1

-WSO2 IoT Server 3.1.0 RC-我配置了 ip,创建了证书,启动了代理服务器,然后是核心。核心给出错误,我错过了什么?

[IoT-Core] 错误 - {org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler} 签名或消息身份验证无效。在 feign.SynchronousMethodHandler.targetRequest(SynchronousMethodHandler.java:158) 处 org.wso2.carbon.apimgt.integration.client.OAuthRequestInterceptor.apply(OAuthRequestInterceptor.java:104) 处的线程“Thread-31”java.lang.NullPointerException 中的异常feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:88) 在 feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:76) 在 feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:103) 在 com.sun.proxy.$Proxy40。 org.wso2.carbon.apimgt.webapp.publisher.APIPublisherServiceImpl.publishAPI(APIPublisherServiceImpl.java:53) 上 org.wso2.carbon.apimgt 的 apisGet(未知来源)。

4

2 回答 2

5

发生这种情况是因为为了发布 API,IoT 核心使用 JWT 授权类型。为此,请求标头必须使用 iot 核心服务器的公共证书进行签名。因此,您需要将密钥库的公共证书添加到身份提供者。为此,请按照以下步骤操作。

  • 从 /repository/resources/security 目录中运行以下命令keytool -export -alias wso2carbon -rfc -keystore wso2carbon.jks -file server.pem -storepass wso2carbon
  • 然后server.pem从文本编辑器中打开并删除BEGIN CERTIFICATEEND CERTIFICATE行以及新行。
  • 然后复制证书的内容并将其粘贴到元素<IoTs-Home>/conf/identity/identity-provider/iot-default.xml下。<Certificate>
于 2017-07-26T12:29:27.397 回答
0

我在使用 WSO2 IoT 3.3.0 时遇到了类似的问题:

1. 我使用 exemple.com 运行 ./change-ip.sh
2. 我创建了一个带有签名证书
的新密钥库 (exemple.com.jks) 3. 我按照步骤操作此处描述将默认密钥库更改为我的新密钥库 exemple.com.jks
4. 启用 Wire 和 feign 的调试模式。
5. 启动 ./iot-server.sh start
6. 打开https://exemple.com:9443/devicemgt门户
7. 输入 admin 用户帐户,出现如下错误:


TID: [-1] [] [2018-09-02 16:58:34,015] DEBUG {org.apache.synapse.transport.http.wire} -  HTTPS-Listener I/O dispatcher-2 
TID: [-1234] [] [2018-09-02 16:58:34,021] ERROR {auth-module} -  An exception thrown when executing the script '/app/modules/login.js'. {auth-module}
TID: [-1234] [] [2018-09-02 16:58:34,025] ERROR {auth-module} -  org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException: Failed to retrieve scopes from access token {auth-module}
org.mozilla.javascript.WrappedException: Wrapped org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException: Failed to retrieve scopes from access token (/devicemgt/app/modules/login.js#31)

完整的堆栈跟踪:

TID: [-1] [] [2018-09-02 16:56:21,061] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> "POST /token ?tenantDomain=carbon.super HTTP/1.1[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,064] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> “授权:基本Z1UxanlPOUxvS3JlWGFYb1V2c1NqWTc1VkdBYTpKU1kxc0R...NWkt4ZmdFSmNh[\r]
[\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:56:21,064] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> "Content-Type : 应用程序/x-www-form-urlencoded[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,064] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> "Content-Length : 826[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:56:21,064] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> "Host: wazidmg .cf:8243[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,064] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> “连接:保持-活着[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:56:21,065] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> "User-Agent : Apache-HttpClient/4.3.6 (java 1.5)[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:56:21,065] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> "Accept-Encoding : gzip,deflate[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,065] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> "[\r ][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,065] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 >> "grant_type=urn %3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF1ZCI6WyJkZXZpY2VtZ3QiXSwibmJmIjoxNTM1OTA3Mzgws_eitWu0w30lyqZGU9P79f5y-FRIYkTOuWs-MVckTqpuktzdt51uNfB7iJygFNmDHMXTDQRQZJ4D9vWy0tRx1O_nU8rdBtcn8e-SP0zJTEvAEXST__lJHinNVeq1op2SqLSciP-jfvlFZo8ooF0KRqvhqsyX2Je3MDnLir8O22pv3PW3-Ttz-yHOxQpeSXw5RrPAILjWkLPDqqx9XrEtgqJBrSH115TumNiyvoGPaLpa67jddIfFy70wjIBYGkSqRYGtWOWLz3q2wC5QNrK02wCCJhLf9nM60mjhDeoAo6pVjI4xnpacTOnkDJ8WLnBkhNNvTNRD-88x2p1LYVvDww&scope=apim%3Aapi_create+apim%3Aapi_view+apim%3Aapi_publish+apim%3Asubscribe+apim %3Atier_view+apim%3Atier_manage+apim%3Asubscription_view+apim%3Asubscription_block" {org.apache.synapse.transport.http.金属丝}
TID:[-1] [] [2018-09-02 16:56:21,284] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 > "HTTP/1.1 400错误请求[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:56:21,693] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> "X-Frame -选项:拒绝[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,693] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> "X-Content -类型选项:nosniff[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,693] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> "X-XSS -保护:1;模式=块[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,694] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> “日期:Sun , 2018 年 9 月 2 日 16:56:21 GMT[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:56:21,694] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> "Content-Type : 应用程序/json[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:56:21,694] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> "Content-Length : 92[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,694] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> “连接:关闭[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,694] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> “服务器:WSO2碳服务器[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,694] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> "[\r ][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,694] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1 >> "{"error_description ":"签名或消息验证无效。","error":"invalid_grant"}" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:56:21,738] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1 > “POST /token?租户域=carbon.super HTTP/1.1[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,932] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2 >> “授权:基本Z1UxanlPOUxvS3JlWGFYb1V2c1NqWTc1VkdBYTpKU1kxc0RwVXNmblpETERvTE9NWkt4ZmdFSmNh[\r][\n]" {org.apache.synapse.transport.http.wire}

