我们正在使用WSO2 IS 5.0.0 / API Manager 1.9.1。我们创建了一个Rest API来处理UserIdentityManagementAdminService中内部WSO2 soap调用setChallengeQuestionsOfUser的调用,但是当我们使用特定的userName调用此方法时,该方法将始终更新Admin帐户。
以下是我们用来调用soap服务的代码
<resource methods="POST" url-mapping="/updatechallengequestionofuser" faultSequence="fault"> <!-- Only Updating admin -->
<inSequence>
<class name="org.wso2.carbon.apimgt.gateway.mediators.TokenPasser"/>
<property name="USERNAME" expression="//userName" scope="default" type="STRING"/>
<property name="USERANSWER1" expression="//userAnswer1" scope="default" type="STRING"/>
<property name="QUESTIONSETID1" expression="//questionSetId1" scope="default" type="STRING"/>
<property name="QUESTIONTEXT1" expression="//questionText1" scope="default" type="STRING"/>
<property name="USERANSWER2" expression="//userAnswer2" scope="default" type="STRING"/>
<property name="QUESTIONSETID2" expression="//questionSetId2" scope="default" type="STRING"/>
<property name="QUESTIONTEXT2" expression="//questionText2" scope="default" type="STRING"/>
<property name="USERANSWER3" expression="//userAnswer3" scope="default" type="STRING"/>
<property name="QUESTIONSETID3" expression="//questionSetId3" scope="default" type="STRING"/>
<property name="QUESTIONTEXT3" expression="//questionText3" scope="default" type="STRING"/>
<payloadFactory media-type="xml">
<format>
<ser:setChallengeQuestionsOfUser xmlns:ser="http://services.mgt.identity.carbon.wso2.org" xmlns:xsd="http://dto.mgt.identity.carbon.wso2.org/xsd">
<ser:userName>$1</ser:userName>
<ser:challengesDTOs>
<xsd:answer>$2</xsd:answer>
<xsd:id>$3</xsd:id>
<xsd:question>$4</xsd:question>
</ser:challengesDTOs>
<ser:challengesDTOs>
<xsd:answer>$5</xsd:answer>
<xsd:id>$6</xsd:id>
<xsd:question>$7</xsd:question>
</ser:challengesDTOs>
<ser:challengesDTOs>
<xsd:answer>$8</xsd:answer>
<xsd:id>$9</xsd:id>
<xsd:question>$10</xsd:question>
</ser:challengesDTOs>
</ser:setChallengeQuestionsOfUser>
</format>
<args>
<arg evaluator="xml" expression="get-property('USERNAME')"/>
<arg evaluator="xml" expression="get-property('USERANSWER1')"/>
<arg evaluator="xml" expression="get-property('QUESTIONSETID1')"/>
<arg evaluator="xml" expression="get-property('QUESTIONTEXT1')"/>
<arg evaluator="xml" expression="get-property('USERANSWER2')"/>
<arg evaluator="xml" expression="get-property('QUESTIONSETID2')"/>
<arg evaluator="xml" expression="get-property('QUESTIONTEXT2')"/>
<arg evaluator="xml" expression="get-property('USERANSWER3')"/>
<arg evaluator="xml" expression="get-property('QUESTIONSETID3')"/>
<arg evaluator="xml" expression="get-property('QUESTIONTEXT3')"/>
</args>
</payloadFactory>
<header name="Action" scope="default" value="urn:setChallengeQuestionsOfUser"/>
<property name="Authorization" expression="fn:concat('Basic ', '<base64String>')" scope="transport"/>
<property name="Accept" expression="text/xml" scope="transport"/>
<property name="ContentType" value="text/xml" scope="axis2"></property>
<property name="messageType" value="text/xml" scope="axis2"></property>
<send>
<endpoint name="UserManagement_APIproductionEndpoint_4">
<address uri="https://wso2dev.comp.org/services/UserIdentityManagementAdminService" format="soap11">
</address>
</endpoint>
</send>
</inSequence>
<outSequence>
<class name="org.wso2.carbon.apimgt.usage.publisher.APIMgtResponseHandler"/>
<property name="ContentType" value="application/json" scope="axis2"></property>
<property name="messageType" value="application/json" scope="axis2"></property>
<send/>
</outSequence>
</resource>
wso2carbon.log文件中没有错误消息,但我们只看到名为&#34; admin&#34;的帐户。正在更新。我们可以清除challengeQuestion字段并使用有效的userName再次运行Rest调用,并看到它再次填写管理员帐户的问题。
这看起来是底层soap调用setChallengeQuestionsOfUser的问题。有没有人确定了为特定用户更新挑战问题的方法?
答案 0 :(得分:2)
如果我们要更改user1的质询问题,则应对user1进行身份验证以调用此方法。
但是在IS 5.1.0 alpha2中,拥有“/ permission / admin / configure / security”权限的用户也可以更改其他用户的质询问题。
Isura