ESB 4.5.0中的错误:未为权利中介提供用户名

时间:2012-11-14 05:31:21

标签: wso2 wso2esb esb

我正在使用AS 5.0.1中的后端服务,它使用带有UT安全策略的ESB 4.5.0向外部公开。此代理服务使用权利中介来验证用户授权以访问此服务,因此我使用IS 4.0.0。 此方案适用于以前的wso2产品版本。

我使用IS 3.2.3在我的笔记本电脑中实现了这个场景,它运行正常。现在当我将配置上传到生产服务器时,我看到了这个错误: 注意:在生产服务器中,我使用了两个租户用于AS和ESB。

错误:

TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,787] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} -  org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791]  WARN {org.apache.synapse.FaultHandler} -  ERROR_CODE : 0 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791]  WARN {org.apache.synapse.FaultHandler} -  ERROR_MESSAGE : User name not provided for the Entitlement mediator - can't proceed {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791]  WARN {org.apache.synapse.FaultHandler} -  ERROR_DETAIL : org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed
        at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:135)
        at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:60)
        at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:114)
        at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:144)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.doSOAP(MultitenantMessageReceiver.java:233)
        at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.processRequest(MultitenantMessageReceiver.java:181)
        at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.receive(MultitenantMessageReceiver.java:77)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
        at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,792]  WARN {org.apache.synapse.FaultHandler} -  ERROR_EXCEPTION : org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,793]  WARN {org.apache.synapse.FaultHandler} -  FaultHandler : org.apache.synapse.mediators.MediatorFaultHandler@563ac83c {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,793]  WARN {org.apache.synapse.mediators.MediatorFaultHandler} -  Executing fault handler mediator : fault {org.apache.synapse.mediators.MediatorFaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,794]  INFO {org.apache.synapse.mediators.builtin.LogMediator} -  To: local://axis2services/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint, WSAction: http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor, SOAPAction: http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor, MessageID: urn:uuid:D4E74AEA911A3C697B1352870083848, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:prof="http://cdae.uci.cu/schemas/Profesor"><soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-20"><wsse:Username>admin</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">*****</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Rs/AfaxxkrPr6FbTKaKUUg==</wsse:Nonce><wsu:Created>2012-11-14T05:14:46.624Z</wsu:Created></wsse:UsernameToken><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-19"><wsu:Created>2012-11-14T05:14:46.623Z</wsu:Created><wsu:Expires>2012-11-14T05:48:06.623Z</wsu:Expires></wsu:Timestamp></wsse:Security><wsa:Action>http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor</wsa:Action><wsa:MessageID>uuid:20a1b0e1-43f6-49ab-b523-8da4b36043ad</wsa:MessageID><wsa:To>https://server:8243/services/t/ptesisesb.cdae.uci.cu/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint</wsa:To></soapenv:Header><soapenv:Body>
      <prof:obtenerDatosProfesor>
         <prof:solapin>****</prof:solapin>
      </prof:obtenerDatosProfesor>
   </soapenv:Body></soapenv:Envelope> {org.apache.synapse.mediators.builtin.LogMediator}

我的肥皂消息:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:prof="http://cdae.uci.cu/schemas/Profesor">   
   <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-20">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Rs/AfaxxkrPr6FbTKaKUUg==</wsse:Nonce>
            <wsu:Created>2012-11-14T05:14:46.624Z</wsu:Created>
         </wsse:UsernameToken>
         <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-19">
            <wsu:Created>2012-11-14T05:14:46.623Z</wsu:Created>
            <wsu:Expires>2012-11-14T05:48:06.623Z</wsu:Expires>
         </wsu:Timestamp>
      </wsse:Security>
      <wsa:Action>http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor</wsa:Action>
      <wsa:MessageID>uuid:20a1b0e1-43f6-49ab-b523-8da4b36043ad</wsa:MessageID>
      <wsa:To>https://server:8243/services/t/ptesisesb.cdae.uci.cu/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint</wsa:To>
   </soapenv:Header>   
   <soapenv:Body>      
      <prof:obtenerDatosProfesor>         
         <prof:solapin>*****</prof:solapin>      
      </prof:obtenerDatosProfesor>   
   </soapenv:Body>
</soapenv:Envelope>

