[CONF] Apache Camel > Spring Security

[confluence]

Spring Security Page edited by willem jiang Comment: CAMEL-2793 update the wiki doc of camel-spring-security Changes (5) ... h3. Using SpringSecurityAuthorizationPolicy camel-spring-security component can take the authentication token which is set by Spring Security or other security framework, and check authentication token with the access information which is configured by SpringSecurityAuthorizationPolicy. If the authentication token is authorized, the camel exchange will be passed to the next processor, otherwise CamelAuthorizationException will be thrown with the exchange. SpringSecurityAuthorizationPolicy will check the message header with "CamelAuthentication" and turned the security subject into the spring authentication token, you can specify your customer authenticationAdapter by configure this policy. If there is no security subject in the message header, and the policy's attribute "useThreadSecurityContext" is true, the policy will use SecurityContextHolder.getContext().getAuthentication() to get the authentication token. If the authentication token is authorized, the camel exchange will be passed to the next processor, otherwise CamelAuthorizationException will be thrown with the exchange. You can configure the SpringSecurityAuthorizationPolicy with normal Spring bean's configuration, and you can also configure it with the customer authorizationPolicy element. ... | {{authenticationManager}} | String | The id of the authentication manager which is used for reauthentication within the SpringSecurityAuthorizationPolicy. If you don't specify it, SpringSecurityAuthorizationPolicy will set it value with "authenticationManager" | | {{accessDecisionManager}} | String | The id of the access decision manager which is used for checking the access attribute with authentication token. If you don't specify it, SpringSecurityAuthorizationPolicy will set it value with "accessDecisionManager" | | {{authenticationAdapter}} | String | New to Camel 2.4, The id of AuthenticationAdapter that SpringSecurityAuthorizationPolicy uses to turn a security subject into Spring authentication token | | {{useThreadSecurityContext}} | String boolean | SpringSecurityAuthorizationPolicy will try to get the authentication token from exchange, message header with the key "CamelAuthentication", if it can't get it and the this attribute is true, it will try to get authentication from SecurityContextHolder (the thread local context). The default value of this attribute is true. | | {{alwaysReauthenticate}} | String boolean | If this attribute is true, SpringSecurityAuthorizationPolicy will aways reauthenticate the authentication token. The default value of this attribute is false. | h4. Using SpringSecurityAuthorizationPolicy in Spring XML ... Full Content Spring Security Available as of Camel 2.3 Spring Security is a poplar security framework to provides the authentication and authorization for the Spring application. It allows together with Camel to provide authorization support for the camel process by configuring the authorizationPolicy. Using SpringSecurityAuthorizationPolicy camel-spring-security component can take the authentication token which is set by Spring Security or other security framework, and check authentication token with the access information which is configured by SpringSecurityAuthorizationPolicy. SpringSecurityAuthorizationPolicy will check the message header with "CamelAuthentication" and turned the security subject into the spring authentication token, you can specify your customer authenticationAdapter by configure this policy. If there is no security subject in the message header, and the policy's attribute "useThreadSecurityContext" is true, the policy will use SecurityContextHolder.getContext().getAuthentication() to get the authentication token. If the authentication token is authorized, the camel exchange will be passed to the next processor, otherwise CamelAuthorizationException will be thrown with the exchange. You can configure the SpringSecurityAuthorizationPolicy with normal Spring bean's configuration, and you can also configure it with the customer authorizationPolicy element. authorizationPolicy element has below attributes: Attribut Type Description id String The bean id which is common used for the bean which is managed by Spring access String The access policy that you want to use authorization authenticationManager String The id of the authentication manager which is used for reauthentication within the SpringSecurityAuthorizationPolicy. If you don't specify it, SpringSecurityAuthorizationPolicy will set it value with "authenticationManager" accessDecisionManager String The id of the access decision manager which is used for checking the access attribute with authentication token. If you don't specify it, SpringSecurityAuthorizationPolicy will set it value with "accessDecisionManager" authenticationAdapter String New to Camel 2.4, The id of AuthenticationAdapter that SpringSecurityAuthorizationPolicy uses to turn a security subject into Spring authentication token useThreadSecurityContext boolean SpringSecurityAuthorizationPolicy will try to get the authentication token from message header with the key "CamelAuthentication", if it can't get it and the this attribute is true, it will try to get authentication from SecurityContextHolder (the thread local context). The default value of this attribute is true. alwaysReauthenticate boolean If this attribute is true, SpringSecurityAuthorizationPolicy will aways reauthenticate the authentication token. The default value of this attribute is false. Using SpringSecurityAuthorizationPolicy in Spring XML In this example we want to make sure exchange send to mock:end should be authenticated with the role of admin. <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:spring-security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd http://camel.apache.org/schema/spring-security http://camel.apache.org/schema/spring-security/camel-spring-security.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- import the spring security configuration --> <import resource="classpath:org/apache/camel/component/spring/security/commonSecurity.xml"/> <authorizationPolicy id="admin" access="ROLE_ADMIN" authenticationManager="authenticationManager" accessDecisionManager="accessDecisionManager" xmlns="http://camel.apache.org/schema/spring-security"/> <camelContext id="myCamelContext" xmlns="http://camel.apache.org/schema/spring"> <route> <from uri="direct:start"/> <!-- The exchange should be authenticated with the role of ADMIN before it is send to mock:endpoint --> <policy ref="admin"> <to uri="mock:end"/> </policy> </route> </camelContext> </beans> The spring security configure looks like this <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:spring-security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <bean id="authenticationManager" class="org.springframework.security.MockAuthenticationManager"/> <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="true"/> <property name="decisionVoters"> <list> <bean class="org.springframework.security.vote.RoleVoter"/> </list> </property> </bean> <spring-security:authentication-provider user-service-ref="userDetailsService"/> <spring-security:user-service id="userDetailsService"> <spring-security:user name="jim" password="jimspassword" authorities="ROLE_USER, ROLE_ADMIN"/> <spring-security:user name="bob" password="bobspassword" authorities="ROLE_USER"/> </spring-security:user-service> </beans> Dependencies To use Spring Security in your camel routes you need to add the a dependency on camel-spring-security. If you use maven you could just add the following to your pom.xml, substituting the version number for the latest & greatest release (see the download page for the latest versions). <dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-spring-security</artifactId> <version>2.3.0</version> </dependency> See Also Configuring Camel Component Endpoint Getting Started Components Change Notification Preferences View Online | View Changes | Add Comment