Improve getUserSessions conditional auth function to resolve user accessing org when getting sessions during B2B logins. #218
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![wso2-engineering[bot]](https://avatars.githubusercontent.com/in/1856828?s=60&v=4){kind=small}
Comment on lines
+91
to
+94
| try { | ||
| tenantDomain = UserFunctionsServiceHolder.getInstance().getOrganizationManager() | ||
| .resolveTenantDomain(userAccessingOrganization); | ||
| } catch (OrganizationManagementException e) { |
There was a problem hiding this comment.
Log Improvement Suggestion No: 2
Suggested change
| try { | |
| tenantDomain = UserFunctionsServiceHolder.getInstance().getOrganizationManager() | |
| .resolveTenantDomain(userAccessingOrganization); | |
| } catch (OrganizationManagementException e) { | |
| try { | |
| tenantDomain = UserFunctionsServiceHolder.getInstance().getOrganizationManager() | |
| .resolveTenantDomain(userAccessingOrganization); | |
| if (LOG.isDebugEnabled()) { | |
| LOG.debug("Resolved tenant domain: " + tenantDomain + " for organization: " + userAccessingOrganization); | |
| } | |
| } catch (OrganizationManagementException e) { |
Comment on lines
+300
to
+303
| protected void setOrganizationManager(OrganizationManager organizationManager) { | ||
|
|
||
| UserFunctionsServiceHolder.getInstance().setOrganizationManager(organizationManager); | ||
| LOG.debug("Organization manager service is set in the conditional authentication user functions bundle."); |
There was a problem hiding this comment.
Log Improvement Suggestion No: 3
Suggested change
| protected void setOrganizationManager(OrganizationManager organizationManager) { | |
| UserFunctionsServiceHolder.getInstance().setOrganizationManager(organizationManager); | |
| LOG.debug("Organization manager service is set in the conditional authentication user functions bundle."); | |
| protected void setOrganizationManager(OrganizationManager organizationManager) { | |
| UserFunctionsServiceHolder.getInstance().setOrganizationManager(organizationManager); | |
| if (LOG.isDebugEnabled()) { | |
| LOG.debug("Organization manager service is set in the conditional authentication user functions bundle."); | |
| } |
Comment on lines
+306
to
+309
| protected void unsetOrganizationManager(OrganizationManager organizationManager) { | ||
|
|
||
| UserFunctionsServiceHolder.getInstance().setOrganizationManager(null); | ||
| LOG.debug("Organization manager service is unset in the conditional authentication user functions bundle."); |
There was a problem hiding this comment.
Log Improvement Suggestion No: 4
Suggested change
| protected void unsetOrganizationManager(OrganizationManager organizationManager) { | |
| UserFunctionsServiceHolder.getInstance().setOrganizationManager(null); | |
| LOG.debug("Organization manager service is unset in the conditional authentication user functions bundle."); | |
| protected void unsetOrganizationManager(OrganizationManager organizationManager) { | |
| UserFunctionsServiceHolder.getInstance().setOrganizationManager(null); | |
| if (LOG.isDebugEnabled()) { | |
| LOG.debug("Organization manager service is unset in the conditional authentication user functions bundle."); | |
| } |
Comment on lines
+117
to
+120
| public void setOrganizationManager(OrganizationManager organizationManager) { | ||
|
|
||
| this.organizationManager = organizationManager; | ||
| } |
There was a problem hiding this comment.
Log Improvement Suggestion No: 5
Suggested change
| public void setOrganizationManager(OrganizationManager organizationManager) { | |
| this.organizationManager = organizationManager; | |
| } | |
| public void setOrganizationManager(OrganizationManager organizationManager) { | |
| if (organizationManager != null) { | |
| log.debug("OrganizationManager service is set in UserFunctionsServiceHolder."); | |
| } | |
| this.organizationManager = organizationManager; | |
| } |
There was a problem hiding this comment.
AI Agent Log Improvement Checklist
- The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
- Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.
✅ Before merging this pull request:
- Review all AI-generated comments for accuracy and relevance.
- Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.
| Comment | Accepted (Y/N) | Reason |
|---|---|---|
| #### Log Improvement Suggestion No: 2 | ||
| #### Log Improvement Suggestion No: 3 | ||
| #### Log Improvement Suggestion No: 4 | ||
| #### Log Improvement Suggestion No: 5 |
There was a problem hiding this comment.
Pull Request Overview
This pull request enhances the conditional authentication user functions to support organization-aware user session retrieval during B2B logins. The key improvement is resolving the correct tenant domain using the accessing organization ID when retrieving user sessions.
