WSO2 API管理器-添加自定义端点安全方案?
[英]WSO2 API Manager - Add Custom Endpoint Security Scheme?
问题描述
We are currently evaluating the WSO2 API Manager (v1.6.0) to Front our internal APIs so they can be securely exposed to thirdparty developers and partners. 
我们目前正在评估WSO2 API管理器(v1.6.0),以使其内部API处于前端,以便它们可以安全地暴露给第三方开发人员和合作伙伴。 Our internal APIs have implemented an HMAC-SHA1 based custom authorization scheme similar to AWS, where clients construct a HMAC-SHA1 hash string using the request url, the current timestamp and a secret key assigned to that client. 我们的内部API实现了类似于AWS的基于HMAC-SHA1的自定义授权方案,其中客户端使用请求url,当前时间戳和分配给该客户端的秘密密钥构造HMAC-SHA1哈希字符串。
I would like to configure/customize the API Manager to employ this custom scheme when routing requests to our service endpoint. 我想配置/自定义API管理器,以便在将请求路由到我们的服务端点时采用此自定义方案。 This way the API Manager operates as just another client to our internal API. 这样,API管理器就可以作为我们内部API的另一个客户端运行。 What is the best way to achieve this? 实现此目标的最佳方法是什么? Currently the API Manager only supports Basic Auth (When I select "Secured" in the "Endpoint Security Scheme" drop-down when setting up my API). 当前,API管理器仅支持基本身份验证(在设置API时,在“端点安全性方案”下拉列表中选择“安全”)。 How do I update the API Manager so it: 我该如何更新API管理器:
Supports my custom scheme - constructs the Authorization Header using our custom scheme when calling our service endpoint
支持我的自定义方案-在调用我们的服务端点时使用我们的自定义方案构造授权标头 Maintains the secret key used for generating the about header within it's configuration/data store
维护用于在其配置/数据存储中生成about头的密钥
1 个解决方案
解决方案1
0 2016-08-01 10:09:43
Although this is a very very old question, I'm answering so it can be useful to someone, someday. 尽管这是一个非常老的问题,但我正在回答,因此有朝一日对某人有用。
You can do this by either writing a custom handler or custom sequence . 您可以通过编写自定义处理程序或自定义序列来完成此操作。 What you have to do is, 你要做的是
1) Send the token in a custom header. 1)在自定义标头中发送令牌。
2) Copy that token to Authorization header by a custom handler/sequence. 2)通过自定义处理程序/序列将该令牌复制到授权标头。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.