将用户名令牌方案应用于代理 WSO2 ESB 时出错
Error in applying Username Token scenario to Proxy WSO2 ESB
在 wso2 esb 中将安全方案 1 应用于代理时,出现以下错误,但仅在到达响应调解器时出现。
> TID: [0] [ESB] [2015-03-23 12:52:05,418] DEBUG
> {org.apache.synapse.mediators.builtin.SendMediator} - Start : Send
> mediator {org.apache.synapse.mediators.builtin.SendMediator} TID: [0]
> [ESB] [2015-03-23 12:52:05,419] DEBUG
> {org.apache.synapse.mediators.builtin.SendMediator} - Sending
> response message using implicit message properties.. Sending To:
> http://www.w3.org/2005/08/addressing/anonymous SOAPAction:
> {org.apache.synapse.mediators.builtin.SendMediator} TID: [0] [ESB]
> [2015-03-23 12:52:05,511] ERROR
> {org.apache.synapse.core.axis2.Axis2Sender} -
> Content-Type:text/xml;charset=UTF-8,Date:Mon, 23 Mar 2015 10:52:02
> GMT,Server:WSO2 Carbon Server,Transfer-Encoding:chunked,<?xml
> version="1.0" encoding="utf-8"?><soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:prod="http://za.co.pepkor/product_service/"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1"><wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="Timestamp-1"><wsu:Created>2015-03-23T10:52:05.507Z</wsu:Created><wsu:Expires>2015-03-23T10:57:05.507Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header><soapenv:Body><prod:productSearchResp>
> <productDetails><noItemFound>No item in
> Ackerman's</noItemFound></productDetails><productDetails><productID>1452168</productID><productName>PUMPS</productName><productSize>7</productSize><productColour>ORANGE</productColour><productType>SHOE</productType><sourceID>SHC</sourceID></productDetails><productDetails><productID>1124596</productID><productName>REEBOK_SNEAKERS</productName><productSize>7</productSize><productColour>BROWN</productColour><productType>SHOES</productType><sourceID>SHC</sourceID></productDetails><productDetails><productID>1123456</productID><productName>NIKE_SHIRTS</productName><productSize>7</productSize><productColour>RED</productColour><productType>SHIRT</productType><sourceID>SHC</sourceID></productDetails>
> </prod:productSearchResp></soapenv:Body></soapenv:Envelope> Unexpected
> error sending message back {org.apache.synapse.core.axis2.Axis2Sender}
> org.apache.axis2.AxisFault: No user value in the rampart configuration
> policy at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76)
> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at
> org.apache.axis2.engine.Phase.invoke(Phase.java:313) at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:426) at
> org.apache.synapse.core.axis2.Axis2Sender.sendBack(Axis2Sender.java:163)
> at
> org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:321)
> at
> org.apache.synapse.mediators.builtin.SendMediator.mediate(SendMediator.java:94)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.config.xml.AnonymousListMediator.mediate(AnonymousListMediator.java:30)
> at
> org.apache.synapse.config.xml.SwitchCase.mediate(SwitchCase.java:66)
> at
> org.apache.synapse.mediators.filters.SwitchMediator.mediate(SwitchMediator.java:123)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at
> org.apache.synapse.mediators.eip.aggregator.AggregateMediator.completeAggregate(AggregateMediator.java:419)
> at
> org.apache.synapse.mediators.eip.aggregator.AggregateMediator.mediate(AggregateMediator.java:314)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:196)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at
> org.apache.synapse.mediators.eip.aggregator.AggregateMediator.completeAggregate(AggregateMediator.java:419)
