Merge pull request #5304 from UdeshAthukorala/external-host

Introduce a config to update console & myaccount callback url & access url
wso2 · Dec 29, 2023 · 43898f3 · 43898f3
2 parents 4240008 + 7b8bd9e
commit 43898f3
Show file tree

Hide file tree

Showing 4 changed files with 139 additions and 2 deletions.
diff --git a/...tion.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java b/...tion.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java
@@ -109,6 +109,9 @@ private ApplicationConstants() {
     // Console and My Account application names.
     public static final String CONSOLE_APPLICATION_NAME = "Console";
     public static final String MY_ACCOUNT_APPLICATION_NAME = "My Account";
+    public static final String CONSOLE_ACCESS_URL_FROM_SERVER_CONFIGS = "Console.AccessURL";
+    public static final String MY_ACCOUNT_ACCESS_URL_FROM_SERVER_CONFIGS = "MyAccount.AccessURL";
+    public static final String TENANT_DOMAIN_PLACEHOLDER = "{TENANT_DOMAIN}";
 
     /**
      * Group the constants related to logs.

diff --git a/...cation.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.java b/...cation.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.java
@@ -78,10 +78,13 @@
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Unmarshaller;
 
+import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.CONSOLE_ACCESS_URL_FROM_SERVER_CONFIGS;
 import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.ENABLE_APPLICATION_ROLE_VALIDATION_PROPERTY;
 import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.LogConstants.APP_OWNER;
 import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.LogConstants.DISABLE_LEGACY_AUDIT_LOGS_IN_APP_MGT_CONFIG;
 import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.LogConstants.ENABLE_V2_AUDIT_LOGS;
+import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.MY_ACCOUNT_ACCESS_URL_FROM_SERVER_CONFIGS;
+import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.TENANT_DOMAIN_PLACEHOLDER;
 import static org.wso2.carbon.user.core.constants.UserCoreErrorConstants.ErrorMessages.ERROR_CODE_ROLE_ALREADY_EXISTS;
 import static org.wso2.carbon.utils.CarbonUtils.isLegacyAuditLogsDisabled;
 
@@ -1092,8 +1095,71 @@ public static String resolveOriginUrlFromPlaceholders(String absoluteUrl) throws
      */
     public static boolean isConsoleOrMyAccount(String name) {
 
-        return ApplicationConstants.CONSOLE_APPLICATION_NAME.equals(name) ||
-                ApplicationConstants.MY_ACCOUNT_APPLICATION_NAME.equals(name);
+        return isConsole(name) || isMyAccount(name);
+    }
+
+    /**
+     * Check whether the application is Console by app name.
+     *
+     * @param name Application name.
+     * @return True if the application is Console.
+     */
+    public static boolean isConsole(String name) {
+
+        return ApplicationConstants.CONSOLE_APPLICATION_NAME.equals(name);
+    }
+
+    /**
+     * Check whether the application is My Account by app name.
+     *
+     * @param name Application name.
+     * @return True if the application is My Account.
+     */
+    public static boolean isMyAccount(String name) {
+
+        return ApplicationConstants.MY_ACCOUNT_APPLICATION_NAME.equals(name);
+    }
+
+    /**
+     * Resolve Console application access url for a specific tenant based on the access url configured in toml.
+     *
+     * @param tenantDomain Tenant domain.
+     * @return Console access url.
+     */
+    public static String getConsoleAccessUrlFromServerConfig(String tenantDomain) {
+
+        String accessUrl = IdentityUtil.getProperty(CONSOLE_ACCESS_URL_FROM_SERVER_CONFIGS);
+        if (StringUtils.isNotBlank(accessUrl)) {
+            if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain) &&
+                    !IdentityTenantUtil.isSuperTenantRequiredInUrl()) {
+                accessUrl = accessUrl.replace("/t/" + TENANT_DOMAIN_PLACEHOLDER, StringUtils.EMPTY);
+            } else {
+                accessUrl = accessUrl.replace(TENANT_DOMAIN_PLACEHOLDER, tenantDomain);
+            }
+            return accessUrl;
+        }
+        return null;
+    }
+
+    /**
+     * Resolve MyAccount application access url for a specific tenant based on the access url configured in toml.
+     *
+     * @param tenantDomain Tenant domain.
+     * @return MyAccount access url.
+     */
+    public static String getMyAccountAccessUrlFromServerConfig(String tenantDomain) {
+
+        String accessUrl = IdentityUtil.getProperty(MY_ACCOUNT_ACCESS_URL_FROM_SERVER_CONFIGS);
+        if (StringUtils.isNotBlank(accessUrl)) {
+            if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain) &&
+                    !IdentityTenantUtil.isSuperTenantRequiredInUrl()) {
+                accessUrl = accessUrl.replace("/t/" + TENANT_DOMAIN_PLACEHOLDER, StringUtils.EMPTY);
+            } else {
+                accessUrl = accessUrl.replace(TENANT_DOMAIN_PLACEHOLDER, tenantDomain);
+            }
+            return accessUrl;
+        }
+        return null;
     }
 
