...
Maven users will need to add the following dependency to their pom.xml
for this component:
Code Block | ||||
---|---|---|---|---|
| ||||
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-shiro</artifactId>
<version>x.x.x</version>
<!-- use the same version as your Camel core version -->
</dependency>
|
...
Configuration details are provided to the ShiroSecurityPolicy using an Ini file (properties file) or an Ini object. The Ini file is a standard Shiro configuration file containing user/role details as shown below
Code Block |
---|
[users]
# user 'ringo' with password 'starr' and the 'sec-level1' role
ringo = starr, sec-level1
george = harrison, sec-level2
john = lennon, sec-level3
paul = mccartney, sec-level3
[roles]
# 'sec-level3' role has all permissions, indicated by the
# wildcard '*'
sec-level3 = *
# The 'sec-level2' role can do anything with access of permission
# readonly (*) to help
sec-level2 = zone1:*
# The 'sec-level1' role can do anything with access of permission
# readonly
sec-level1 = zone1:readonly:*
|
...
A ShiroSecurityPolicy object is instantiated as follows
Code Block |
---|
private final String iniResourcePath = "classpath:shiro.ini";
private final byte[] passPhrase = {
(byte) 0x08, (byte) 0x09, (byte) 0x0A, (byte) 0x0B,
(byte) 0x0C, (byte) 0x0D, (byte) 0x0E, (byte) 0x0F,
(byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13,
(byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17};
List<permission> permissionsList = new ArrayList<permission>();
Permission permission = new WildcardPermission("zone1:readwrite:*");
permissionsList.add(permission);
final ShiroSecurityPolicy securityPolicy =
new ShiroSecurityPolicy(iniResourcePath, passPhrase, true, permissionsList);
|
...
The ShiroSecurityPolicy, tests and permits incoming message exchanges containing a encrypted SecurityToken in the Message Header to proceed further following proper authentication. The SecurityToken object contains a Username/Password details that are used to determine where the user is a valid user.
Code Block |
---|
protected RouteBuilder createRouteBuilder() throws Exception {
final ShiroSecurityPolicy securityPolicy =
new ShiroSecurityPolicy("classpath:shiro.ini", passPhrase);
return new RouteBuilder() {
public void configure() {
onException(UnknownAccountException.class).
to("mock:authenticationException");
onException(IncorrectCredentialsException.class).
to("mock:authenticationException");
onException(LockedAccountException.class).
to("mock:authenticationException");
onException(AuthenticationException.class).
to("mock:authenticationException");
from("direct:secureEndpoint").
to("log:incoming payload").
policy(securityPolicy).
to("mock:success");
}
};
}
|
...
Authorization can be applied on a camel route by associating a Permissions List with the ShiroSecurityPolicy. The Permissions List specifies the permissions necessary for the user to proceed with the execution of the route segment. If the user does not have the proper permission set, the request is not authorized to continue any further.
Code Block |
---|
protected RouteBuilder createRouteBuilder() throws Exception {
final ShiroSecurityPolicy securityPolicy =
new ShiroSecurityPolicy("./src/test/resources/securityconfig.ini", passPhrase);
return new RouteBuilder() {
public void configure() {
onException(UnknownAccountException.class).
to("mock:authenticationException");
onException(IncorrectCredentialsException.class).
to("mock:authenticationException");
onException(LockedAccountException.class).
to("mock:authenticationException");
onException(AuthenticationException.class).
to("mock:authenticationException");
from("direct:secureEndpoint").
to("log:incoming payload").
policy(securityPolicy).
to("mock:success");
}
};
}
|
...
A ShiroSecurityToken object may be created and injected into a Message Exchange using a Shiro Processor called ShiroSecurityTokenInjector. An example of injecting a ShiroSecurityToken using a ShiroSecurityTokenInjector in the client is shown below
Code Block |
---|
ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken("ringo", "starr");
ShiroSecurityTokenInjector shiroSecurityTokenInjector =
new ShiroSecurityTokenInjector(shiroSecurityToken, passPhrase);
from("direct:client").
process(shiroSecurityTokenInjector).
to("direct:secureEndpoint");
|
...
You can send a message to a Camel route with a header of key ShiroSecurityConstants.SHIRO_SECURITY_TOKEN
of the type org.apache.camel.component.shiro.security.ShiroSecurityToken
that contains the username and password. For example:
Code Block |
---|
ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken("ringo", "starr");
template.sendBodyAndHeader("direct:secureEndpoint", "Beatle Mania", ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, shiroSecurityToken);
|
You can also provide the username and password in two different headers as shown below:
Code Block |
---|
Map<String, Object> headers = new HashMap<String, Object>();
headers.put(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME, "ringo");
headers.put(ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD, "starr");
template.sendBodyAndHeaders("direct:secureEndpoint", "Beatle Mania", headers);
|
When you use the username and password headers, then the ShiroSecurityPolicy in the Camel route will automatic transform those into a single header with key ShiroSecurityConstants.SHIRO_SECURITY_TOKEN with the token. Then token is either a ShiroSecurityToken
instance, of or a base64 representation as a String (the latter is when you have set base64=true).