我需要在调用端点之前访问客户端证书,那么如何访问客户端证书?如果使用HttpServletRequest transport / connector。
NIO对象
所以我尝试通过更改以下文件来更改WSO2 API管理器以使用阻止http / https
1) axis.xml - 取消对要使用的接收方的传输发件人的注释 正常的http / https传输而不是
PTT。2) catalina-server.xml - 将连接器协议更改为默认值 (
HTTP 1.1)。3) apimanager.xml - 更改
http.nio.port的所有引用 到mgt.transport.https.port
此后,端点将重定向到碳主页。 https端口9443似乎不寻找API端点。
是否还要添加其他配置? 请指出一些方向。提前谢谢。
答案 0 :(得分:1)
1)如果您正在尝试实现相互SSL,则APIM OOTB支持它。
https://docs.wso2.com/display/AM220/Mutual+SSL+Support+for+API+Gateway
2)如果您想出于其他原因阅读客户端证书,可以这样做。
org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
// try to retrieve the certificate
Object sslCertObject = axis2MessageContext.getProperty("ssl.client.auth.cert.X509");
if(sslCertObject != null) {
// if the certificate is available in the MessageContext, it means that mutual SSL validation has been done
// and succeed in the transport level.
// So, you can return tru here
//return true;
// Following are some additional steps
// retrieve certificate
javax.security.cert.X509Certificate[] certs = (javax.security.cert.X509Certificate[]) sslCertObject;
javax.security.cert.X509Certificate x509Certificate = certs[0];
// log the DN name of it
String dn = x509Certificate.getSubjectDN().getName();
log.info("Application is authenticate with certificate : " + dn);
// add certificate in to transport headers to send it to backend
setCertificateAsHeader(axis2MessageContext, x509Certificate);
return true;
} else {
// if certificate is not available in the MessageContext, it means that mutual SSL validation has been failed
// in the transport level.
// send 401 to client
handleAuthFailure(messageContext);
}
参考:http://xacmlinfo.org/2015/06/02/securing-apis-using-mutual-ssl-with-wso2-api-manager/
注意:根据博客文章,您仍然需要为此配置相互的ssl。