THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Spring Security
Available as of Camel 2.3
The camel-spring-security component provides role-based authorization for Camel routes. It leverages the authentication and user services provided by Spring Security (formerly Acegi Security) and adds a declarative, role-based policy system to control whether a route can be executed by a given principal.
If you are not familiar with the Spring Security authentication and authorization system, please review the current reference documentation on the SpringSource web site linked above.
Creating authorization policies
...
A Spring Security AuthenticationManager and AccessDecisionManager are required to use this component. Here is an example of how to configure these objects in Spring XML using the Spring Security namespace:
...
...
Now that the underlying security objects are set up, we can use them to configure an authorization policy and use that policy to control access to a route:
...
In this example, the endpoint mock:end will not be executed unless a Spring Security Authentication object that has been or can be authenticated and contains the ROLE_ADMIN authority can be located by the admin SpringSecurityAuthorizationPolicy.
...
The process of obtaining security credentials that are used for authorization is not specified by this component. You can write your own processors or components which get authentication information from the exchange depending on your needs. For example, you might create a processor that gets credentials from an HTTP request header originating in the camel-jetty Jetty component. No matter how the credentials are collected, they need to be placed in the In message or the SecurityContextHolder so the camel-spring-security Camel Spring Security component can access them:
...
...
The SpringSecurityAuthorizationPolicy will automatically authenticate the Authentication object if necessary.
...
The default behavior of camel-spring-security is to look for a Subject in the Exchange.AUTHENTICATION header. This Subject must contain at least one principal, which must be a subclass of org.springframework.security.core.Authentication. You can customize the mapping of Subject to Authentication object by providing an implementation of the org.apache.camel.component.spring.security.AuthenticationAdapter to your <authorizationPolicy> bean. This can be useful if you are working with components that do not use Spring Security but do provide a Subject. At this time, only the camel-cxf CXF component populates the Exchange.AUTHENTICATION header.
...
If authentication or authorization fails in the SpringSecurityAuthorizationPolicy, a CamelAuthorizationException will be thrown. This can be handled using Camel's standard exception handling methods, like the Exception clauseClause. The CamelAuthorizationException will have a reference to the ID of the policy which threw the exception so you can handle errors based on the policy as well as the type of exception:
...
...
Dependencies
Maven users will need to add the following dependency to their pom.xml for this component:
...
...
This dependency will also pull in org.springframework.security:spring-security-core:3.0.3.RELEASE and org.springframework.security:spring-security-config:3.0.3.RELEASE.
...
...