Я работаю с WSO2 IS 5.9 и мне нужно получить информацию о пользователе, используя интерфейс REST SCIM 2.0. Мне удалось перечислить пользователя:
(GET) https://server:port/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+user1&attributes=userName
(header: Authorization basic [user_admin:password_admin Base64 coded]).
response:
{
"totalResults": 1,
"startIndex": 1,
"itemsPerPage": 1,
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"Resources": [ {
"id": "cf5aa963-07a6-44be-8c3c-4edc23c5323b",
"userName": "user1"
}]
}
, но когда я пытаюсь получить информацию о пользователе, я получаю следующую ошибку:
https://server:port/scim2/Users/cf5aa963-07a6-44be-8c3c-4edc23c5323b
(header: Authorization basic [user_admin:password_admin Base64 coded]).
response:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"detail": "Error in getting user information from Carbon User Store foruser: cf5aa963-07a6-44be-8c3c-4edc23c5323b",
"status": "500"
}
log:
TID: [-1234] [scim2] [2020-02-24 09:46:40,278] [c4cec19a-328c-44fd-9beb-6d3d5b0cacde] ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error occurred while accessing Java Security Manager Privilege Block when called by method getUserList with 3 length of Objects and argTypes [class java.lang.String, class java.lang.String, class java.lang.String]
То же самое происходит с использованием интерфейса SOAP. Запрос (авторизация Basi c для администратора) к RemoteUserStoreManagerService, операция getUserId выглядит следующим образом:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:getUserId>
<!--Optional:-->
<ser:username>cf5aa963-07a6-44be-8c3c-4edc23c5323b</ser:username>
</ser:getUserId>
</soapenv:Body>
</soapenv:Envelope>
response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>Invalid operation</faultstring>
<detail>
<ns:RemoteUserStoreManagerServiceUserStoreException xmlns:ns="http://service.ws.um.carbon.wso2.org">
<UserStoreException xsi:type="ax2720:UserStoreException" xmlns="http://service.ws.um.carbon.wso2.org" xmlns:ax2720="http://core.user.carbon.wso2.org/xsd" xmlns:ax2721="http://api.user.carbon.wso2.org/xsd" xmlns:ax2724="http://common.mgt.user.carbon.wso2.org/xsd" xmlns:ax2726="http://dao.service.ws.um.carbon.wso2.org/xsd" xmlns:ax2728="http://tenant.core.user.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ax2720:errorCode xsi:nil="true"/>
</UserStoreException>
</ns:RemoteUserStoreManagerServiceUserStoreException>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
log
TID: [-1234] [RemoteUserStoreManagerService] [2020-02-24 09:59:13,089] [4044e005-6de0-4328-ada5-43919c0e2dea] WARN {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} - Illegal access attempt at [2020-02-24 09:59:13,0088] from IP address xx.xx.x.x while trying to authenticate access to service RemoteUserStoreManagerService
TID: [-1234] [RemoteUserStoreManagerService] [2020-02-24 09:59:13,202] [1f3ed136-a13f-4536-96ca-c8572a0aeee8] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin@carbon.super [-1234]' logged in at [2020-02-24 09:59:13,201+0100]
Журнал отладки для org.wso2.carbon.user.core:
TID: [-1234] [] [2020-02-24 13:34:19,664] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user admin
TID: [-1234] [] [2020-02-24 13:34:19,672] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Replace escape characters configured to: true
TID: [-1234] [] [2020-02-24 13:34:19,676] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org
TID: [-1234] [] [2020-02-24 13:34:19,681] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Replace escape characters configured to: true
TID: [-1234] [] [2020-02-24 13:34:19,685] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - value after escaping special characters in admin : admin
TID: [-1234] [] [2020-02-24 13:34:19,689] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org
TID: [-1234] [] [2020-02-24 13:34:19,695] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: admin exist: true
TID: [-1234] [] [2020-02-24 13:34:19,701] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user admin
TID: [-1234] [] [2020-02-24 13:34:19,707] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Replace escape characters configured to: true
TID: [-1234] [] [2020-02-24 13:34:19,720] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org
TID: [-1234] [] [2020-02-24 13:34:19,723] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Replace escape characters configured to: true
TID: [-1234] [] [2020-02-24 13:34:19,730] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - value after escaping special characters in admin : admin
TID: [-1234] [] [2020-02-24 13:34:19,734] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org
TID: [-1234] [] [2020-02-24 13:34:19,738] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: admin exist: true
TID: [-1234] [] [2020-02-24 13:34:19,742] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org
TID: [-1234] [] [2020-02-24 13:34:19,746] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - LDAP connection circuit breaker state: close, so trying to obtain the LDAP connection, connection URL: ldap://localhost:10394
TID: [-1234] [] [2020-02-24 13:34:19,755] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Replace escape characters configured to: true
TID: [-1234] [] [2020-02-24 13:34:19,759] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=person)(uid=admin)) in SearchBase:
TID: [-1234] [] [2020-02-24 13:34:19,768] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :accountLock
TID: [-1234] [] [2020-02-24 13:34:19,848] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Authenticating user admin
TID: [-1234] [] [2020-02-24 13:34:19,853] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using default configurations for the user DN cache, having search base : ou=Users,dc=wso2,dc=org
TID: [-1234] [] [2020-02-24 13:34:19,857] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Cache hit. Using DN uid=admin,ou=Users,dc=WSO2,dc=ORG
TID: [-1234] [] [2020-02-24 13:34:19,868] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: uid=admin,ou=Users,dc=WSO2,dc=ORG is authnticated: true