我的代理服务:

<proxy xmlns="http://ws.apache.org/ns/synapse" name="Profesor_Proxy" transports="https" statistics="enable" trace="enable" startOnLoad="true">
   <target inSequence="conf:/secuenciasutiles/log_seguridad_mejorado" outSequence="conf:/gestion_tesis/servicioProfesor/secuencias/centralAssetsOUT" faultSequence="fault"/>
   <publishWSDL key="conf:/gestion_tesis/servicioProfesor/wsdl/Servicio_Profesor1.wsdl"/>
   <parameter name="addressingRequirementParameter">required</parameter>
   <description></description>
</proxy>

以及包含权利中介的序列:

<sequence xmlns="http://ws.apache.org/ns/synapse" onError="conf:/secuenciasutiles/falla_de_conexion">
   <entitlementService remoteServiceUrl="https://server:9448/services/" remoteServiceUserName="admin" remoteServicePassword="*****" onReject="conf:/secuenciasutiles/log_cuando_no_pasa" onAccept="conf:/secuenciasutiles/log_cuando_pasa" advice=""/>
</sequence>

在这个序列中,我也看到onAccept序列不时消失。

可能是什么问题?我使用UT策略,并在传入ESB的消息中看到用户名。

我可以修复此错误,但现在我正面临另一个错误。我在其中一个工作的不同服务器中具有相同的配置,而在另一个服务器中没有。 在这种特殊情况下,我在IS 4.0.0中看到了具有Permit值的请求/响应,因此权利有效。

错误:

TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,359] ERROR {org.apache.synapse.core.axis2.Axis2Sender} -  Unexpected error during sending message out {org.apache.synapse.core.axis2.Axis2Sender}
org.apache.axis2.AxisFault: No user value in the rampart configuration policy
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:117)
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:193)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:175)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
        at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:445)
        at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:57)
        at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:281)
        at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:297)
        at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:59)
        at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:165)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
        at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.rampart.RampartException: No user value in the rampart configuration policy
        at org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:210)
        at org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
        at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:106)
        ... 21 more
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,366]  WARN {org.apache.synapse.FaultHandler} -  ERROR_CODE : 0 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,367]  WARN {org.apache.synapse.FaultHandler} -  ERROR_MESSAGE : Unexpected error during sending message out {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,367]  WARN {org.apache.synapse.FaultHandler} -  ERROR_DETAIL : org.apache.synapse.SynapseException: Unexpected error during sending message out
        at org.apache.synapse.core.axis2.Axis2Sender.handleException(Axis2Sender.java:170)
        at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:69)
        at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:281)
        at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:297)
        at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:59)
        at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:165)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
        at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.axis2.AxisFault: No user value in the rampart configuration policy
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:117)
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:193)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:175)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
        at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:445)
        at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:57)
        ... 12 more
Caused by: org.apache.rampart.RampartException: No user value in the rampart configuration policy
        at org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:210)
        at org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
        at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:106)
        ... 21 more
 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,368]  WARN {org.apache.synapse.FaultHandler} -  ERROR_EXCEPTION : org.apache.synapse.SynapseException: Unexpected error during sending message out {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,368]  WARN {org.apache.synapse.FaultHandler} -  FaultHandler : Endpoint [conf/HelloServiceAS] {org.apache.synapse.FaultHandler}

1 个答案:

答案 0 :(得分:0)

豪尔赫,

当权利中介无法提取尝试访问目标资源的用户的用户名时,通常会出现此错误。检索特定用户的用户名是由适当的权利回调处理程序实现(通过处理标题等)完成的。 但是,请尝试将权利回调处理程序参数显式设置为“org.wso2.carbon.identity.entitlement.mediator.callback.UTEntitlementCallbackHandler”,这对应于在将UT应用于特定服务时检索用户的用户名。 (AFAIR,参数权利回调处理程序的值,用于将默认值设置为上面提到的值)。无论如何,尝试在授权服务中介配置中设置它,如下所示。

<entitlementService remoteServiceUrl="https://localhost:9443/services/" remoteServiceUserName="admin" remoteServicePassword="admin" callbackClass="org.wso2.carbon.identity.entitlement.callback.UTEntitlementCallbackHandler"/>

干杯, Prabath