     private static class InboundAuthRequestConfigSerializer extends StdSerializer<InboundAuthenticationRequestConfig> {

diff --git a/...t/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java b/...t/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java
@@ -161,6 +161,8 @@
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.TEMPLATE_ID_SP_PROPERTY_DISPLAY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.TEMPLATE_ID_SP_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.LOCAL_SP;
+import static org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil.getConsoleAccessUrlFromServerConfig;
+import static org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil.getMyAccountAccessUrlFromServerConfig;
 import static org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil.getUserTenantDomain;
 import static org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationMgtDBQueries.ADD_APPLICATION_ASSOC_ROLES_TAIL;
 import static org.wso2.carbon.identity.base.IdentityConstants.SKIP_CONSENT;
@@ -1940,6 +1942,19 @@ private ServiceProvider getBasicApplicationData(String applicationName, Connecti
                     serviceProvider.setAccessUrl(ApplicationMgtUtil.resolveOriginUrlFromPlaceholders(
                             basicAppDataResultSet.getString(ApplicationTableColumns.ACCESS_URL)));
                 }
+                String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantID);
+                if (ApplicationMgtUtil.isConsole(serviceProvider.getApplicationName())) {
+                    String consoleAccessUrl = getConsoleAccessUrlFromServerConfig(tenantDomain);
+                    if (StringUtils.isNotBlank(consoleAccessUrl)) {
+                        serviceProvider.setAccessUrl(consoleAccessUrl);
+                    }
+                }
+                if (ApplicationMgtUtil.isMyAccount(serviceProvider.getApplicationName())) {
+                    String myAccountAccessUrl = getMyAccountAccessUrlFromServerConfig(tenantDomain);
+                    if (StringUtils.isNotBlank(myAccountAccessUrl)) {
+                        serviceProvider.setAccessUrl(myAccountAccessUrl);
+                    }
+                }
 
                 serviceProvider.setDiscoverable(getBooleanValue(basicAppDataResultSet.getString(ApplicationTableColumns
                         .IS_DISCOVERABLE)));
@@ -2476,6 +2491,19 @@ private ServiceProvider getBasicApplicationData(int appId, Connection connection
                     serviceProvider.setAccessUrl(ApplicationMgtUtil.resolveOriginUrlFromPlaceholders(
                             rs.getString(ApplicationTableColumns.ACCESS_URL)));
                 }
+                String tenantDomain = IdentityTenantUtil.getTenantDomain(rs.getInt(ApplicationTableColumns.TENANT_ID));
+                if (ApplicationMgtUtil.isConsole(serviceProvider.getApplicationName())) {
+                    String consoleAccessUrl = getConsoleAccessUrlFromServerConfig(tenantDomain);
+                    if (StringUtils.isNotBlank(consoleAccessUrl)) {
+                        serviceProvider.setAccessUrl(consoleAccessUrl);
+                    }
+                }
+                if (ApplicationMgtUtil.isMyAccount(serviceProvider.getApplicationName())) {
+                    String myAccountAccessUrl = getMyAccountAccessUrlFromServerConfig(tenantDomain);
+                    if (StringUtils.isNotBlank(myAccountAccessUrl)) {
+                        serviceProvider.setAccessUrl(myAccountAccessUrl);
+                    }
+                }
 
                 serviceProvider.setDiscoverable(getBooleanValue(rs.getString(ApplicationTableColumns.IS_DISCOVERABLE)));
 
