wso2 - Wso2 基于范围的资源访问控制实现
问题描述
Wso2 API 管理器 v2.6.0
我们正在尝试为 API 下的少数资源设置范围。范围被创建并映射到资源。
为 Scope 生成了令牌,并在将该令牌用于资源时,得到以下响应:-
{
"fault": {
"code": 900900,
"message": "Unclassified Authentication Failure",
"description": "Error while accessing backend services for API key validation"
}
}
在 gw 错误日志文件中出现以下错误:-
2020-08-03 15:03:43,726 [-] [PassThroughMessageProcessor-4] WARN ThriftKeyValidatorClient Login failed.. Authenticating again..
2020-08-03 15:03:43,756 [-] [pool-29-thread-2] ERROR TThreadPoolServer Error occurred during processing of message.
org.wso2.carbon.identity.base.IdentityRuntimeException: Invalid tenant domain null
at org.wso2.carbon.identity.base.IdentityRuntimeException.error(IdentityRuntimeException.java:63)
at org.wso2.carbon.identity.core.util.IdentityTenantUtil.getTenantId(IdentityTenantUtil.java:252)
at org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator.getTenantId(JDBCScopeValidator.java:294)
at org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator.validateScope(JDBCScopeValidator.java:150)
at org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler.validateScopes(DefaultKeyValidationHandler.java:180)
at org.wso2.carbon.apimgt.keymgt.service.APIKeyValidationService.validateKey(APIKeyValidationService.java:188)
at org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl.validateKey(APIKeyValidationServiceImpl.java:132)
at org.wso2.carbon.apimgt.impl.generated.thrift.APIKeyValidationService$Processor$validateKey.getResult(APIKeyValidationService.java:379)
at org.wso2.carbon.apimgt.impl.generated.thrift.APIKeyValidationService$Processor$validateKey.getResult(APIKeyValidationService.java:367)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:32)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:34)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:176)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2020-08-03 15:03:43,760 [-] [PassThroughMessageProcessor-4] ERROR APIAuthenticationHandler API authentication failure due to Unclassified Authentication Failure
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Error while accessing backend services for API key validation
at org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftAPIDataStore.getAPIKeyData(ThriftAPIDataStore.java:55)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.doGetKeyValidationInfo(APIKeyValidator.java:323)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.getKeyValidationInfo(APIKeyValidator.java:255)
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:206)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate(APIAuthenticationHandler.java:210)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:158)
at org.apache.synapse.rest.API.process(API.java:325)
Caused by: org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException
at org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient.getAPIKeyData(ThriftKeyValidatorClient.java:94)
at org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftAPIDataStore.getAPIKeyData(ThriftAPIDataStore.java:52)
... 24 more
Caused by: org.apache.thrift.transport.TTransportException
at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:132)
at org.apache.thrift.transport.TTransport.readAll(TTransport.java:84)
at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:378)
at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:297)
at org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:204)
at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:69)
at org.wso2.carbon.apimgt.impl.generated.thrift.APIKeyValidationService$Client.recv_validateKey(APIKeyValidationService.java:108)
at org.wso2.carbon.apimgt.impl.generated.thrift.APIKeyValidationService$Client.validateKey(APIKeyValidationService.java:83)
at org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient.getAPIKeyData(ThriftKeyValidatorClient.java:90)
... 25 more
api-manager.xml 中的 Thrift 配置如下:-
<APIKeyValidator>
<!-- Server URL of the API key manager -->
<ServerURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<!-- Admin username for API key manager. -->
<Username>${admin.username}</Username>
<!-- Admin password for API key manager. -->
<Password>${admin.password}</Password>
<KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
<ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
<!--ThriftClientPort>10397</ThriftClientPort-->
<EnableThriftServer>true</EnableThriftServer>
<ThriftServerHost>localhost</ThriftServerHost>
<!--ThriftServerPort>10397</ThriftServerPort-->
<ConnectionPool>
<MaxIdle>100</MaxIdle>
<InitIdleCapacity>50</InitIdleCapacity>
</ConnectionPool>
<KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler</KeyValidationHandlerClassName>
</APIKeyValidator>
无法使范围与资源一起使用。任何帮助将不胜感激:) 在此先感谢。
解决方案
推荐阅读
- c++ - 即使文件不再存在,ifstream 也会继续读取
- java - 在android中杀死应用程序时我们如何执行后台操作
- html - 无法正确设置设备宽度,有东西伸出
- asp.net-core-webapi - 如何防止访问者通过 URL 在浏览器中访问我网站的 API?
- javascript - lodash/fp - 如何从@types/lodash 增加打字稿类型?
- c - 递归搜索迷宫中的路径
- javascript - 在 Internet Explorer 中查找父“SVG”元素
- r - 在 kableExtra 中使用组作为表头
- xml - Xpath 过滤器字符串中的多个值
- android - 如何在 previewView 或其他活动中使用 CameraX api 显示捕获的图像?