防止 WSO2 AM 从请求中删除授权令牌
Prevent WSO2 AM of dropping authorization token from request
根据文档
When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message.
link
我想将此令牌传递给每个已发布的后端 API。配置此类行为的正确位置是什么?
在 repository/conf/api-manager.xml 中取消注释下面的配置并设置 false。
<RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage>
从 API 管理器版本 3.0.0 开始 configuration model has been changed。因此,在 api-manager.xml 中所做的任何更改都会在服务器重新启动后恢复。
现在我们需要改变<API-M_HOME>/repository/conf/deployment.toml
Uncomment and set the following lines:
[apim.oauth_config]
enable_outbound_auth_header = true
enable_outbound_auth_header string
Default: FALSE If TRUE, sends Auth header to the backend as received
from the client.
根据文档
When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. link
我想将此令牌传递给每个已发布的后端 API。配置此类行为的正确位置是什么?
在 repository/conf/api-manager.xml 中取消注释下面的配置并设置 false。
<RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage>
从 API 管理器版本 3.0.0 开始 configuration model has been changed。因此,在 api-manager.xml 中所做的任何更改都会在服务器重新启动后恢复。
现在我们需要改变<API-M_HOME>/repository/conf/deployment.toml
Uncomment and set the following lines:
[apim.oauth_config]
enable_outbound_auth_header = true
enable_outbound_auth_headerstring Default: FALSE If TRUE, sends Auth header to the backend as received from the client.