通过 WSO2 API Manager 公开不安全的 url [英] Expose unsecured url via WSO2 API Manager

问题描述

我有一个在 WSO2 的 API Manager Publisher 工具中设置的 API.使用访问令牌正确调用时，所有调用都可以正常工作.

I have an API that I have setup in WSO2's API Manager Publisher tool. All the calls work fine when called correctly with an Access Token.

但我有一个网址，我希望任何人都可以调用.(它是一个定制的 Swagger UI 页面(不同于 WSO2 工具中内置的页面).

But I have one url that I want anyone to be able to call. (It is a customized Swagger UI page (different from the one built into the WSO2 tooling).)

为此，我将 Swagger UI url 添加为资源.但是当我去那里时，它说:

To do this I add the Swagger UI url as a resource. But when I go there it says:

未提供必需的 OAuth 凭据.确保您的 API 调用有一个标头:'Authorization : Bearer ACCESS_TOKEN'

Required OAuth credentials not provided. Make sure your API invocation call has a header: 'Authorization : Bearer ACCESS_TOKEN'

一般来说，我真的很喜欢这个默认设置.(我希望我的所有其他 API 资源都需要访问令牌.)但是对于这个我没有访问令牌，也不希望这样做.)

Generally, I really like this default. (I want all my other API resources to require an Access Token.) But for this one I don't have an access token and don't expect to.)

是否可以发布一个资源而不需要任何身份验证?

推荐答案

也可以在 2.x 版本的 API Manager 中通过禁用发布者工具中的每个端点的安全性来完成.在管理选项卡的资源部分中，对于每个资源/端点，将值 x-auth-type 设置为无".默认值为Application &应用程序用户".这将禁用安全性，然后禁用访问所选 API 资源所需的身份验证.

Also it can be done in 2.x versions of API Manager through disabling for each endpoint the security in publisher tool. In manage tab, resources section, for each resource/endpoint set the value x-auth-type to "None". Default value is "Application & Application User". This disable security and then authentication required for accesing to the selected API resources.

这篇关于通过 WSO2 API Manager 公开不安全的 url的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！