要使用来自WSO2 ESB的令牌访问已发布的WSO2 API Manager API,无法从WSO2 API Manager获取访问令牌

时间:2015-10-28 15:05:28

标签: api wso2 esb

我编写了WSo2 ESB代理服务,其中代理服务调用在WSo2 API Manager中发布的http服务。由于API在WSo2 API Manager中发布以访问API,因此我们需要使用使用者密钥和密钥生成令牌。我手动登录到wso2 api管理器,我订阅了已发布的API并使用我的使用者密钥和密钥生成了令牌,并在从WSo2 ESB调用API时使用该令牌。在http请求头中,我已经设置了这些令牌,并且从WSo2 ESB能够调用API获取API的响应,但是这个令牌将在60分钟后到期,所以我需要通过调用生成令牌

https://api-dev.xyz.org/token
POST 
Authorization: Basic Zzc5enNRN0xLM0hOcHU2N0g2a2R1dkx6WGRrYTpJSEF1NWZUdW5FdG9BV0xfa1hCcUdvRGVPWmdh

Payload
grant_type=client_credentials

我会得到回复

response

{
   scope: "default"
   token_type: "bearer"
   expires_in: 3171
   access_token: "db995950f960b4c67162e2d92a1117a5"
}

curl命令获取令牌: - 

curl -k -d "grant_type=client_credentials" -H "Authorization: Basic Rnl5YmwwNVhacGhBb01mVE5VNE91ZkxfblRVYTpUSmt6QUJFbzZaN3FkNkE1cHE3V3JSd2ZNaHNh, Content-Type: application/x-www-form-urlencoded" https://api-dev.xyz.org:8243/token

在WSo2 ESB代理服务中,我编写了类似于curl命令的代码来获取令牌,

<property xmlns:ns="http://org.apache.synapse/xsd"  

           name="Authorization"  

           expression="fn:concat('Basic ',OUU0Zk05eU81R0VCcV9odUxBYW15SzRCaEZFYToxVmVnbHl5OFBhQTkyMFRxbEUySnduWHlTbThh)"  

           scope="transport"/>         

         <payloadFactory media-type="json">

<format>

{

"grant_type":"client_credentials"

}

</format>

</payloadFactory>

<property name="messageType" value="application/x-www-form-urlencoded" scope="axis2"/>

          <send>

            <endpoint>
<http method="get" uri-template="https://api-dev.xyz.org:8243/token"/>

           <property name="grant_type" value="client_credentials"/>

        </endpoint>

     </send>

我的回复是

TargetHandler I/O error: Host name verification failed for host : 172.18.65.251
javax.net.ssl.SSLException: Host name verification failed for host : 172.18.65.251
    at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:162)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:291)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:391)
    at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
    at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
    at java.lang.Thread.run(Thread.java:745)

知道如何解决此问题吗?

1 个答案:

答案 0 :(得分:1)

这是证书验证问题。当服务器找不到主机的相应证书时,会发生这种情况。 您可以尝试以下方法之一来解决此问题:

  1. 将后端的公共证书(本例中为APIM)导入ESB的客户端信任库。有关此here的更多信息。对于生产用途,这是推荐的方法。
  2. 或者,在'/reposotory/conf/axis2/axis2.xml'的https传输发件人配置中将'HostnameVerifier'值设置为'AllowAll'

    3. 例如:

    <transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
    ....
    <parameter name="HostnameVerifier">AllowAll</parameter>
    ....
</transportSender>
相关问题
最新问题