wso2 - 要求を wso2 ID サーバーに送信する

Question

ID サーバーにリクエストを送信しようとしていますが、その方法がわかりません。ID サーバーが ID サーバー内でリクエストを生成することでポリシーをテストできることは知っていますが、ID サーバーの外部でこれを行う方法がわかりません。したがって、私の質問は、ポリシーに対してリクエストをチェックして結果を返すために、アイデンティティサーバーにリクエストを送信する方法です。http://hasini-gunasinghe.blogspot.com/2011/12/entitlement-service-xacml-pdp-as-web.htmlのブログを試しましたが、機能しません。ありがとうございました

Answer 1

ブログ投稿のコードを試してみたところ、localhost の WSO2 Identity Server 4.1.0 で次の設定を使用して動作させることができました。wso2carbon.jks への正しいパスを指定することを忘れないでください。

import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub;
import org.wso2.carbon.identity.entitlement.ui.client.EntitlementServiceClient;

public class EntitlementClient {

private static String serverUrl = "https://localhost:9443/services/";

private AuthenticationAdminStub authstub = null;
private static ConfigurationContext ctx;
private static String authCookie = null;
private static EntitlementServiceClient entitlementServiceClient;
private static EntitlementServiceStub stub;
//sample XACML request captured from TryIt tool of IdentityServer.  
private static String sampleRequest = "<Request xmlns=\"urn:oasis:names:tc:xacml:2.0:context:schema:os\"\n" +
        "         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n" +
        "    <Resource>\n" +
        "        <Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:resource:resource-id\"\n" +
        "                   DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
        "            <AttributeValue>ABCResource</AttributeValue>\n" +
        "        </Attribute>\n" +
        "    </Resource>\n" +
        "    <Subject>\n" +
        "        <Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:subject:subject-id\"\n" +
        "                   DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
        "            <AttributeValue>admin</AttributeValue>\n" +
        "        </Attribute>\n" +
        "        <Attribute AttributeId=\"http://wso2.org/claims/role\"\n" +
        "                   DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
        "            <AttributeValue>admin</AttributeValue>\n" +
        "        </Attribute>\n" +
        "    </Subject>\n" +
        "    <Action>\n" +
        "        <Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:action:action-id\"\n" +
        "                   DataType=\"http://www.w3.org/2001/XMLSchema#string\">\n" +
        "            <AttributeValue>read</AttributeValue>\n" +
        "        </Attribute>\n" +
        "    </Action>\n" +
        "    <Environment/>\n" +
        "</Request>";

public static void main(String[] args) {

    try {

        //set trust store properties required in SSL communication.
        System.setProperty("javax.net.ssl.trustStore",
                "/home/pushpalanka/Servers/wso2is-4.1.1/repository/resources/security/wso2carbon.jks");
        System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");

        //initialize authentication admin stub
        EntitlementClient remoteEntitlementClient = new EntitlementClient();
        //login using authentication admin stub providing valid credentials
        remoteEntitlementClient.login("admin", "admin");
        //initialize entitlement service stub with obtained authentication cookie
        remoteEntitlementClient.initEntitlementClient();
        //invoke EntitlementService by passing the XACML request and obtain the authorization decision
        String decision = entitlementServiceClient.getDecision(sampleRequest);
        //print the authorization decision
        System.out.println(decision);

    } catch (Exception e) {
        e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
    }

}

public EntitlementClient() {
    try {
        ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
        String authEPR = serverUrl + "AuthenticationAdmin";
        authstub = new AuthenticationAdminStub(ctx, authEPR);
        ServiceClient client = authstub._getServiceClient();
        Options options = client.getOptions();
        options.setManageSession(true);
        options.setProperty(org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING, authCookie);
    } catch (AxisFault axisFault) {
        axisFault.printStackTrace();
    }
}

public String login(String username, String password) throws Exception {
    //String cookie = null;
    boolean loggedIn = authstub.login(username, password, "127.0.0.1");
    if (loggedIn) {
        System.out.println("The user " + username + " logged in successfully.");
        authCookie = (String) authstub._getServiceClient().getServiceContext().getProperty(
                HTTPConstants.COOKIE_STRING);
    } else {
        System.out.println("Error logging in " + username);
    }
    return authCookie;
}

public void initEntitlementClient() throws AxisFault {
    entitlementServiceClient = new EntitlementServiceClient(authCookie, serverUrl, ctx);
}

}

参照 - http://hasini-gunasinghe.blogspot.com/2011/12/entitlement-service-xacml-pdp-as-web.html