堆栈内存溢出
  简体   繁体   English

WSO2 ESB OAuth2处理程序,如何处理大型Post的无效令牌。

[英]WSO2 ESB OAuth2 Handler,How to handle invalid token for large Post.

 原文  2014-06-13 11:15:26       oauth-2.0/ wso2/ wso2esb

问题描述

I have implemented OAuth2 handler by using this tutorial https://docs.wso2.org/display/ESB481/Securing+APIs#SecuringAPIs-GettingtheOAuthtoken 我已通过使用本教程https://docs.wso2.org/display/ESB481/Securing+APIs#SecuringAPIs-GettingtheOAuthtoken实现了OAuth2处理程序

In case,when invalid token is used I'm unable to clear body before sending unauthorized response back to client. 如果使用无效令牌,在将未经授权的响应发送回客户端之前,我无法清除正文。 I've tried to clear Soap Body before sending message back but still original Post data is sent back to client. 我曾尝试先清除Soap Body,然后再发送回消息,但仍将原始Post数据发送回客户端。 HTTP status code is changed to 401. HTTP状态代码更改为401。

Is there any way to empty soap body in Oauth2 handler before sending response back ? 在发送回响应之前,是否可以在Oauth2处理程序中清空肥皂主体?

In OAuth2 tutorial, handler only returns true/false depending of token validation. 在OAuth2教程中,处理程序仅根据令牌验证返回true / false。 If I do that request when handler returns false, request will just hang without getting any response back. 如果我在处理程序返回false时执行该请求,则请求将立即挂起而不会返回任何响应。 Should it work without sending response back manually inside handler ? 是否应该在处理程序内部不手动发送响应的情况下工作?

Here's my current code snippet: 这是我当前的代码片段: 

public boolean handleRequest(MessageContext msgCtx) {

....

boolean isValid = stub.validate(dto).getValid();

if (!isValid)
{ 
     log.error("is not valid token");

      Axis2MessageContext axis2smc = (Axis2MessageContext) msgCtx;
      org.apache.axis2.context.MessageContext axis2MessageCtx =                 axis2smc.getAxis2MessageContext();
      axis2MessageCtx.setProperty("HTTP_SC", "401");
      axis2MessageCtx.setProperty("DISABLE_CHUNKING", true);
      axis2MessageCtx.setProperty("NO_ENTITY_BODY", new Boolean("true"));
      msgCtx.setProperty("RESPONSE", "true");
      msgCtx.setTo(null);

// Trying to flush response body with dummy tags, but this does not work
// However it works in Custom mediator implemention.
      try {
           SOAPBody body = msgCtx.getEnvelope().getBody();
           body.setFirstChild(AXIOMUtil.stringToOM("<p></p>"));

       } 

      catch (XMLStreamException e) {
       log.error(e.getStackTrace());
       }

      Axis2Sender.sendBack(msgCtx);
      return false;
   }

      return isValid;
 }

Thanks for any tips. 感谢您的提示。

1 个解决方案

解决方案1
 0  2014-06-25 19:49:11

I think payloadFactory can do exactly what you're looking to do. 我认为有效负载工厂可以完全满足您的期望。 It will set the soap body to contents you specify. 它将肥皂皂设置为您指定的内容。 The documentation on this transform mediator is here: https://docs.wso2.org/display/ESB481/PayloadFactory+Mediator 有关此转换介体的文档在这里: https : //docs.wso2.org/display/ESB481/PayloadFactory+Mediator

You could even take the chance to provide useful information in the soap response, like the token request url and proper oAuth2.0 request syntax. 您甚至可以借此机会在肥皂响应中提供有用的信息,例如令牌请求网址和正确的oAuth2.0请求语法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WSO2 ESB-使用OAuth2服务 - WSO2 ESB - Consume a OAuth2 Service 如何在资源服务器上验证 WSO2 oauth2 访问令牌 - how to validate WSO2 oauth2 access token on Resource Server 验证WSO2中的OAuth2令牌 - Validating OAuth2 token in WSO2 撤销 WSO2 Oauth2 令牌的 HTTP 请求 - HTTP Request to revoke the WSO2 Oauth2 token WSO2 IS OAuth2资源所有者密码-获取访问令牌 - WSO2 IS OAuth2 Resource owner password - getting access token 具有OAuth2访问令牌的WSO2 JWT Exchange - WSO2 JWT Exchange with OAuth2 Access Token 如何处理oauth2和csrf令牌Laravel - How to handle oauth2 and csrf token laravel WSO2 OAuth2全局范围 - WSO2 OAuth2 global scope 是否可以验证从WSO2中的外部OAuth2服务器创建的JWT令牌? - Is it possible to validate a JWT token created from an external OAuth2 Server in WSO2? 如何在 oauth 令牌(WSO2 IS)中添加用户角色 - How to add role of the user in oauth token (WSO2 IS)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM