如果 nginx 正在代理 moqui 应用程序,则在 header 中使用 api_key 的 Rest API 调用失败
Rest API call with api_key in header fails if nginx is proxying moqui application
当运行moqui在8080端口时,直接api访问
curl -X GET -H "api_key: {apiKey}" http://localhost:8080/rest/s1/example/examples/TEST2
它 returns json 示例 TEST2 的结果。
但是当nginx放在mqoui应用的前面时。代理到 http://localhost:8080,然后 api 访问失败并返回 403
{
"errorCode": 403,
"errors": "User null is not authorized for View on REST Path /example/examples/{exampleId}\nCurrent artifact info: [name:'/example/examples/{exampleId}', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: true, granted:false, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\nCurrent artifact stack:\n[name:'/example/examples', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'/example', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml/s1', type:'AT_XML_SCREEN_TRANS', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]"
}
webFacade 似乎没有通过 api_key 成功初始化 userFacade,因为在错误中 user 为 null。
Nginx 默认不允许在 header 名称中使用下划线 _。 Moqui api 使用包含下划线的 api_key 或 login_key,因此 api_key 或 login_key header 不会传递给后端 moqui 应用程序。
在header中启用下划线在nginx中的名称很简单,添加
underscores_in_headers on;
在 nginx 配置中的 http 或服务器指令中。
当运行moqui在8080端口时,直接api访问
curl -X GET -H "api_key: {apiKey}" http://localhost:8080/rest/s1/example/examples/TEST2
它 returns json 示例 TEST2 的结果。
但是当nginx放在mqoui应用的前面时。代理到 http://localhost:8080,然后 api 访问失败并返回 403
{
"errorCode": 403,
"errors": "User null is not authorized for View on REST Path /example/examples/{exampleId}\nCurrent artifact info: [name:'/example/examples/{exampleId}', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: true, granted:false, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\nCurrent artifact stack:\n[name:'/example/examples', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'/example', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml/s1', type:'AT_XML_SCREEN_TRANS', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]"
}
webFacade 似乎没有通过 api_key 成功初始化 userFacade,因为在错误中 user 为 null。
Nginx 默认不允许在 header 名称中使用下划线 _。 Moqui api 使用包含下划线的 api_key 或 login_key,因此 api_key 或 login_key header 不会传递给后端 moqui 应用程序。
在header中启用下划线在nginx中的名称很简单,添加
underscores_in_headers on;
在 nginx 配置中的 http 或服务器指令中。