wso2 - ERROR in ESB 4.5.0: User name not provided for the Entitlement mediator

Question

I´m working with a backend service in AS 5.0.1, that it´s exposed to the outside using ESB 4.5.0 with a UT security policy. this proxy service use an entitlement mediator to validated the user authorization to access to this service, so I use the IS 4.0.0. This scenario work fine with previous wso2 product versions.

I implemented this scenario in my laptop with IS 3.2.3 and it work fine. now when I uploaded the configuration to the production servers I saw this error: NOTE: in the production servers I used two tenant for AS and ESB.

The error:

TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,787] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} -  org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791]  WARN {org.apache.synapse.FaultHandler} -  ERROR_CODE : 0 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791]  WARN {org.apache.synapse.FaultHandler} -  ERROR_MESSAGE : User name not provided for the Entitlement mediator - can't proceed {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791]  WARN {org.apache.synapse.FaultHandler} -  ERROR_DETAIL : org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed
        at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:135)
        at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:60)
        at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:114)
        at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:144)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.doSOAP(MultitenantMessageReceiver.java:233)
        at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.processRequest(MultitenantMessageReceiver.java:181)
        at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.receive(MultitenantMessageReceiver.java:77)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
        at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,792]  WARN {org.apache.synapse.FaultHandler} -  ERROR_EXCEPTION : org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,793]  WARN {org.apache.synapse.FaultHandler} -  FaultHandler : org.apache.synapse.mediators.MediatorFaultHandler@563ac83c {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,793]  WARN {org.apache.synapse.mediators.MediatorFaultHandler} -  Executing fault handler mediator : fault {org.apache.synapse.mediators.MediatorFaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,794]  INFO {org.apache.synapse.mediators.builtin.LogMediator} -  To: local://axis2services/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint, WSAction: http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor, SOAPAction: http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor, MessageID: urn:uuid:D4E74AEA911A3C697B1352870083848, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:prof="http://cdae.uci.cu/schemas/Profesor"><soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-20"><wsse:Username>admin</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">*****</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Rs/AfaxxkrPr6FbTKaKUUg==</wsse:Nonce><wsu:Created>2012-11-14T05:14:46.624Z</wsu:Created></wsse:UsernameToken><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-19"><wsu:Created>2012-11-14T05:14:46.623Z</wsu:Created><wsu:Expires>2012-11-14T05:48:06.623Z</wsu:Expires></wsu:Timestamp></wsse:Security><wsa:Action>http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor</wsa:Action><wsa:MessageID>uuid:20a1b0e1-43f6-49ab-b523-8da4b36043ad</wsa:MessageID><wsa:To>https://server:8243/services/t/ptesisesb.cdae.uci.cu/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint</wsa:To></soapenv:Header><soapenv:Body>
      <prof:obtenerDatosProfesor>
         <prof:solapin>****</prof:solapin>
      </prof:obtenerDatosProfesor>
   </soapenv:Body></soapenv:Envelope> {org.apache.synapse.mediators.builtin.LogMediator}

my soap message:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:prof="http://cdae.uci.cu/schemas/Profesor">   
   <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-20">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Rs/AfaxxkrPr6FbTKaKUUg==</wsse:Nonce>
            <wsu:Created>2012-11-14T05:14:46.624Z</wsu:Created>
         </wsse:UsernameToken>
         <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-19">
            <wsu:Created>2012-11-14T05:14:46.623Z</wsu:Created>
            <wsu:Expires>2012-11-14T05:48:06.623Z</wsu:Expires>
         </wsu:Timestamp>
      </wsse:Security>
      <wsa:Action>http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor</wsa:Action>
      <wsa:MessageID>uuid:20a1b0e1-43f6-49ab-b523-8da4b36043ad</wsa:MessageID>
      <wsa:To>https://server:8243/services/t/ptesisesb.cdae.uci.cu/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint</wsa:To>
   </soapenv:Header>   
   <soapenv:Body>      
      <prof:obtenerDatosProfesor>         
         <prof:solapin>*****</prof:solapin>      
      </prof:obtenerDatosProfesor>   
   </soapenv:Body>
</soapenv:Envelope>

my proxy service:

