未能获得访问令牌:在通过S4HANA访问OAuth2Bearer时找不到有效的JWT承载
未能获得访问令牌:在通过S4HANA访问OAuth2Bearer时找不到有效的JWT承载
提问于 2018-09-07 06:57:56
我通过以下方式生成了项目:
mvn archetype:generate -DarchetypeGroupId=com.sap.cloud.s4hana.archetypes -DarchetypeArtifactId=scp-cf-spring -DarchetypeVersion=LATEST
我包括了S4Sdk jars和访问S4Hana V2 API。该代码适用于基本身份验证,但当我将目标类型配置为"OAuth2SAMLBEARER断言“时,当通过S4Hana调用访问S4Hana API时,会在CF日志中得到以下错误。:
2018-09-07T06:37:22.728+0000 [APP/PROC/WEB/0] ERR ... 1 more
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get access token for destination service.
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.getAccessToken(DestinationServiceCommand.java:107)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:117)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:26)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:302)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:298)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:46)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR ... 26 more
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequestFailedException: Failed to get access token: no valid JWT bearer found in "Authorization" header of request.
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequest.getCurrentJwt(TokenRequest.java:307)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequest.requestTokenWithUserTokenGrant(TokenRequest.java:348)注:我已经在S4Hana系统和子帐户之间建立了信任,配置了通信和业务用户,主要传播步骤如:https://blogs.sap.com/2018/02/05/deep-dive-8-with-sap-s4hana-cloud-sdk-leverage-principal-propagation-via-oauth-2-when-consuming-a-business-api-from-s4hana-cloud/中所指定,
请检查,并让我知道,如果需要配置的其他东西。
我尝试通过评论中的博客创建app路由器,但在cf中部署app路由器时遇到了错误:
2018-09-07T20:01:21.20+0530 [APP/PROC/WEB/0] OUT > @sap/approuter@2.10.0 start /home/vcap/app
2018-09-07T20:01:21.20+0530 [APP/PROC/WEB/0] OUT > node approuter.js
2018-09-07T20:01:25.50+0530 [APP/PROC/WEB/0] OUT #2.0#2018 09 07 14:31:25:497#+00:00#WARNING#/LoggingLibrary################PLAIN##Dynamic log level switching not available#
2018-09-07T20:01:28.89+0530 [APP/PROC/WEB/0] OUT #2.0#2018 09 07 14:31:28:897#+00:00#INFO#/approuter################PLAIN##Application router version 2.10.0#
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR /home/vcap/app/lib/utils/JsonValidator.js:30
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR throw new VError('%s%s: %s',
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR ^
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR VError: environment-destinations/0/url: Format validation failed (URI must be absolute)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at JsonValidator.validate (/home/vcap/app/lib/utils/JsonValidator.js:30:11)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.validateEnvDestinations (/home/vcap/app/lib/configuration/validators.js:100:15)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at loadDestinations (/home/vcap/app/lib/configuration/env-config.js:55:14)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.load (/home/vcap/app/lib/configuration/env-config.js:20:28)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.module.exports.load (/home/vcap/app/lib/configuration.js:15:37)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at bootstrap (/home/vcap/app/lib/bootstrap.js:47:36)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Approuter.start (/home/vcap/app/approuter.js:58:13)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.<anonymous> (/home/vcap/app/approuter.js:115:6)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Module._compile (module.js:577:32)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.Module._extensions..js (module.js:586:10)
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Linux 4.4.0-133-generic
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! argv "/home/vcap/deps/0/node/bin/node" "/home/vcap/deps/0/bin/npm" "start"
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! node v6.14.3
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! npm v3.10.10
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! code ELIFECYCLE
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! @sap/approuter@2.10.0 start: `node approuter.js`
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Exit status 1
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR!
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Failed at the @sap/approuter@2.10.0 start script 'node approuter.js'.
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Make sure you have the latest version of node.js and npm installed.
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! If you do, this is most likely a problem with the @sap/approuter package,
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! not with npm itself.
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Tell the author that this fails on your system:
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! node approuter.js
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! You can get information on how to open an issue for this project with:
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! npm bugs @sap/approuter
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! Or if that isn't available, you can get their info via:
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! npm owner ls @sap/approuter
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! There is likely additional logging output above.
2018-09-07T20:01:29.29+0530 [APP/PROC/WEB/0] ERR npm ERR! Please include the following file with any support request:
2018-09-07T20:01:29.29+0530 [APP/PROC/WEB/0] ERR npm ERR! /home/vcap/app/npm-debug.log你能帮帮我吗。我从博客中建议的链接下载了app路由器。
回答 2
Stack Overflow用户
发布于 2018-11-20 15:56:15
通过让app路由器将JWT令牌发送到Java应用程序,解决了这个问题。有一组文件,如xs-app.json,需要配置正确的正则表达式,以便映射到应用程序路由器的manisfest.yml中创建的目的地。清单中创建的特定目的地应该指向您的java服务,并使用“正向令牌:真”。
除此之外,您创建的XSUAA服务实例应该具有应用程序所要求的Xs-security.json中定义的适当的auth作用域。
对于上述错误,如果我们调用带有承载令牌的java服务,就像从app路由器接收到的那样,它可以正常工作。通过在xs-app.json中配置适当的regex,您还可以直接从应用程序路由器访问应用程序。
Stack Overflow用户
发布于 2018-09-07 07:23:22
我想身份验证还没有像这里解释的那样配置:https://blogs.sap.com/2017/07/18/step-7-with-sap-s4hana-cloud-sdk-secure-your-application-on-sap-cloud-platform-cloudfoundry/
你是否保护了你的应用程序,让用户必须先登录?
与基本身份验证不同,对于OAuth2SAMLBEARER或用户原则的任何其他传播,用户必须事先登录到应用程序中。只有这样,用户才能被传播。
日志表明应用程序无法从请求中提取JWT令牌,应该从app路由器传递该令牌。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/52216943
复制相关文章
相似问题
腾讯云开发者