> at
> org.apache.synapse.mediators.eip.aggregator.AggregateMediator.mediate(AggregateMediator.java:314)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at org.apache.synapse.mediators.eip.Target.mediate(Target.java:106)
> at
> org.apache.synapse.mediators.eip.splitter.IterateMediator.mediate(IterateMediator.java:146)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.filters.FilterMediator.mediate(FilterMediator.java:160)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at
> org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:261)
> at
> org.apache.synapse.core.axis2.SynapseCallbackReceiver.handleMessage(SynapseCallbackReceiver.java:488)
> at
> org.apache.synapse.core.axis2.SynapseCallbackReceiver.receive(SynapseCallbackReceiver.java:170)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
> at
> org.apache.synapse.transport.passthru.ClientWorker.run(ClientWorker.java:225)
> at
> org.apache.axis2.transport.base.threads.NativeWorkerPool.run(NativeWorkerPool.java:172)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745) Caused by:
> org.apache.rampart.RampartException: No user value in the rampart
> configuration policy at
> org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:212)
> at
> org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 46 more
这当然是使用默认策略。我尝试按如下方式编辑策略(soap11binding 级别):
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:user>admin</rampart:user>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.mypwhandler.PWCBHandler</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
其中 PWCBHandler =
包组织。wso2.carbon.security.mypwhandler;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager;
public class PWCBHandler implements CallbackHandler {
private String all;
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
int usage = pwcb.getUsage();
if (usage == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
// verify uT password
if ("admin".equals(pwcb.getIdentifier())
&& "admin".equals(pwcb.getPassword())) {
return;
}
}
当我使用上述处理程序时,出现以下错误:
AxisFault: No password supplied by the callback handler for the user :
"admin"
请协助我解决这个问题。我怀疑这可能是导致问题的服务链方面。
我尝试过的其他事情:
将以上内容作为自定义方案策略应用,为什么即使没有进行加密也包含 keystore/trusted 密钥库选项???
还有一个问题就是为什么默认的SecurityTokenStore在源码里都被注释掉了???我无法在远程调试中点击上面的 SecurityTokenStore...
代理服务器:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="Product_Search_Proxy"
transports="https"
statistics="disable"
trace="disable"
startOnLoad="true">
<target outSequence="productSearchHandler">
<inSequence>
<switch source="$trp:Content-Type">
<case regex="text/xml;charset=UTF-8">
<property name="CallType" value="SOAP" scope="default" type="STRING"/>
<log level="custom">
<property name="Soap request read ..." value="sending..."/>
</log>
<log level="full" category="DEBUG" separator="____:::::____"/>
<clone>
<target sequence="ackProductSearchRq"/>
<target sequence="shcProductSearchRq"/>
</clone>
</case>
<case regex="application/json">
<property name="CallType" value="REST" scope="default" type="STRING"/>
<log level="custom">
<property name="REST or API request read ..." value="sending..."/>
</log>
<property name="messageType" value="text/xml" scope="axis2" type="STRING"/>
<log level="full" category="DEBUG" separator="____:::::____"/>
<property xmlns:ns="http://org.apache.synapse/xsd"
name="name"
expression="//productSearch/productName/text()"
scope="default"
type="STRING"/>
<property xmlns:ns="http://org.apache.synapse/xsd"
name="size"
expression="//productSearch/productSize/text()"
