Can I get the tenant ID when an app is deployed on AS

555 Views Asked by At

all. I wonder if I can get the tenant ID except for carbonContext API. I see this set of API can get anything from the server, but it is too powerful to be exposed the the developers. An evil dev-er can easily get the whole osgi services. He can even modify other users's registry by just setting the tenantID to others. So is there any method I can use, to get the tenant ID of an app?

1

There are 1 best solutions below

4
On

Normally tenant ID is an internal detail and it is not exposed via web services. AFAIK Only available way is the CarbonContext API. Actually you can enable java security manager and restrict the access to OSGI service. I guess WSO2 has done it in their live deployment where we can not access CarbonContext, user realm and other service using a web app. But i agree that there must be a way to get tenant information about the deployed tenant. (basically tenant domain , not tenant id).