TID: [-1234] [scim2] [2020-02-24 13:34:20,072] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Authorization cache miss for username : admin resource /permission/admin/manage/identity/usermgt/view action : ui.execute
TID: [-1234] [scim2] [2020-02-24 13:34:20,085] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.authorization.PermissionTree} - Permission tree is loaded from database for the resource in tenant -1234
TID: [-1234] [scim2] [2020-02-24 13:34:20,091] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Allowed roles for the ResourceID: /permission/admin/manage/identity/usermgt/view Action: ui.execute
TID: [-1234] [scim2] [2020-02-24 13:34:20,095] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role: admin
TID: [-1234] [scim2] [2020-02-24 13:34:20,099] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Roles which have permission for resource : /permission/admin/manage/identity/usermgt/view action : ui.execute
TID: [-1234] [scim2] [2020-02-24 13:34:20,102] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role : admin
TID: [-1234] [scim2] [2020-02-24 13:34:20,107] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - admin user is in role : admin
TID: [-1234] [scim2] [2020-02-24 13:34:20,519] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Listing users who having value as cf5aa963-07a6-44be-8c3c-4edc23c5323b for the claim http://wso2.org/claims/userid
TID: [-1234] [scim2] [2020-02-24 13:34:20,524] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Pre listener user list: [] for domain: null
TID: [-1234] [scim2] [2020-02-24 13:34:20,528] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - No domain name found in claim value. Searching through all user stores for possible matches
TID: [-1234] [scim2] [2020-02-24 13:34:20,531] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Invoking the get user list for domain: PRIMARY for claim: http://wso2.org/claims/userid value: PRIMARY/cf5aa963-07a6-44be-8c3c-4edc23c5323b
TID: [-1234] [scim2] [2020-02-24 13:34:20,535] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Listing users who having value as PRIMARY/cf5aa963-07a6-44be-8c3c-4edc23c5323b for the claim http://wso2.org/claims/userid
TID: [-1234] [scim2] [2020-02-24 13:34:20,538] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Domain: PRIMARY is passed with the claim and user store manager is loaded for the given domain name.
TID: [-1234] [scim2] [2020-02-24 13:34:20,543] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Pre listener user list: [] for domain: PRIMARY
TID: [-1234] [scim2] [2020-02-24 13:34:20,547] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Domain found in claim value. Searching only in the PRIMARY for possible matches
TID: [-1234] [scim2] [2020-02-24 13:34:20,550] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Replace escape characters configured to: true
TID: [-1234] [scim2] [2020-02-24 13:34:20,554] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - LDAP connection circuit breaker state: close, so trying to obtain the LDAP connection, connection URL: ldap://localhost:10394
TID: [-1234] [scim2] [2020-02-24 13:34:20,568] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Listing users with Property: scimId SearchFilter: (&(objectClass=person)(scimId=cf5aa963-07a6-44be-8c3c-4edc23c5323b))
TID: [-1234] [scim2] [2020-02-24 13:34:20,575] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=person)(scimId=cf5aa963-07a6-44be-8c3c-4edc23c5323b)) in SearchBase:
TID: [-1234] [scim2] [2020-02-24 13:34:20,579] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :uid
TID: [-1234] [scim2] [2020-02-24 13:34:20,582] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :sn
TID: [-1234] [scim2] [2020-02-24 13:34:20,589] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - uid : usuario1
TID: [-1234] [scim2] [2020-02-24 13:34:20,597] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - result: usuario1
TID: [-1234] [scim2] [2020-02-24 13:34:20,601] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - List of filtered users for: PRIMARY : [usuario1]
TID: [-1234] [scim2] [2020-02-24 13:34:20,605] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Users from user store: PRIMARY : [usuario1]
TID: [-1234] [scim2] [2020-02-24 13:34:20,609] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Post listener user list: [usuario1] for domain: PRIMARY
TID: [-1234] [scim2] [2020-02-24 13:34:20,614] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Secondary user list for domain: PRIMARY : [usuario1]
TID: [-1234] [scim2] [2020-02-24 13:34:20,618] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Invoking the get user list for domain: TEST1 for claim: http://wso2.org/claims/userid value: TEST1/cf5aa963-07a6-44be-8c3c-4edc23c5323b
TID: [-1234] [scim2] [2020-02-24 13:34:20,621] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Listing users who having value as TEST1/cf5aa963-07a6-44be-8c3c-4edc23c5323b for the claim http://wso2.org/claims/userid
TID: [-1234] [scim2] [2020-02-24 13:34:20,625] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Domain: TEST1 is passed with the claim and user store manager is loaded for the given domain name.
TID: [-1234] [scim2] [2020-02-24 13:34:20,630] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Pre listener user list: [] for domain: TEST1
TID: [-1234] [scim2] [2020-02-24 13:34:20,633] [66bddec5-bbca-4aa2-99b0-978e131d9336] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Domain found in claim value. Searching only in the TEST1 for possible matches
TID: [-1234] [scim2] [2020-02-24 13:34:20,638] [66bddec5-bbca-4aa2-99b0-978e131d9336] ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error occurred while accessing Java Security Manager Privilege Block when called by method getUserList with 3 length of Objects and argTypes [class java.lang.String, class java.lang.String, class java.lang.String]
Я правильно выполняю запрос? Нужно ли настраивать какие-либо дополнительные параметры в WSO2 IS? Есть ли ошибки в этой операции?
Ура!