外部数据源无法使用受保护的WSO2 DSS 3.2.2

Question

以下是在WSO2_DSS_3.2.2中作为dataservice部署的示例dbs文件

<data name="login" serviceNamespace="www.abc.com/services/security" transports="http https">
  <description>security service</description>
  <config id="a_security">
    <property name="carbon_datasource_name">sample-ds</property>
  </config>
  <query id="login" useConfig="a_security">
     ...
  </query>
  <operation name="login">
    <call-query href="login">
       ...
    </call-query>
  </operation>
  <resource method="POST" path="login">
     ...
  </resource>
</data>

并且sample-ds是从管理控制台设置的（它保存在注册表中）。这在新的DSS中运行良好，但是当我使用DSS应用证书时，它会出现以下错误。我尝试了几个新的DSS副本，但在申请证书时也是如此。

ERROR {org.wso2.carbon.ndatasource.core.DataSourceRepository} -  Error in updating data source [remove:false] at path '/repository/components/org.wso2.carbon.ndatasource/mdl-psm-ds': Error in updating data source 'mdl-psm-ds' from registry [remove:false]: Error in secure load of data source meta info: errorDuringDecryption
org.wso2.carbon.ndatasource.common.DataSourceException: Error in updating data source 'mdl-psm-ds' from registry [remove:false]: Error in secure load of data source meta info: errorDuringDecryption
        at org.wso2.carbon.ndatasource.core.DataSourceRepository.updateDataSource(DataSourceRepository.java:186)
        at org.wso2.carbon.ndatasource.core.DataSourceRepository.updateAllUserDataSource(DataSourceRepository.java:135)
        at org.wso2.carbon.ndatasource.core.DataSourceRepository.refreshAllUserDataSources(DataSourceRepository.java:115)
        at org.wso2.carbon.ndatasource.core.DataSourceRepository.initRepository(DataSourceRepository.java:92)
        at org.wso2.carbon.ndatasource.core.DataSourceManager.initTenant(DataSourceManager.java:92)
        at org.wso2.carbon.ndatasource.core.internal.DataSourceServiceComponent.initSuperTenantUserDataSources(DataSourceServiceComponent.java:189)
        at org.wso2.carbon.ndatasource.core.internal.DataSourceServiceComponent.checkInitTenantUserDataSources(DataSourceServiceComponent.java:180)
        at org.wso2.carbon.ndatasource.core.internal.DataSourceServiceComponent.setRegistryService(DataSourceServiceComponent.java:131)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)

Answer 1

原因是与数据源相关的注册表数据已从先前的密钥加密并尝试使用新密钥进行解密。要解决此问题，您可以在服务器启动后重新配置具有相同名称的数据源。然后使用新证书再次加密数据密码。

Answer 2

如果主要错误是Caused by: org.wso2.carbon.core.util.CryptoException: A crypto service implementation has not been registered.，请在org.wso2.carbon.core项目中添加以下组件类：

package org.wso2.carbon.core.internal;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.crypto.api.CryptoService;

/**
 * @scr.component name="carbon.core.dshcomponent" immediate="true"
 * @scr.reference name="carbonCryptoService" interface="org.wso2.carbon.crypto.api.CryptoService"
 * cardinality="0..1" policy="dynamic"  bind="setCarbonCryptoService" unbind="unsetCarbonCryptoService"
  */
public class CarbonCoreDataHolderHelperComponent {

    private static Log log = LogFactory.getLog(CarbonCoreDataHolderHelperComponent.class);

    private CarbonCoreDataHolder dataHolder = CarbonCoreDataHolder.getInstance();

    protected void activate(ComponentContext ctxt) {

    }

    protected void deactivate(ComponentContext ctxt) {

    }

    protected void setCarbonCryptoService(CryptoService cryptoService){
        if (log.isDebugEnabled()) {
            log.debug("crypto service loaded..");
        }
        dataHolder.setCryptoService(cryptoService);
    }

    protected void unsetCarbonCryptoService(CryptoService cryptoService){
        dataHolder.setCryptoService(null);
        if (log.isDebugEnabled()) {
            log.debug("crypto service unloaded..");
        }
    }

}

此组件将在用户数据源初始化之前绑定加密服务。