-WSO2 IoT Server 3.1.0 RC- 我配置了 ip,创建了证书,启动了代理服务器,然后启动了核心。核心给出错误,我错过了什么?
[IoT-Core] ERROR - {org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler} 签名或消息身份验证无效。 线程"Thread-31"中的异常 java.lang.NullPointerException at org.wso2.carbon.apimgt.integration.client.OAuthRequestInterceptor.apply(OAuthRequestInterceptor.java:104) 在佯装。SyncMethodHandler.targetRequest(SyncMethodHandler.java:158) 在佯装。SyncMethodHandler.executeAndDecode(SyncMethodHandler.java:88) 在佯装。SyncMethodHandler.invoke(SynchronousMethodHandler.java:76) 在佯装。ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:103) at com.sun.proxy.$Proxy 40.apisGet(未知来源)at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherServiceImpl.publishAPI(APIPublisherServiceImpl.java:53) at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler.publishAPIs(APIPublisherStartupHandler.java:97) at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler.access$500(APIPublisherStartupHandler.java:30) at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler$1.run(APIPublisherStartupHandler.java:69) at java.lang.Thread.run(Thread.java:748)
发生这种情况是因为为了发布 API,IoT 核心使用 JWT 授权类型。为此,请求标头应必须使用 IoT 核心服务器的公共证书进行签名。因此,您需要将密钥库的公共证书添加到身份提供程序。为此,请按照以下步骤操作。
- 从/repository/resources/security direcotory
keytool -export -alias wso2carbon -rfc -keystore wso2carbon.jks -file server.pem -storepass wso2carbon运行以下命令。 - 然后从文本编辑器中打开
server.pem并删除BEGIN CERTIFICATE和END CERTIFICATE行以及新行。 - 然后复制证书的内容并将其粘贴到
<IoTs-Home>/conf/identity/identity-provider/iot-default.xml元素<Certificate>下。
我在WSO2 IoT 3.3.0:
1上遇到了类似的问题。我用 exemple.com
2 运行了 ./change-ip.sh。我创建了一个带有签名证书
3 的新密钥库(例如.com.jks)。我按照此处描述的步骤将默认密钥库更改为我的新密钥库示例.com.jks
4. 启用 Wire 和 Fake 的调试模式。
5. 启动 ./iot-server.sh 启动
6. 打开 https://exemple.com:9443/devicemgt 门户
7. 输入管理员用户帐户并得到如下所示的错误:
TID: [-1] [] [2018-09-02 16:58:34,015] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2
TID: [-1234] [] [2018-09-02 16:58:34,021] ERROR {auth-module} - An exception thrown when executing the script '/app/modules/login.js'. {auth-module}
TID: [-1234] [] [2018-09-02 16:58:34,025] ERROR {auth-module} - org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException: Failed to retrieve scopes from access token {auth-module}
org.mozilla.javascript.WrappedException: Wrapped org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException: Failed to retrieve scopes from access token (/devicemgt/app/modules/login.js#31)
全栈跟踪:
TID: [-1] [] [2018-09-02 16:56:21,061] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1>> "POST/token?tenantDomain=carbon.super HTTP/1.1[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,064] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1>> "授权:Basic Z1UxanlPOUxvS3JlWGFYb1V2c1NqWTc1VkdBYTpKU1kxc0R...NWkt4ZmdFSmNh[\r] []" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,064] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1>> "Content-Type: application/x-www-form-urlencoded[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,064] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O 调度程序-1>> "Content-Length: 826[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:56:21,064] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1>> "Host: wazidmg.cf:8243[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,064] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1>> "Connection: Keep-Alive[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,065] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1>> "User-Agent: Apache-HttpClient/4.3.6 (java 1.5)[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,065] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1>> "Accept-Encoding: gzip,deflate[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:56:21,065] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1>> "[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:56:21,065] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1>> "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF1ZCI6WyJkZXZpY2VtZ3QiXSwibmJmIjoxNTM1OTA3Mzgws_eitWu0w30lyqZGU9P79f5y-FRIYkTOuWs-MVckTqpuktzdt51uNfB7iJygFNmDHMXTDQRQZJ4D9vWy0tRx1O_nU8rdBtcn8e-SP0zJTEvAEXST__lJHinNVeq1op2SqLSciP-jfvlFZo8ooF0KRqvhqsyX2Je3MDnLir8O22pv3PW3-Ttz-yHOxQpeSXw5RrPAILjWkLPDqqx9XrEtgqJBrSH115TumNiyvoGPaLpa67jddIfFy70wjIBYGkSqRYGtWOWLz3q2wC5QNrK02wCCJhLf9nM60mjhDeoAo6pVjI4xnpacTOnkDJ8WLnBkhNNvTNRD-88x2p1LYVvDww&scope=apim%3Aapi_create+apim%3Aapi_view+apim%3Aapi_publish+apim%3Asubscribe+apim%3Atier_view+apim%3Atier_manage+apim%3Asubscription_view+apim%3Asubscription_block" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:56:21,284] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1> "HTTP/1.1 400 Bad Request[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,693] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1>> "X-Frame-Options: DENY[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,693] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1>> "X-Content-Type-Options: