自定义 JWT 生成在 WSO2 APIM 3.1.0 中不起作用
[英]Customizing JWT generation not working in WSO2 APIM 3.1.0
问题描述
I tried to implement the steps given in WSO2 3.1.0 documentation ( https://apim.docs.wso2.com/en/3.0.0/learn/api-gateway/passing-end-user-attributes-to-the-backend/passing-enduser-attributes-to-the-backend-using-jwt/ ) for customizing JWT. 
I tried to implement the steps given in WSO2 3.1.0 documentation ( https://apim.docs.wso2.com/en/3.0.0/learn/api-gateway/passing-end-user-attributes-to-the- backend/passing-enduser-attributes-to-the-backend-using-jwt/ )用于自定义 JWT。
As given in the documentation, I created the custom JWT generator java class, generated the jar and placed it under WSO2 Home/repository/components/lib folder. As given in the documentation, I created the custom JWT generator java class, generated the jar and placed it under WSO2 Home/repository/components/lib folder. Did the necessary configurations in deployment.toml for enabling JWT and restarted the server.在 deployment.toml 中进行必要的配置以启用 JWT 并重新启动服务器。
When i hit an API with the bearer token, i am getting the X-JWT-Assertion header in the carbon logs but when i decode it, it doesn't contain the custom claims that i added in the custom JWT generator java class. When i hit an API with the bearer token, i am getting the X-JWT-Assertion header in the carbon logs but when i decode it, it doesn't contain the custom claims that i added in the custom JWT generator java class.
It contains the standard claims as seen in the below image and not the custom claims that were added (current_timestamp, message).它包含如下图所示的标准声明,而不是添加的自定义声明(current_timestamp、message)。
Need suggestions on this as i have followed the steps given in the documentation.需要这方面的建议,因为我已按照文档中给出的步骤进行操作。
4 个解决方案
解决方案1
1 2020-07-03 11:25:40
I have kept the default JWT properties and values that come predefined with the product as is and have added the one you told.我保留了产品预定义的默认 JWT 属性和值,并添加了您告诉的那个。 Placed the CustomGatewayJWTGenerator jar in the dropins folder.将 CustomGatewayJWTGenerator jar 放在 dropins 文件夹中。 The JWT properties look as below now in deployment.toml. JWT 属性现在在 deployment.toml 中如下所示。 Please let me know if the configurations shown below are correct.请让我知道下面显示的配置是否正确。
[apim.jwt] [apim.jwt]
enable = true启用 = 真
encoding = "base64" # base64,base64url encoding = "base64" # base64,base64url
generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
claim_dialect = "http://wso2.org/claims" claim_dialect = "http://wso2.org/claims"
header = "X-JWT-Assertion" header = "X-JWT-断言"
signing_algorithm = "SHA256withRSA"签名算法 = "SHA256withRSA"
enable_user_claims = true enable_user_claims = true
claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever" claim_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever"
[apim.jwt.gateway_generator] [apim.jwt.gateway_generator]
impl = "org.wso2.carbon.test.CustomGatewayJWTGenerator" impl = "org.wso2.carbon.test.CustomGatewayJWTGenerator"
Restarted the server and now when i test the API with JWT access token, the invocation fails and getting null pointer exception.重新启动服务器,现在当我使用 JWT 访问令牌测试 API 时,调用失败并出现 null 指针异常。 Error Details are as shown below:错误详情如下图所示:
ERROR {org.apache.synapse.transport.passthru.ServerWorker} - Error processing GET request for: /pizzashack/1.0.0/menu.错误{org.apache.synapse.transport.passthru.ServerWorker} - 处理 GET 请求时出错:/pizzashack/1.0.0/menu。 java.lang.NullPointerException at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.generateAndRetrieveJWTToken_aroundBody2(JWTValidator.java:353) at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.generateAndRetrieveJWTToken(JWTValidator.java:336) at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.authenticate_aroundBody0(JWTValidator.java:319) at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.authenticate(JWTValidator.java:110) at org.wso2.carbon.apimgt.gateway.handlers.security.Z7C82E855B0415F27BD java.lang.NullPointerException at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.generateAndRetrieveJWTToken_aroundBody2(JWTValidator.java:353) at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator .generateAndRetrieveJWTToken(JWTValidator.java:336) at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.authenticate_aroundBody0(JWTValidator.java:319) at org.wso2.carbon.apimgt.gateway.handlers.security .jwt.JWTValidator.authenticate(JWTValidator.java:110) at org.wso2.carbon.apimgt.gateway.handlers.security.Z7C82E855B0415F27BD 92D2FB4F415350Z.OAuthAuthenticator.authenticate_aroundBody4(OAuthAuthenticator.java:334) at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:109) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate_aroundBody42(APIAuthenticationHandler.java:419) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate(APIAuthenticationHandler.java:413) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest_aroundBody36(APIAuthenticationHandler.java:349) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAu 92D2FB4F415350Z.OAuthAuthenticator.authenticate_aroundBody4(OAuthAuthenticator.java:334) at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:109) at org.wso2.carbon.apimgt.gateway. handlers.security.APIAuthenticationHandler.isAuthenticate_aroundBody42(APIAuthenticationHandler.java:419) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate(APIAuthenticationHandler.java:413) at org.wso2.carbon.apimgt.gateway. handlers.security.APIAuthenticationHandler.handleRequest_aroundBody36(APIAuthenticationHandler.java:349) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAu thenticationHandler.handleRequest(APIAuthenticationHandler.java:320) at org.apache.synapse.rest.API.process(API.java:367) at org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:149) at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95) at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71) at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:327) at org.ZB6EFD606D118D0F62066 thenticationHandler.handleRequest(APIAuthenticationHandler.java:320) at org.apache.synapse.rest.API.process(API.java:367) at org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:149) at org .apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95) at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71) at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage (Axis2SynapseEnvironment.java:327)在 org.ZB6EFD606D118D0F62066 E31419FF04CCZ.