WSO2 ESB 代理与 IS 授权服务错误

Question

我正在关注教程：http://wso2.com/library/articles/2015/02/how-to-write-a-web-application-backed-by-wso2-middleware-part-3/。

关于我的架构的一些信息： IS 端口：https:9440 http:9760 ESB 端口：https:9444,8242 http:9764,8281 DSS 服务：http:9764（在 ESB 内作为功能）

我对代理服务的定义如下：

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="WSO2HealthITProxy5"
       startOnLoad="true"
       statistics="disable"
       trace="disable"
       transports="https,http">
   <target>
      <inSequence>
         <property name="username" scope="axis2" type="STRING" value="fausto"/>
         <entitlementService callbackClass="org.wso2.carbon.identity.entitlement.mediator.callback.UTEntitlementCallbackHandler"
                             client="basicAuth"
                             remoteServicePassword="enc:bS+kMgBk0W1nzqVwpAJ3RRkbieLEuMepiGa/sf9mQrVvbyNrAf1vbsJTohkX2KBr6oVVUcwSiT/lNi54B/4WMQMrcXWN+ewktsZTRlj8qE7lwyJZ0kfUvm+9h5rN8MRfJvQ8FQ8gxoHyNuhR4dD2J3l/nWxgjfnfWPpI8LV4zwk="
                             remoteServiceUrl="https://localhost:9440/services/"
                             remoteServiceUserName="admin">
            <onReject>
               <log level="custom">
                  <property name="FAULT" value="ON REJECT CALLED"/>
               </log>
               <makefault version="soap11">
                  <code xmlns:soap11Env="http://schemas.xmlsoap.org/soap/envelope/"
                        value="soap11Env:Server"/>
                  <reason value="UNAUTHORIZED"/>
                  <role/>
                  <detail>XACML Authorization Failed</detail>
               </makefault>
               <property name="RESPONSE" scope="default" type="STRING" value="true"/>
               <header action="remove" name="To" scope="default"/>
               <send/>
            </onReject>
            <onAccept>
               <log level="custom">
                  <property name="FAULT" value="ON ACCEPT CALLED"/>
               </log>
               <send>
                  <endpoint>
                     <address uri="http://localhost:9764/services/WSO2HealthIT"/>
                  </endpoint>
               </send>
            </onAccept>
            <obligations/>
            <advice/>
         </entitlementService>
      </inSequence>
      <outSequence>
         <header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                 action="remove"
                 name="wsse:Security"/>
         <send/>
      </outSequence>
   </target>
   <publishWSDL uri="http://localhost:9764/services/WSO2HealthIT?wsdl2"/>
   <description/>
</proxy>

在 IS 端，策略定义如下： EntitlementFilterPolicy.xml

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"  PolicyId="EntitlementFilterPolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
   <Target></Target>
   <Rule Effect="Permit" RuleId="Rule1">
      <Target>
         <AnyOf>
            <AllOf>
               <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/WSO2HealthWebApplication2/addPatient.jsp</AttributeValue>
                  <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
               </Match>
               <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
                  <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
               </Match>
            </AllOf>
         </AnyOf>
      </Target>
      <Condition>
         <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
            </Apply>
            <AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
         </Apply>
      </Condition>
   </Rule>
   <Rule Effect="Permit" RuleId="Rule2">
      <Target>
         <AnyOf>
            <AllOf>
               <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/WSO2HealthWebApplication2/(patientInfoPage|getPatientDetails).jsp</AttributeValue>
                  <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
               </Match>
               <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
                  <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
               </Match>
            </AllOf>
         </AnyOf>
      </Target>
      <Condition>
         <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
            </Apply>
            <AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
         </Apply>
      </Condition>
   </Rule>
</Policy>      