Key Changes:
- Integrated
OrganizationManagerservice to resolve tenant domains for B2B organization contexts - Modified
getUserSessionsto use the resolved tenant domain instead of the user's default tenant domain - Updated dependency management to include organization management service at compile scope
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| pom.xml | Moved organization management service dependency from test to compile scope and added version range property |
| GetUserSessionsFunctionImplTest.java | Added comprehensive unit tests covering standard sessions, empty results, organization-based sessions, and error handling |
| UserFunctionsServiceHolder.java | Added getter and setter methods for OrganizationManager instance |
| UserFunctionsServiceComponent.java | Registered OrganizationManager as an OSGi service reference with bind/unbind methods |
| GetUserSessionsFunctionImpl.java | Implemented tenant domain resolution logic using accessing organization and updated session retrieval call |
| components/.../pom.xml | Added OSGi import packages for organization management service and exception classes |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+86
to
+101
| private String getUserTenantDomain(AuthenticatedUser authenticatedUser) throws UserSessionRetrievalException { | ||
|
|
||
| String tenantDomain = authenticatedUser.getTenantDomain(); | ||
| String userAccessingOrganization = authenticatedUser.getAccessingOrganization(); | ||
| if (StringUtils.isNotBlank(userAccessingOrganization)) { | ||
| try { | ||
| tenantDomain = UserFunctionsServiceHolder.getInstance().getOrganizationManager() | ||
| .resolveTenantDomain(userAccessingOrganization); | ||
| } catch (OrganizationManagementException e) { | ||
| throw new UserSessionRetrievalException( | ||
| "Error occurred while resolving tenant domain of user accessing organization: " + | ||
| userAccessingOrganization, e); | ||
| } | ||
| } | ||
| return tenantDomain; | ||
| } |
There was a problem hiding this comment.
[nitpick] The method concatenates the organization ID directly into the error message on line 96-97. Consider using String.format() or structured logging to improve readability and maintainability of the error message.
| protected void setOrganizationManager(OrganizationManager organizationManager) { | ||
|
|
||
| UserFunctionsServiceHolder.getInstance().setOrganizationManager(organizationManager); | ||
| LOG.debug("Organization manager service is set in the conditional authentication user functions bundle."); |
There was a problem hiding this comment.
Corrected inconsistent punctuation in debug message: removed period to match the style of the unset method on line 309.
Suggested change
| LOG.debug("Organization manager service is set in the conditional authentication user functions bundle."); | |
| LOG.debug("Organization manager service is set in the conditional authentication user functions bundle"); |
| protected void unsetOrganizationManager(OrganizationManager organizationManager) { | ||
|
|
||
| UserFunctionsServiceHolder.getInstance().setOrganizationManager(null); | ||
| LOG.debug("Organization manager service is unset in the conditional authentication user functions bundle."); |
There was a problem hiding this comment.
Corrected inconsistent punctuation in debug message: removed period to match the style used in other unset methods (e.g., line 291).
Suggested change
| LOG.debug("Organization manager service is unset in the conditional authentication user functions bundle."); | |
| LOG.debug("Organization manager service is unset in the conditional authentication user functions bundle"); |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #218 +/- ##
============================================
+ Coverage 38.04% 38.06% +0.01%
Complexity 418 418
============================================
Files 114 114
Lines 3817 3815 -2
Branches 457 457
============================================
Hits 1452 1452
+ Misses 2207 2205 -2
Partials 158 158
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
AnuradhaSK
approved these changes
Oct 27, 2025
|
PR builder started |
|
PR builder completed |
jenkins-is-staging
approved these changes
Oct 27, 2025
jenkins-is-staging
left a comment
jenkins-is-staging
left a comment
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/18838760478
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds support for organization-aware user session retrieval in the conditional authentication user functions module. The main changes involve integrating the organization management service, updating session retrieval logic to handle organization-based tenant domains, and updating dependencies and service references accordingly.
Organization Management Integration:
OrganizationManageras an OSGi service reference inUserFunctionsServiceComponent, with corresponding bind and unbind methods to manage its lifecycle.UserFunctionsServiceHolderto store and provide access to theOrganizationManagerinstance.User Session Retrieval Enhancements:
GetUserSessionsFunctionImplto resolve the tenant domain using the accessing organization (if present) viaOrganizationManager, accessing organization contains the organization id of the B2B organization during B2B logins. This will be null during B2C logins.getSessionsByUserIdto pass the resolved tenant domain for accurate session management.Dependency and Import Updates:
org.wso2.carbon.identity.organization.management.serviceas a compile-time dependency and removed its test scope dependency inpom.xml. Also updated package import ranges to include organization management service and exception packages.Related issue