<proxy xmlns="http://ws.apache.org/ns/synapse" name="Profesor_Proxy" transports="https" statistics="enable" trace="enable" startOnLoad="true">
   <target inSequence="conf:/secuenciasutiles/log_seguridad_mejorado" outSequence="conf:/gestion_tesis/servicioProfesor/secuencias/centralAssetsOUT" faultSequence="fault"/>
   <publishWSDL key="conf:/gestion_tesis/servicioProfesor/wsdl/Servicio_Profesor1.wsdl"/>
   <parameter name="addressingRequirementParameter">required</parameter>
   <description></description>
</proxy>

and the sequence with the entitlement mediator inside:

<sequence xmlns="http://ws.apache.org/ns/synapse" onError="conf:/secuenciasutiles/falla_de_conexion">
   <entitlementService remoteServiceUrl="https://server:9448/services/" remoteServiceUserName="admin" remoteServicePassword="*****" onReject="conf:/secuenciasutiles/log_cuando_no_pasa" onAccept="conf:/secuenciasutiles/log_cuando_pasa" advice=""/>
</sequence>

In this sequence I also see that the onAccept sequence disappear time to time.

What could be the problem? I use the UT policy and I see the username in the incoming message to the ESB.

I can fix this error but now I´m facing another one. I have the same configuration in different servers in one it work, in the another one not. in this particular case i see the request/response in the IS 4.0.0 with the Permit value so the entitlement work.

the error:

TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,359] ERROR {org.apache.synapse.core.axis2.Axis2Sender} -  Unexpected error during sending message out {org.apache.synapse.core.axis2.Axis2Sender}
org.apache.axis2.AxisFault: No user value in the rampart configuration policy
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:117)
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:193)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:175)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
        at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:445)
        at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:57)
        at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:281)
        at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:297)
        at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:59)
        at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:165)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
        at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.rampart.RampartException: No user value in the rampart configuration policy
        at org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:210)
        at org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
        at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:106)
        ... 21 more
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,366]  WARN {org.apache.synapse.FaultHandler} -  ERROR_CODE : 0 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,367]  WARN {org.apache.synapse.FaultHandler} -  ERROR_MESSAGE : Unexpected error during sending message out {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,367]  WARN {org.apache.synapse.FaultHandler} -  ERROR_DETAIL : org.apache.synapse.SynapseException: Unexpected error during sending message out
        at org.apache.synapse.core.axis2.Axis2Sender.handleException(Axis2Sender.java:170)
        at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:69)
        at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:281)
        at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:297)
        at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:59)
        at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:165)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
        at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.axis2.AxisFault: No user value in the rampart configuration policy
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:117)
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:193)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:175)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
        at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:445)
        at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:57)
        ... 12 more
Caused by: org.apache.rampart.RampartException: No user value in the rampart configuration policy
        at org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:210)
        at org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
        at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:106)
        ... 21 more
 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,368]  WARN {org.apache.synapse.FaultHandler} -  ERROR_EXCEPTION : org.apache.synapse.SynapseException: Unexpected error during sending message out {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,368]  WARN {org.apache.synapse.FaultHandler} -  FaultHandler : Endpoint [conf/HelloServiceAS] {org.apache.synapse.FaultHandler}

Answer 1

乔治，

当权利中介无法提取尝试访问目标资源的用户的用户名时，通常会出现该错误。检索特定用户的用户名由适当的权利回调处理程序实现（通过处理标头等）完成。但是，尝试将权利回调处理程序参数显式设置为“org.wso2.carbon.identity.entitlement.mediator.callback.UTEntitlementCallbackHandler”，这对应于在将 UT 应用于特定服务时检索用户的用户名。（AFAIR，参数权利回调处理程序的值曾经有默认值是上面提到的那个）。无论如何，尝试在权利服务中介配置中设置它，如下所示。

<entitlementService remoteServiceUrl="https://localhost:9443/services/" remoteServiceUserName="admin" remoteServicePassword="admin" callbackClass="org.wso2.carbon.identity.entitlement.callback.UTEntitlementCallbackHandler"/>

干杯，普拉巴斯