我想测试一下在WSO2定义XACML策略是通过WSO2 API管理器,如下面的链接WSO2APIM消息中介 - API调用阻塞
https://docs.wso2.com/display/AM210/Enabling+Role-Based+Access+Control+Using+XACML
解释该政策得到验证,我可以请参阅日志中的“许可”决定,但API管理器不会返回任何响应,并且呼叫会被阻止,并且一段时间后请求会超时。
DEBUG - EntitlementMediator Entitlement Decision is : Permit
DEBUG - EntitlementMediator User is authorized to perform the action
DEBUG - EntitlementMediator OnAccept sequence is not defined.
INFO - SourceHandler Writer null when calling informWriterError
WARN - SourceHandler Connection time out after request is read: http-incoming-19 Socket Timeout : 60000 Remote Address : /0:0:0:0:0:0:0:1:63398
WARN - TimeoutHandler Expiring message ID : urn:uuid:045f7259-cc8b-46a7-b9a2-832429163531; dropping message after GLOBAL_TIMEOUT of : 120 seconds for Endpoint
粘贴消息中介策略文件
<sequence xmlns="http://ws.apache.org/ns/synapse" name="EM"> <entitlementService xmlns="http://ws.apache.org/ns/synapse" remoteServiceUrl="https://localhost:9443/services" remoteServiceUserName="admin" remoteServicePassword="admin" callbackClass="org.wso2.sample.handlers.entitlement.APIEntitlementCallbackHandler">
<onReject>
<makefault version="soap12">
<code xmlns:soap12Env="http://www.w3.org/2003/05/soap-envelope"
value="soap12Env:Receiver"/>
<reason value="UNAUTHORIZED"/>
<node/>
<role/>
<detail>XACML Authorization Failed</detail>
</makefault>
<respond/>
</onReject>
<onAccept>
<log level="trace" xmlns="http://ws.apache.org/ns/synapse"/>
<send>
<endpoint>
<address uri="http://localhost:8080"/>
</endpoint>
</send>
</onAccept>
<obligations/>
<advice/>
</entitlementService>
</sequence>
如果我只是用在OnAccept回应,而不是发送,调用立即返回,但我的后端API不会被调用。
我在这里错过了什么吗?
感谢,Albie Morken
? –
更新了邮件中介策略文件 –
决定绕过WSO2 API Manager,因为它没有按预期工作 –