0
我們最近將全功能WSO2 AM 1.10升級到2.0。安裝過程沒有發生錯誤,似乎是完整的。我們可以使用發佈服務器。但是,當我們訪問應用商店並轉到列出所有用戶的應用的選項卡時,該選項卡將失敗,並且該頁面爲空。日誌顯示:wso2 am 2.0 ApiKeyValidator身份驗證錯誤
WARN - CarbonAuthenticationUtil Failed Administrator login attempt 'MyUser[-1234]' at [2017-01-10 09:47:09,380-0500]
WARN - AuthenticationHandler Illegal access attempt at [2017-01-10 09:47:09,0380] from IP address IP-ADDRESS while trying to authenticate access to service APIKeyMgtSubscriberService
ERROR - AMDefaultKeyManagerImpl Can not retrieve OAuth application for the given consumer key : BigLongStringOfStuff org.apache.axis2.AxisFault: Access Denied. Authentication failed - Invalid credentials provided.
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.apimgt.keymgt.stub.subscriber.APIKeyMgtSubscriberServiceStub.retrieveOAuthApplication(APIKeyMgtSubscriberServiceStub.java:1683)
at org.wso2.carbon.apimgt.keymgt.client.SubscriberKeyMgtClient.getOAuthApplication(SubscriberKeyMgtClient.java:89)
at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.retrieveApplication(AMDefaultKeyManagerImpl.java:234)
at org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getClientOfApplication(ApiMgtDAO.java:2389)
at org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getOAuthApplications(ApiMgtDAO.java:2353)
at org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getApplications(ApiMgtDAO.java:4649)
at org.wso2.carbon.apimgt.impl.APIConsumerImpl.getApplications(APIConsumerImpl.java:3136)
at org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.getApplications(UserAwareAPIConsumer.java:36)
at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplications(APIStoreHostObject.java:3225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
我們使用的是隻讀LDAP存儲,配置是在這裏:
<UserManager>
<Realm>
<Configuration>
<AddAdmin>False</AddAdmin>
<AdminRole>AdminGroup</AdminRole>
<AdminUser>
<UserName>MyUser</UserName>
<Password>MyPW</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ReadOnly">true</Property>
<Property name="Disabled">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="ConnectionURL">ldap://MyServer:389</Property>
<Property name="ConnectionName">CN=MyUser,OU=1,OU=2,DC=a,DC=b,DC=c</Property>
<Property name="ConnectionPassword">MyPW</Property>
<Property name="UserSearchBase">DC=a,DC=b,DC=c</Property>
<Property name="UserNameListFilter">(objectClass=user)(|(memberOf=CN=MyGroup-Subscriber,OU=1,OU=2,DC=a,DC=b,DC=c)(sAMAccountName=MyUser))</Property>
<Property name="UserNameSearchFilter">(|(&(objectClass=person)(sAMAccountName=?)(memberOf=CN=MyGroup-Subscriber,OU=1,OU=2,DC=a,DC=b,DC=c))(sAMAccountName=MyUser))</Property>
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property name="DisplayNameAttribute">displayName</Property>
<Property name="ReadGroups">true</Property>
<Property name="GroupSearchBase">OU=Groups,OU=1,OU=2,DC=a,DC=b,DC=c</Property>
<Property name="GroupNameListFilter">(&(objectClass=group)(cn=MyGroup*))</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=MyGroup?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="MultipleAttributeSeparator">,</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="SCIMEnabled">false</Property>
</UserStoreManager>
<AuthorizationManager
class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>
</UserManager>
在爲ApiKeyValidator關鍵的API-Manager.xml配置我們:
<APIKeyValidator>
<!-- Server URL of the API key manager -->
<ServerURL>https://MyURL:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<!-- Admin username for API key manager.
<Username>MyUser</Username>
<!-- Admin password for API key manager. -->
<Password>MyPW</Password>
<KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
<ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
<EnableThriftServer>true</EnableThriftServer>
<ThriftServerHost>localhost</ThriftServerHost>
<KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler</KeyValidationHandlerClassName>
使用相同的配置文件條目在1.10中沒有發生此錯誤。有什麼想法爲什麼發生這種情況?