scope="default"
type="STRING"/>
<property xmlns:ns="http://org.apache.synapse/xsd"
name="colour"
expression="//productSearch/productColour/text()"
scope="default"
type="STRING"/>
<payloadFactory media-type="xml">
<format>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:prod="http://za.co.pepkor/product_service/">
<soapenv:Body>
<prod:productSearchReq>
<productName xmlns=""></productName>
<productSize xmlns=""></productSize>
<productColour xmlns=""></productColour>
</prod:productSearchReq>
</soapenv:Body>
</soapenv:Envelope>
</format>
<args>
<arg xmlns:ns="http://org.apache.synapse/xsd"
evaluator="xml"
expression="$ctx:name"/>
<arg xmlns:ns="http://org.apache.synapse/xsd"
evaluator="xml"
expression="$ctx:size"/>
<arg xmlns:ns="http://org.apache.synapse/xsd"
evaluator="xml"
expression="$ctx:colour"/>
</args>
</payloadFactory>
<clone>
<target sequence="ackProductSearchRq"/>
<target sequence="shcProductSearchRq"/>
</clone>
</case>
<default/>
</switch>
</inSequence>
<faultSequence/>
</target>
<publishWSDL key="conf:/service_definitions/PepKorProductSearch.wsdl"/>
<parameter name="ScenarioID">scenario1</parameter>
<enableSec/>
<policy key="conf:/repository/axis2/service-groups/Product_Search_Proxy/services/Product_Search_Proxy/policies/UTOverTransport"/>
<description/>
</proxy>
您混淆了CallbackHandler 的使用。它用于提供明文密码,Validator 实现稍后将根据该明文密码验证提交的密码,而不是为您提供自己验证密码的机会。
您的代码应该类似于
if ("admin".equals(pwcb.getIdentifier()) {
pwcb.setPassword("admin");
return;
}
如果你真的想自己执行验证,请看我的另一个答案here
自轴 2 引擎上的服务 运行s 进入 wso2esb-4.8.1\repository\conf\axis2\ 中的 axis2.xml 文件后,我们在阶段部分( phases 表示 proxies/services 将 运行 通过的 "flow"”)特别是 部分(对应于代理的 "outSequence" ) 就在 < phase name="MessageOut"/> 之后,它执行 < phase name="Security"/> (这将对应于代理的安全策略)。所以这就是错误所在抛出并确认上述观察和错误日志
<phaseOrder type="OutFlow">
<!-- Handlers related to unified-endpoint component are added to the UEPPhase -->
<phase name="UEPPhase" />
<!-- user can add his own phases to this area -->
<phase name="RMPhase"/>
<phase name="MUPhase"/>
<phase name="OpPhase"/>
<phase name="OperationOutPhase"/>
<!--system predefined phase-->
<!--these phase will run irrespective of the service-->
<phase name="PolicyDetermination"/>
<phase name="PTSecurityOutPhase">
<handler name="RelaySecuirtyMessageBuilderDispatchandler"
class="org.apache.synapse.transport.passthru.util.RelaySecuirtyMessageBuilderDispatchandler"/>
</phase>
<phase name="PTCacheOutPhase">
<handler name="CacheMessageBuilderDispatchandler"
class="org.wso2.carbon.mediation.initializer.handler.CacheMessageBuilderDispatchandler"/>
</phase>
<phase name="MessageOut"/>
<phase name="Security"/>
<phase name="MsgOutObservation"/>
</phaseOrder>
因此我们需要断言此特定代理的响应必须以非安全方式执行。(后端之间的通信已经使用相互 SSL 进行保护)。
我们可以编写一个新模块并将其插入 ESB 的模块部分(参见 https://docs.wso2.com/display/ESB481/Working+with+Modules ),该模块可用于跳过 之前的空策略。这种模块化方式是最好的方法,因为我们只能为我们想要的 proxy/services.
使用“NoSecurity”模块
Steps:
1. In developer studio , created a module as described in (https://docs.wso2.com/display/ESB481/Writing+an+Axis2+Module):
Handler Logic:
Note that following 2 uses requires the following OutFlow phaseOrder
<OutFlow>
:
<NoSecurity/>
<Security/>
:
</OutFlow>
// To apply the bottom(getPolicy) empty policy for security phase...
InputStream stream = new ByteArrayInputStream(getPolicy().getBytes());
Policy policy = PolicyEngine.getPolicy(stream);
if (policy != null) {
messageContext.setProperty("rampartOutPolicy", policy);
}
return InvocationResponse.CONTINUE;
// To skip the <security> phase when <noSecurity> is reached..
