0
當在8080端口運行moqui,並且通過API在頭API_KEY REST API調用失敗
curl -X GET -H "api_key: {apiKey}" http://localhost:8080/rest/s1/example/examples/TEST2
它返回示例TEST2的JSON結果直接訪問它。
但是,當nginx放在mqoui應用程序的前面。代理http://localhost:8080,那麼API訪問失敗,403
{
"errorCode": 403,
"errors": "User null is not authorized for View on REST Path /example/examples/{exampleId}\nCurrent artifact info: [name:'/example/examples/{exampleId}', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: true, granted:false, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\nCurrent artifact stack:\n[name:'/example/examples', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'/example', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml/s1', type:'AT_XML_SCREEN_TRANS', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]"
}
看來webFacade不通過API_KEY成功初始化userFacade,因爲在錯誤的用戶是空的。
在附註上,我們可以查找除api_key和login_key以外的標頭,'api_key'的名稱來自於幾個常用的Swagger API,並且在Swagger UI中受支持,但沒有其他特別的地方。 –