WSO2 API Manager oAuth2 secret_token验证服务问题

时间:2014-02-05 10:28:46

标签: wso2

我们安装了WSO2 Api Manager而没有独立的Identity Server(嵌入了身份 )。当我尝试使用curl命令检查oAuth2用户access_token和OAuth2TokenValidationService时:

curl --user apivalidatekey:apivalidatekey --header "Content-Type: text/xml" -k -d @soap.xml https://localhost:8243/services/OAuth2TokenValidationService/

其中soap.xml是:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:xsd="http://org.apache.axis2/xsd"
 xmlns:xsd1="http://dto.oauth2.identity.carbon.wso2.org/xsd">
 <soapenv:Header/>
  <soapenv:Body>
  <xsd:validate>
     <!--Optional:-->
     <xsd:validationReqDTO>
        <!--Optional:-->
        <xsd1:accessToken>691e72a68e2f0e0c07a4236c14c485</xsd1:accessToken>
        <!--Optional:-->
        <xsd1:tokenType>bearer</xsd1:tokenType>
     </xsd:validationReqDTO>
  </xsd:validate>
</soapenv:Body>
</soapenv:Envelope>

我在wso2carbon.log中的API Manager主机上出错:

TID: [0] [AM] [2014-02-05 14:19:03,945] ERROR {java.lang.Class} -  System failure.null {java.lang.Class}
java.lang.NullPointerException
at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.doAuthorization(AuthorizationHandler.java:105)
at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.invoke(AuthorizationHandler.java:88)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:404)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:184)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)

问题是什么,嵌入式IS是否支持这样的Web服务,因为我可以为它获取一个wsdl:

wget --no-check-certificate https://localhost:9443/services/OAuth2TokenValidationService?wsdl

1 个答案:

答案 0 :(得分:2)

“OAuth2TokenValidationService”是受保护的管理服务。因此,要调用此服务,必须在基本身份验证标头中发送特权用户凭据。但似乎你发送的api密钥和秘密是无效的。您能否尝试在基本身份验证标头中发送默认管理员用户凭据(即“admin”“admin”)并查看。

  

curl --user admin:admin --header“Content-Type:text / xml”--header“SOAPAction:validate”-k -d @ soap.xml https://localhost:9443/services/OAuth2TokenValidationService/

相关问题
最新问题