堆栈内存溢出
  简体   繁体   English

要使用来自WSO2 ESB的令牌访问已发布的WSO2 API管理器API,无法从WSO2 API管理器获取访问令牌

[英]To access Published WSO2 API Manager APIs using tokens from WSO2 ESB, Unable to get the access token from WSO2 API Manager

 原文  2015-10-28 15:05:28       api/ wso2/ esb

问题描述

I have written WSo2 ESB Proxy service where the proxy service calls the http service which is published in WSo2 API Manager. 我已经编写了WSo2 ESB代理服务,其中代理服务调用了在WSo2 API管理器中发布的http服务。 Because the API's are published in WSo2 API Manager to access the API we need to generate the token using a consumer key and a secret key. 由于API是在WSo2 API管理器中发布的以访问API,因此我们需要使用使用者密钥和秘密密钥来生成令牌。 I manually logged in to wso2 api manager, I subscribed to the published API and using my consumer key and secret key I have generated the token and use that token while calling the API from WSo2 ESB. 我手动登录到wso2 api管理器,我订阅了已发布的API,并使用我的使用者密钥和私有密钥生成了令牌,并在从WSo2 ESB调用API时使用了该令牌。 In the http request header I have set those token and from WSo2 ESB able to invoke the API getting response from the API, but this token will expire after 60 minutes so I need to generate the token by calling 在http请求标头中,我设置了那些令牌,并从WSo2 ESB设置了可以调用API的功能,以从API获取响应,但是此令牌将在60分钟后过期,因此我需要通过调用来生成令牌 

https://api-dev.xyz.org/token
POST 
Authorization: Basic Zzc5enNRN0xLM0hOcHU2N0g2a2R1dkx6WGRrYTpJSEF1NWZUdW5FdG9BV0xfa1hCcUdvRGVPWmdh

Payload
grant_type=client_credentials

I will get response as 我会得到回应 

response

{
   scope: "default"
   token_type: "bearer"
   expires_in: 3171
   access_token: "db995950f960b4c67162e2d92a1117a5"
}

curl command to get the token:- curl命令获取令牌:- 

curl -k -d "grant_type=client_credentials" -H "Authorization: Basic Rnl5YmwwNVhacGhBb01mVE5VNE91ZkxfblRVYTpUSmt6QUJFbzZaN3FkNkE1cHE3V3JSd2ZNaHNh, Content-Type: application/x-www-form-urlencoded" https://api-dev.xyz.org:8243/token

In WSo2 ESB Proxy Service i have coded similar to curl command to get the token, 在WSo2 ESB代理服务中,我已编写类似于curl命令的代码来获取令牌, 

<property xmlns:ns="http://org.apache.synapse/xsd"  

           name="Authorization"  

           expression="fn:concat('Basic ',OUU0Zk05eU81R0VCcV9odUxBYW15SzRCaEZFYToxVmVnbHl5OFBhQTkyMFRxbEUySnduWHlTbThh)"  

           scope="transport"/>         

         <payloadFactory media-type="json">

<format>

{

"grant_type":"client_credentials"

}

</format>

</payloadFactory>

<property name="messageType" value="application/x-www-form-urlencoded" scope="axis2"/>

          <send>

            <endpoint>
<http method="get" uri-template="https://api-dev.xyz.org:8243/token"/>

           <property name="grant_type" value="client_credentials"/>

        </endpoint>

     </send>

I'm getting response as 我得到回应 

TargetHandler I/O error: Host name verification failed for host : 172.18.65.251
javax.net.ssl.SSLException: Host name verification failed for host : 172.18.65.251
    at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:162)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:291)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:391)
    at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
    at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
    at java.lang.Thread.run(Thread.java:745)

Any idea how to resolve this issue ? 任何想法如何解决这个问题?

1 个解决方案

解决方案1
 1  2015-10-29 01:03:11

This is a certificate validation issue. 这是证书验证问题。 This happens when the server can't find a corresponding certificate for the host. 当服务器找不到主机的相应证书时,就会发生这种情况。 You can try one of the following methods to fix this: 您可以尝试以下方法之一来解决此问题:

  1. Import the public certificate of the backend (APIM in this case) to the client-truststore of the ESB. 将后端的公共证书(在这种情况下为APIM)导入ESB的客户端信任库。 More info on this here . 在此更多信息在这里 For production use, this is the recommended approach. 对于生产用途,这是推荐的方法。
  2. Or else, set 'HostnameVerifier' value to 'AllowAll' in the https transport sender configuration of '/reposotory/conf/axis2/axis2.xml' 否则,在“ /reposotory/conf/axis2/axis2.xml”的https传输发件人配置中,将“ HostnameVerifier”的值设置为“ AllowAll”

eg: 例如: 

<transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
    ....
    <parameter name="HostnameVerifier">AllowAll</parameter>
    ....
</transportSender>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从WSO2 Api Manager检索用户访问令牌 - Retrieve user access TOKEN from WSO2 Api Manager 无法访问统计信息 - WSO2 API Manager和WSO2 BAM - Cannot access statistics - WSO2 API Manager and WSO2 BAM 如何使用WSO2 API Manager 1.10.0刷新应用程序的访问令牌? - How to refresh the access token of an Application with the WSO2 API Manager 1.10.0? WSO2 API管理器用户管理API - WSO2 API Manager User Management APIs 使用WSO2 API管理器进行身份验证 - Authentication with WSO2 API Manager 如何使用WSO2的API管理器控制客户端可以访问哪些API - How to control what APIs a client can access using WSO2's API Manager WSO2 API管理器:访问文件消耗服务的配置 - WSO2 API Manager: Configuration of the access-files consumed services WSO2 API管理器-是否可以在没有访问令牌/订阅的情况下访问API? - WSO2 API Manager- Can we access API without access token / subscription? 带有.php的API名称,从WSO2 API管理器ISSUE调用 - API name with .php calling from WSO2 API manager ISSUE WSO2 API管理器从2.0迁移到2.5 - WSO2 API manager migration from 2.0 to 2.5
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM