THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Spring Security
Available as of Camel 2.3
Spring Security is a poplar security framework to provides the authentication and authorization for the Spring application. It allows together with Camel to provide authorization support for the camel process by configuring the authorizationPolicy.
Using SpringSecurityAuthorizationPolicy
camel-spring-security component can take the authentication token which is set by Spring Security or other security framework, and check authentication token with the access information which is configured by SpringSecurityAuthorizationPolicy.
SpringSecurityAuthorizationPolicy will check the message header with "CamelAuthentication" and turned the security subject into the spring authentication token, you can specify your customer authenticationAdapter by configure this policy. If there is no security subject in the message header, and the policy's attribute "useThreadSecurityContext" is true, the policy will use SecurityContextHolder.getContext().getAuthentication() to get the authentication token.
If the authentication token is authorized, the camel exchange will be passed to the next processor, otherwise CamelAuthorizationException will be thrown with the exchange.
You can configure the SpringSecurityAuthorizationPolicy with normal Spring bean's configuration, and you can also configure it with the customer authorizationPolicy element.
authorizationPolicy element has below attributes:
Attribut |
Type |
Description |
|---|---|---|
|
String |
The bean id which is common used for the bean which is managed by Spring |
|
String |
The access policy that you want to use authorization |
|
String |
The id of the authentication manager which is used for reauthentication within the SpringSecurityAuthorizationPolicy. If you don't specify it, SpringSecurityAuthorizationPolicy will set it value with "authenticationManager" |
|
String |
The id of the access decision manager which is used for checking the access attribute with authentication token. If you don't specify it, SpringSecurityAuthorizationPolicy will set it value with "accessDecisionManager" |
|
String |
New to Camel 2.4, The id of AuthenticationAdapter that SpringSecurityAuthorizationPolicy uses to turn a security subject into Spring authentication token |
|
boolean |
SpringSecurityAuthorizationPolicy will try to get the authentication token from message header with the key "CamelAuthentication", if it can't get it and the this attribute is true, it will try to get authentication from SecurityContextHolder (the thread local context). The default value of this attribute is true. |
|
boolean |
If this attribute is true, SpringSecurityAuthorizationPolicy will aways reauthenticate the authentication token. The default value of this attribute is false. |
Using SpringSecurityAuthorizationPolicy in Spring XML
In this example we want to make sure exchange send to mock:end should be authenticated with the role of admin.
Error formatting macro: snippet: java.lang.NullPointerException
The spring security configure looks like this
Error formatting macro: snippet: java.lang.NullPointerException
Dependencies
To use Spring Security in your camel routes you need to add the a dependency on camel-spring-security.
If you use maven you could just add the following to your pom.xml, substituting the version number for the latest & greatest release (see the download page for the latest versions).
<dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-spring-security</artifactId> <version>2.3.0</version> </dependency>