我试图通过WSO2 API Manager测试WSO2 IS中定义的XACML策略,如以下链接所述
https://docs.wso2.com/display/AM210/Enabling+Role-Based+Access+Control+Using+XACML
该政策正在通过验证,我可以看到" Permit"在日志中做出决定,但API管理员不会返回任何响应,并且呼叫被阻止,并且请求会在一段时间后超时。
DEBUG - EntitlementMediator Entitlement Decision is : Permit
DEBUG - EntitlementMediator User is authorized to perform the action
DEBUG - EntitlementMediator OnAccept sequence is not defined.
INFO - SourceHandler Writer null when calling informWriterError
WARN - SourceHandler Connection time out after request is read: http-incoming-19 Socket Timeout : 60000 Remote Address : /0:0:0:0:0:0:0:1:63398
WARN - TimeoutHandler Expiring message ID : urn:uuid:045f7259-cc8b-46a7-b9a2-832429163531; dropping message after GLOBAL_TIMEOUT of : 120 seconds for Endpoint
粘贴邮件中介策略文件
<sequence xmlns="http://ws.apache.org/ns/synapse" name="EM"> <entitlementService xmlns="http://ws.apache.org/ns/synapse" remoteServiceUrl="https://localhost:9443/services" remoteServiceUserName="admin" remoteServicePassword="admin" callbackClass="org.wso2.sample.handlers.entitlement.APIEntitlementCallbackHandler">
<onReject>
<makefault version="soap12">
<code xmlns:soap12Env="http://www.w3.org/2003/05/soap-envelope"
value="soap12Env:Receiver"/>
<reason value="UNAUTHORIZED"/>
<node/>
<role/>
<detail>XACML Authorization Failed</detail>
</makefault>
<respond/>
</onReject>
<onAccept>
<log level="trace" xmlns="http://ws.apache.org/ns/synapse"/>
<send>
<endpoint>
<address uri="http://localhost:8080"/>
</endpoint>
</send>
</onAccept>
<obligations/>
<advice/>
</entitlementService>
</sequence>
如果我只是在OnAccept中使用响应,而不是发送,则呼叫立即返回,但我的后端API不会被调用。
我在这里错过了什么吗?
谢谢,Albie Morken
答案 0 :(得分:0)
看起来像这样
DEBUG - EntitlementMediator OnAccept sequence is not defined. 尝试定义该路径