如何在 wso2 apim 日志中显示调用特定 api 的用户的个人资料信息?
[英]How to display profile info of the user that called certain api in wso2 apim log?
问题描述
I am trying to configure gateway access log of wso2 apim (4.0.0) so that it should contain profile info (for ex: organization, email) of the user that called certain api along with the owner of that api in a log file.
我正在尝试配置 wso2 apim (4.0.0) 的网关访问日志,以便它应该在日志文件中包含调用特定 api 的用户的配置文件信息(例如:组织、电子邮件)以及该 api 的所有者。 I followed the answer to this similar question我跟着这个类似问题的答案
The structure that I would like to have is:我想要的结构是:
username |用户名 | user_organization | user_organization | invoked_api_name |被调用的api_name | api_owner | api_owner | api_url | api_url | request |请求 | response回复
Any help is welcome!欢迎任何帮助!
1 个解决方案
解决方案1
0 已采纳 2021-07-14 18:08:00
By using the following properties, we can extract the API Publisher , Username , and Tenant Domain from the Message Context in the custom Handler.通过使用以下属性,我们可以从自定义处理程序的消息上下文中提取API Publisher 、 Username和Tenant Domain 。
api.ut.apiPublisher: API Publisher
api.ut.userId: Username
Perform the following enhancements to the handleRequestOutFlow(..) method in the Custom Handler to extract the mentioned data对自定义处理程序中的handleRequestOutFlow(..)方法执行以下增强以提取提到的数据
public boolean handleRequestOutFlow(..) {
...
String username = (String) messageContext.getProperty("api.ut.userId");
String apiCreator = (String) messageContext.getProperty("api.ut.apiPublisher");
String apiContext = (String) messageContext.getProperty("api.ut.context");
String tenantDomain = MultitenantUtils.getTenantDomainFromRequestURL(apiContext);
if (tenantDomain == null) {
tenantDomain = org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
}
...
}
Update更新
If you want to log the organization of a User via the custom Handler, then I can think of two options to achieve the requirement.如果你想通过自定义 Handler 来记录一个 User 的organization ,那么我可以想到两个选项来实现这个要求。
Option 01: Configure OpenID Scope
选项 01:配置 OpenID 范围This option is applicable if you are having only a handful of applications that are needed for this function.
如果您只有少数应用程序需要此功能,则此选项适用。Configure an additional OpenID scope mapping to the
organizationclaim via the Carbon Management console.通过 Carbon Management 控制台配置一个额外的 OpenID 范围映射到organization声明。 And make theorganizationclaim a mandatory claim at each Service Provider to generate the JWT Access Token including theorganizationclaim.并使organization声明在每个服务提供商处强制声明以生成包含organization声明的 JWT 访问令牌。When you are trying to generate the Token, you have to pass the OpenID scope that we have created for the
organization, so that the Service Provider will evaluate and include the claim in the Token.当您尝试生成令牌时,您必须传递我们为organization创建的 OpenID 范围,以便服务提供商评估并将声明包含在令牌中。Once the token arrives at the Gateway via the Headers, capture the token and extract the claim from it.
一旦令牌通过标头到达网关,捕获令牌并从中提取声明。 Or else, configure the Gateway node to generate the X-JWT-Assertion token and capture that token and extract the claim.或者,配置网关节点以生成 X-JWT-Assertion 令牌并捕获该令牌并提取声明。Option 02: Customize the Handler to retrieve claims
选项 02:自定义处理程序以检索声明We can enhance the Handler implementation to extract the Username from the JWT Access Token and then invoke a set of Key Manager endpoints with the required properties to retrieve the User claims.
我们可以增强 Handler 实现以从 JWT 访问令牌中提取用户名,然后调用一组具有所需属性的密钥管理器端点来检索用户声明。 You can check the Key Manager connector implementation to find the relative endpoints to retrieve the User claims.您可以检查密钥管理器连接器实现以查找相关端点以检索用户声明。
Hope this briefing helps you to choose a path.希望这份简报能帮助您选择一条道路。 In addition, I have added few enhancements to the custom handler implementation focusing on the 2nd option.此外,我对自定义处理程序实现添加了一些增强功能,重点放在第二个选项上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.