stackoom
  简体   繁体   中英

WSO2 ESB Mediation Retrieve user attributes (claims) in inSequence

 原文  2017-02-09 09:53:10       json/ wso2/ wso2esb/ wso2-am

Question

I have published API in API Publisher. That API have POST method confirm , which retrieves JSON data with such parameters: userUUID, appName, version. In API Publisher this API takes only two parameters: appName and version.

I don't want to send userUUID from client, but I want to retrieve userUUID from accessToken (it is in user claims) in inSequence and add it to sended JSON as new parameter and then send it all to backend.

Is it possible? Maybe I can retrieve at least user email from accessToken?

2 answers

solution1
 1  2017-02-09 15:33:12

I see two ways to pass user information to the backend.

  • One is the JWT token. In the api-manager.xml you can enable the JWT token generation with the claim retriever. The JWT token will be sent to the backend service as an HTTP header

  • in the sequence you can call one of the admin services ( see https://docs.wso2.com/display/AM210/WSO2+Admin+Services ) for to get assigned user and application

see https://localhost:9443/services/OAuth2TokenValidationService?wsdl and the validate or buildIntrospectionResponse operation

I hope it helped

solution2
 0 ACCPTED  2017-02-27 11:18:42

I found workaround with getting user info from https://localhost:9443/oauth2/userinfo?schema=openid

First of all, change value RemoveOAuthHeadersFromOutMessage in OAuthConfigurations in file [WSO2_AM]/repository/conf/api-manager.xml

Secondly, user claims, that are getting from https://localhost:9443/oauth2/userinfo?schema=openid should be configured in WSO2 API Manager Carbon Server in Service Providers.

Algorithm:

  1. Copy request body to property body_of_zero_call
  2. Copy request target REST API method to property urlPostfixZero
  3. Set value ?schema=openid as request target REST API method
  4. Call https://localhost:9443/oauth2/userinfo?schema=openid to get user info
  5. Check reponse code: if 200, then going through, else return code 500 with message { "status": "Can't get user info"}
  6. Copy interesting info (in my case user_uuid ) from response body to property user_uuid_first_call
  7. Copy source request body from property body_of_zero_call to body
  8. Copy source request target REST API method from property urlPostfixZero to request target REST API method
  9. Add element userUUID to request body
  10. Fill element userUUID in body with value from property user_uuid_first_call
  11. Call target URL with changed body and target REST API method
  12. Respond

Mediator: 

<?xml version="1.0" encoding="UTF-8"?>
<sequence xmlns="http://ws.apache.org/ns/synapse" name="token_to_user_uuid" trace="disable">
   <!-- 1 -->
   <enrich>
      <source clone="true" type="body" />
      <target action="child" property="body_of_zero_call" type="property" />
   </enrich>
   <!-- 2 -->
   <property expression="$axis2:REST_URL_POSTFIX" name="urlPostfixZero" scope="default" type="STRING" />
   <!-- 3 -->
   <property name="REST_URL_POSTFIX" scope="axis2" type="STRING" value="?schema=openid" />
   <!-- 4 -->
   <call blocking="true">
      <endpoint>
         <http method="get" trace="disable" uri-template="https://localhost:9443/oauth2/userinfo" />
      </endpoint>
   </call>
   <!-- 5 -->
   <filter regex="200" source="get-property('axis2', 'HTTP_SC')">
      <then>
         <!-- 6 -->
         <property expression="$body//jsonObject//user_uuid" name="user_uuid_first_call" scope="default" type="STRING" />
         <!-- 7 -->
         <enrich>
            <source clone="true" property="body_of_zero_call" type="property" />
            <target type="body" />
         </enrich>
         <!-- 8 -->
         <property expression="get-property('urlPostfixZero')" name="REST_URL_POSTFIX" scope="axis2" type="STRING" />
         <!-- 9 -->
         <enrich>
            <source clone="true" type="inline">
               <userUUID xmlns="" />
            </source>
            <target action="child" xpath="$body//jsonObject" />
         </enrich>
         <!-- 10 -->
         <enrich>
            <source clone="true" property="user_uuid_first_call" type="property" />
            <target xpath="$body//jsonObject//userUUID" />
         </enrich>
         <!-- 11 -->
         <call blocking="true">
            <endpoint>
               <http method="post" trace="disable" uri-template="https://localhost:9444/customAuth/services/regulations" />
            </endpoint>
         </call>
         <!-- 12 -->
         <respond />
      </then>
      <else>
         <property name="HTTP_SC" scope="axis2" type="STRING" value="500" />
         <payloadFactory media-type="json">
            <format>{ "status": "Can't get user info"}</format>
            <args />
         </payloadFactory>
         <respond />
      </else>
   </filter>
</sequence>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WSO2 ESB / WSO2 EI JSON Request to backend service Parse JSON response in WSO2 ESB 4.6.0 WSO2 ESB and JSON in RESTfull Web Services Return JSON to Proxy with WSO2 ESB How to convert the JSON in WSO2 ESB Validation of request coming to WSO2 ESB WSo2 ESB 4.0.3 and JSON in REST service Mapping of a JSON object into another WSO2 ESB JSONPath with filtering is not working properly in WSO2 ESB 5 How to validate JSON in WSO2 ESB mediator?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM