WSO2 API Manager和IS作为Keymanager:用户未获得应用程序

时间:2017-10-17 07:32:41

标签: caching wso2 wso2is wso2-am wso2carbon

我已将API管理器和IS设置为密钥管理器。 (2.1.0和5.3.0) 此外,我还设置了主要用户和次要用户。

我们已经在次要用户中创建了用户,并在过去使用它们成功订阅了应用程序,但突然间,这不再起作用了。

当创建一个应用程序来订阅API然后生成访问令牌时,AM和IS会抛出错误。

IS 

TID: [-1234] [] [2017-10-17 09:07:37,479]  WARN {org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl} -  Illegal Access! User EXTERNAL/test@test.com does not have access to the application EXTERNAL_test-AT-test.com_201710170906_SANDBOX
TID: [-1234] [] [2017-10-17 09:07:37,480] ERROR {org.wso2.carbon.apimgt.impl.utils.APIUtil} -  Error occurred while creating ServiceProvider for app EXTERNAL_test-AT-test.com_201710170906_SANDBOX
org.wso2.carbon.identity.application.common.IdentityApplicationManagementException: Error occurred while updating the application: EXTERNAL_test-AT-test.com_201710170906_SANDBOX
    at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.updateApplication(ApplicationManagementServiceImpl.java:300)
[...]
Caused by:  org.wso2.carbon.identity.application.common.IdentityApplicationManagementException: User not authorized
    at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.updateApplication(ApplicationManagementServiceImpl.java:277)

AM: 

TID: [-1234] [] [2017-10-17 09:07:37,490] ERROR {org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl} -  Can not create OAuth application  : 201710170906_SANDBOX {org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl} 
org.wso2.carbon.apimgt.keymgt.stub.subscriber.APIKeyMgtSubscriberServiceAPIManagementException: APIKeyMgtSubscriberServiceAPIManagementException
[...]
TID: [-1234] [] [2017-10-17 09:07:37,492] ERROR {org.wso2.carbon.apimgt.impl.utils.APIUtil} -  Error occurred while executing SubscriberKeyMgtClient. {org.wso2.carbon.apimgt.impl.utils.APIUtil}
org.wso2.carbon.apimgt.api.APIManagementException: Can not create OAuth application  : 201710170906_SANDBOX
[...]
Caused by: org.wso2.carbon.apimgt.keymgt.stub.subscriber.APIKeyMgtSubscriberServiceAPIManagementException: APIKeyMgtSubscriberServiceAPIManagementException
    at sun.reflect.GeneratedConstructorAccessor339.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

我已经尝试并测试了一些东西,并直接在数据库(Oracle)中进行了验证:

  • 创建应用程序时,它是在数据库中创建的。 (钥匙店)
  • 当我订阅api时,api和app之间的链接在数据库中创建。
  • 当我生成访问令牌时,会发生错误,创建用户的角色。 (auth商店)
    • "查看用户"该角色显示具有该角色的用户。
    • "查看角色"在用户上没有显示具有该角色的用户。
    • 数据库中的SP_APP表包含新创建的应用程序,但没有访问令牌。
  • 删除应用程序时
    • SP_APP保留在数据库中。
    • 角色保留在数据库中。

但现在是棘手的部分: 对于主要用户组中的用户,一切正常。

真正棘手的部分: 有时(如每15-20次一次),辅助用户的令牌生成工作。

[编辑]

进一步调查让我得出这样的假设:用户/角色缓存/阅读出现问题。

来自密钥管理器的日志:

问题:

  • 为什么org.apache.axis2.transport.http.AxisServlet会抛出NPE?
  • 2017-10-18 19:46:28,877部分在数据库中创建角色后不应该没有问题吗?

完整日志:

[2017-10-18 19:46:28,732] DEBUG -  Created singleton instance for org.wso2.carbon.identity.auth.service.handler.HandlerManager {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2017-10-18 19:46:28,733] DEBUG -  Get first priority handler for the given handler list. {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2017-10-18 19:46:28,733] DEBUG -  Get first priority handler : DefaultAuthenticationManager(org.wso2.carbon.identity.auth.service.AuthenticationManager) {org.wso2.carbon.identity.auth.service.handler.HandlerManager}
[2017-10-18 19:46:28,733] DEBUG -   {org.apache.axis2.transport.http.AxisServlet}
java.lang.NullPointerException
    at javax.servlet.GenericServlet.getServletContext(GenericServlet.java:123)
    at org.apache.axis2.transport.http.AxisServlet.createMessageContext(AxisServlet.java:715)
    at org.apache.axis2.transport.http.AxisServlet.createMessageContext(AxisServlet.java:741)
    at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:138)
    at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
    at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
    at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:72)
    at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
    at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
    at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
[2017-10-18 19:46:28,734] DEBUG -  getAction (null) from org.apache.axis2.client.Options@72ca18ef {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,734] DEBUG -  Old SoapAction is (null) {org.apache.axis2.context.MessageContext}
[2017-10-18 19:46:28,734] DEBUG -  New SoapAction is (null) {org.apache.axis2.context.MessageContext}
[2017-10-18 19:46:28,734] DEBUG -  setAction Old action is (null) {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,734] DEBUG -  setAction New action is (null) {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,734] DEBUG -  Input contentType (application/soap+xml; charset=UTF-8; action="urn:createOAuthApplicationByApplicationInfo") {org.apache.axis2.builder.BuilderUtil}
[2017-10-18 19:46:28,734] DEBUG -  CharSetEncoding from content-type (UTF-8) {org.apache.axis2.builder.BuilderUtil}
[2017-10-18 19:46:28,734] DEBUG -  getAction (null) from org.apache.axis2.client.Options@72ca18ef {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,734] DEBUG -  Old SoapAction is (null) {org.apache.axis2.context.MessageContext}
[2017-10-18 19:46:28,734] DEBUG -  New SoapAction is (urn:createOAuthApplicationByApplicationInfo) {org.apache.axis2.context.MessageContext}
[2017-10-18 19:46:28,734] DEBUG -  setAction Old action is (null) {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,734] DEBUG -  setAction New action is (urn:createOAuthApplicationByApplicationInfo) {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,734] DEBUG -  getAction (urn:createOAuthApplicationByApplicationInfo) from org.apache.axis2.client.Options@72ca18ef {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,734] DEBUG -  SoapAction is (urn:createOAuthApplicationByApplicationInfo) {org.apache.axis2.context.MessageContext}
[2017-10-18 19:46:28,734] DEBUG -  createSOAPEnvelope using Builder (class org.apache.axis2.builder.SOAPBuilder) selected from type (application/soap+xml) {org.apache.axis2.transport.TransportUtils}
[2017-10-18 19:46:28,734] DEBUG -  char set encoding set from default =UTF-8 {org.apache.axis2.builder.BuilderUtil}
[2017-10-18 19:46:28,734] DEBUG -  [MessageContext: logID=62aa565ba9f5ad1bb8a9618af3ccb60006e855dbc7d5825a] Checking for Service using target endpoint address : https://wimtest.domain.com/services/APIKeyMgtSubscriberService {org.apache.axis2.dispatchers.RequestURIBasedServiceDispatcher}
[2017-10-18 19:46:28,735] DEBUG -  org.apache.axis2.i18n.resource::handleGetObject(servicefound) {org.apache.axis2.i18n.ProjectResourceBundle}
[2017-10-18 19:46:28,735] DEBUG -  [MessageContext: logID=62aa565ba9f5ad1bb8a9618af3ccb60006e855dbc7d5825a] Found AxisService : APIKeyMgtSubscriberService {org.apache.axis2.engine.AbstractDispatcher}
[2017-10-18 19:46:28,735] DEBUG -  getAction (urn:createOAuthApplicationByApplicationInfo) from org.apache.axis2.client.Options@72ca18ef {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,735] DEBUG -  SoapAction is (urn:createOAuthApplicationByApplicationInfo) {org.apache.axis2.context.MessageContext}
[2017-10-18 19:46:28,735] DEBUG -  [MessageContext: logID=62aa565ba9f5ad1bb8a9618af3ccb60006e855dbc7d5825a] Checking for Operation using Action : urn:createOAuthApplicationByApplicationInfo {org.apache.axis2.dispatchers.ActionBasedOperationDispatcher}
