Add null check for organizationId before rewriting basePath

[HasiniSama]

Proposed changes in this pull request

$subject

Adds a null check for organizationId to ensure the base path is rewritten only when a valid organization context is available.

Summary by CodeRabbit

• Bug Fixes
  • Fixed an issue with path handling in organization-aware environments. The system now properly validates organization identifiers before processing path segments, preventing potential errors in path routing.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1

[coderabbitai]

Walkthrough

A null-check is added to the getBasePath method in the identity management endpoint utility. When a non-tenant-qualified server detects an organization context prefix in the base path, replacement of organization-specific segments now only occurs if organizationId is non-null.

Changes

Cohort / File(s)	Summary
Null-check validation components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java	Added null-check for organizationId in getBasePath method before performing organization-specific segment replacement in non-tenant-qualified server scenarios

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Single method modification with straightforward defensive programming change
• Minimal scope: one null-check addition to prevent potential null-reference issues
• Low complexity logic, consistent with existing patterns

Poem

A hop, a skip, a null-check guard,
To keep our paths both safe and hard,
When organizations dance and sway,
We check for null, the safest way! 🐰✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete compared to the required template. It only provides a brief statement of the change without addressing most required sections such as Purpose, Goals, Approach, User stories, Release note, Documentation, Testing details, Security checks, and other mandatory fields.	Complete the description by adding the required template sections including Purpose with issue links, Goals, Approach, User stories, Release note, Documentation impact, Testing details (unit/integration tests), and Security checks verification.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add null check for organizationId before rewriting basePath' directly and clearly describes the main code change - adding a null check for organizationId in the basePath rewriting logic.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java (1)

859-863: Use StringUtils.isNotBlank() for consistency and consider adding logging.

The null check is essential and prevents a potential NPE. However, for consistency with the codebase pattern shown at line 847 and the project's coding conventions, use StringUtils.isNotBlank(organizationId) instead of organizationId != null. This also guards against empty strings.

Additionally, when organizationId is null or blank but the basePath contains the organization context prefix (checked at line 856), the URL may remain in a malformed state. Consider adding debug logging for successful replacements and warning logging for the null case to improve observability.

Based on learnings, the carbon-identity-framework project prefers StringUtils.isNotBlank() for validation in similar contexts.

Apply this diff to improve consistency and observability:

                    } else if (basePath != null && basePath.contains(FrameworkConstants.ORGANIZATION_CONTEXT_PREFIX)) {
                        String organizationId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
                                .getOrganizationId();
-                       if (organizationId != null) {
+                       if (StringUtils.isNotBlank(organizationId)) {
+                           if (log.isDebugEnabled()) {
+                               log.debug("Replacing organization context for organizationId: " + organizationId + 
+                                        " with tenant domain: " + tenantDomain);
+                           }
                            basePath = basePath.replace(
                                    FrameworkConstants.ORGANIZATION_CONTEXT_PREFIX + organizationId,
                                    FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
+                       } else {
+                           log.warn("Organization ID is null or blank while processing base path with organization context");
                        }
                    }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e4e291a and 0119bac.

📒 Files selected for processing (1)

• components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: ShanChathusanda93
Repo: wso2/carbon-identity-framework PR: 7596
File: components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/AbstractRequestCoordinator.java:61-71
Timestamp: 2025-11-06T13:49:53.627Z
Learning: In the carbon-identity-framework project, when resolving tenant domain from organization context in authentication flows, use StringUtils.isNotBlank() for validation instead of separate null and empty checks, and do not add logging for successful tenant domain resolution operations.

Learnt from: ShanChathusanda93
Repo: wso2/carbon-identity-framework PR: 7596
File: components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java:133-137
Timestamp: 2025-11-07T06:21:44.448Z
Learning: In the carbon-identity-framework project, when OrganizationManager is used in the authentication framework components (FrameworkServiceComponent and related classes), null checks are not required because OrganizationManager is declared with ReferenceCardinality.MANDATORY in the OSGi component. This means the component will not activate until OrganizationManager is available, providing an architectural guarantee that the service is always present when the code executes.

📚 Learning: 2025-11-06T13:49:53.627Z

Learnt from: ShanChathusanda93
Repo: wso2/carbon-identity-framework PR: 7596
File: components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/AbstractRequestCoordinator.java:61-71
Timestamp: 2025-11-06T13:49:53.627Z
Learning: In the carbon-identity-framework project, when resolving tenant domain from organization context in authentication flows, use StringUtils.isNotBlank() for validation instead of separate null and empty checks, and do not add logging for successful tenant domain resolution operations.

Applied to files:

• components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java

[Copilot]

Pull request overview

This pull request adds a null safety check for organizationId to prevent potential NullPointerException when rewriting the base path in organization contexts. The change ensures that the base path rewrite operation only occurs when a valid organization ID is available from the thread-local context.

• Added a null check before performing string replacement on the basePath to handle scenarios where organizationId might be null

[Copilot]

[nitpick] While the null check is a good defensive measure, consider adding debug logging when organizationId is null to aid troubleshooting. This would help identify scenarios where the basePath rewrite is skipped unexpectedly. For example:

if (organizationId != null) {
    basePath = basePath.replace(
            FrameworkConstants.ORGANIZATION_CONTEXT_PREFIX + organizationId,
            FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
} else {
    if (log.isDebugEnabled()) {
        log.debug("Organization ID is null. Skipping basePath rewrite for organization context.");
    }
}

Suggested change

	FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
	FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
	} else {
	// Organization ID is null. Skipping basePath rewrite for organization context.
	if (log.isDebugEnabled()) {
	log.debug("Organization ID is null. Skipping basePath rewrite for organization context.");
	}

[ShanChathusanda93]

Shall we use StringUtils? WDYT?

[codecov]

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 50.67%. Comparing base (6c654ae) to head (0119bac).
⚠️ Report is 3 commits behind head on master.

Files with missing lines	Patch %	Lines
.../endpoint/util/IdentityManagementEndpointUtil.java	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #7630      +/-   ##
============================================
+ Coverage     50.40%   50.67%   +0.27%     
- Complexity    19782    19876      +94     
============================================
  Files          2121     2121              
  Lines        129958   130028      +70     
  Branches      26528    26999     +471     
============================================
+ Hits          65507    65894     +387     
+ Misses        56135    55785     -350     
- Partials       8316     8349      +33     

Flag	Coverage Δ
unit	35.60% <50.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.