msgContext.setCurrentHandlerIndex(msgContext.getCurrentHandlerIndex()+ 2);
return InvocationResponse.CONTINUE;
{
private String getPolicy() {
return "<wsp:Policy wsu:Id=\"emptyPolicy\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" "
+ "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">"
+ "<wsp:ExactlyOne><wsp:All><sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">"
+ "<wsp:Policy></wsp:Policy></sp:TransportBinding></wsp:All></wsp:ExactlyOne></wsp:Policy>";
}
}
2. Upload module to ESB (https://docs.wso2.com/display/ESB481/Uploading+a+Module)
3. Engage module on a SERVICE LEVEL (https://docs.wso2.com/display/ESB481/Module+Engagement+for+Service)
4. Re-tested = SUCCESS !
在 wso2 esb 中将安全方案 1 应用于代理时,出现以下错误,但仅在到达响应调解器时出现。
> TID: [0] [ESB] [2015-03-23 12:52:05,418] DEBUG
> {org.apache.synapse.mediators.builtin.SendMediator} - Start : Send
> mediator {org.apache.synapse.mediators.builtin.SendMediator} TID: [0]
> [ESB] [2015-03-23 12:52:05,419] DEBUG
> {org.apache.synapse.mediators.builtin.SendMediator} - Sending
> response message using implicit message properties.. Sending To:
> http://www.w3.org/2005/08/addressing/anonymous SOAPAction:
> {org.apache.synapse.mediators.builtin.SendMediator} TID: [0] [ESB]
> [2015-03-23 12:52:05,511] ERROR
> {org.apache.synapse.core.axis2.Axis2Sender} -
> Content-Type:text/xml;charset=UTF-8,Date:Mon, 23 Mar 2015 10:52:02
> GMT,Server:WSO2 Carbon Server,Transfer-Encoding:chunked,<?xml
> version="1.0" encoding="utf-8"?><soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:prod="http://za.co.pepkor/product_service/"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1"><wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="Timestamp-1"><wsu:Created>2015-03-23T10:52:05.507Z</wsu:Created><wsu:Expires>2015-03-23T10:57:05.507Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header><soapenv:Body><prod:productSearchResp>
> <productDetails><noItemFound>No item in
> Ackerman's</noItemFound></productDetails><productDetails><productID>1452168</productID><productName>PUMPS</productName><productSize>7</productSize><productColour>ORANGE</productColour><productType>SHOE</productType><sourceID>SHC</sourceID></productDetails><productDetails><productID>1124596</productID><productName>REEBOK_SNEAKERS</productName><productSize>7</productSize><productColour>BROWN</productColour><productType>SHOES</productType><sourceID>SHC</sourceID></productDetails><productDetails><productID>1123456</productID><productName>NIKE_SHIRTS</productName><productSize>7</productSize><productColour>RED</productColour><productType>SHIRT</productType><sourceID>SHC</sourceID></productDetails>
> </prod:productSearchResp></soapenv:Body></soapenv:Envelope> Unexpected
> error sending message back {org.apache.synapse.core.axis2.Axis2Sender}
> org.apache.axis2.AxisFault: No user value in the rampart configuration
> policy at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76)
> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at
> org.apache.axis2.engine.Phase.invoke(Phase.java:313) at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:426) at
> org.apache.synapse.core.axis2.Axis2Sender.sendBack(Axis2Sender.java:163)
> at
> org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:321)
> at
> org.apache.synapse.mediators.builtin.SendMediator.mediate(SendMediator.java:94)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.config.xml.AnonymousListMediator.mediate(AnonymousListMediator.java:30)
> at
> org.apache.synapse.config.xml.SwitchCase.mediate(SwitchCase.java:66)
> at
> org.apache.synapse.mediators.filters.SwitchMediator.mediate(SwitchMediator.java:123)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at
> org.apache.synapse.mediators.eip.aggregator.AggregateMediator.completeAggregate(AggregateMediator.java:419)
> at
> org.apache.synapse.mediators.eip.aggregator.AggregateMediator.mediate(AggregateMediator.java:314)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:196)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at