[2017-10-18 19:46:28,735] DEBUG -  getOperationBySOAPAction: Operation (org.apache.axis2.description.InOutAxisOperation@5dd7070f,createOAuthApplicationByApplicationInfo) for soapAction: urn:createOAuthApplicationByApplicationInfo found in action map. {org.apache.axis2.description.AxisService}
[2017-10-18 19:46:28,735] DEBUG -  org.apache.axis2.i18n.resource::handleGetObject(operationfound) {org.apache.axis2.i18n.ProjectResourceBundle}
[2017-10-18 19:46:28,735] DEBUG -  [MessageContext: logID=62aa565ba9f5ad1bb8a9618af3ccb60006e855dbc7d5825a] Found AxisOperation : createOAuthApplicationByApplicationInfo {org.apache.axis2.engine.AbstractDispatcher}
[2017-10-18 19:46:28,735] DEBUG -  getAddressingRequirementParemeterValue: value: 'null' {org.apache.axis2.addressing.AddressingHelper}
[2017-10-18 19:46:28,735] DEBUG -  [MessageContext: logID=62aa565ba9f5ad1bb8a9618af3ccb60006e855dbc7d5825a] isReplyRedirected: ReplyTo is null. Returning false {org.apache.axis2.addressing.AddressingHelper}
[2017-10-18 19:46:28,735] DEBUG -  Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2017-10-18 19:46:28,735] DEBUG -  Authorization cache miss for username : admin resource /permission/admin/login action : ui.execute {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
[2017-10-18 19:46:28,735] DEBUG -  Roles which have permission for resource : /permission/admin/login action : ui.execute {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
[2017-10-18 19:46:28,736] DEBUG -  Role :  admin {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
[2017-10-18 19:46:28,736] DEBUG -  Role :  INTERNAL/creator {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
[2017-10-18 19:46:28,736] DEBUG -  Role :  INTERNAL/subscriber {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
[2017-10-18 19:46:28,736] DEBUG -  Role :  INTERNAL/publisher {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
[2017-10-18 19:46:28,736] DEBUG -  Retrieving internal roles for user name :  admin and search filter * {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
[2017-10-18 19:46:28,740] DEBUG -  Searching for user admin {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,740] DEBUG -  Replace escape characters configured to: true {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,740] DEBUG -  Replace escape characters configured to: true {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,740] DEBUG -  value after escaping special characters in admin : admin {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,740] DEBUG -  User: admin exist: true {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,740] DEBUG -  Replace escape characters configured to: true {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,740] DEBUG -  Reading roles with the memberOfProperty Property: memberOf {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,740] DEBUG -  Result for searchBase: CN=admin,OU=EDV,DC=test,DC=com searchFilter: (&(|(objectClass=userProxyFull)(objectClass=user))(mail=admin)) property:memberOf appendDN: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,755] DEBUG -  Replace escape characters configured to: true {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,757] DEBUG -  Found user: CN=admin,OU=GROUPS,DC=test,DC=com {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,757] DEBUG -  Result  :  CN=admin,OU=GROUPS,DC=test,DC=com {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,757] DEBUG -  GetGroupNameAttributeValuesOfGroups with DN {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,773] DEBUG -  Using DN: CN=admin,OU=GROUPS,DC=test,DC=com {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,773] DEBUG -  Found role: admin {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
[2017-10-18 19:46:28,774] DEBUG -  admin user has permitted resource :  /permission/admin/login, action :ui.execute {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
[2017-10-18 19:46:28,774] DEBUG -  getAction (null) from org.apache.axis2.client.Options@7889e70c {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,774] DEBUG -  Old WSAAction is (null) {org.apache.axis2.context.MessageContext}
[2017-10-18 19:46:28,774] DEBUG -  New WSAAction is (urn:createOAuthApplicationByApplicationInfoResponse) {org.apache.axis2.context.MessageContext}
[2017-10-18 19:46:28,774] DEBUG -  setAction Old action is (null) {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,774] DEBUG -  setAction New action is (urn:createOAuthApplicationByApplicationInfoResponse) {org.apache.axis2.client.Options}
