我在尝试调用具有权利策略的ESB Rest API时遇到了Cross origin问题。请查找以下客户端调用,ESB API和Handler。
$.ajax({
beforeSend: function(xhr) {
xhr.setRequestHeader('Authorization', 'Bearer 5d8ce0224d82cca7fb55fdcf4015b67');
},
withCredentials: true,
dataType: "json",
type: 'GET',
url: relativeURL+"/test,
},
success: function(json)
{}});
<api xmlns="http://ws.apache.org/ns/synapse" name="CustomerApi" context="/CustomerApi">
<resource methods="POST GET OPTIONS DELETE PUT">
<inSequence>
<log level="custom">
<property name="Message Flow" value="Customer Search API - IN"> </property>
<property name="HTTP_METHOD IS###########" expression="$axis2:HTTP_METHOD"></property>
<property name="ip address" expression="get-property('axis2','REMOTE_ADDR')"></property>
</log>
<property name="Authorization" expression="get-property('transport','Authorization')"></property>
<property name="Access-Control-Allow-Credentials" value="true" scope="transport"></property>
<property name="Access-Control-Allow-Headers" value="authorization,Access-Control-Allow-Origin,Content-Type,origin,accept,X-Requested-With" scope="transport"></property>
<property name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" scope="transport"></property>
<property name="Access-Control-Allow-Origin" value="*" scope="transport"></property>
<property name="xacml_use_rest" value="true" scope="axis2" type="STRING"></property>
<property name="xacml_resource_prefix" value="/api/customers" scope="axis2"></property>
<property name="xacml_resource_prefix_only" value="true" scope="axis2"></property>
<property name="TIME_IN" expression="get-property('SYSTEM_TIME')" scope="default" type="LONG"></property>
<log level="custom">
<property name="Authorization.........." expression="get-property('transport','Authorization')"></property>
</log>
<entitlementService remoteServiceUrl="https://localhost:9444/services" remoteServiceUserName="admin" remoteServicePassword="enc:kuv2MubUUveMyv6GeHrXr9il59ajJIqUI4eoYHcgGKf/BBFOWn96NTjJQI+wYbWjKW6r79S7L7ZzgYeWx7DlGbff5X3pBN2Gh9yV0BHP1E93QtFqR7uTWi141Tr7V7ZwScwNqJbiNoV+vyLbsqKJE7T3nP8Ih9Y6omygbcLcHzg=" callbackClass="org.wso2.carbon.identity.entitlement.mediator.callback.UTEntitlementCallbackHandler" client="basicAuth">
<onReject>
<log level="custom">
<property name="Message Flow" value="REJECTED@ Dobbies"></property>
</log>
<property name="HTTP_SC" value="401" scope="axis2" type="STRING"></property>
<payloadFactory media-type="xml">
<format>
<oatherizationresponse xmlns="">Not Authorized </oatherizationresponse>
</format>
<args></args>
</payloadFactory>
<respond></respond>
</onReject>
<onAccept>
<log level="custom">
<property name="Message Flow" value="ACCEPTED@ Dobbies"></property>
</log>
<property name="Authorization" expression="fn:concat('Basic ', base64Encode('test:test'))" scope="transport"></property>
<send>
<endpoint>
<address uri="/api/customers/"></address>
</endpoint>
</send>
<property name="TIME_OUT" expression="get-property('SYSTEM_TIME')" scope="default" type="LONG"></property>
<script language="js">var time1 = mc.getProperty("TIME_IN");var time2 = mc.getProperty("TIME_OUT");var timeTaken = time2 - time1;mc.setProperty("RESPONSE_TIME", timeTaken);</script>
<log level="custom">
<property name="Time Duration in ms:" expression="get-property('RESPONSE_TIME') "></property>
</log>
</onAccept>
<obligations></obligations>
<advice></advice>
</entitlementService>
</inSequence>
<outSequence>
<send></send>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.handler.SimpleOauthHandlerNew">
</handler>
</handlers
</api>
package org.wso2.handler;
import java.util.Map;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.axis2.transport.http.HttpTransportProperties;
import org.apache.http.HttpHeaders;
import org.apache.synapse.ManagedLifecycle;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;
import org.wso2.carbon.identity.oauth2.stub.OAuth2ServiceStub;
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
public class SimpleOauthHandlerNew extends AbstractHandler implements ManagedLifecycle {
private String securityHeader = HttpHeaders.AUTHORIZATION;
private String consumerKeyHeaderSegment = "Bearer";
private String oauthHeaderSplitter = ",";
private String consumerKeySegmentDelimiter = " ";
private String oauth2TokenValidationService = "oauth2TokenValidationService";
private String identityServerUserName = "identityServerUserName";
