInformation info = null;
// If application level throttling is applied
if (applicationRoleId != null) {
ThrottleContext applicationThrottleContext = getApplicationThrottleContext(synCtx, dataHolder, applicationId);
if (isClusteringEnable) {
applicationThrottleContext.setConfigurationContext(cc);
applicationThrottleContext.setThrottleId(id);
}
// First throttle by application
try {
info = applicationRoleBasedAccessController.canAccess(applicationThrottleContext, applicationId, applicationRoleId);
if (log.isDebugEnabled()) {
log.debug("Throttle by Application " + applicationId);
log.debug("Allowed = " + (info != null ? info.isAccessAllowed() : "false"));
}
} catch (ThrottleException e) {
log.warn("Exception occurred while performing role " + "based throttling", e);
synCtx.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.APPLICATION_LIMIT_EXCEEDED);
return false;
}
// check for the permission for access
if (info != null && !info.isAccessAllowed()) {
log.info("Exceeded the allocated quota in Application level.");
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
// set back if this is a clustered env
if (isClusteringEnable) {
cc.setProperty(key, cac);
resourceContext.setConfigurationContext(cc);
// replicate the current state of ConcurrentAccessController
try {
Replicator.replicate(cc, new String[] { key });
} catch (ClusteringFault clusteringFault) {
log.error("Error during replicating states", clusteringFault);
}
}
}
synCtx.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.APPLICATION_LIMIT_EXCEEDED);
return false;
}
}
// ---------------End of application level throttling------------
// ==============================Start of Resource level throttling======================================
// get throttling information for given request with resource path and http verb
// VerbInfoDTO verbInfoDTO = null;
// verbInfoDTO = validator.getVerbInfoDTOFromAPIData(apiContext, apiVersion, requestPath, httpMethod);
VerbInfoDTO verbInfoDTO = (VerbInfoDTO) synCtx.getProperty(APIConstants.VERB_INFO_DTO);
String resourceLevelRoleId = null;
// no data related to verb information data
if (verbInfoDTO == null) {
log.warn("Error while getting throttling information for resource and http verb");
return false;
} else {
// Not only we can proceed
String resourceAndHTTPVerbThrottlingTier = verbInfoDTO.getThrottling();
// If there no any tier then we need to set it as unlimited
if (resourceAndHTTPVerbThrottlingTier == null) {
log.warn("Unable to find throttling information for resource and http verb. Throttling will " + "not apply");
} else {
resourceLevelRoleId = resourceAndHTTPVerbThrottlingTier;
}
// adding consumerKey and authz_user combination instead of access token to resourceAndHTTPVerbKey
// This avoids sending more than the permitted number of requests in a unit time by
// regenerating the access token
String resourceAndHTTPVerbKey = verbInfoDTO.getRequestKey() + '-' + consumerKey + ':' + authorizedUser;
// if request not null then only we proceed
if (resourceLevelRoleId != null) {
try {
// if application level throttling has passed
if (!APIConstants.UNLIMITED_TIER.equals(resourceLevelRoleId) && (info == null || info.isAccessAllowed())) {
// If this is a clustered env.
if (isClusteringEnable) {
resourceContext.setConfigurationContext(cc);
resourceContext.setThrottleId(id + "resource");
}
info = roleBasedAccessController.canAccess(resourceContext, resourceAndHTTPVerbKey, resourceAndHTTPVerbThrottlingTier);
}
} catch (ThrottleException e) {
log.warn("Exception occurred while performing resource" + "based throttling", e);
synCtx.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.RESOURCE_LIMIT_EXCEEDED);
return false;
}
// check for the permission for access
if (info != null && !info.isAccessAllowed()) {
log.info("Exceeded the allocated quota in Resource level.");
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
// set back if this is a clustered env
if (isClusteringEnable) {
cc.setProperty(key, cac);
// replicate the current state of ConcurrentAccessController
try {
Replicator.replicate(cc, new String[] { key });
} catch (ClusteringFault clusteringFault) {
log.error("Error during replicating states", clusteringFault);
}
}
}
if (isContinueOnThrottleReached(resourceAndHTTPVerbThrottlingTier)) {
// limit has reached.
if (synCtx.getProperty(APIConstants.API_USAGE_THROTTLE_OUT_PROPERTY_KEY) == null) {
synCtx.setProperty(APIConstants.API_USAGE_THROTTLE_OUT_PROPERTY_KEY, Boolean.TRUE);
}
} else {
synCtx.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.RESOURCE_LIMIT_EXCEEDED);
return false;
}
}
} else {
log.warn("Unable to find the throttle policy for role.");
}
}
// ==============================End of Resource level throttling=======================================
// ---------------Start of API level throttling------------------
// Domain name based throttling
// check whether a configuration has been defined for this role name or not
// loads the ThrottleContext
ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.ROLE_BASED_THROTTLE_KEY);
String apiKey;
if (context == null) {
log.warn("Unable to load throttle context");
return true;
}
// If this is a clustered env.