> org.apache.synapse.mediators.eip.aggregator.AggregateMediator.completeAggregate(AggregateMediator.java:419)
> at
> org.apache.synapse.mediators.eip.aggregator.AggregateMediator.mediate(AggregateMediator.java:314)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at org.apache.synapse.mediators.eip.Target.mediate(Target.java:106)
> at
> org.apache.synapse.mediators.eip.splitter.IterateMediator.mediate(IterateMediator.java:146)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.filters.FilterMediator.mediate(FilterMediator.java:160)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
> at
> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
> at
> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
> at
> org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:261)
> at
> org.apache.synapse.core.axis2.SynapseCallbackReceiver.handleMessage(SynapseCallbackReceiver.java:488)
> at
> org.apache.synapse.core.axis2.SynapseCallbackReceiver.receive(SynapseCallbackReceiver.java:170)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
> at
> org.apache.synapse.transport.passthru.ClientWorker.run(ClientWorker.java:225)
> at
> org.apache.axis2.transport.base.threads.NativeWorkerPool.run(NativeWorkerPool.java:172)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745) Caused by:
> org.apache.rampart.RampartException: No user value in the rampart
> configuration policy at
> org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:212)
> at
> org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 46 more
这当然是使用默认策略。我尝试按如下方式编辑策略(soap11binding 级别):
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:user>admin</rampart:user>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.mypwhandler.PWCBHandler</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
其中 PWCBHandler =
包组织。wso2.carbon.security.mypwhandler;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager;
public class PWCBHandler implements CallbackHandler {
private String all;
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
int usage = pwcb.getUsage();
if (usage == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
// verify uT password
if ("admin".equals(pwcb.getIdentifier())
&& "admin".equals(pwcb.getPassword())) {
return;
}
}
当我使用上述处理程序时,出现以下错误:
AxisFault: No password supplied by the callback handler for the user : "admin"
请协助我解决这个问题。我怀疑这可能是导致问题的服务链方面。
我尝试过的其他事情:
将以上内容作为自定义方案策略应用,为什么即使没有进行加密也包含 keystore/trusted 密钥库选项???
还有一个问题就是为什么默认的SecurityTokenStore在源码里都被注释掉了???我无法在远程调试中点击上面的 SecurityTokenStore...
代理服务器:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="Product_Search_Proxy"
transports="https"
statistics="disable"
trace="disable"
startOnLoad="true">
<target outSequence="productSearchHandler">
<inSequence>
<switch source="$trp:Content-Type">
<case regex="text/xml;charset=UTF-8">
<property name="CallType" value="SOAP" scope="default" type="STRING"/>
<log level="custom">
<property name="Soap request read ..." value="sending..."/>
</log>
<log level="full" category="DEBUG" separator="____:::::____"/>
<clone>
<target sequence="ackProductSearchRq"/>
<target sequence="shcProductSearchRq"/>
</clone>
</case>
<case regex="application/json">
<property name="CallType" value="REST" scope="default" type="STRING"/>
<log level="custom">
<property name="REST or API request read ..." value="sending..."/>
</log>
<property name="messageType" value="text/xml" scope="axis2" type="STRING"/>
<log level="full" category="DEBUG" separator="____:::::____"/>
<property xmlns:ns="http://org.apache.synapse/xsd"
name="name"
expression="//productSearch/productName/text()"
scope="default"
type="STRING"/>
<property xmlns:ns="http://org.apache.synapse/xsd"
name="size"
expression="//productSearch/productSize/text()"
scope="default"
type="STRING"/>
<property xmlns:ns="http://org.apache.synapse/xsd"