private String identityServerPw = "identityServerPw";
private String oAuth2Service = "oauth2Service";
@Override
public boolean handleRequest(MessageContext messageContext) {
try{
ConfigurationContext configCtx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
//Read parameters from axis2.xml
String identityServerUrl = messageContext.getConfiguration().getAxisConfiguration().getParameter(oauth2TokenValidationService).getValue().toString();
String username = messageContext.getConfiguration().getAxisConfiguration().getParameter(identityServerUserName).getValue().toString();
String password = messageContext.getConfiguration().getAxisConfiguration().getParameter(identityServerPw).getValue().toString();
OAuth2TokenValidationServiceStub stub = new OAuth2TokenValidationServiceStub(configCtx,identityServerUrl);
String oauth2ServiceUrl = messageContext.getConfiguration().getAxisConfiguration().getParameter(oAuth2Service).getValue().toString();
OAuth2ServiceStub oAuth2ServiceStub = new OAuth2ServiceStub(configCtx,oauth2ServiceUrl);
ServiceClient client = stub._getServiceClient();
Options options = client.getOptions();
HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
authenticator.setUsername(username);
authenticator.setPassword(password);
authenticator.setPreemptiveAuthentication(true);
options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);
client.setOptions(options);
OAuth2TokenValidationRequestDTO dto = new OAuth2TokenValidationRequestDTO();
// dto.set("bearer");
Map headers = (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().
getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
String apiKey = null;
if (headers != null) {
apiKey = extractCustomerKeyFromAuthHeader(headers);
}
OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken = new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
accessToken.setTokenType("bearer");
accessToken.setIdentifier(apiKey);
dto.setAccessToken(accessToken);
//validate passed apiKey(token)
if (stub.validate(dto).getValid()) {
String user = stub.validate(dto).getAuthorizedUser();
System.out.println(">>>>>>>>>"+user);
user = user.substring(0, user.indexOf('@'));
System.out.println(">>>>>>>>>"+user);
org.apache.axis2.context.MessageContext msgContext;
Axis2MessageContext axis2Msgcontext = null;
axis2Msgcontext = (Axis2MessageContext) messageContext;
msgContext = axis2Msgcontext.getAxis2MessageContext();
msgContext.setProperty("username", user);
return true;
}else{
return false;
}
}catch(Exception e){
e.printStackTrace();
return false;
}
}
public String extractCustomerKeyFromAuthHeader(Map headersMap) {
String authHeader = (String) headersMap.get(securityHeader);
if (authHeader == null) {
return null;
}
if (authHeader.startsWith("OAuth ") || authHeader.startsWith("oauth ")) {
authHeader = authHeader.substring(authHeader.indexOf("o"));
}
String[] headers = authHeader.split(oauthHeaderSplitter);
if (headers != null) {
for (int i = 0; i < headers.length; i++) {
String[] elements = headers[i].split(consumerKeySegmentDelimiter);
if (elements != null && elements.length > 1) {
int j = 0;
boolean isConsumerKeyHeaderAvailable = false;
for (String element : elements) {
if (!"".equals(element.trim())) {
if (consumerKeyHeaderSegment.equals(elements[j].trim())) {
isConsumerKeyHeaderAvailable = true;
} else if (isConsumerKeyHeaderAvailable) {
return removeLeadingAndTrailing(elements[j].trim());
}
}
j++;
}
}
}
}
return null;
}
private String removeLeadingAndTrailing(String base) {
String result = base;
if (base.startsWith("\"") || base.endsWith("\"")) {
result = base.replace("\"", "");
}
return result.trim();
}
@Override
public boolean handleResponse(MessageContext messageContext) {
return true;
}
@Override
public void init(SynapseEnvironment synapseEnvironment) {
}
@Override
public void destroy() {
}
}
在浏览器中获取
XMLHttpRequest无法加载/ CustomerApi?limit = 10&amp; offset = 0。 No&#39; Access-Control-Allow-Origin&#39;标头出现在请求的资源上。起源&#39; http://172.250.46.250:8095&#39;因此不允许访问。
请给我一个解决方案,从客户端调用Rest端点。提前谢谢。
答案 0 :(得分:1)
询问但未回答此问题已有很长时间了。 我遇到了同样的问题,并且坚持了几天,并想添加我的发现。
添加CORS支持的一种方法是通过WSO2 API Manager公开您的API并在那里配置CORS支持 https://docs.wso2.com/display/AM200/Enabling+CORS+for+APIs
使用WSO2 EI,为API添加CORS支持的最简单方法是在发送回响应之前设置HTTP标头。
例如:
<header description="CORS" name="Access-Control-Allow-Origin" scope="transport" value="*"/>