@@ -5887,6 +5915,20 @@ private ApplicationBasicInfo buildApplicationBasicInfo(ResultSet appNameResultSe
             throw new IdentityApplicationManagementException(
                     "Error occurred when resolving origin of the access URL with placeholders", e);
         }
+        String tenantDomain =
+                IdentityTenantUtil.getTenantDomain(appNameResultSet.getInt(ApplicationTableColumns.TENANT_ID));
+        if (ApplicationMgtUtil.isConsole(basicInfo.getApplicationName())) {
+            String consoleAccessUrl = getConsoleAccessUrlFromServerConfig(tenantDomain);
+            if (StringUtils.isNotBlank(consoleAccessUrl)) {
+                basicInfo.setAccessUrl(consoleAccessUrl);
+            }
+        }
+        if (ApplicationMgtUtil.isMyAccount(basicInfo.getApplicationName())) {
+            String myAccountAccessUrl = getMyAccountAccessUrlFromServerConfig(tenantDomain);
+            if (StringUtils.isNotBlank(myAccountAccessUrl)) {
+                basicInfo.setAccessUrl(myAccountAccessUrl);
+            }
+        }
 
         String username = appNameResultSet.getString(ApplicationTableColumns.USERNAME);
         String userStoreDomain = appNameResultSet.getString(ApplicationTableColumns.USER_STORE);
@@ -5930,6 +5972,20 @@ private ApplicationBasicInfo buildApplicationBasicInfoWithInboundConfig(ResultSe
             throw new IdentityApplicationManagementException(
                     "Error occurred when resolving origin of the access URL with placeholders", e);
         }
+        String tenantDomain =
+                IdentityTenantUtil.getTenantDomain(appNameResultSet.getInt(ApplicationTableColumns.TENANT_ID));
+        if (ApplicationMgtUtil.isConsole(basicInfo.getApplicationName())) {
+            String consoleAccessUrl = getConsoleAccessUrlFromServerConfig(tenantDomain);
+            if (StringUtils.isNotBlank(consoleAccessUrl)) {
+                basicInfo.setAccessUrl(consoleAccessUrl);
+            }
+        }
+        if (ApplicationMgtUtil.isMyAccount(basicInfo.getApplicationName())) {
+            String myAccountAccessUrl = getMyAccountAccessUrlFromServerConfig(tenantDomain);
+            if (StringUtils.isNotBlank(myAccountAccessUrl)) {
+                basicInfo.setAccessUrl(myAccountAccessUrl);
+            }
+        }
 
         String inboundAuthKey = appNameResultSet.getString(ApplicationInboundTableColumns.INBOUND_AUTH_KEY);
         String inboundAuthType = appNameResultSet.getString(ApplicationInboundTableColumns.INBOUND_AUTH_TYPE);

diff --git a/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
@@ -3946,4 +3946,16 @@
     </InputValidation>
     {% endif %}
 
+    <!-- Console Application configurations -->
+    <Console>
+        <CallbackURL>{{console.callback_url}}</CallbackURL>
+        <AccessURL>{{console.access_url}}</AccessURL>
+    </Console>
+
+    <!-- MyAccount Application configurations -->
+    <MyAccount>
+        <CallbackURL>{{myaccount.callback_url}}</CallbackURL>
+        <AccessURL>{{myaccount.access_url}}</AccessURL>
+    </MyAccount>
+
 </Server>