fix basic authentication in new runtime

components/org.wso2.carbon.identity.authz.service/src/main/java/org/wso2/carbon/identity/authz/service/handler/AuthorizationHandler.java

@@ -24,6 +24,8 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
 import org.wso2.carbon.identity.application.common.model.User;
 import org.wso2.carbon.identity.authz.service.AuthorizationContext;
 import org.wso2.carbon.identity.authz.service.AuthorizationResult;
@@ -33,6 +35,8 @@
 import org.wso2.carbon.identity.core.handler.AbstractIdentityHandler;
 import org.wso2.carbon.identity.core.handler.InitConfig;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
+import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
+import org.wso2.carbon.identity.oauth2.util.AuthzUtil;
 import org.wso2.carbon.user.api.AuthorizationManager;
 import org.wso2.carbon.user.api.UserRealm;
 import org.wso2.carbon.user.api.UserStoreException;
@@ -76,11 +80,23 @@ public AuthorizationResult handleAuthorization(AuthorizationContext authorizatio
             // If the scopes are configured for the API, it gets the first priority
             if (isScopeValidationRequired(authorizationContext, validateScope)) {
                 validateScopes(authorizationContext, authorizationResult, allowedScopes);
+            } else if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
+                if (StringUtils.isNotBlank(permissionString) || authorizationContext.getRequiredScopes().size() == 0) {
+                    validatePermissions(authorizationResult, user, permissionString, tenantUserRealm);
+                }
+            } else {
+                AuthenticatedUser authenticatedUser = new AuthenticatedUser(user);
+                String userId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserId();
+                if (userId != null) {
+                    authenticatedUser.setUserId(userId);
+                    boolean isAuthorized = AuthzUtil.isUserAuthorized(authenticatedUser,
+                            authorizationContext.getRequiredScopes());
+                    if (isAuthorized) {
+                        authorizationResult.setAuthorizationStatus(AuthorizationStatus.GRANT);
+                    }
+                }
             }
-            if (StringUtils.isNotBlank(permissionString) || authorizationContext.getRequiredScopes().size() == 0) {
-                validatePermissions(authorizationResult, user, permissionString, tenantUserRealm);
-            }
-        } catch (UserStoreException e) {
+        } catch (UserStoreException | IdentityOAuth2Exception e) {
             String errorMessage = "Error occurred while trying to authorize, " + e.getMessage();
             log.error(errorMessage);
             throw new AuthzServiceServerException(errorMessage, e);

pom.xml

@@ -348,7 +348,7 @@
         <identity.framework.version>5.25.393</identity.framework.version>
         <carbon.identity.package.import.version.range>[5.17.8, 7.0.0)</carbon.identity.package.import.version.range>
 
-        <org.wso2.carbon.identity.oauth.version>6.11.128</org.wso2.carbon.identity.oauth.version>
+        <org.wso2.carbon.identity.oauth.version>6.11.167-SNAPSHOT</org.wso2.carbon.identity.oauth.version>
         <org.wso2.carbon.identity.oauth.import.version.range>[6.2.18, 7.0.0)
         </org.wso2.carbon.identity.oauth.import.version.range>