camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r890761 [2/2] - in /websites/production/camel/content: cache/main.pageCache camel-2130-release.html hl7.html shiro-security.html
Date Tue, 17 Dec 2013 20:19:29 GMT
Modified: websites/production/camel/content/shiro-security.html
==============================================================================
--- websites/production/camel/content/shiro-security.html (original)
+++ websites/production/camel/content/shiro-security.html Tue Dec 17 20:19:28 2013
@@ -85,39 +85,16 @@
 	<tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><h2 id="ShiroSecurity-ShiroSecurityComponent">Shiro
Security Component</h2>
-
-<p><strong>Available as of Camel 2.5</strong></p>
-
-<p>The <strong>shiro-security</strong> component in Camel is a security
focused component, based on the Apache Shiro security project.</p>
-
-<p>Apache Shiro is a powerful and flexible open-source security framework that cleanly
handles authentication, authorization, enterprise session management and cryptography. The
objective of the Apache Shiro project is to provide the most robust and comprehensive application
security framework available while also being very easy to understand and extremely simple
to use.</p>
-
-<p>This camel shiro-security component allows authentication and authorization support
to be applied to different segments of a camel route.</p>
-
-<p>Shiro security is applied on a route using a Camel Policy. A Policy in Camel utilizes
a strategy pattern for applying interceptors on Camel Processors. It offering the ability
to apply cross-cutting concerns (for example. security, transactions etc) on sections/segments
of a camel route. </p>
-
-<p>Maven users will need to add the following dependency to their <code>pom.xml</code>
for this component:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;dependency&gt;
+<div class="wiki-content maincontent"><h2 id="ShiroSecurity-ShiroSecurityComponent">Shiro
Security Component</h2><p><strong>Available as of Camel 2.5</strong></p><p>The
<strong>shiro-security</strong> component in Camel is a security focused component,
based on the Apache Shiro security project.</p><p>Apache Shiro is a powerful and
flexible open-source security framework that cleanly handles authentication, authorization,
enterprise session management and cryptography. The objective of the Apache Shiro project
is to provide the most robust and comprehensive application security framework available while
also being very easy to understand and extremely simple to use.</p><p>This camel
shiro-security component allows authentication and authorization support to be applied to
different segments of a camel route.</p><p>Shiro security is applied on a route
using a Camel Policy. A Policy in Camel utilizes a strategy pattern for applying interceptors
on Camel Processors. It offering the abil
 ity to apply cross-cutting concerns (for example. security, transactions etc) on sections/segments
of a camel route.</p><p>Maven users will need to add the following dependency
to their <code>pom.xml</code> for this component:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;dependency&gt;
     &lt;groupId&gt;org.apache.camel&lt;/groupId&gt;
     &lt;artifactId&gt;camel-shiro&lt;/artifactId&gt;
     &lt;version&gt;x.x.x&lt;/version&gt;
     &lt;!-- use the same version as your Camel core version --&gt;
 &lt;/dependency&gt;
 ]]></script>
-</div></div>
-
-<h3 id="ShiroSecurity-ShiroSecurityBasics">Shiro Security Basics</h3>
-
-<p>To employ Shiro security on a camel route, a ShiroSecurityPolicy object must be
instantiated with security configuration details (including users, passwords, roles etc).
