对于wso2 IS 4.6中的有效令牌,OAuth验证失败

时间:2013-12-27 07:20:13

标签: oauth wso2 wso2esb wso2is

我试图通过使用wso2身份服务器4.6创建自定义处理程序来保护rest API,即使对于有效令牌也显示无效令牌。 (stub.validate(dto).getValid() always false)但它在IS 4.5中效果很好。原因是什么? 请帮忙..

登录IS 4.6 

[2013-12-31 09:38:21,625] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} -  Access Token Request Received with the Client Id : jjTDKDAThDSg_IroxfpC4qjPCR8a, Grant Type : password
[2013-12-31 09:38:21,625] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} -  Client credentials were available in the cache for client id : jjTDKDAThDSg_IroxfpC4qjPCR8a
[2013-12-31 09:38:21,626] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} -  Successfully authenticated the client with client id : jjTDKDAThDSg_IroxfpC4qjPCR8a
[2013-12-31 09:38:21,646] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler} -  Token request with Password Grant Type received. Username : admin@carbon.superScope : , Authentication State : true
[2013-12-31 09:38:21,647] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler} -  Access Token info retrieved from the cache and served to client with client id : jjTDKDAThDSg_IroxfpC4qjPCR8a
[2013-12-31 09:38:21,647] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} -  Access Token issued to client. client-id=jjTDKDAThDSg_IroxfpC4qjPCR8a user-name=admin@carbon.super to application=sample
[2013-12-31 09:38:21,721]  INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  'admin@carbon.super [-1234]' logged in at [2013-12-31
 09:38:21,721+0530]
[2013-12-31 09:38:21,723] DEBUG {org.wso2.carbon.identity.oauth2.validators.TokenValidationHandler} -  Access token identifier is not present in the validation request
[2013-12-31 09:38:21,740]  INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  'admin@carbon.super [-1234]' logged in at [2013-12-31
 09:38:21,740+0530]
DEBUG {org.wso2.carbon.identity.oauth2.validators.TokenValidationHandler} -  Access token identifier is not present in the validation request

登录IS 4.5 

[2013-12-31 09:48:47,432] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service}
-  Access Token Request Received with the Client Id : jjTDKDAThDSg_IroxfpC4qjPCR8a, Grant Type : password
[2013-12-31 09:48:47,442] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} -  Client credentials were available in the cache for client id : jjTDKDAThDSg_IroxfpC4qjPCR8a
[2013-12-31 09:48:47,442] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} -  Successfully authenticated the client with client id : jjTDKDAThDSg_IroxfpC4qjPCR8a
[2013-12-31 09:48:47,462] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler} -  Token request with Password Grant Type received.
Username : admin@carbon.superScope : , Authentication State : true
[2013-12-31 09:48:47,462] DEBUG {org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler} -  Access Token info retrieved from the cache and served to client with client id : jjTDKDAThDSg_IroxfpC4qjPCR8a
[2013-12-31 09:48:47,462] DEBUG {org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer} -  Access Token issued to client. client-id=jjTDKDAThDSg_IroxfpC4qjPCR8a user-name=admin@carbon.super to application=sample
[2013-12-31 09:48:47,582]  INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  'admin@carbon.super [-1234]' logged in at [2013-12-31 09:48:47,582+0530]
[2013-12-31 09:48:47,582] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService} -  Token validation request received for : Client Id : nullTokenType : bearer
[2013-12-31 09:48:47,582] DEBUG {org.wso2.carbon.identity.oauth2.validators.BearerTokenValidator} -  Started processing token validation request of type : bearer
[2013-12-31 09:48:47,612]  INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  'admin@carbon.super [-1234]' logged in at [2013-12-31 09:48:47,612+0530]
[2013-12-31 09:48:47,612] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService} -  Token validation request received for : Client Id : nullTokenType : bearer
[2013-12-31 09:48:47,612] DEBUG {org.wso2.carbon.identity.oauth2.validators.BearerTokenValidator} -  Started processing token validation request of type : bearer

2 个答案:

答案 0 :(得分:4)

我在Wso2 ESB 4.8.0中通过Oauth2验证Web服务访问Wso2 Identity Server 4.6.0时遇到了与OAuth Mediator相同的问题。使用Identity Server 4.5.0,它可以正常工作。中介代码调用客户端存根,将accessToken作为普通字符串传递。

验证服务返回的错误消息是Access token identifier is not present in the validation request

要回答您的问题,您应该使用版本4.2.2中的包org.wso2.carbon.identity.oauth.stub。它定义了一个类org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken,它应该用作OAuth2TokenValidationRequestDTO.setAccessToken方法的参数。 dto对象可以用作OAuth2TokenValidationServiceStub.validate方法的参数。

答案 1 :(得分:2)

如您所知,通过在Identity Server中调用OAuth2TokenValidationService Web服务来验证OAuth访问令牌。您可以使用SOAPUI尝试此服务,并查看...可以在(https://{ip}:{port}/services/OAuth2TokenValidationService?wsdl)找到WSDL。通常,当发送到此服务的Web服务请求中不存在访问令牌时,会生成此错误。

在请求邮件正文中,必须如下... 

        <xsd1:accessToken>
           <xsd1:identifier>35d1538940ce9a1e86c0a287c521d14</xsd1:identifier>
           <xsd1:tokenType>bearer</xsd1:tokenType>
        </xsd1:accessToken>

在您的代码中,可能没有使用标识符值正确设置“dto”对象。

另请参阅here

中的示例OAuth令牌验证客户端代码
相关问题
最新问题