WSO2 ESB EntitlementMediator无法将消息发送到Identity Server
[英]WSO2 ESB EntitlementMediator can not send message to Identity Server
问题描述
I am facing a problem in integrating WSO2 identity server with ESB. 
我在将WSO2身份服务器与ESB集成时遇到问题。
After I followed the guide "Using XACML Fine Grained Authorization with the WSO2 Product Platform" , I found that ESB had received message from client, but I didn't find that ESB had sent message to Identity Server. 在遵循指南“在WSO2产品平台上使用XACML细粒度授权”之后 ,我发现ESB已收到来自客户端的消息,但是我没有发现ESB已向Identity Server发送了消息。
I tried with wso2esb-4.7.0 and wso2is-4.1.0 我尝试了wso2esb-4.7.0和wso2is-4.1.0
The following are the steps I took: 以下是我采取的步骤:
Configure the WSO2 Identity Server as the XACML engine and start Identity Server;
将WSO2身份服务器配置为XACML引擎,然后启动身份服务器。 Configure the Entitlement mediator in the WSO2 ESB and start ESB;
在WSO2 ESB中配置权利调解员,然后启动ESB。 Run the client code in the IDE.
在IDE中运行客户端代码。
In ESB and IS, there is no message outputted. 在ESB和IS中,没有消息输出。
In the client IDE, the following messages occur in the console: 在客户端IDE中,控制台中会出现以下消息:
......
13/08/05 15:24:15 INFO deployment.ModuleDeployer: Deploying module: rahas - file:/D:/project/wso2/test/wso2esb-4.7.0/repository/components/plugins/rampart-trust_1.6.1.wso2v8.jar
13/08/05 15:24:15 ERROR sandesha2.SandeshaModule: Could not load module policies. Using default values.
13/08/05 15:24:15 INFO tcp.TCPTransportSender: TCP Sender started
13/08/05 15:24:17 ERROR engine.AxisEngine: Missing wsse:Security header in request
org.apache.axis2.AxisFault: Missing wsse:Security header in request
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:180)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:356)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:413)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:554)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:530)
at org.wso2.entitlement.sample.WSEntitlementTestClient.main(WSEntitlementTestClient.java:59)
Caused by: org.apache.rampart.RampartException: Missing wsse:Security header in request
at org.apache.rampart.RampartEngine.process(RampartEngine.java:141)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 11 more
Exception in thread "main" org.apache.axis2.AxisFault: Missing wsse:Security header in request
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:180)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:356)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:413)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:554)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:530)
at org.wso2.entitlement.sample.WSEntitlementTestClient.main(WSEntitlementTestClient.java:59)
Caused by: org.apache.rampart.RampartException: Missing wsse:Security header in request
at org.apache.rampart.RampartEngine.process(RampartEngine.java:141)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 11 more
The following is the client source code: 以下是客户端源代码:
package org.wso2.entitlement.sample;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.Constants;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;
public class WSEntitlementTestClient {
final static String ADDR_URL = "http://localhost:8280/services/echo"; //"http://localhost:8280/services/MarketDataService";
final static String TRANS_URL = "https://localhost:8243/services/EntitlementService"; // "https://localhost:8243/services/EntitlementProxy";
public static void main(String[] args) throws Exception {
ServiceClient client = null;
Options options = null;
OMElement response = null;
ConfigurationContext context = null;
String trustStore = null;
// You need to import the ESBs public certificate to this key store.
trustStore = "wso2carbon.jks";
// We are accessing ESB over HTTPS - so need to set trustStore parameters.
System.setProperty("javax.net.ssl.trustStore", trustStore);
// Password of mykeystore.jks
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
// Create configuration context - you will have Rampart module engaged in the client.axis2.xml
context = ConfigurationContextFactory.createConfigurationContextFromFileSystem("repo","repo/conf/axis2_client.xml");
// This is the security policy of the proxy service applied UT.
