我遵循了Enabling Role-Based Access Control Using XACML。我可以设置所有而没有任何问题。但是,调用API时,它会发出以下错误响应。
<am:fault xmlns:am="http://wso2.org/apimanager"><am:code>0</am:code><am:type>Status report</am:type><am:message>Runtime Error</am:message><am:description>Error occurred while evaluating the policy</am:description></am:fault>
在APIM日志中,我可以看到以下错误。我在同一台机器上运行APIM 2.6和IS 5.3,其AM偏移为2。看来问题出在Given Guide步骤14中提到的EntitlementMediator.xml中的remoteServiceUrl="https://127.0.0.1:9443/services"
网址。
[2019-05-28 12:33:05,162]信息-HTTPSender无法将ViaPost发送到 网址[https://127.0.0.1:9443/services/EntitlementService] javax.net.ssl.SSLPeerUnverifiedException:对等方未通过身份验证 sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) 在 org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276) 在 org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186) 在 org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) 在 org.apache.commons.httpclient.MultiThreadedHttpConnectionManager $ HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) 在 org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) 在 org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) 在 org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 在 org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:704) 在 org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199) 在 org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:81) 在 org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:459) 在 org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:286) 在org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)处 org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:441) 在 org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227) 在 org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) 在 org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:836) 在 org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259) 在 org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123) 在 org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94) 在 org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66) 在 org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:203) 在 org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108) 在 org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70) 在 org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158) 在 org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler.mediate(APIManagerExtensionHandler.java:66) 在 org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler.handleRequest(APIManagerExtensionHandler.java:75) 在org.apache.synapse.rest.API.process(API.java:325)处 org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:149) 在 org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95) 在 org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71) 在 org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:303) 在 org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:92) 在org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) 在 org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:337) 在 org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158) 在 org.apache.axis2.transport.base.threads.NativeWorkerPool $ 1.run(NativeWorkerPool.java:172) 在 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 在 java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:617) 在java.lang.Thread.run(Thread.java:745)[2019-05-28 12:33:05,164] 错误-评估策略时发生EntitlementMediator错误 org.apache.axis2.AxisFault:对等方未通过身份验证 org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)位于 org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:203) 在 org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:81) 在 org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:459) 在 org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:286) 在org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)处 org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:441) 在 org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227) 在 org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) 在 org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:836) 在 org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259) 在 org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123) 在 org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94) 在 org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66) 在 org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:203) 在 org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108) 在 org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70) 在 org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158) 在 org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler.mediate(APIManagerExtensionHandler.java:66) 在 org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler.handleRequest(APIManagerExtensionHandler.java:75) 在org.apache.synapse.rest.API.process(API.java:325)处 org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:149) 在 org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95) 在 org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71) 在 org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:303) 在 org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:92) 在org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) 在 org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:337) 在 org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158) 在 org.apache.axis2.transport.base.threads.NativeWorkerPool $ 1.run(NativeWorkerPool.java:172) 在 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 在 java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:617) 在java.lang.Thread.run(Thread.java:745)造成原因: javax.net.ssl.SSLPeerUnverifiedException:对等方未通过身份验证 sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) 在 org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276) 在 org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186) 在 org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) 在 org.apache.commons.httpclient.MultiThreadedHttpConnectionManager $ HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) 在 org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) 在 org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) 在 org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 在 org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:704) 在 org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199) ... 31更多[2019-05-28 12:33:05,172]信息-LogMediator状态= 执行默认的“故障”序列,ERROR_CODE = 0,ERROR_MESSAGE = 评估政策时发生错误
答案 0 :(得分:2)
当权利调解员尝试调用WSO2 IS公开的EntitlementService时,存在主机名验证问题。
您需要从APIM正确导出公共证书,然后导入到WSO2 IS信任库。在公共证书中,CN值应等于主机名或IP地址。
我记得APIM 2.6.0和IS 5.3.0中的主密钥存储密钥长度不同。但是,上述步骤应该可以解决您的问题。
如果您使用的WSO2 IS版本高于5.3.0,且具有默认的主机名和默认的公共证书,则应该可以立即使用。