我目前正在Amazon EC2上部署WSO2 API管理器解决方案。
每次重启我的实例后,我都面临以下问题:我的所有访问令牌都变为非活动状态。
<ams:code>900904</ams:code><ams:message>Access Token Inactive</ams:message>
我已经在identity.xml配置文件(/repository/conf/identity.xml)中将“ApplicationAccessTokenDefaultValidityPeriod”值更改为0,但它并未阻止我的令牌处于非活动状态。
有没有办法在每次重启实例后保持所有生成的令牌都处于活动状态?
PS:当我在不重新启动ec2实例的情况下重新启动wso2应用程序时,不会发生此错误。
错误日志:
错误 - APIAuthenticationHandler API身份验证失败 org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException:API的访问失败:/ test,版本:1.0.3,密钥为:bLhh7pDxZ8NYwXz5k09nGO_Udcga
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:135) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:88) at org.apache.synapse.rest.API.process(API.java:252) at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:76) at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:63) at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:191) at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:144) at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:139) at org.apache.synapse.transport.nhttp.util.RESTUtil.processGetAndDeleteRequest(RESTUtil.java:146) at org.apache.synapse.transport.nhttp.DefaultHttpGetProcessor.processGetAndDelete(DefaultHttpGetProcessor.java:464) at org.wso2.carbon.transport.nhttp.api.NHttpGetProcessor.process(NHttpGetProcessor.java:296) at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:272) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:724)
答案 0 :(得分:1)
AccessTokenDefaultValidityPeriod 定义服务器保持AccessToken活动的时间。默认情况下,这是1小时(3600秒),这意味着您需要在1小时后尝试生成新的访问令牌。因此,将此值设置为0秒是错误的,并且为了使令牌不会过期,您需要将此值设置为-1,
<!-- Default validity period for Access Token in seconds -->
<AccessTokenDefaultValidityPeriod>-1</AccessTokenDefaultValidityPeriod>
您可以参考here中的WSO2 API Manager文档。