wso2 - 向 wso2 身份服务器发送请求

Question

我正在尝试向身份服务器发送请求，但不知道该怎么做。我知道身份服务器可以通过在身份服务器内为您生成请求来帮助您测试您的策略，但我不知道如何在身份服务器之外执行此操作。所以我的问题是如何向身份服务器发送请求，以便让它根据策略检查请求并向我返回结果。我已经尝试了http://hasini-gunasinghe.blogspot.com/2011/12/entitlement-service-xacml-pdp-as-web.html上的博客，但它不起作用。谢谢你

Answer 1

我尝试了博客文章中的代码，并且可以使用 localhost 中的 WSO2 Identity Server 4.1.0 的以下设置使其工作。不要忘记为 wso2carbon.jks 提供正确的路径。

import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub;
import org.wso2.carbon.identity.entitlement.ui.client.EntitlementServiceClient;

public class EntitlementClient {

private static String serverUrl = "https://localhost:9443/services/";

private AuthenticationAdminStub authstub = null;
private static ConfigurationContext ctx;
private static String authCookie = null;
private static EntitlementServiceClient entitlementServiceClient;
private static EntitlementServiceStub stub;
//sample XACML request captured from TryIt tool of IdentityServer.  
private static String sampleRequest = "<Request xmlns=\"urn:oasis:names:tc:xacml:2.0:context:schema:os\"\n" +
        "         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n" +
        "    <Resource>\n" +
        "        <Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:resource:resource-id\"\n" +
        "                   DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
        "            <AttributeValue>ABCResource</AttributeValue>\n" +
        "        </Attribute>\n" +
        "    </Resource>\n" +
        "    <Subject>\n" +
        "        <Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:subject:subject-id\"\n" +
        "                   DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
        "            <AttributeValue>admin</AttributeValue>\n" +
        "        </Attribute>\n" +
        "        <Attribute AttributeId=\"http://wso2.org/claims/role\"\n" +
        "                   DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
        "            <AttributeValue>admin</AttributeValue>\n" +
        "        </Attribute>\n" +
        "    </Subject>\n" +
        "    <Action>\n" +
        "        <Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:action:action-id\"\n" +
        "                   DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
        "            <AttributeValue>read</AttributeValue>\n" +
        "        </Attribute>\n" +
        "    </Action>\n" +
        "    <Environment/>\n" +
        "</Request>";

public static void main(String[] args) {

    try {

        //set trust store properties required in SSL communication.
        System.setProperty("javax.net.ssl.trustStore",
                "/home/pushpalanka/Servers/wso2is-4.1.1/repository/resources/security/wso2carbon.jks");
        System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");

        //initialize authentication admin stub
        EntitlementClient remoteEntitlementClient = new EntitlementClient();
        //login using authentication admin stub providing valid credentials
        remoteEntitlementClient.login("admin", "admin");
        //initialize entitlement service stub with obtained authentication cookie
        remoteEntitlementClient.initEntitlementClient();
        //invoke EntitlementService by passing the XACML request and obtain the authorization decision
        String decision = entitlementServiceClient.getDecision(sampleRequest);
        //print the authorization decision
        System.out.println(decision);

    } catch (Exception e) {
        e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
    }

}

public EntitlementClient() {
    try {
        ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
        String authEPR = serverUrl + "AuthenticationAdmin";
        authstub = new AuthenticationAdminStub(ctx, authEPR);
        ServiceClient client = authstub._getServiceClient();
        Options options = client.getOptions();
        options.setManageSession(true);
        options.setProperty(org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING, authCookie);
    } catch (AxisFault axisFault) {
        axisFault.printStackTrace();
    }
}

public String login(String username, String password) throws Exception {
    //String cookie = null;
    boolean loggedIn = authstub.login(username, password, "127.0.0.1");
    if (loggedIn) {
        System.out.println("The user " + username + " logged in successfully.");
        authCookie = (String) authstub._getServiceClient().getServiceContext().getProperty(
                HTTPConstants.COOKIE_STRING);
    } else {
        System.out.println("Error logging in " + username);
    }
    return authCookie;
}

public void initEntitlementClient() throws AxisFault {
    entitlementServiceClient = new EntitlementServiceClient(authCookie, serverUrl, ctx);
}

}

参考 - http://hasini-gunasinghe.blogspot.com/2011/12/entitlement-service-xacml-pdp-as-web.html