授权方法返回必须在所有后续请求中传输的会话密钥。我想在сustom身份验证器中调用此方法,并保留此会话密钥,以便在WSO2 API管理器进一步生成JWT时使用。有可能吗?
我的自定义LocalApplicationAuthenticator如下所示:
import pandas as pd
pd.DataFrame(data).plot(x=0, y=1)
我可以在自定义ClaimHandler中获得会话声明:
@Override
protected void processAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws AuthenticationFailedException {
final String username = request.getParameter(AppsAuthenticatorConstants.USERNAME_PARAM);
final String password = request.getParameter(AppsAuthenticatorConstants.PASSWORD_PARAM);
final String backendSession = autorize(username, password); // request to backend application
if (StringUtils.isNotBlank(backendSession)) {
final Map<String, String> claims = new HashMap<>(1);
claims.put("http://wso2.org/claims/session", backendSession);
final AuthenticatedUser authenticatedUser = AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(username);
authenticatedUser.getUserAttributes().putAll(FrameworkUtils.buildClaimMappings(claims));
context.setSubject(authenticatedUser);
} else {
throw new InvalidCredentialsException("User authentication failed due to invalid credentials");
}
}
据我了解,DefaultClaimsRetriever在UserStore中搜索在我的情况下未使用的其他声明。而且我不知道如何从自定义ClaimsRetriever中获取它。可能吗也许对此问题还有另一种解决方案?