为什么在尝试插入或更新用户时,WSO2为5.6.0 SCIM2组API会抛出错误?
我正在尝试使用WSO2 Identity SCIM2 API来创建和更新用户和组。然而,我在使用组更新API (PUT /scim2/Groups/{id})时遇到了一些问题:如果我试图在消息正文中插入一些用户,API总是返回HTTP错误500 (“访问Java安全管理器特权块时出错")。
下面是如何重现失败的方法:
1)首先创建一个用户:
curl -X POST \
https://auth-server:9444/scim2/Users/ \
-H 'Accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: a43e26c0-fb00-4fa0-9482-74f62078d6b1' \
-H 'cache-control: no-cache' \
-d '{
"emails": [{
"type": "home",
"value": "test.user@test.com.br",
"primary": true
}],
"password": "test.user",
"name": {
"familyName": "Test",
"givenName": "User"
},
"userName": "test.user"
}'我们收到响应HTTP 200,正文如下:
{
"emails": [
{
"type": "home",
"value": "test.user@test.com.br",
"primary": true
}
],
"meta": {
"created": "2019-01-09T20:41:27Z",
"location": "https://localhost:9444/scim2/Users/14fc39fc-1b0c-4db2-9e3a-bd5c522770bb",
"lastModified": "2019-01-09T20:41:27Z",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"name": {
"familyName": "Test",
"givenName": "User"
},
"id": "14fc39fc-1b0c-4db2-9e3a-bd5c522770bb",
"userName": "test.user"
}2)接下来我们创建一个组:
curl -X POST \
https://auth-server:9444/scim2/Groups/ \
-H 'Accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: 45d2220d-d33d-42ba-8ce5-205646aa2963' \
-H 'cache-control: no-cache' \
-d '{
"displayName": "Application/Test",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}'我们收到响应HTTP 200,正文如下:
{
"displayName": "APPLICATION/Test",
"meta": {
"created": "2019-01-09T20:43:22Z",
"location": "https://localhost:9444/scim2/Groups/7feb0a54-18c5-4265-bdd6-7ceecd96bf0d",
"lastModified": "2019-01-09T20:43:22Z",
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "7feb0a54-18c5-4265-bdd6-7ceecd96bf0d"
}3)当我们尝试将新创建的用户与组关联时,收到HTTP 500错误。如下所示:
curl -X PUT \
https://auth-server:9444/scim2/Groups/7feb0a54-18c5-4265-bdd6-7ceecd96bf0d \
-H 'Accept: */*' \
-H 'Authorization: Basic c2NpbS5kY2xvZ2c6c2NpbS5kY2xvZ2c=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: 6db43a33-af40-452e-83eb-40f8d6e3c5e3' \
-H 'cache-control: no-cache' \
-d '{
"displayName": "APPLICATION/Test",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": "14fc39fc-1b0c-4db2-9e3a-bd5c522770bb",
"display": "test"
}
]
}'HTTP 500错误:
{
"schemas": "urn:ietf:params:scim:api:messages:2.0:Error",
"detail": "Error occurred while accessing Java Security Manager Privilege Block",
"status": "500"
}对于身份验证,我使用基本身份验证,用户是Identity Server的"admin“;但我也尝试创建一个具有所有可能权限的用户,但错误总是相同的。在执行控制台中,我尝试优化日志,但只显示以下消息:
[2019-01-09 20:47:00,656] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Domain: APPLICATION is passed with the claim and user store manager is loaded for the given domain name.
[2019-01-09 20:47:00,658] ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error occurred while accessing Java Security Manager Privilege Block此组API真的适用于更新请求吗?
如果有人能帮上忙,我很感激。谢谢。
回答 1
Stack Overflow用户
发布于 2019-01-10 12:20:21
请按如下方式更改您添加用户到组的请求,这对我来说很好。
"members":{"value":"416aaa06-d9ed-465b-8ac4-1a321624d158",-v -k --用户admin:admin -X PUT -d '{"displayName":"PRIMARY/manager",curl "display":"test.user"}}‘--header "Content-Type:application/json“https://localhost:9444/scim2/Groups/5d6ffce8-fab8-45ee-a407-b1cae0e4ecee
https://stackoverflow.com/questions/54119757
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号