Versions Compared

Old Version 9

changes.mady.by.user Jakub Korab

Saved on

compared with

New Version 10

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The process of obtaining security credentials that are used for authorization is not specified by this component. You can write your own processors or components which get authentication information from the exchange depending on your needs. For example, you might create a processor that gets credentials from an HTTP request header originating in the Jetty component. No matter how the credentials are collected, they need to be placed in the In message or the SecurityContextHolder so the Camel Spring Security component can access them:

Code Block
java
java

import javax.security.auth.Subject;
import org.apache.camel.*;
import org.apache.commons.codec.binary.Base64;
import org.springframework.security.authentication.*;


public class MyAuthService implements Processor {
    public void process(Exchange exchange) throws Exception {
        // get the username and password from the HTTP header
        // http://en.wikipedia.org/wiki/Basic_access_authentication
        String userpass = new String(Base64.decodeBase64(exchange.getIn().getHeader("Authorization", String.class)));
        String[] tokens = userpass.split(":");
        
        // create an Authentication object
        UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(tokens[0], tokens[1]);

        // wrap it in a Subject
        Subject subject = new Subject();
        subject.getPrincipals().add(tokenauthToken);

        // place the Subject in the In message
        exchange.getIn().setHeader(Exchange.AUTHENTICATION, subject);

        // you could also do this if useThreadSecurityContext is set to true
        // SecurityContextHolder.getContext().setAuthentication(authToken);
    }
}

...

If authentication or authorization fails in the SpringSecurityAuthorizationPolicy, a CamelAuthorizationException will be thrown. This can be handled using Camel's standard exception handling methods, like the Exception Clause. The CamelAuthorizationException will have a reference to the ID of the policy which threw the exception so you can handle errors based on the policy as well as the type of exception:

Code Block
xml
xml

<onException>
  <exception>org.springframework.security.authentication.AccessDeniedException</exception>
  <choice>
    <when>
      <simple>${exception.policyId} == 'user'</simple>
      <transform>
        <constant>You do not have ROLE_USER access!</constant>
      </transform>
    </when>
    <when>
      <simple>${exception.policyId} == 'admin'</simple>
      <transform>
        <constant>You do not have ROLE_ADMIN access!</constant>
      </transform>
    </when>
  </choice>
</onException>

...

This dependency will also pull in org.springframework.security:spring-security-core:3.0.3.RELEASE and org.springframework.security:spring-security-config:3.0.3.RELEASE.

Include Page
Endpoint See Also
Endpoint See Also