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:98) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:368) at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:189) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) a E31419FF04CCZ.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:98) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) at org.apache.synapse.transport.passthru.ServerWorker. processNonEntityEnclosingRESTHandler(ServerWorker.java:368) at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:189) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java :172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) a t java.lang.Thread.run(Thread.java:813) t java.lang.Thread.run(Thread.java:813)
解决方案2
1 已采纳 2020-09-11 02:53:47
After some research I found out it is a OSGi bundle that runs on top of Apache Felix.经过一番研究,我发现它是一个运行在 Apache Felix 之上的 OSGi 包。
Please check following import available in sample code ( CustomGatewayJWTGenerator ):请检查示例代码 ( CustomGatewayJWTGenerator ) 中可用的以下导入:
import org.osgi.service.component.annotations.Component;
See also sample pom.xml.另请参见示例 pom.xml。 It adds some information about OSGi bundle:它添加了一些关于 OSGi 包的信息:
Here is the important part:这是重要的部分:
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>3.2.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Export-Package>
org.wso2.carbon.test.*
</Export-Package>
<Import-Package>
org.wo2.carbon.apimgt.gateway.*,
org.wso2.carbon.apimgt.impl.*
com.nimbusds.jwt.*,
*;resolution:=optional
</Import-Package>
</instructions>
</configuration>
</plugin>
As you can see, it exports components as OSGi.如您所见,它将组件导出为 OSGi。 See bellow my pom.xml:请参阅下面我的 pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.wso2</groupId>
<artifactId>wso2</artifactId>
<version>1.2</version>
</parent>
<groupId>org.example</groupId>
<artifactId>CustomGatewayJWTGenerator</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>bundle</packaging>
<dependencies>
<dependency>
<groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.gateway</artifactId>
<version>${carbon.apimgt.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.orbit.com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>7.3.0.wso2v1</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>3.2.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Export-Package>
la.foton.wso2.apim.custom.*
</Export-Package>
<Import-Package>
org.wo2.carbon.apimgt.gateway.*,
org.wso2.carbon.apimgt.impl.*
com.nimbusds.jwt.*,
*;resolution:=optional
</Import-Package>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
<properties>
<carbon.apimgt.version>6.6.163</carbon.apimgt.version>
</properties>
</project>
I believe you just need to change package information in <Export-Package> , copy JAR file to $APIM_HOME/repository/components/dropins and restart server.我相信您只需要更改<Export-Package>中的 package 信息,将 JAR 文件复制到$APIM_HOME/repository/components/dropins并重新启动服务器。
Please let me know if something goes wrong.如果出现问题,请告诉我。 If it works, please mark answer as correct to help others.如果有效,请将答案标记为正确以帮助他人。 :) :)
解决方案3
0 2020-07-01 10:12:18
I tried to reproduce this scenario locally.我试图在本地重现这种情况。 It was reproducible when we are using JWT access tokens to invoke the API.当我们使用 JWT 访问令牌来调用 API 时,它是可重现的。
But I was able to successfully get the custom claims in the X-JWT-Assertion header when using OAuth tokens.但是当使用 OAuth 令牌时,我能够成功获得 X-JWT-Assertion header 中的自定义声明。 Please see the below image.请看下图。
You need to follow this documentation to do the customisation when using JWT access tokens to invoke the API.使用 JWT 访问令牌调用 API 时,您需要按照此文档进行自定义。
解决方案4
0 2020-07-02 11:29:19
I followed the documentation that you shared for invoking the API with JWT access token.我按照您共享的文档使用 JWT 访问令牌调用 API。 I cloned the GIT repository given in the doc.: https://github.com/wso2/samples-apim/tree/master/CustomGatewayJWTGenerator , imported the CustomGatewayJWTGenerator code into eclipse. I cloned the GIT repository given in the doc.: https://github.com/wso2/samples-apim/tree/master/CustomGatewayJWTGenerator , imported the CustomGatewayJWTGenerator code into eclipse. After the import was successful, i could see a build path error in eclipse: joda-time-2.9.4.wso2v1.jar' in project 'CustomGatewayJWTGenerator' cannot be read or is not a valid ZIP file .导入成功后,我可以在 eclipse 中看到构建路径错误:无法读取项目“CustomGatewayJWTGenerator”中的 joda-time-2.9.4.wso2v1.jar 或不是有效的 ZIP 文件。 Even though the error was seen in eclipse, i was able to build the jar using Maven.即使在 eclipse 中看到错误,我还是能够使用 Maven 构建 jar。 I placed the generated jar in lib folder and after server restart verified that the jar was present in dropins folder as well.我将生成的 jar 放在 lib 文件夹中,并在服务器重新启动后验证 jar 也存在于 dropins 文件夹中。 But somehow, the custom claims that i added in the CustomGatewayJWTGenerator java class are still not coming in the X-JWT-Assertion header.但不知何故,我在 CustomGatewayJWTGenerator java class 中添加的自定义声明仍然没有出现在 X-JWT-Assertion Z099FB995346F31C749F6E40DB0F395E3 中。 Is it something to do with the error that i got in eclipse after importing the CustomGatewayJWTGenerator project or am i going wrong somewhere else?这与我在导入 CustomGatewayJWTGenerator 项目后在 eclipse 中遇到的错误有关,还是我在其他地方出错了?
The CustomGatewayJWTGenerator java class: CustomGatewayJWTGenerator java class:
X-JWT-Assertion header: X-JWT-断言 header:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.