Getting tenant id/domain from mediators in WSO2 Api Manager / Gateway

Question

This question is based on this other .

After installing IS and APIM with the process described here , and trying the answers for the other question, the header is not added to the request.

The debug log output, says that the properties are set, but after the authentication is complete (also a misleading log message), and with the supertenant domain.

The API I'm exposing is a simple flask app that prints out the headers, and the calls are all done using the tokens provided by the API store, If I hardcode the value of the header value it is added correctly.

 [2015-09-09 14:48:01,229] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:03,257] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,872] DEBUG - PrivilegedCarbonContext Resolving tenant id from tenant domain
 [2015-09-09 14:48:04,873] DEBUG - PrivilegedCarbonContext Resolving tenant id from tenant domain
 [2015-09-09 14:48:04,873] DEBUG - OAuthAuthenticator Received Token 9d2224bd96a4b6245bcb272415515a2
 [2015-09-09 14:48:04,873] DEBUG - OAuthAuthenticator Default Version API invoked
 [2015-09-09 14:48:04,873] DEBUG - OAuthAuthenticator Removing Authorization header from headers
 [2015-09-09 14:48:04,874] DEBUG - OAuthAuthenticator Full Request Path = /callback
 [2015-09-09 14:48:04,874] DEBUG - APIKeyValidator Found resource in Cache for key: /t/test.com/test/v1/v1/callback:GET
 [2015-09-09 14:48:04,874] DEBUG - OAuthAuthenticator Matching resource is: /callback
 [2015-09-09 14:48:04,874] DEBUG - OAuthAuthenticator User is authorized to access the Resource
 [2015-09-09 14:48:04,874] DEBUG - APIAuthenticationHandler Authenticated API, authentication response relieved: API call failed reason=API_authentication_failure               transactionId=urn:uuid:bbad9a1d-be19-47a7-8676-6e85f7463113 with userAgent=curl/7.43.0 with accessToken=Bearer 9d2224bd96a4b6245bcb272415515a2 for requestURI=/t/test.com/test/v1/   callback at time=Wed Sep 09 14:48:04 UTC 2015 from clientIP=192.168.99.1, elapsedTimeInMilliseconds=0
 [2015-09-09 14:48:04,874] DEBUG - APIThrottleHandler The IP Address of the caller is :192.168.99.1
 [2015-09-09 14:48:04,874]  INFO - LogMediator To: local://axis2services/test/v1/callback, MessageID: urn:uuid:bbad9a1d-be19-47a7-8676-6e85f7463113, Direction: request
 [2015-09-09 14:48:04,875] DEBUG - WSO2Registry ==> Repository fetch of resource with key : tenant
 [2015-09-09 14:48:04,875] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,877] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,878] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,880] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,881] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,883] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,886] DEBUG - WSO2Registry ==> Repository fetch of resource with key : tenant
 [2015-09-09 14:48:04,887] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,888] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,888] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,892] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,893] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,894] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
 [2015-09-09 14:48:04,921]  INFO - CarbonTenantInfoConfigurator >>>>>>>>>>>>>Applying Tenant Info...
 [2015-09-09 14:48:04,921]  INFO - CarbonTenantInfoConfigurator       tenant domain: carbon.super
 [2015-09-09 14:48:04,922]  INFO - CarbonTenantInfoConfigurator       tenant id: -1234
 [2015-09-09 14:48:04,922]  INFO - CarbonTenantInfoConfigurator <<<<<<<<<<<<<<<
 [2015-09-09 14:48:05,283] DEBUG - RealmCache created authorization cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56

Checking the sources it appears that at the point mediators are called, only a token verification is performed, so, is there a way to get the actual tenant of the api caller from a mediator in the API gateway?

Answer 1

If you have class mediator then all that will execute after handlers(authentication, throttling, usage metering perform through handlers). If you run following code block within mediator you will see user id of actual API user(user information derived from access token sent with API call). If you are sending requests with access token generated from API console then you will see application owner name as API user. Otherwise it will show actual end user.

synCtx.getProperty(APIMgtGatewayConstants.USER_ID);