nosniff[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,693] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O 调度程序-1>> "X-XSS-保护: 1;mode=block[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:56:21,694] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O 调度程序-1>> "日期:2018 年 9 月 2 日星期日 16:56:21 GMT[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,694] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1>> "Content-Type: application/json[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,694] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1>> "Content-Length: 92[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,694] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O 调度程序-1>> "Connection: close[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:56:21,694] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1>> "Server: WSO2 Carbon Server[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,694] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-1>> "[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,694] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O 调度程序-1>> "{"error_description":"签名或消息身份验证无效.","错误":"invalid_grant"}" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:56:21,738] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-1> "POST/token?tenantDomain=carbon.super HTTP/1.1[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:58:33,932] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2>> "Authorization: Basic Z1UxanlPOUxvS3JlWGFYb1V2c1NqWTc1VkdBYTpKU1kxc0RwVXNmblpETERvTE9NWkt4ZmdFSmNh[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,932] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2>> "Content-Type: application/x-www-form-urlencoded[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,932] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2>> "Content-Length: 828[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,932] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O 调度程序-2>> "Host: wazidmg.cf:8243[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:58:33,932] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2>> "Connection: Keep-Alive[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,932] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2>> "User-Agent: Apache-HttpClient/4.3.6 (java 1.5)[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,932] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2>> "Accept-Encoding: gzip,deflate[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,932] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2>> "[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:58:33,932] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-2>> "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF1ZCI6WyJkZXZpY2VtZ3QiXSwibmJmIjoxNTM1OTA3NTEzLCJVc2VybmFtZSI6ImFkbWluIiwiaXNzIjoid3NvMi5vcmdcL3Byb2R1Y3RzXC9pb3QiLCJleHAiOjE1MzU5Njc1MTMsImlhdCI6MTUzNTkwUxMywianRpIjoiMTUzNTkwNzUxMzg5NjE0MTk3NTMwMDYifQ.iD7Uu-leHyi-ya1PG8V_AiMN-n-HAi037afm_utsKewe1er2hdPeEegJ0zetLFNGpPjw0D7ye5IJrdSQr7zi5RXC2-DD2nZlGPK9KPP5K2_9t050oOAPIKcnQftt8B6aagGLhVsEKsMz10xaGj3G5IVn1Rc4nz114R2CeYtTa4_DRlfrVePf6KqvXRpPRYrpJ642x7jScjcfWn4x6MePF9Qr9-_k5UYp03mZcgJIkdlBd1plRzt5pTvHNATDxcEJcw4HLMVJMSOfbWSqpsUbZr6n0g6zd0fslgee7T8d-QcbTnhdwnxoLJyJkVVytskpSHXcNgfGM6UG-IIBx7EWSA&scope=apim%3Aapi_create+apim%3Aapi_view+apim%3Aapi_publish+apim%3Asubscribe+apim%3Atier_view+apim%3Atier_manage+apim%3Asubscription_view+apim%3Asubscription_block" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:58:33,961] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2> "HTTP/1.1 400 Bad Request[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,994] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2>> "X-Frame-Options: DENY[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2>> "X-Content-Type-Options: nosniff[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O 调度程序-2>> "X-XSS-保护: 1;mode=block[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O 调度程序-2>> "日期:2018 年 9 月 2 日星期日 16:58:33 GMT[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2>> "Content-Type: application/json[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2>> "Content-Length: 92[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2>> "Connection: close[\r][]" {org.apache.synapse.transport.http.wire}TID: [-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2>> "Server: WSO2 Carbon Server[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,995] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2>> "[\r][]" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:33,995] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O 调度程序-2>> "{"error_description":"签名或消息身份验证无效.","错误":"invalid_grant"}" {org.apache.synapse.transport.http.wire} TID: [-1] [] [2018-09-02 16:58:34,014] 调试 {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O 调度程序-2我不知道我错过了什么...