// check for configuration role of the caller
config = context.getThrottleConfiguration();
String consumerRoleID = config.getConfigurationKeyOfCaller(roleID);
if (isClusteringEnable) {
context.setConfigurationContext(cc);
context.setThrottleId(id);
}
try {
String apiContext = (String) synCtx.getProperty(RESTConstants.REST_API_CONTEXT);
String apiVersion = (String) synCtx.getProperty(RESTConstants.SYNAPSE_REST_API_VERSION);
apiContext = apiContext != null ? apiContext : "";
apiVersion = apiVersion != null ? apiVersion : "";
// adding consumerKey and authz_user combination instead of access token to apiKey
// This avoids sending more than the permitted number of requests in a unit time by
// regenerating the access token
apiKey = apiContext + ':' + apiVersion + ':' + consumerKey + ':' + authorizedUser;
// if application level throttling has passed
if (!APIConstants.UNLIMITED_TIER.equals(roleID) && (info == null || info.isAccessAllowed())) {
// Throttle by access token
info = roleBasedAccessController.canAccess(context, apiKey, consumerRoleID);
}
} catch (ThrottleException e) {
log.warn("Exception occurred while performing role " + "based throttling", e);
synCtx.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.API_LIMIT_EXCEEDED);
return false;
}
// check for the permission for access
if (info != null && !info.isAccessAllowed()) {
log.info("Exceeded the allocated quota in API level.");
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
// set back if this is a clustered env
if (isClusteringEnable) {
cc.setProperty(key, cac);
// replicate the current state of ConcurrentAccessController
try {
Replicator.replicate(cc, new String[] { key });
} catch (ClusteringFault clusteringFault) {
log.error("Error during replicating states", clusteringFault);
}
}
}
if (isContinueOnThrottleReached(consumerRoleID)) {
// limit has reached.
if (synCtx.getProperty(APIConstants.API_USAGE_THROTTLE_OUT_PROPERTY_KEY) == null) {
synCtx.setProperty(APIConstants.API_USAGE_THROTTLE_OUT_PROPERTY_KEY, Boolean.TRUE);
}
if (log.isDebugEnabled()) {
log.debug("Request throttled at API level for throttle key" + apiKey + ". But role " + consumerRoleID + "allows to continue to serve requests");
}
} else {
synCtx.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.API_LIMIT_EXCEEDED);
return false;
}
}
}
}
// ---------------End of API level throttling------------------
// ---------------Start of Hard throttling------------------
ThrottleContext hardThrottleContext = throttle.getThrottleContext(APIThrottleConstants.HARD_THROTTLING_CONFIGURATION);
try {
String apiContext = (String) synCtx.getProperty(RESTConstants.REST_API_CONTEXT);
String apiVersion = (String) synCtx.getProperty(RESTConstants.SYNAPSE_REST_API_VERSION);
apiContext = apiContext != null ? apiContext : "";
apiVersion = apiVersion != null ? apiVersion : "";
AuthenticationContext authContext = APISecurityUtils.getAuthenticationContext(synCtx);
if (hardThrottleContext != null && authContext.getKeyType() != null) {
String throttleKey = apiContext + ':' + apiVersion + ':' + authContext.getKeyType();
AccessInformation info = null;
if (isClusteringEnable) {
hardThrottleContext.setConfigurationContext(cc);
}
if (APIConstants.API_KEY_TYPE_PRODUCTION.equals(authContext.getKeyType())) {
hardThrottleContext.setThrottleId(id + APIThrottleConstants.PRODUCTION_HARD_LIMIT);
info = roleBasedAccessController.canAccess(hardThrottleContext, throttleKey, APIThrottleConstants.PRODUCTION_HARD_LIMIT);
} else if (APIConstants.API_KEY_TYPE_SANDBOX.equals(authContext.getKeyType())) {
hardThrottleContext.setThrottleId(id + APIThrottleConstants.SANDBOX_HARD_LIMIT);
info = roleBasedAccessController.canAccess(hardThrottleContext, throttleKey, APIThrottleConstants.SANDBOX_HARD_LIMIT);
}
if (log.isDebugEnabled()) {
log.debug("Throttle by hard limit " + throttleKey);
log.debug("Allowed = " + (info != null ? info.isAccessAllowed() : "false"));
}
if (info != null && !info.isAccessAllowed()) {
synCtx.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.HARD_LIMIT_EXCEEDED);
log.info("Hard Throttling limit exceeded.");
return false;
}
}
} catch (ThrottleException e) {
log.warn("Exception occurred while performing role based throttling", e);
synCtx.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.HARD_LIMIT_EXCEEDED);
return false;
}
return canAccess;
}
Also used :
ThrottleContext(org.apache.synapse.commons.throttle.core.ThrottleContext)
ThrottleDataHolder(org.apache.synapse.commons.throttle.core.ThrottleDataHolder)
AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)
VerbInfoDTO(org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO)
AccessInformation(org.apache.synapse.commons.throttle.core.AccessInformation)
ThrottleException(org.apache.synapse.commons.throttle.core.ThrottleException)
ThrottleConfiguration(org.apache.synapse.commons.throttle.core.ThrottleConfiguration)
ConcurrentAccessController(org.apache.synapse.commons.throttle.core.ConcurrentAccessController)
ClusteringFault(org.apache.axis2.clustering.ClusteringFault)
Example 39 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class RestApiUtilTest method testHandleAuthorizationFailureArgWithEmptyID.
