Merge pull request #187 from RushanNanayakkara/main

Block authentication script configuration for fragment Application

components/org.wso2.carbon.identity.organization.management.application/pom.xml

@@ -137,6 +137,7 @@
                             org.wso2.carbon.identity.application.authentication.framework.model; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.application.common; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.application.common.model; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.application.common.model.script; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.application.mgt; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.application.mgt.listener; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.claim.metadata.mgt; version="${carbon.identity.package.import.version.range}",

components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/listener/FragmentApplicationMgtListener.java

@@ -20,11 +20,14 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException;
 import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
 import org.wso2.carbon.identity.application.common.model.ClaimConfig;
 import org.wso2.carbon.identity.application.common.model.ClaimMapping;
+import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
 import org.wso2.carbon.identity.application.common.model.ServiceProvider;
 import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
+import org.wso2.carbon.identity.application.common.model.script.AuthenticationScriptConfig;
 import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
 import org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener;
 import org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener;
@@ -92,6 +95,18 @@ public boolean doPreUpdateApplication(ServiceProvider serviceProvider, String te
                 .anyMatch(p -> IS_FRAGMENT_APP.equalsIgnoreCase(p.getName()) && Boolean.parseBoolean(p.getValue()))) {
             serviceProvider.setSpProperties(existingApplication.getSpProperties());
             serviceProvider.setInboundAuthenticationConfig(existingApplication.getInboundAuthenticationConfig());
+            LocalAndOutboundAuthenticationConfig localAndOutBoundAuthenticationConfig =
+                    serviceProvider.getLocalAndOutBoundAuthenticationConfig();
+            if (localAndOutBoundAuthenticationConfig != null &&
+                    localAndOutBoundAuthenticationConfig.getAuthenticationScriptConfig() != null) {
+                AuthenticationScriptConfig authenticationScriptConfig =
+                        localAndOutBoundAuthenticationConfig.getAuthenticationScriptConfig();
+                if (authenticationScriptConfig.isEnabled() &&
+                        !StringUtils.isBlank(authenticationScriptConfig.getContent())) {
+                    throw new IdentityApplicationManagementClientException(
+                            "Authentication script configuration not allowed for shared applications.");
+                }
+            }
         }
 
         // Updating the shareWithAllChildren flag of application is blocked.