This object must then be applied to a camel route. This ShiroSecurityPolicy Object may also
be registered in the Camel registry (JNDI or ApplicationContextRegistry) and then utilized
on other routes in the Camel Context.</p>
-
-<p>Configuration details are provided to the ShiroSecurityPolicy using an Ini file
(properties file) or an Ini object. The Ini file is a standard Shiro configuration file containing
user/role details as shown below</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-[users]
+</div></div><h3 id="ShiroSecurity-ShiroSecurityBasics">Shiro Security Basics</h3><p>To
employ Shiro security on a camel route, a ShiroSecurityPolicy object must be instantiated
with security configuration details (including users, passwords, roles etc). This object must
then be applied to a camel route. This ShiroSecurityPolicy Object may also be registered in
the Camel registry (JNDI or ApplicationContextRegistry) and then utilized on other routes
in the Camel Context.</p><p>Configuration details are provided to the ShiroSecurityPolicy
using an Ini file (properties file) or an Ini object. The Ini file is a standard Shiro configuration
file containing user/role details as shown below</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[[users]
 # user &#39;ringo&#39; with password &#39;starr&#39; and the &#39;sec-level1&#39;
role
 ringo = starr, sec-level1
 george = harrison, sec-level2
@@ -137,15 +114,8 @@ sec-level2 = zone1:*
 # readonly   
 sec-level1 = zone1:readonly:*
 ]]></script>
-</div></div>
-
-<h3 id="ShiroSecurity-InstantiatingaShiroSecurityPolicyObject">Instantiating a ShiroSecurityPolicy
Object</h3>
-
-<p>A ShiroSecurityPolicy object is instantiated as follows</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-        private final String iniResourcePath = &quot;classpath:shiro.ini&quot;;
+</div></div><h3 id="ShiroSecurity-InstantiatingaShiroSecurityPolicyObject">Instantiating
a ShiroSecurityPolicy Object</h3><p>A ShiroSecurityPolicy object is instantiated
as follows</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
       private final String iniResourcePath = &quot;classpath:shiro.ini&quot;;
         private final byte[] passPhrase = {
             (byte) 0x08, (byte) 0x09, (byte) 0x0A, (byte) 0x0B,
             (byte) 0x0C, (byte) 0x0D, (byte) 0x0E, (byte) 0x0F,
@@ -158,20 +128,10 @@ sec-level1 = zone1:readonly:*
         final ShiroSecurityPolicy securityPolicy = 
             new ShiroSecurityPolicy(iniResourcePath, passPhrase, true, permissionsList);
 ]]></script>
-</div></div>
-
-<h3 id="ShiroSecurity-ShiroSecurityPolicyOptions">ShiroSecurityPolicy Options</h3>
-<div class="confluenceTableSmall">
+</div></div><h3 id="ShiroSecurity-ShiroSecurityPolicyOptions">ShiroSecurityPolicy
Options</h3><div class="confluenceTableSmall">
 <table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p> Name </p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p> Default Value </p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p> Type </p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p> Description </p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p> <code>iniResourcePath or ini</code>
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>none</code>
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Resource
String or Ini Object </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>
A mandatory Resource String for the iniResourcePath or an instance of an Ini object must be
passed to the security policy. Resources can be acquired from the file system, classpath,
or URLs when prefixed with "file:, classpath:, or url:" respectively. For e.g "classpath:shiro.ini"
</p></td></tr><tr><td colspan="1" rowspan="1" class="conf
 luenceTd"><p> <code>passPhrase</code> </p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> <code>An AES 128 based key</code>
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> byte[]
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> A passPhrase
to decrypt ShiroSecurityToken(s) sent along with Message Exchanges </p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p> <code>alwaysReauthenticate</code>
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>true</code>
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> boolean
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Setting
to ensure re-authentication on every individual request. If set to false, the user is authenticated
and locked such than only requests from the same user going forward are authenticated. </p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p> <code>permissionsList</code>
</p></td><td colspan="1" rowspan="1" cla
 ss="confluenceTd"><p> <code>none</code> </p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p> List&lt;Permission&gt; </p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p> A List of permissions required in
order for an authenticated user to be authorized to perform further action i.e continue further
on the route. If no Permissions list is provided to the ShiroSecurityPolicy object, then authorization
is deemed as not required </p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p> <code>cipherService</code> </p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p> <code>AES</code> </p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p> org.apache.shiro.crypto.CipherService
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Shiro
ships with AES &amp; Blowfish based CipherServices. You may use one these or pass in your
own Cipher implementation </p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p> <code>base64</code>
  </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>false</code>
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>boolean</code>
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Camel
2.12:</strong> To use base64 encoding for the security token header, which allows transferring
the header over <a shape="rect" href="jms.html" title="JMS">JMS</a> etc. This
option must also be set on <code>ShiroSecurityTokenInjector</code> as well. </p></td></tr></tbody></table>
-</div>
-
-<h3 id="ShiroSecurity-ApplyingShiroAuthenticationonaCamelRoute">Applying Shiro Authentication
on a Camel Route</h3>
-
-<p>The ShiroSecurityPolicy, tests and permits incoming message exchanges containing
a encrypted SecurityToken in the Message Header to proceed further following proper authentication.
