Set user resident organization thread local

wso2-extensions · Oct 26, 2023 · b241005 · b241005
1 parent b389b2a
commit b241005
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/...ce/src/main/java/org/wso2/carbon/identity/auth/service/handler/AuthenticationHandler.java b/...ce/src/main/java/org/wso2/carbon/identity/auth/service/handler/AuthenticationHandler.java
@@ -103,14 +103,19 @@ protected void postAuthenticate(MessageContext messageContext, AuthenticationRes
                 // organization is authorized to access. Skip this for cross tenant scenarios.
 
                 String authorizedOrganization = null;
+                String userResidentOrganization = null;
                 if (user instanceof AuthenticatedUser) {
                     authorizedOrganization = ((AuthenticatedUser) user).getAccessingOrganization();
+                    userResidentOrganization = ((AuthenticatedUser) user).getUserResidentOrganization();
                 }
+
                 if (user.getTenantDomain() != null && (user.getTenantDomain()
                         .equalsIgnoreCase(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()) ||
                         StringUtils.isNotEmpty(authorizedOrganization))) {
                     PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(IdentityUtil.addDomainToName
                             (user.getUserName(), user.getUserStoreDomain()));
+                    // Set the user's resident organization if user not belongs to the accessing organization
+                    IdentityUtil.threadLocalProperties.get().put("USER_RESIDENT_ORG", userResidentOrganization);
                 }
                 // Set the user id to the Carbon context if the user authentication is succeeded.
                 try {

diff --git a/...ity.auth.valve/src/main/java/org/wso2/carbon/identity/auth/valve/AuthenticationValve.java b/...ity.auth.valve/src/main/java/org/wso2/carbon/identity/auth/valve/AuthenticationValve.java
@@ -193,6 +193,9 @@ public void invoke(Request request, Response response) throws IOException, Servl
             unsetMDCThreadLocals();
             // Clear thread local authenticated with basic auth flag.
             unsetAuthenticatedWithBasicAuth();
+
+            // Clear user resident organization thread local.
+            IdentityUtil.threadLocalProperties.get().remove("USER_RESIDENT_ORG");
         }