1

all. I wonder if I can get the tenant ID except for carbonContext API. I see this set of API can get anything from the server, but it is too powerful to be exposed the the developers. An evil dev-er can easily get the whole osgi services. He can even modify other users's registry by just setting the tenantID to others. So is there any method I can use, to get the tenant ID of an app?

wiwengweng
  • 352
  • 1
  • 4
  • 16
  • If you deploy the webapp in a tenant, it cannot access other tenant's registry in anyway. You cannot set the tenantId in a webapp if it's deployed in a tenant but you can do that if you are super-tenant. Super tenant have access to other tenants. – Kasun Gajasinghe Jan 23 '14 at 05:07

1 Answers1

1

Normally tenant ID is an internal detail and it is not exposed via web services. AFAIK Only available way is the CarbonContext API. Actually you can enable java security manager and restrict the access to OSGI service. I guess WSO2 has done it in their live deployment where we can not access CarbonContext, user realm and other service using a web app. But i agree that there must be a way to get tenant information about the deployed tenant. (basically tenant domain , not tenant id).

Asela
  • 5,781
  • 1
  • 15
  • 23
  • Hi, Asela, see you again, and thank you. In our env, we have an app that will do the tenant data isolation via tenant id, so if the app is on AS, it will need to get tenant id via CarbonContext api. However, SaaS app need to set the id first. So the PrivilegedCarbonContext API will be used in SaaS, then some one can do some evil by setting other's tenant id to achieve some data. That is very dangerous. I think if we want to use WSO2, we need more investigation. :D are you belonging to WSO2 team? Or share some more infomation about this thread? – wiwengweng Jan 22 '14 at 02:54
  • I guess, you have deployed your app in the WSO2AS in super tenant mode and accessing tenant specific data OR else, you have deployed it in each tenant.? – Asela Jan 22 '14 at 12:26
  • As our platform goes mutual, I think super admin will not use frequently, and apps will only be deployed by each tenant. But will this make any difference – wiwengweng Jan 23 '14 at 07:25
  • As our platform goes mutual, I think super admin will not use frequently, and apps will only be deployed by each tenant. But will this make any difference? Even if I am a common tenant, once I am familiar with carbon context api, I can deploy my app using the privilege api, right? I wonder how stratos live manage this? – wiwengweng Jan 23 '14 at 07:31