Question

我有两个应用程序，一个用于验证某个用户并在用户有效时生成jwt，并将此jwt保存在名为custom的标题上，如您所见：

{% for outer in level1.level2|selectattr('_type','match','listType1') %}
{% for inner in outer.level3.level4 %}
myInfo: {{ inner }}
{% endfor %}
{% endfor %}

另一个验证了jwt。

    var jwt = require('jsonwebtoken')
    var bodyParser = require('body-parser')

    app.use(bodyParser.urlencoded({extended: false}))
    app.use(bodyParser.json({limit:'10mb'}))

    app.post('/login', (req, res) => {

    let usuarios = [
    {
        username: "Hannibal",
        password: "pass1"
    },
    {
        username: "Arnold",
        password: "pass2"
    }
];

let credentials = req.body.credentials;

let isValid = usuarios.some((validUser) => {
    return validUser.username == credentials.username && validUser.password == credentials.password;
});

if (isValid){
var tokenData = {
  username: credentials.username
}

var token = jwt.sign(tokenData, 'Secret Password', {
  expiresIn: 60 * 60 * 24 // expires in 24 hours
})

res.setHeader("custom", token)

}

    res.json(
{
    "response": {
        "status": isValid
    }
});  
})

可以做一个调用验证器的调解器，这个调整器获取自定义标头并验证它吗？我尝试这两个，但当我尝试用肥皂ui我继续获得401（缺少自定义令牌），直到我声明自定义头。

    var jwt = require('jsonwebtoken')
    const express = require('express')
    const app = express()

    app.get('/secure', (req, res) => {
    var token = req.headers['custom']
    if(!token){
      res.status(401).send({
      error: "Es necesario el token de autenticación"
      })
       return
     }

   jwt.verify(token, 'Secret Password', function(err, user) {
     if (err) {
    res.status(401).send({
      error: 'Token inválido'
    })
  } else {
    res.send({
      message: 'Login exitoso!'
    })
  }
})
})

提前感谢任何指南或提示！

Answer 1

您不需要在meditaion序列中触摸自定义令牌，当您将消息发送到后端登录服务时，自定义标头将被传递。

一个有用的工具，可帮助调试http标头以启用conf / log4j.properties文件中的http wire日志。这会将整个http有效负载记录到日志中，以便您可以看到它正在发送和接收的标头。

log4j.logger.org.apache.synapse.transport.http.wire=DEBUG

例如，我使用您尝试创建的中间人服务创建了此API，并为您的后端令牌身份验证创建了模拟服务。

<api context="/secureapi" name="LoginAPI" xmlns="http://ws.apache.org/ns/synapse">

    <!-- The Middleman API that your client app will talk to -->
    <resource methods="GET" protocol="http" url-mapping="/secure">
        <inSequence>
            <log level="custom">
                <property name="Secure service" expression="$trp:custom"/>
            </log>
            <property name="REST_URL_POSTFIX" action="remove" scope="axis2"/>
            <send>
                <endpoint>
                    <address uri="http://localhost:8280/secureapi/backend" format="rest"/>
                </endpoint>
            </send>
        </inSequence>
        <outSequence>
            <send/>
        </outSequence>
        <faultSequence/>
    </resource>


    <!-- This is a mock of you backend login service -->
    <resource methods="GET" protocol="http" url-mapping="/backend">
        <inSequence>
            <log level="custom">
                <property name="Backend" expression="$trp:custom"/>
            </log>
            <payloadFactory media-type="json">
                <format>
                    { message: 'Login exitoso!' }
                </format>
                <args/>
            </payloadFactory>
            <loopback/>
        </inSequence>
        <outSequence>
            <send/>
        </outSequence>
        <faultSequence/>
    </resource>
</api>

删除REST_URL_POSTFIX属性非常重要。

<property name="REST_URL_POSTFIX" action="remove" scope="axis2"/>

如果我没有这样做，那么下次当我尝试发送消息时，它会将/secure追加到它的末尾（因此它将调用http://localhost:8280/secureapi/backend/secure），这将导致404。

当我使用自定义标头集（我将值设置为“jwtTokenString”）向此API发送请求时，wso2carbon日志包含以下内容（我将其删除一点以消除不重要的噪声）。

这是接收请求的中间人API

[2018-06-07 16:45:24,957] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "GET /secureapi/secure HTTP/1.1[\r][\n]"
[2018-06-07 16:45:24,957] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "Host: my.host.name:8280[\r][\n]"
[2018-06-07 16:45:24,957] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "Connection: keep-alive[\r][\n]"
[2018-06-07 16:45:24,957] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "Cache-Control: no-cache[\r][\n]"
[2018-06-07 16:45:24,957] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36[\r][\n]"
[2018-06-07 16:45:24,957] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "custom: jwtTokenString[\r][\n]"
[2018-06-07 16:45:24,958] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "Postman-Token: ee489d08-ceb7-0cbe-de07-1544bf129c11[\r][\n]"
[2018-06-07 16:45:24,958] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "Accept: */*[\r][\n]"
[2018-06-07 16:45:24,958] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "Accept-Encoding: gzip, deflate[\r][\n]"
[2018-06-07 16:45:24,958] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "Accept-Language: en-NZ,en;q=0.9,en-US;q=0.8[\r][\n]"
[2018-06-07 16:45:24,958] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-4 >> "[\r][\n]"

然后，中间人API然后记录令牌

[2018-06-07 16:45:24,959] [EI-Core]  INFO - LogMediator Secure service = jwtTokenString

接下来是中间人API将消息发送到后端登录服务（注意尖括号的方向不同，＆gt;＆gt; =消息输入，＆lt;＆lt; =消息输出）

[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "GET /secureapi/backend HTTP/1.1[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "Accept: */*[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "Cache-Control: no-cache[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "custom: jwtTokenString[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "Postman-Token: ee489d08-ceb7-0cbe-de07-1544bf129c11[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "Accept-Encoding: gzip, deflate[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "Accept-Language: en-NZ,en;q=0.9,en-US;q=0.8[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "Host: localhost:8280[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "Connection: Keep-Alive[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Sender I/O dispatcher-4 << "[\r][\n]"

您可以看到自定义标题仍然存在。最后，后端服务接收带有自定义标头的消息

[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "GET /secureapi/backend HTTP/1.1[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "Accept: */*[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "Cache-Control: no-cache[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "custom: jwtTokenString[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "Postman-Token: ee489d08-ceb7-0cbe-de07-1544bf129c11[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "Accept-Encoding: gzip, deflate[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "Accept-Language: en-NZ,en;q=0.9,en-US;q=0.8[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "Host: localhost:8280[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "Connection: Keep-Alive[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]"
[2018-06-07 16:45:24,961] [EI-Core] DEBUG - wire HTTP-Listener I/O dispatcher-1 >> "[\r][\n]"

使用自定义标头WSO2

1 个答案: