Question

我正在使用WSO2 ESB_4.8.1我为默认的后端服务创建了一个代理＆＃34; echo＆＃34;它的工作原理。但是当我使用用户名令牌身份验证（默认方案1）激活代理的安全性时，它不再起作用。当我尝试使用＆＃34;试一试＆＃34;工具生成以下错误：

Unexpected error during sending message out  
TID[-1234] [ESB] [2014-05-28 17:02:40,425] ERROR {org.apache.synapse.core.axis2.Axis2Sender} - Unexpected error during sending message out 
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76) 
org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) 
org.apache.axis2.engine.Phase.invoke(Phase.java:313) 
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) 
org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:426) 
org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:185) 
org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:167) 
org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) 
org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:482) 
org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:59) 
org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:338) 
org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:333) 
org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:59) 
org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:177) 
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) 
org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:411) 
org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:183) 
org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) java.lang.Thread.run(Thread.java:722)

Answer 1

该错误类似于wso2 getting org.apache.rampart.RampartException: Unsupported SignedSupportingToken

中给出的错误

所以请尝试那里给出的解决方案。

Answer 2

这里是我们使用安全策略的一段代码。您必须在＆＃34;＆＃34;之后包含此代码。标签

</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
    <rampart:user>XXXXXXXXXXXXXXXX</rampart:user>
    <rampart:encryptionUser>XXXXXXXXXXXXXXXX</rampart:encryptionUser>
    <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
    <rampart:timestampTTL>300</rampart:timestampTTL>
    <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
    <rampart:timestampStrict>false</rampart:timestampStrict>
    <rampart:passwordCallbackClass>XX.XXXX.XX.XXXX.XXXXX.PWCBHandler</rampart:passwordCallbackClass>
     <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
        <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
        <rampart:encryptionCrypto>
            <rampart:crypto
                cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
                <rampart:property name="org.wso2.carbon.security.crypto.alias">XXXXXXXXXXXXXXXX</rampart:property>
                <rampart:property name="org.wso2.carbon.security.crypto.privatestore">XXXXXXXX.jks</rampart:property>
                <rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
                <rampart:property name="org.wso2.carbon.security.crypto.truststores">XXXXXXXX.jks</rampart:property>
                <rampart:property name="rampart.config.user">XXXXXXXXXXXXXX</rampart:property>
            </rampart:crypto>
        </rampart:encryptionCrypto>
        <rampart:signatureCrypto>
            <rampart:crypto
                cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
                <rampart:property name="org.wso2.carbon.security.crypto.alias">XXXXXXXXXXXXXXXX</rampart:property>
                <rampart:property name="org.wso2.carbon.security.crypto.privatestore">XXXXXXXX.jks</rampart:property>
                <rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
                <rampart:property name="org.wso2.carbon.security.crypto.truststores">XXXXXXXX.jks</rampart:property>
                <rampart:property name="rampart.config.user">XXXXXXXXXXXXXXXX</rampart:property>
            </rampart:crypto>
        </rampart:signatureCrypto>
    </rampart:RampartConfig>

</wsp:Policy>

然后你必须将你的PWCBHandler放在％HOME_WSO2 / repository / components / lib中，并使用wso2 web界面将你的keystore.jks上传到WSO2。

最后重启wso2。

我希望你能帮助你。

wso2 ESB：不安全后端服务的安全代理中出错

2 个答案: