简体繁体 English

WSO2 JWTGenerator和APIMgtGatewayJWTGeneratorImpl

[英]WSO2 JWTGenerator and APIMgtGatewayJWTGeneratorImpl

原文 2022-09-29 12:45:09 9 2 wso2/ wso2-api-manager

Сan someone explain to me the difference between JWTGenerator and APIMgtGatewayJWTGeneratorImpl classes?有人向我解释 JWTGenerator 和 APIMgtGatewayJWTGeneratorImpl 类之间的区别吗？

I updated wso2 from version 2.6.0 to 4.1.0 and there was only this JWTGenerator generator class, but now it does not work.我将 wso2 从 2.6.0 版本更新到 4.1.0，只有这个 JWTGenerator 生成器 class，但现在它不起作用。

Ref: https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/api-gateway/passing-enduser-attributes-to-the-backend-via-api-gateway/#sample-jwt参考： https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/api-gateway/passing-enduser-attributes-to-the-backend-via-api-网关/#sample-jwt

2 个解决方案

In early versions of WSO2 API Manager, it has opaque token support.在 WSO2 API Manager 的早期版本中，它具有不透明令牌支持。 So if you are migrating to latest APIM version and still want to use opaque tokens instead of the JWT tokens, you have to use the class JWTGenerator.因此，如果您正在迁移到最新的 APIM 版本并且仍然想使用不透明令牌而不是 JWT 令牌，则必须使用 class JWTGenerator。 If you look at the package of this class, it is org.wso2.carbon.apimgt.keymgt.token.如果你看这个class的package，就是org.wso2.carbon.apimgt.keymgt.token。 So token generation happens at the key manager(KM) side.因此令牌生成发生在密钥管理器 (KM) 端。 When an opaque token is used in an API call, the gateway calls the key manager to validates the opaque token and also it generates a backend JWT. Then the gateway receives the backend JWT for a valid access token from the KM and GW sends the Backend JWT to the backend service.当在 API 调用中使用不透明令牌时，网关调用密钥管理器来验证不透明令牌，并且它还会生成后端 JWT。然后网关从 KM 接收后端 JWT 以获取有效访问令牌，GW 发送后端JWT 到后端服务。 Refer - https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/api-gateway/passing-enduser-attributes-to-the-backend-via-api-gateway/#customizing-the-jwt-generation-completely参考 - https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/api-gateway/passing-enduser-attributes-to-the-backend-via-api-网关/#customizing-the-jwt-generation-completely

If you are using JWT access tokens to access APIs, then you should use APIMgtGatewayJWTGeneratorImpl.如果您使用 JWT 访问令牌来访问 API，那么您应该使用 APIMgtGatewayJWTGeneratorImpl。 When an access token comes to the gateway, it validates the token itself and generates a backend JWT. So this class is used.当访问令牌到达网关时，它会验证令牌本身并生成后端 JWT。因此使用这个 class。 Refer - https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/api-gateway/passing-enduser-attributes-to-the-backend-via-api-gateway/#jwt-self-contained-access-tokens参考 - https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/api-gateway/passing-enduser-attributes-to-the-backend-via-api-网关/#jwt-self-contained-access-tokens

We have done a major architectural redesign (Please refer this ) to the gateway and keymanager components in the latest versions of the product.我们对最新版本产品中的网关和密钥管理器组件进行了重大的架构重新设计（请参阅此）。 One of the key changes is to make the gateway run independently without connecting to the keymanager node.关键变化之一是让网关独立运行，无需连接到 keymanager 节点。 For that, one change introduced is JWT tokens (instead of opaque tokens which were used in older versions).为此，引入的一项更改是 JWT 令牌（而不是旧版本中使用的不透明令牌）。 With the introduction of this, all the token validation happens within the gateway node without needing to connect to the keymanager node.通过引入这一点，所有令牌验证都在网关节点内进行，无需连接到密钥管理器节点。

Previously (versions before 3.2.0) the backend JWT was generated in the keymanager node.之前（3.2.0 之前的版本）后端 JWT 是在 keymanager 节点中生成的。 For that JWTGenerator is used.为此，使用了JWTGenerator 。 Now since everything happens in the gateway node, this backend jwt is also generated from the gateway node.现在由于一切都发生在网关节点中，所以这个后端 jwt 也是从网关节点生成的。 For that, we use this APIMgtGatewayJWTGeneratorImpl class (which is extended from the parent class AbstractAPIMgtGatewayJWTGenerator )为此，我们使用此APIMgtGatewayJWTGeneratorImpl class（从父级 class AbstractAPIMgtGatewayJWTGenerator扩展而来）

Hope you understood why your custom JWTGenerator from API Manager 2.6.0 is not working in the latest version.希望您理解为什么来自 API Manager 2.6.0 的自定义 JWTGenerator 在最新版本中不起作用。 You will have to create a new custom JWT generator as mentioned in this doc您将必须创建一个新的自定义 JWT 生成器，如本文档中所述