TID: [-1] [] [2018-09-02 16:58:33,932] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2 >> "Content-Type : 应用程序/x-www-form-urlencoded[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,932] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2 >> "Content-Length : 828[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:58:33,932] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2 >> "Host: wazidmg .cf:8243[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,932] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2 >> “连接:保持-活着[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:58:33,932] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2 >> "User-Agent : Apache-HttpClient/4.3.6 (java 1.5)[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:58:33,932] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2 >> "Accept-Encoding : gzip,deflate[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,932] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2 >> "[\r ][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,932] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2 >> "grant_type=urn %3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF1ZCI6WyJkZXZpY2VtZ3QiXSwibmJmIjoxNTM1OTA3NTEzLCJVc2VybmFtZSI6ImFkbWluIiwiaXNzIjoid3NvMi5vcmdcL3Byb2R1Y3RzXC9pb3QiLCJleHAiOjE1MzU5Njc1MTMsImlhdCI6MTUzNTkwNzUxMywianRpIjoiMTUzNTkwNzUxMzg5NjE0MTk3NTMwMDYifQ.iD7Uu-leHyi-ya1PG8V_AiMN-n-HAi037afm_utsKewe1er2hdPeEegJ0zetLFNGpPjw0D7ye5IJrdSQr7zi5RXC2-DD2nZlGPK9KPP5K2_9t050oOAPIKcnQftt8B6aagGLhVsEKsMz10xaGj3G5IVn1Rc4nz114R2CeYtTa4_DRlfrVePf6KqvXRpPRYrpJ642x7jScjcfWn4x6MePF9Qr9-_k5UYp03mZcgJIkdlBd1plRzt5pTvHNATDxcEJcw4HLMVJMSOfbWSqpsUbZr6n0g6zd0fslgee7T8d-QcbTnhdwnxoLJyJkVVytskpSHXcNgfGM6UG-IIBx7EWSA&范围=apim%3Aapi_create+apim%3Aapi_view+apim%3Aapi_publish+apim%3Asubscribe+apim%3Atier_view+apim%3Atier_manage+apim%3Asubscription_view+apim%3Asubscription_block" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,961] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 > "HTTP/1.1 400错误请求[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,994] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "X-Frame -选项:拒绝[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:58:33,995] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "X-Content -类型选项:nosniff[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "X-XSS -保护:1;模式=块[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,995] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> “日期:Sun , 2018 年 9 月 2 日 16:58:33 GMT[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [-1] [] [2018-09-02 16:58:33,995] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "Content-Type : 应用程序/json[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,995] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "Content-Length : 92[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,995] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> “连接:关闭[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> “服务器:WSO2碳服务器[\r][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "[\r ][\n]" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "{"error_description ":"签名或消息验证无效。","error":"invalid_grant"}" {org.apache.synapse.transport.http.wire}
TID:[-1] [] [2018-09-02 16:58:34,014] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2


我不知道我错过了什么...

于 2018-09-02T18:46:18.443 回答