我正在为APIM v 2.6编写中介序列。关键是要提取Authorization 标题以进行进一步处理。基于this documentation,我想到了以下几点:
<?xml version="1.0" encoding="UTF-8"?>
<sequence name="ExtractAuthorization2EndPoint" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
<property expression="get-property('axis2', 'TRANSPORT_HEADERS')" name="basic_auth" scope="axis2"/>
<log level="full">
<property expression="get-property('basic_auth')" name="captured_headers"/>
</log>
</sequence>
阅读日志,我得到captured_headers = null
TID: [-1234] [] [2020-01-09 13:46:44,178] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /somewhere, MessageID: urn:uuid:e9fc50db-5a7b-41d1-9613-80b215633bcd, Direction: request, captured_headers = null, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"><soapenv:Body/></soapenv:Envelope> {org.apache.synapse.mediators.builtin.LogMediator}
如何捕获传入请求的标头(更具体地说,是Authorization)?
get-property('transport','Authorization') $trp:Authorization 答案 0 :(得分:3)
授权标头仅在API Manager中用于内部授权目的,并且通常在将其发送到后端之前从传出请求(从APIM gw到后端)中删除该标头。这发生在APIAuthenticationHandler级别。您附加到API的自定义序列将在APIAuthenticationHandler之后执行。您可以参考[1]中的消息流程图以更好地理解。
现在让我们看看如何默认情况下将此APIAuthenticationHandler应用于API的突触文件。 (您可以在/ repository / deployments / server / synapse-configs / api文件夹中找到它)
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler">
<property name="RemoveOAuthHeadersFromOutMessage" value="true"/>
<property name="APILevelPolicy" value=""/>
<property name="APISecurity" value="oauth2"/>
</handler>
您可以如下修改上述处理程序,并强制将Oauth标头保留在传出消息中。
<property name="RemoveOAuthHeadersFromOutMessage" value="false"/>
修改API的突触后,您可能会在控制台中看到类似以下的日志。
INFO - APIDeployer API: admin--PizzaShackAPI:v1.0.0 has been updated from the file: /wso2am-2.6.0/repository/deployment/server/synapse-configs/default/api/admin--PizzaShackAPI_v1.0.0.xml
现在,尝试调用API。您应该能够登录Authorization标头。
[1]。 https://docs.wso2.com/display/AM210/Message+Flow+in+the+API+Manager+Gateway