@Test
public void testHandleAuthorizationFailureArgWithEmptyID() {
String apiId = "";
String expectedErrormessage = "You don't have permission to access the " + RestApiConstants.RESOURCE_API;
APIManagementException apiManagementException = new APIManagementException("API management exception test");
Log log = Mockito.mock(Log.class);
PowerMockito.mockStatic(LogFactory.class);
PowerMockito.when(LogFactory.getLog(Mockito.any(Class.class))).thenReturn(log);
try {
RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_API, apiId, apiManagementException, log);
} catch (ForbiddenException exception) {
Assert.assertEquals(expectedErrormessage, exception.getMessage());
}
Mockito.verify(log).error(expectedErrormessage, apiManagementException);
}
Also used :
ForbiddenException(org.wso2.carbon.apimgt.rest.api.util.exception.ForbiddenException)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
Log(org.apache.commons.logging.Log)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 40 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class RestApiUtil method handleMigrationSpecificPermissionViolations.
/**
* Handle if any cross tenant access permission violations detected. Cross tenant resources (apis/apps) can be
* retrieved only by super tenant admin user, only while a migration process(2.6.0 to 3.0.0). APIM server has to be
* started with the system property 'migrationMode=true' if a migration related exports are to be done.
*
* @param targetTenantDomain Tenant domain of which resources are requested
* @param username Logged in user name
* @throws ForbiddenException
*/
public static void handleMigrationSpecificPermissionViolations(String targetTenantDomain, String username) throws ForbiddenException {
boolean isCrossTenantAccess = !targetTenantDomain.equals(MultitenantUtils.getTenantDomain(username));
if (!isCrossTenantAccess) {
return;
}
String superAdminRole = null;
try {
superAdminRole = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getRealmConfiguration().getAdminRoleName();
} catch (UserStoreException e) {
RestApiUtil.handleInternalServerError("Error in getting super admin role name", e, log);
}
// check whether logged in user is a super tenant user
String superTenantDomain = null;
try {
superTenantDomain = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getSuperTenantDomain();
} catch (UserStoreException e) {
RestApiUtil.handleInternalServerError("Error in getting the super tenant domain", e, log);
}
boolean isSuperTenantUser = RestApiCommonUtil.getLoggedInUserTenantDomain().equals(superTenantDomain);
if (!isSuperTenantUser) {
String errorMsg = "Cross Tenant resource access is not allowed for this request. User " + username + " is not allowed to access resources in " + targetTenantDomain + " as the requester is not a super " + "tenant user";
log.error(errorMsg);
ErrorDTO errorDTO = getErrorDTO(RestApiConstants.STATUS_FORBIDDEN_MESSAGE_DEFAULT, 403l, errorMsg);
throw new ForbiddenException(errorDTO);
}
// check whether the user has super tenant admin role
boolean isSuperAdminRoleNameExist = false;
try {
isSuperAdminRoleNameExist = APIUtil.isUserInRole(username, superAdminRole);
} catch (UserStoreException | APIManagementException e) {
RestApiUtil.handleInternalServerError("Error in checking whether the user has admin role", e, log);
}
if (!isSuperAdminRoleNameExist) {
String errorMsg = "Cross Tenant resource access is not allowed for this request. User " + username + " is not allowed to access resources in " + targetTenantDomain + " as the requester is not a " + "super tenant admin";
log.error(errorMsg);
ErrorDTO errorDTO = getErrorDTO(RestApiConstants.STATUS_FORBIDDEN_MESSAGE_DEFAULT, 403l, errorMsg);
throw new ForbiddenException(errorDTO);
}
}
Also used :
ForbiddenException(org.wso2.carbon.apimgt.rest.api.util.exception.ForbiddenException)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
ErrorDTO(org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
Aggregations
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)29
HashSet (java.util.HashSet)18
HashMap (java.util.HashMap)17
ArrayList (java.util.ArrayList)16
Test (org.testng.annotations.Test)16
Policy (org.wso2.carbon.apimgt.core.models.policy.Policy)16
Test (org.junit.Test)15
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)15
API (org.wso2.carbon.apimgt.core.models.API)15
ApplicationPolicy (org.wso2.carbon.apimgt.core.models.policy.ApplicationPolicy)15
SubscriptionPolicy (org.wso2.carbon.apimgt.core.models.policy.SubscriptionPolicy)15
UserStoreException (org.wso2.carbon.user.api.UserStoreException)13
Map (java.util.Map)12
Resource (org.wso2.carbon.registry.core.Resource)12
UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)12
API (org.wso2.carbon.apimgt.api.model.API)11
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)10
APIPolicy (org.wso2.carbon.apimgt.core.models.policy.APIPolicy)9
RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)9
BusinessInformation (org.wso2.carbon.apimgt.core.models.BusinessInformation)8
