正試圖向身份服務器發送請求,但不知道如何執行此操作。我知道身份服務器可以通過在身份服務器中爲您生成請求來幫助您測試您的策略,但我不知道如何在身份服務器之外執行此操作。所以我的問題是,我如何向身份服務器發送請求,以便根據策略檢查請求並返回給我一個結果。我嘗試過這個博客,網址爲http://hasini-gunasinghe.blogspot.com/2011/12/entitlement-service-xacml-pdp-as-web.html,它不起作用。謝謝向wso2身份服務器發送請求
我試着在博客帖子的代碼,並可以得到它與本地主機中WSO2的Identity Server 4.1.0以下設置工作。不要忘記給wso2carbon.jks正確的路徑。
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub;
import org.wso2.carbon.identity.entitlement.ui.client.EntitlementServiceClient;
public class EntitlementClient {
private static String serverUrl = "https://localhost:9443/services/";
private AuthenticationAdminStub authstub = null;
private static ConfigurationContext ctx;
private static String authCookie = null;
private static EntitlementServiceClient entitlementServiceClient;
private static EntitlementServiceStub stub;
//sample XACML request captured from TryIt tool of IdentityServer.
private static String sampleRequest = "<Request xmlns=\"urn:oasis:names:tc:xacml:2.0:context:schema:os\"\n" +
" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n" +
" <Resource>\n" +
" <Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:resource:resource-id\"\n" +
" DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
" <AttributeValue>ABCResource</AttributeValue>\n" +
" </Attribute>\n" +
" </Resource>\n" +
" <Subject>\n" +
" <Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:subject:subject-id\"\n" +
" DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
" <AttributeValue>admin</AttributeValue>\n" +
" </Attribute>\n" +
" <Attribute AttributeId=\"http://wso2.org/claims/role\"\n" +
" DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
" <AttributeValue>admin</AttributeValue>\n" +
" </Attribute>\n" +
" </Subject>\n" +
" <Action>\n" +
" <Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:action:action-id\"\n" +
" DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
" <AttributeValue>read</AttributeValue>\n" +
" </Attribute>\n" +
" </Action>\n" +
" <Environment/>\n" +
"</Request>";
public static void main(String[] args) {
try {
//set trust store properties required in SSL communication.
System.setProperty("javax.net.ssl.trustStore",
"/home/pushpalanka/Servers/wso2is-4.1.1/repository/resources/security/wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
//initialize authentication admin stub
EntitlementClient remoteEntitlementClient = new EntitlementClient();
//login using authentication admin stub providing valid credentials
remoteEntitlementClient.login("admin", "admin");
//initialize entitlement service stub with obtained authentication cookie
remoteEntitlementClient.initEntitlementClient();
//invoke EntitlementService by passing the XACML request and obtain the authorization decision
String decision = entitlementServiceClient.getDecision(sampleRequest);
//print the authorization decision
System.out.println(decision);
} catch (Exception e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
}
}
public EntitlementClient() {
try {
ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
String authEPR = serverUrl + "AuthenticationAdmin";
authstub = new AuthenticationAdminStub(ctx, authEPR);
ServiceClient client = authstub._getServiceClient();
Options options = client.getOptions();
options.setManageSession(true);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING, authCookie);
} catch (AxisFault axisFault) {
axisFault.printStackTrace();
}
}
public String login(String username, String password) throws Exception {
//String cookie = null;
boolean loggedIn = authstub.login(username, password, "127.0.0.1");
if (loggedIn) {
System.out.println("The user " + username + " logged in successfully.");
authCookie = (String) authstub._getServiceClient().getServiceContext().getProperty(
HTTPConstants.COOKIE_STRING);
} else {
System.out.println("Error logging in " + username);
}
return authCookie;
}
public void initEntitlementClient() throws AxisFault {
entitlementServiceClient = new EntitlementServiceClient(authCookie, serverUrl, ctx);
}
}
參考 - http://hasini-gunasinghe.blogspot.com/2011/12/entitlement-service-xacml-pdp-as-web.html
爲什麼你需要調用的身份服務器?你期望的功能是什麼? – 2012-07-26 13:31:40
您好,我希望身份服務器充當權利引擎,但在向其發送請求時遇到問題,我已經將策略上傳到身份服務器,現在我需要知道如何向身份服務器發送請求,讓它評估請求併發回決定。身份認證服務器允許您通過提供創建請求的方式來測試您的策略,但我想從計算機向身份認證服務器發送請求。謝謝 – user727308 2012-07-31 10:19:41