name="colour"
expression="//productSearch/productColour/text()"
scope="default"
type="STRING"/>
<payloadFactory media-type="xml">
<format>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:prod="http://za.co.pepkor/product_service/">
<soapenv:Body>
<prod:productSearchReq>
<productName xmlns=""></productName>
<productSize xmlns=""></productSize>
<productColour xmlns=""></productColour>
</prod:productSearchReq>
</soapenv:Body>
</soapenv:Envelope>
</format>
<args>
<arg xmlns:ns="http://org.apache.synapse/xsd"
evaluator="xml"
expression="$ctx:name"/>
<arg xmlns:ns="http://org.apache.synapse/xsd"
evaluator="xml"
expression="$ctx:size"/>
<arg xmlns:ns="http://org.apache.synapse/xsd"
evaluator="xml"
expression="$ctx:colour"/>
</args>
</payloadFactory>
<clone>
<target sequence="ackProductSearchRq"/>
<target sequence="shcProductSearchRq"/>
</clone>
</case>
<default/>
</switch>
</inSequence>
<faultSequence/>
</target>
<publishWSDL key="conf:/service_definitions/PepKorProductSearch.wsdl"/>
<parameter name="ScenarioID">scenario1</parameter>
<enableSec/>
<policy key="conf:/repository/axis2/service-groups/Product_Search_Proxy/services/Product_Search_Proxy/policies/UTOverTransport"/>
<description/>
</proxy>
您混淆了CallbackHandler 的使用。它用于提供明文密码,Validator 实现稍后将根据该明文密码验证提交的密码,而不是为您提供自己验证密码的机会。
您的代码应该类似于
if ("admin".equals(pwcb.getIdentifier()) {
pwcb.setPassword("admin");
return;
}
如果你真的想自己执行验证,请看我的另一个答案here
自轴 2 引擎上的服务 运行s 进入 wso2esb-4.8.1\repository\conf\axis2\ 中的 axis2.xml 文件后,我们在阶段部分( phases 表示 proxies/services 将 运行 通过的 "flow"”)特别是
<phaseOrder type="OutFlow">
<!-- Handlers related to unified-endpoint component are added to the UEPPhase -->
<phase name="UEPPhase" />
<!-- user can add his own phases to this area -->
<phase name="RMPhase"/>
<phase name="MUPhase"/>
<phase name="OpPhase"/>
<phase name="OperationOutPhase"/>
<!--system predefined phase-->
<!--these phase will run irrespective of the service-->
<phase name="PolicyDetermination"/>
<phase name="PTSecurityOutPhase">
<handler name="RelaySecuirtyMessageBuilderDispatchandler"
class="org.apache.synapse.transport.passthru.util.RelaySecuirtyMessageBuilderDispatchandler"/>
</phase>
<phase name="PTCacheOutPhase">
<handler name="CacheMessageBuilderDispatchandler"
class="org.wso2.carbon.mediation.initializer.handler.CacheMessageBuilderDispatchandler"/>
</phase>
<phase name="MessageOut"/>
<phase name="Security"/>
<phase name="MsgOutObservation"/>
</phaseOrder>
因此我们需要断言此特定代理的响应必须以非安全方式执行。(后端之间的通信已经使用相互 SSL 进行保护)。
我们可以编写一个新模块并将其插入 ESB 的模块部分(参见 https://docs.wso2.com/display/ESB481/Working+with+Modules ),该模块可用于跳过
Steps:
1. In developer studio , created a module as described in (https://docs.wso2.com/display/ESB481/Writing+an+Axis2+Module):
Handler Logic:
Note that following 2 uses requires the following OutFlow phaseOrder
<OutFlow>
:
<NoSecurity/>
<Security/>
:
</OutFlow>
// To apply the bottom(getPolicy) empty policy for security phase...
InputStream stream = new ByteArrayInputStream(getPolicy().getBytes());
Policy policy = PolicyEngine.getPolicy(stream);
if (policy != null) {
messageContext.setProperty("rampartOutPolicy", policy);
}
return InvocationResponse.CONTINUE;
// To skip the <security> phase when <noSecurity> is reached..
msgContext.setCurrentHandlerIndex(msgContext.getCurrentHandlerIndex()+ 2);
return InvocationResponse.CONTINUE;
{
private String getPolicy() {
return "<wsp:Policy wsu:Id=\"emptyPolicy\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" "
+ "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">"
+ "<wsp:ExactlyOne><wsp:All><sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">"
+ "<wsp:Policy></wsp:Policy></sp:TransportBinding></wsp:All></wsp:ExactlyOne></wsp:Policy>";
}
}
2. Upload module to ESB (https://docs.wso2.com/display/ESB481/Uploading+a+Module)
3. Engage module on a SERVICE LEVEL (https://docs.wso2.com/display/ESB481/Module+Engagement+for+Service)
4. Re-tested = SUCCESS !