WSO2 APIM的自定义身份验证
[英]Custom authentication for WSO2 APIM
问题描述
Suppose I want to replace the "default" WSO2 authentication mechanism from OAuth2 bearer to something else. 
假设我想将OAuth2承载的“默认” WSO2身份验证机制替换为其他内容。 Two use cases that we have in mind: 我们想到了两个用例:
- Anonymous access (ie no authorization at all). 匿名访问(即完全没有授权)。
- User/password authentication (instead of the bearer!) 用户/密码验证(而不是承载!)
My guess that this could be implemented by writing a custom authentication handler, which will take over prior to the "usual" authentication handler, and will be responsible for doing the customize authentication and also for creating an authorization header with the correct bearer token, to hand down to the standard authentication handler. 我的猜测是可以通过编写自定义身份验证处理程序来实现,该处理程序将在“常规”身份验证处理程序之前接管,并将负责执行自定义身份验证以及创建具有正确承载令牌的授权标头,以便交给标准身份验证处理程序。
Is this the right way to implement this? 这是实现此目标的正确方法吗? Is there another way that does not require developing a custom handler? 还有另一种方法不需要开发自定义处理程序吗?
I saw the following discussion WSO2 API Manager, is it possible to disable the access-token mechanism , but I'm not sure if it is relevant for the use case I was describing. 我看到了以下讨论WSO2 API Manager,是否可以禁用访问令牌机制 ,但是我不确定它是否与我描述的用例相关。
1 个解决方案
解决方案1
0 2016-01-26 03:49:20
Yes. 是。 you have to implement a custom authentication handler to use basic authentication with api manager. 您必须实现自定义身份验证处理程序,才能将基本身份验证与api管理器一起使用。
But you can provide anonymous access without implementing any handlers. 但是您可以提供匿名访问而无需实现任何处理程序。 For that you can set authentication type to None when you create the api. 为此,您可以在创建api时将身份验证类型设置为“无”。 You can set it by going to the 'Manage' tab in an api and set the type from 'Application & Application User' to 'None' for all the resources 您可以通过进入api中的“管理”标签并将所有资源的类型从“应用程序和应用程序用户”设置为“无”来进行设置
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.