StAXOMBuilder builder = new StAXOMBuilder("policy.xml");
Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());
// context = ConfigurationContextFactory.createConfigurationContextFromFileSystem("repo","repo/conf/client.axis2.xml");
client = new ServiceClient(context, null);
options = new Options();
options.setAction("urn:echoString");
// This is the addressing URL pointing to the echo service deployed in ESB
options.setTo(new EndpointReference(ADDR_URL));
// To the ESB, the proxy service
options.setUserName("admin");
options.setPassword("admin");
// TRANS_URL points to proxy service
options.setProperty(Constants.Configuration.TRANSPORT_URL, TRANS_URL);
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
client.setOptions(options);
client.engageModule("addressing");
client.engageModule("rampart");
response = client.sendReceive(getPayload("Hello world"));
System.out.println(response);
}
private static OMElement getPayload(String value) {
OMFactory factory = null;
OMNamespace ns = null;
OMElement elem = null;
OMElement childElem = null;
factory = OMAbstractFactory.getOMFactory();
ns = factory.createOMNamespace("http://echo.services.core.carbon.wso2.org", "ns1");
elem = factory.createOMElement("echoString", ns);
childElem = factory.createOMElement("in", null);
childElem.setText(value);
elem.addChild(childElem);
return elem;
}
}
The following is the Entitlement Policy in the Identity Server: 以下是Identity Server中的权利策略:
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="Note" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
<Description>Note description </Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">http://localhost:8280/services/echo</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule Effect="Permit" RuleId="primary-group-rule">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin</AttributeValue>
</Apply>
</Condition>
</Rule>
<Rule Effect="Deny" RuleId="deny-rule"/>
The following is the EntitlementService source in ESB: 以下是ESB中的EntitlementService源:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="EntitlementService"
transports="https"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<entitlementService remoteServiceUrl="https://localhost:9445/services/"
remoteServiceUserName="admin"
remoteServicePassword="enc:kuv2MubUUveMyv6GeHrXr9il59ajJIqUI4eoYHcgGKf/BBFOWn96NTjJQI+wYbWjKW6r79S7L7ZzgYeWx7DlGbff5X3pBN2Gh9yV0BHP1E93QtFqR7uTWi141Tr7V7ZwScwNqJbiNoV+vyLbsqKJE7T3nP8Ih9Y6omygbcLcHzg=">
<onReject/>
<onAccept/>
<obligations/>
<advice/>
</entitlementService>
<header name="wsse:Security" scope="transport" action="remove"/>
<send/>
<drop/>
</inSequence>
<outSequence>
<send/>
<drop/>
</outSequence>
</target>
<enableSec/>
<policy key="conf:/repository/axis2/service-groups/EntitlementService/services/EntitlementService/policies/UTOverTransport"/>
<description/>
</proxy>
In the ESB SOAP Message Tracer I can see the following Request Message: 在ESB SOAP消息跟踪器中,我可以看到以下请求消息:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
<wsu:Created>2013-08-05T06:10:20.503Z</wsu:Created>
<wsu:Expires>2013-08-05T06:15:20.503Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>aaa</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:To>http://localhost:8280/services/echo</wsa:To>
<wsa:MessageID>urn:uuid:269da889-ce33-4138-b050-3f4913dbbc17</wsa:MessageID>
<wsa:Action>urn:echoString</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<ns1:echoString xmlns:ns1="http://echo.services.core.carbon.wso2.org">
<in>Hello world</in>
</ns1:echoString>
</soapenv:Body>
</soapenv:Envelope>
along with the following response: 以及以下响应:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Action>urn:echoStringResponse</wsa:Action>
<wsa:RelatesTo>urn:uuid:269da889-ce33-4138-b050-3f4913dbbc17</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body>
<ns:echoStringResponse xmlns:ns="http://echo.services.core.carbon.wso2.org">
<return>Hello world</return>
</ns:echoStringResponse>
</soapenv:Body>
</soapenv:Envelope>
But in the Identity Server SOAP Message Tracer, the request message and response message are both empty. 但是在Identity Server SOAP消息跟踪器中,请求消息和响应消息均为空。 It seems like ESB does not send any message to the Identity Server. ESB似乎没有向Identity Server发送任何消息。
Does anyone know what is wrong? 有人知道哪里出问题了吗?
1 个解决方案
解决方案1
0 2013-08-06 13:22:34
At first WSO2 ESB 4.7.0 and WSO2 IS 4.1.0 are not the compatible versions. 首先,WSO2 ESB 4.7.0和WSO2 IS 4.1.0不是兼容版本。 Either you can use ESB 4.6.0 with IS 4.1.0 or use WSO2 IS 4.5.0(which is to be released soon) with the current ESB. 您可以将ESB 4.6.0与IS 4.1.0一起使用,也可以将WSO2 IS 4.5.0(即将发布)与当前ESB一起使用。
This error you are facing 'Missing wsse:Security header in request' may be because of the BasicAuth scenario, that it first sends a request without user name and password, letting the server to submit the challenge. 您面临的“请求中缺少wsse:Security标头”错误可能是由于BasicAuth情况造成的,它首先发送了一个没有用户名和密码的请求,让服务器提交了质询。 Only after receiving the challenge the client is sending the basicAuth parameters. 仅在收到质询后,客户端才发送basicAuth参数。
Cheers, 干杯,
Pushpalanka 普什帕兰卡
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
WSO2 ESB安全代理:已签名发送到后端的请求 - WSO2 ESB Secure proxy : The request send to back end is signed
比较WSO2 Identity Server和SCIM - Compare WSO2 Identity Server and SCIM
WSO2 ESB获取用户名 - WSO2 ESB Get Username
WSO2 ESB按代理阻止地址 - WSO2 ESB blocking address by proxy
WSO2安全用户名令牌ESB和DSS - WSO2 SECURITY USERNAMETOKEN ESB AND DSS
用户组的wso2 esb策略 - wso2 esb policy with user groups
代理中的WSO2 ESB安全处理程序 - WSO2 ESB Secure handler in proxy
WSO2 ESB安全代理端点 - WSO2 ESB Secured Proxy Endpoint
基于WSO2 ESB方法的安全性 - WSO2 ESB method based security
WSO2 ESB获取认证名称 - WSO2 ESB Get Authentification Name
相关标签