为什么 WSO2 IS 5.6.0 SCIM2 Group API 在尝试插入或更新用户时会抛出错误?
[英]Why does the WSO2 IS 5.6.0 SCIM2 Group API throw error when trying to insert or update users?
问题描述
I'm trying to use the WSO2 Identity Server SCIM2 APIs to create and update users and groups.
我正在尝试使用 WSO2 身份服务器 SCIM2 API 来创建和更新用户和组。 However I am facing problems with the Group Update API (PUT /scim2/Groups/{id}): If I try to insert some user into the body of the message, the API always returns HTTP Error 500 ("Error occurred while accessing Java Security Manager Privilege Block ").但是,我遇到了 Group Update API (PUT /scim2/Groups/{id}) 的问题:如果我尝试在消息正文中插入某个用户,该 API 总是返回 HTTP 错误 500(“访问 Java 时发生错误安全管理器权限块”)。
Here's how to reproduce the failure:以下是重现失败的方法:
1) First we create a user: 1)首先我们创建一个用户:
curl -X POST \
https://auth-server:9444/scim2/Users/ \
-H 'Accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: a43e26c0-fb00-4fa0-9482-74f62078d6b1' \
-H 'cache-control: no-cache' \
-d '{
"emails": [{
"type": "home",
"value": "test.user@test.com.br",
"primary": true
}],
"password": "test.user",
"name": {
"familyName": "Test",
"givenName": "User"
},
"userName": "test.user"
}'
We receive as response HTTP 200 with body:我们收到带有正文的 HTTP 200 作为响应:
{
"emails": [
{
"type": "home",
"value": "test.user@test.com.br",
"primary": true
}
],
"meta": {
"created": "2019-01-09T20:41:27Z",
"location": "https://localhost:9444/scim2/Users/14fc39fc-1b0c-4db2-9e3a-bd5c522770bb",
"lastModified": "2019-01-09T20:41:27Z",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"name": {
"familyName": "Test",
"givenName": "User"
},
"id": "14fc39fc-1b0c-4db2-9e3a-bd5c522770bb",
"userName": "test.user"
}
2) Next we create a group: 2)接下来我们创建一个组:
curl -X POST \
https://auth-server:9444/scim2/Groups/ \
-H 'Accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: 45d2220d-d33d-42ba-8ce5-205646aa2963' \
-H 'cache-control: no-cache' \
-d '{
"displayName": "Application/Test",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}'
We receive as response HTTP 200 with body:我们收到带有正文的 HTTP 200 作为响应:
{
"displayName": "APPLICATION/Test",
"meta": {
"created": "2019-01-09T20:43:22Z",
"location": "https://localhost:9444/scim2/Groups/7feb0a54-18c5-4265-bdd6-7ceecd96bf0d",
"lastModified": "2019-01-09T20:43:22Z",
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "7feb0a54-18c5-4265-bdd6-7ceecd96bf0d"
}
3) When we try to associate the newly created user with the group, we receive an HTTP 500 error. 3) 当我们尝试将新创建的用户与组关联时,我们收到 HTTP 500 错误。 See below:见下文:
curl -X PUT \
https://auth-server:9444/scim2/Groups/7feb0a54-18c5-4265-bdd6-7ceecd96bf0d \
-H 'Accept: */*' \
-H 'Authorization: Basic c2NpbS5kY2xvZ2c6c2NpbS5kY2xvZ2c=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: 6db43a33-af40-452e-83eb-40f8d6e3c5e3' \
-H 'cache-control: no-cache' \
-d '{
"displayName": "APPLICATION/Test",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": "14fc39fc-1b0c-4db2-9e3a-bd5c522770bb",
"display": "test"
}
]
}'
HTTP 500 error: HTTP 500 错误:
{
"schemas": "urn:ietf:params:scim:api:messages:2.0:Error",
"detail": "Error occurred while accessing Java Security Manager Privilege Block",
"status": "500"
}
For authentication, I am using basic authentication, with the user "admin" of Identity Server;对于身份验证,我使用的是基本身份验证,身份服务器的用户为“admin”; but I also tried to create a user with all possible permissions, but the error is always the same.但我也尝试创建一个具有所有可能权限的用户,但错误始终相同。 In the execution console I have tried to refine the log, however only the message below is displayed:在执行控制台中,我尝试优化日志,但只显示以下消息:
[2019-01-09 20:47:00,656] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Domain: APPLICATION is passed with the claim and user store manager is loaded for the given domain name.
[2019-01-09 20:47:00,658] ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error occurred while accessing Java Security Manager Privilege Block
Does this Group API really work for update requests?这个 Group API 真的适用于更新请求吗?
If anyone can help, I appreciate it.如果有人可以提供帮助,我将不胜感激。 Thank you.谢谢你。
1 个解决方案
解决方案1
1 已采纳 2019-01-10 04:20:21
Please change your request of adding a user to a group as follows, this works fine for me.请按如下方式更改您将用户添加到组的请求,这对我来说很好用。
curl -v -k --user admin:admin -X PUT -d '{"displayName":"PRIMARY/manager","members":[{"value":"416aaa06-d9ed-465b-8ac4-1a321624d158","display":"test.user"}]}' --header "Content-Type:application/json" https://localhost:9444/scim2/Groups/5d6ffce8-fab8-45ee-a407-b1cae0e4ecee curl -v -k --user admin:admin -X PUT -d '{"displayName":"PRIMARY/manager","members":[{"value":"416aaa06-d9ed-465b-8ac4-1a321624d158", "display":"test.user"}]}' --header "Content-Type:application/json" https://localhost:9444/scim2/Groups/5d6ffce8-fab8-45ee-a407-b1cae0e4ecee
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.