0

我在 docker 容器 ( https://hub.docker.com/r/fiware/idm/ ) 中使用 fiware-idm 映像,并且正在尝试访问 SCIM API。有用户“idm”(默认用户),他是提供者并拥有所有权限。但是当我尝试获取所有用户时:

private String getAccessToken() {
    HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
    HttpSession session = httpServletRequest.getSession();
    String accessToken = (String) session.getAttribute("access_token");
    return accessToken;
}

public void getUsers() throws IOException {
    String accessToken = getAccessToken(); 

    Client client = ClientBuilder.newClient();
    Response response = client.target("http://192.168.99.100:5000/v3/projects")
      .request(MediaType.TEXT_PLAIN_TYPE)
      .header("X-Auth-token", accessToken)
      .get();

    setResultUsersList("-- status: " + response.getStatus() + " <br>" 
            + "-- headers: " + response.getHeaders() + " <br>"
            + "-- body: " + response.readEntity(String.class) + " <br>"
            + "-- token: " + accessToken);
}

我收到一条错误消息:{"error": {"message":"The request requires authentication.", "code": 401, "title": "Unauthorized"}}

但身份验证工作并获取用户信息:

public void authenticateUser() throws OAuthSystemException, IOException {
    HttpServletResponse httpServletResponse = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();

    OAuthClientRequest codeRequest = OAuthClientRequest
            .authorizationLocation("http://192.168.99.100:8000/oauth2/authorize")
            .setParameter("response_type", "code")
            .setClientId(CLIENT_ID)
            .setRedirectURI("http://localhost:8080/Example-Application-Security-UI/auth")
            .buildQueryMessage();

    httpServletResponse.sendRedirect(codeRequest.getLocationUri());
}

public void requestUserInfo() {
    HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
    HttpSession session = httpServletRequest.getSession();
    accessToken = (String) session.getAttribute("access_token");

    String strJson = callWebservice("http://192.168.99.100:8000/user?access_token=" + accessToken);
    JSONObject jsonObject = new JSONObject(strJson);
    resultUserInfo = jsonObject.toString();
}
4

1 回答 1

0

向 Keystone 发出请求时所需的X-Auth-Token标头需要Keystone 令牌作为值,而不是您当前提供的 OAuth2 访问令牌。

POST您可以通过对身份验证端点的请求来获取 Keystone 令牌。由于 Keystone 中支持的身份验证方法之一是 OAuth2,因此您甚至可以使用从 OAuth2 身份验证中获得的访问令牌来获取 Keystone 令牌:

POST  /v3/auth/tokens
body:

 "auth": {
        "identity": {  
            "methods": [
                "oauth2"
            ],
            "oauth2": {
                'access_token_id': access_token
            }
        }
    }

您现在可以使用 Keystone 令牌对 SCIM API(或任何经过身份验证的用户有权访问的 API 端点)执行请求。

希望这对你有帮助!

请注意,获取用户信息的请求有效,因为它是针对 Horizo​​n 中的端点执行的,而不是针对 Keystone 端点。

于 2016-10-19T09:23:11.797 回答