dssOperationPolicy.xml

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"  PolicyId="dssOperationsPolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
   <Target></Target>
   <Rule Effect="Permit" RuleId="Rule1">
      <Target>
         <AnyOf>
            <AllOf>
               <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*/WSO2HealthITProxy5/patientDetailsByNumber</AttributeValue>
                  <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
               </Match>
               <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
                  <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
               </Match>
            </AllOf>
         </AnyOf>
      </Target>
      <Condition>
         <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
            </Apply>
            <AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
         </Apply>
      </Condition>
   </Rule>
   <Rule Effect="Permit" RuleId="Rule2">
      <Target>
         <AnyOf>
            <AllOf>
               <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*/WSO2HealthITProxy5/registerPatient</AttributeValue>
                  <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
               </Match>
               <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
                  <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
               </Match>
            </AllOf>
         </AnyOf>
      </Target>
      <Condition>
         <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
            </Apply>
            <AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
         </Apply>
      </Condition>
   </Rule>
</Policy>        

登录身份验证工作正常，但尝试通过 ESB 代理获取一些患者信息时，我在 ESB 系统日志中收到以下错误。

TID[-1234] [ESB] [2016-11-25 14:34:04,080] INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://192.168.23.250:9440/services/EntitlementService] org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.verifyHostname(TLSProtocolSocketFactory.java:233) org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:186) org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:659) org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195) org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108) org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259) org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123) org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94) org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66) org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185) org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97) org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59) org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158) org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210) org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403) org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151) org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) java.lang.Thread.run(Thread.java:745)  

和

  TID[-1234] [ESB] [2016-11-25 14:34:04,082] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} - Error occurred while evaluating the policy org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199) org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108) org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259) org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123) org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94) org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66) org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185) org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97) org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59) org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158) org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210) org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403) org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151) org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) java.lang.Thread.run(Thread.java:745) 

我似乎无法通过 IS 授权服务，因为该服务似乎不存在。我一直在查看文档，但没有任何有用的结果。 有没有人可以提供帮助或遇到过同样的问题？

提前致谢。

Answer 1

最后，我弄清楚了问题所在。

首先，我阅读了位于 $CARBON_HOME/repository/logs 中的 wso2carbon.log 文件，发现了以下问题：

TID: [-1234] [] [2016-11-29 16:01:08,502]  INFO {org.apache.axis2.transport.http.HTTPSender} -  Unable to sendViaPost to url[https://192.168.23.250:9440/services/EntitlementService] {org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLException: hostname in certificate didn't match: <192.168.23.250> != </localhost>
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:260)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:158)
    at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:659)
    at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195)
    at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278)
    at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
    at org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108)
    at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259)
    at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123)
    at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94)
    at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66)
    at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59)
    at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
    at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
    at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403)
    at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
    at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
TID: [-1234] [] [2016-11-29 16:01:08,503] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} -  Error occurred while evaluating the policy {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator}
org.apache.axis2.AxisFault: hostname in certificate didn't match: <192.168.23.250> != </localhost>
    at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
    at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)
    at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278)
    at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
    at org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108)
    at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259)
    at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123)
    at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94)
    at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66)
    at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59)
    at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
    at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
    at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403)
    at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
    at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <192.168.23.250> != </localhost>
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:260)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:158)
    at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:659)
    at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195)
    ... 24 more

很明显，问题出在证书和 https 请求中。 我的服务位于不同的 Docker 容器中，因此我无法使用 localhost 作为调用方主机，因为每个服务都有不同的 ip。 所以，我决定尝试http请求而不是https，但结果是：

TID: [-1234] [] [2016-11-29 16:07:37,192] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} -  Error occurred while evaluating the policy {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator}
org.apache.axis2.AxisFault: The service cannot be found for the endpoint reference (EPR) http://192.168.23.250:9760/services/EntitlementService
    at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
    at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
    at org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108)
    at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259)
    at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123)
    at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94)
    at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66)
    at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59)
    at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
    at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
    at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403)
    at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
    at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

这意味着策略 EntitlementService 只能通过 https 获得。

最后我解决了将 IS 和 ESB 放在同一个 Docker 容器中的问题。请求现在在本地主机上，一切正常。

现在的问题是：当 ESB 和 IS 服务安装在两台不同的机器上时，如何同时处理这些服务？