The SecurityToken object contains a Username/Password details that are used to determine where
the user is a valid user. </p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-    protected RouteBuilder createRouteBuilder() throws Exception {
+</div><h3 id="ShiroSecurity-ApplyingShiroAuthenticationonaCamelRoute">Applying
Shiro Authentication on a Camel Route</h3><p>The ShiroSecurityPolicy, tests and
permits incoming message exchanges containing a encrypted SecurityToken in the Message Header
to proceed further following proper authentication. The SecurityToken object contains a Username/Password
details that are used to determine where the user is a valid user.</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
   protected RouteBuilder createRouteBuilder() throws Exception {
         final ShiroSecurityPolicy securityPolicy = 
             new ShiroSecurityPolicy(&quot;classpath:shiro.ini&quot;, passPhrase);
         
@@ -194,15 +154,8 @@ sec-level1 = zone1:readonly:*
         };
     }
 ]]></script>
-</div></div>
-
-<h3 id="ShiroSecurity-ApplyingShiroAuthorizationonaCamelRoute">Applying Shiro Authorization
on a Camel Route</h3>
-
-<p>Authorization can be applied on a camel route by associating a Permissions List
with the ShiroSecurityPolicy. The Permissions List specifies the permissions necessary for
the user to proceed with the execution of the route segment. If the user does not have the
proper permission set, the request is not authorized to continue any further.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-    protected RouteBuilder createRouteBuilder() throws Exception {
+</div></div><h3 id="ShiroSecurity-ApplyingShiroAuthorizationonaCamelRoute">Applying
Shiro Authorization on a Camel Route</h3><p>Authorization can be applied on a
camel route by associating a Permissions List with the ShiroSecurityPolicy. The Permissions
List specifies the permissions necessary for the user to proceed with the execution of the
route segment. If the user does not have the proper permission set, the request is not authorized
to continue any further.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
   protected RouteBuilder createRouteBuilder() throws Exception {
         final ShiroSecurityPolicy securityPolicy = 
             new ShiroSecurityPolicy(&quot;./src/test/resources/securityconfig.ini&quot;,
passPhrase);
         
@@ -225,15 +178,8 @@ sec-level1 = zone1:readonly:*
         };
     }
 ]]></script>
-</div></div>
-
-<h3 id="ShiroSecurity-CreatingaShiroSecurityTokenandinjectingitintoaMessageExchange">Creating
a ShiroSecurityToken and injecting it into a Message Exchange</h3>
-
-<p>A ShiroSecurityToken object may be created and injected into a Message Exchange
using a Shiro Processor called ShiroSecurityTokenInjector. An example of injecting a ShiroSecurityToken
using a ShiroSecurityTokenInjector in the client is shown below</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-    ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken(&quot;ringo&quot;,
&quot;starr&quot;);
+</div></div><h3 id="ShiroSecurity-CreatingaShiroSecurityTokenandinjectingitintoaMessageExchange">Creating
a ShiroSecurityToken and injecting it into a Message Exchange</h3><p>A ShiroSecurityToken
object may be created and injected into a Message Exchange using a Shiro Processor called
ShiroSecurityTokenInjector. An example of injecting a ShiroSecurityToken using a ShiroSecurityTokenInjector
in the client is shown below</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
   ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken(&quot;ringo&quot;,
&quot;starr&quot;);
     ShiroSecurityTokenInjector shiroSecurityTokenInjector = 
         new ShiroSecurityTokenInjector(shiroSecurityToken, passPhrase);
 
@@ -241,15 +187,7 @@ sec-level1 = zone1:readonly:*
         process(shiroSecurityTokenInjector).
