WSO2ESB-基于注册用户或组来保护API
[英]WSO2ESB - Securing an API based on registered users or groups
问题描述
I have implemented a Rest API accessible through WSO2 ESB, and I am trying to secure it using Basic Authentication. 
我已经实现了可以通过WSO2 ESB访问的Rest API,并且我正在尝试使用基本身份验证来保护它。
I have already found how to secure the API, using this documentation : https://docs.wso2.com/display/ESB481/Securing+APIs#SecuringAPIs-BasicAuthUsingaBasicAuthhandler 我已经使用以下文档找到了如何保护API的方法: https : //docs.wso2.com/display/ESB481/Securing+APIs#SecuringAPIs-BasicAuthUsingaBasicAuthhandler
But here the authentication is based on user information coming from a hard-coded value. 但是,此处的身份验证是基于来自硬编码值的用户信息。 I know that I can potentially get the user information from a properties file or something similar. 我知道我可以从属性文件或类似文件中获取用户信息。
The question is : is it possible to authenticate the user through a policy or an internal ESB service, to match against the registered users / groups ? 问题是:是否可以通过策略或内部ESB服务对用户进行身份验证,以与注册的用户/组匹配?
Just like a Proxy Service can be secured through a policy : 就像可以通过策略保护代理服务一样:
<proxy name="XXX">
...
<enableSec/>
<policy key="conf:/policies/policy-xxx.xml"/>
</proxy>
Thanks 谢谢
1 个解决方案
解决方案1
1 2016-03-18 08:45:00
I finally found a solution, based on the WSO2 UserStoreManager, that gives access to both authentication facility and role listing for a user. 我终于找到了一个基于WSO2 UserStoreManager的解决方案,该解决方案可以访问用户的身份验证功能和角色列表。
Here is the solution : https://github.com/mohanvive/wso2-tools 这是解决方案: https : //github.com/mohanvive/wso2-tools
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.