我是WSO2 API Manager版本1.9.1的新手。我希望x-jwt-assertion使用OpenSAML库(http://mvnrepository.com/artifact/org.opensaml/opensaml/2.6.4)进行解码。我想要解码/解析相同的x-jwt-assertion(在此链接Decode X-JWT-Assertion using axiom-api in java中显示),但是当在代码下面实现时,我会看到以下错误。请指导。
是否可以使用OpenSAML解码WSO2 APIM(API管理器)的x-jwt-assertion?
参考代码:
Exception in thread "main" org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:347)
at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
at com.mkyong.app.OpenSAMLDemo.main(OpenSAMLDemo.java:46)
参考代码:
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Properties;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.codec.binary.Base64;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Response;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.io.UnmarshallerFactory;
import org.opensaml.xml.io.UnmarshallingException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
public class OpenSAMLDemo {
public static void main(String[] args) throws IOException,
ParserConfigurationException, SAXException, ConfigurationException, UnmarshallingException {
Properties prop = new Properties();
prop.load(OpenSAMLDemo.class.getClassLoader().getResourceAsStream("jwtAssertion.properties"));
String responseMessage = prop.getProperty("jwt");
System.out.println(responseMessage);
Base64 base64 = new Base64();
byte[] base64DecodedResponse = base64.decode(responseMessage);
DefaultBootstrap.bootstrap();
ByteArrayInputStream is = new ByteArrayInputStream(base64DecodedResponse);
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
Document document = docBuilder.parse(is);
Element element = document.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
XMLObject responseXmlObj = unmarshaller.unmarshall(element);
Response response = (Response) responseXmlObj;
Assertion assertion = response.getAssertions().get(0);
String subject = assertion.getSubject().getNameID().getValue();
System.out.println("SUBJECT : " + subject );
String issuer = assertion.getIssuer().getValue();
System.out.println("ISSUER : " + issuer);
String audience = assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).getAudienceURI();
System.out.println("AUDIENCE : " + audience );
}
}
答案 0 :(得分:0)
您正在使用WSO2 API Manager工具。 API Manager提供的X-JWT-Assertion与WSO2 SAML Assertion不同。所以OpenSAML库不起作用。因为它不是为支持X-JWT-Assertion而开发的。要解析X-JWT-Assertion,您需要使用axiom-api。
请参阅此网站和提供的解决方案。 Decode X-JWT-Assertion using axiom-api in java