WSO2 IS"尝试调用服务方法getDecision时出现异常"对于PolicySet
我已经与WSO2玩了一段时间并开始测试PolicySet。我有一个基本的目标是管理员'用户角色和除了允许访问权限之外什么都不做的策略。
当我提出请求时,我会将Exception occurred while trying to invoke service method getDecision作为回复。我不是Java程序员,因此堆栈跟踪不是很有用。
我做错了什么,或者WSO2中有错误?
政策集:
<xacml3:PolicySet xmlns:xacml3="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="admins" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides" Version="1.0">
<xacml3:Description></xacml3:Description>
<xacml3:PolicySetDefaults>
<xacml3:XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</xacml3:XPathVersion>
</xacml3:PolicySetDefaults>
<xacml3:Target>
<xacml3:AnyOf>
<xacml3:AllOf>
<xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">administrator</xacml3:AttributeValue>
<xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" MustBePresent="false"></xacml3:AttributeDesignator>
</xacml3:Match>
</xacml3:AllOf>
</xacml3:AnyOf>
</xacml3:Target>
<xacml3:Policy PolicyId="admins.AccessGranted" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
<xacml3:Description></xacml3:Description>
<xacml3:PolicyDefaults>
<xacml3:XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</xacml3:XPathVersion>
</xacml3:PolicyDefaults>
<xacml3:Target></xacml3:Target>
<xacml3:Rule Effect="Permit" RuleId="admins.AccessGranted.Access">
<xacml3:Description></xacml3:Description>
<xacml3:Target></xacml3:Target>
</xacml3:Rule>
</xacml3:Policy>
</xacml3:PolicySet>
请求:
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="true">
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1773</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">115</AttributeValue>
</Attribute>
</Attributes>
</Request>
请注意,用户角色是通过向PIP发出请求来确定的。
堆栈跟踪:
TID: [0] [IS] [2015-10-28 09:04:20,438] WARN {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} - Illegal access attempt at [2015-10-28 09:04:20,0438] from IP address 192.168.1.112 while trying to authenticate access to service EntitlementService {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler}
TID: [0] [IS] [2015-10-28 09:04:20,558] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin@carbon.super [-1234]' logged in at [2015-10-28 09:04:20,557+0100] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [0] [IS] [2015-10-28 09:04:20,562] DEBUG {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder} - The SQL query: select auth_group.name from AUTH_GROUP, AUTH_USER_GROUPS where auth_user_groups.group_id = auth_group.id and auth_user_groups.user_id = 1773 {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder}
TID: [0] [IS] [2015-10-28 09:04:20,563] INFO {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder} - Before connecting {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder}
TID: [0] [IS] [2015-10-28 09:04:20,645] INFO {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder} - Trying to connect!!! {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder}
TID: [0] [IS] [2015-10-28 09:04:20,645] INFO {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder} - Connected. Executing Query {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder}
TID: [0] [IS] [2015-10-28 09:04:20,726] INFO {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder} - Should have worked {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder}
TID: [0] [IS] [2015-10-28 09:04:20,727] DEBUG {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder} - [administrator] {org.xacmlinfo.xacml.pip.jdbc.JDBCAttributeFinder}
TID: [0] [IS] [2015-10-28 09:04:20,734] ERROR {org.apache.axis2.rpc.receivers.RPCMessageReceiver} - Exception occurred while trying to invoke service method getDecision {org.apache.axis2.rpc.receivers.RPCMessageReceiver}
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.StackOverflowError
at java.util.Collections$UnmodifiableCollection$1.<init>(Collections.java:1064)
at java.util.Collections$UnmodifiableCollection.iterator(Collections.java:1063)
at org.wso2.balana.PDP.processPolicyReferences(PDP.java:329)
at org.wso2.balana.PDP.processPolicyReferences(PDP.java:332)
....(1021 of at org.wso2.balana.PDP.processPolicyReferences(PDP.java:332) )
2 个答案:
答案 0 :(得分:0)
我使用Axiomatics Policy Server进行了测试(见下面的截图),我得到了:
- NotApplicable 如果我不发送角色
- 允许如果我确实发送了该角色。
似乎WSO2 IS可能无法连接到您的PIP并返回异常。您必须查看服务器日志。或者尝试Axiomatics。
答案 1 :(得分:0)
您的配置似乎有效,否则IS会在从PAP发布时提醒它,但尽管如此 - 会发生运行时异常。 尝试运行PIP自定义代码或在PIP运行时本身时可能会发生这种情况。
检查IS服务器日志并确保您的PIP也写入日志。
相关问题
- Axis Web Service抛出错误:尝试调用服务方法时发生异常
- 尝试调用方法时出现IllegalArgumentException
- WSO2 ESB - 尝试替换HTML服务器响应时发生错误
- 尝试在编辑资源名称上调用服务方法editArtifact时发生异常
- 尝试调用服务方法时发生Axis2异常
- ERROR receivers.RPCInOnlyMessageReceiver:尝试调用服务方法placeOrder时发生异常
- org.apache.axis2.AxisFault:尝试调用服务方法getUserInfomationByEmail时发生异常
- WSO2 IS&#34;尝试调用服务方法getDecision时出现异常&#34;对于PolicySet
- WSO2 GCM(发送GCM通知时发生异常:null)
- 示例WSO2 IS 5.3和XACML PolicySet
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?