[2017-10-18 19:46:28,774] DEBUG -  messageID is null. {org.apache.axis2.context.ConfigurationContext}
[2017-10-18 19:46:28,778] DEBUG -  Resolving tenant id from tenant domain {org.wso2.carbon.context.PrivilegedCarbonContext}
[2017-10-18 19:46:28,778] DEBUG -  Creating application role : Application/EXTERNAL_test-AT-test.com_201710181946_SANDBOX and assign the user : [EXTERNAL/test@test.com] to that role {org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil}
[2017-10-18 19:46:28,779] DEBUG -  Is roleName: Application/EXTERNAL_test-AT-test.com_201710181946_SANDBOX Exist: false TenantId: -1234 {org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager}
[2017-10-18 19:46:28,783] DEBUG -  Is roleName: Application/EXTERNAL_test-AT-test.com_201710181946_SANDBOX Exist: false TenantId: -1234 {org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager}
[2017-10-18 19:46:28,792] DEBUG -  Executed a batch update. Query is : INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID, UM_DOMAIN_ID) VALUES (?,(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?), ?, (SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)): and result is[1] {org.wso2.carbon.user.core.util.DatabaseUtil}
[2017-10-18 19:46:28,812] DEBUG -  Creating Application EXTERNAL_test-AT-test.com_201710181946_SANDBOX for user EXTERNAL/test@test.com {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,820] DEBUG -  Application Stored successfully with application id 135 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,822] DEBUG -  Loading Basic Application Data of EXTERNAL_test-AT-test.com_201710181946_SANDBOX {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,823] DEBUG -  ApplicationID: 135 ApplicationName: EXTERNAL_test-AT-test.com_201710181946_SANDBOX UserName: test@test.com TenantDomain: carbon.super {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,823] DEBUG -  Reading Clients of Application 135 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,825] DEBUG -  Reading Steps of Application 135 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,831] DEBUG -  Reading Claim Mappings of Application 135 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,834] DEBUG -  Reading Role Mapping of Application 135 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,874] DEBUG -  Clearing cache entry for EXTERNAL_test-AT-test.com_201710181946_SANDBOX {org.wso2.carbon.identity.provisioning.listener.ProvisioningApplicationMgtListener}
[2017-10-18 19:46:28,874] DEBUG -  Provisioning cached entry not found for sp EXTERNAL_test-AT-test.com_201710181946_SANDBOX {org.wso2.carbon.identity.provisioning.listener.ProvisioningApplicationMgtListener}
[2017-10-18 19:46:28,874] DEBUG -  Checking whether user has role : Application/EXTERNAL_test-AT-test.com_201710181946_SANDBOX by retrieving role list of user : EXTERNAL/test@test.com {org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil}
[2017-10-18 19:46:28,874] DEBUG -  Loading Application Name for ID: 135 {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,876] DEBUG -  ApplicationName : EXTERNAL_test-AT-test.com_201710181946_SANDBOX {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2017-10-18 19:46:28,877] DEBUG -  Checking whether user has role : Application/EXTERNAL_test-AT-test.com_201710181946_SANDBOX by retrieving role list of user : EXTERNAL/test@test.com {org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil}
[2017-10-18 19:46:28,877]  WARN -  Illegal Access! User EXTERNAL/test@test.com does not have access to the application EXTERNAL_test-AT-test.com_201710181946_SANDBOX {org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl}
[2017-10-18 19:46:28,877] ERROR -  Error occurred while creating ServiceProvider for app EXTERNAL_test-AT-test.com_201710181946_SANDBOX {org.wso2.carbon.apimgt.impl.utils.APIUtil}
org.wso2.carbon.identity.application.common.IdentityApplicationManagementException: Error occurred while updating the application: EXTERNAL_test-AT-test.com_201710181946_SANDBOX
    at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.updateApplication(ApplicationManagementServiceImpl.java:300)

此致 垫

1 个答案:

答案 0 :(得分:1)

所以,我找到了解决当前问题的方法。

辅助用户界面中角色的缓存配置在某种程度上无法正常工作。 UI配置未禁用缓存,但显示已禁用。在我更改了xml中的配置后,它确实禁用了角色缓存,问题就消失了。 (现在,UI可以启用和禁用缓存)。

但是,只要我重新激活缓存,问题就会再次出现(仍然很少有机会在工作流程中顺利运行)。

缓存是针对开发和实时环境的,我们在那里没有问题。所以不知何故,测试环境不想清除缓存/重新加载用户角色的数据......奇怪......

所以它不理想,但至少可以再使用。但如果有人知道如何解决缓存问题,我很高兴知道!

干杯, 垫

相关问题
最新问题