         to(&quot;direct:secureEndpoint&quot;);
 ]]></script>
-</div></div>
-
-<h3 id="ShiroSecurity-SendingMessagestoroutessecuredbyaShiroSecurityPolicy">Sending
Messages to routes secured by a ShiroSecurityPolicy</h3>
-
-<p>Messages and Message Exchanges sent along the camel route where the security policy
is applied need to be accompanied by a SecurityToken in the Exchange Header. The SecurityToken
is an encrypted object that holds a Username and Password. The SecurityToken is encrypted
using AES 128 bit security by default and can be changed to any cipher of your choice.</p>
-
-<p>Given below is an example of how a request may be sent using a ProducerTemplate
in Camel along with a SecurityToken</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><h3 id="ShiroSecurity-SendingMessagestoroutessecuredbyaShiroSecurityPolicy">Sending
Messages to routes secured by a ShiroSecurityPolicy</h3><p>Messages and Message
Exchanges sent along the camel route where the security policy is applied need to be accompanied
by a SecurityToken in the Exchange Header. The SecurityToken is an encrypted object that holds
a Username and Password. The SecurityToken is encrypted using AES 128 bit security by default
and can be changed to any cipher of your choice.</p><p>Given below is an example
of how a request may be sent using a ProducerTemplate in Camel along with a SecurityToken</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[

     @Test
     public void testSuccessfulShiroAuthenticationWithNoAuthorization() throws Exception {
       
@@ -269,34 +207,18 @@ sec-level1 = zone1:readonly:*
         failureEndpoint.assertIsSatisfied();
     } 
 ]]></script>
-</div></div>
-
-<h3 id="ShiroSecurity-SendingMessagestoroutessecuredbyaShiroSecurityPolicy(mucheasierfromCamel2.12onwards)">Sending
Messages to routes secured by a ShiroSecurityPolicy (much easier from Camel 2.12 onwards)</h3>
-
-<p>From <strong>Camel 2.12</strong> onwards its even easier as you can
provide the subject in two different ways.</p>
-
-<h4 id="ShiroSecurity-UsingShiroSecurityToken">Using ShiroSecurityToken</h4>
-
-<p>You can send a message to a Camel route with a header of key <code>ShiroSecurityConstants.SHIRO_SECURITY_TOKEN</code>
of the type <code>org.apache.camel.component.shiro.security.ShiroSecurityToken</code>
that contains the username and password. For example:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-        ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken(&quot;ringo&quot;,
&quot;starr&quot;);
+</div></div><h3 id="ShiroSecurity-SendingMessagestoroutessecuredbyaShiroSecurityPolicy(mucheasierfromCamel2.12onwards)">Sending
Messages to routes secured by a ShiroSecurityPolicy (much easier from Camel 2.12 onwards)</h3><p>From
<strong>Camel 2.12</strong> onwards its even easier as you can provide the subject
in two different ways.</p><h4 id="ShiroSecurity-UsingShiroSecurityToken">Using
ShiroSecurityToken</h4><p>You can send a message to a Camel route with a header
of key <code>ShiroSecurityConstants.SHIRO_SECURITY_TOKEN</code> of the type <code>org.apache.camel.component.shiro.security.ShiroSecurityToken</code>
that contains the username and password. For example:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
       ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken(&quot;ringo&quot;,
&quot;starr&quot;);
 
         template.sendBodyAndHeader(&quot;direct:secureEndpoint&quot;, &quot;Beatle
Mania&quot;, ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, shiroSecurityToken);
 ]]></script>
-</div></div>
-
-<p>You can also provide the username and password in two different headers as shown
below:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-        Map&lt;String, Object&gt; headers = new HashMap&lt;String, Object&gt;();
+</div></div><p>You can also provide the username and password in two different
headers as shown below:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
       Map&lt;String, Object&gt; headers = new HashMap&lt;String, Object&gt;();
         headers.put(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME, &quot;ringo&quot;);
         headers.put(ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD, &quot;starr&quot;);
         template.sendBodyAndHeaders(&quot;direct:secureEndpoint&quot;, &quot;Beatle
Mania&quot;, headers);
 ]]></script>
-</div></div>
-
-<p>When you use the username and password headers, then the ShiroSecurityPolicy in
the Camel route will automatic transform those into a single header with key ShiroSecurityConstants.SHIRO_SECURITY_TOKEN
with the token. Then token is either a <code>ShiroSecurityToken</code> instance,
of a base64 representation as a String (the latter is when you have set base64=true).</p></div>
+</div></div><p>When you use the username and password headers, then the
ShiroSecurityPolicy in the Camel route will automatic transform those into a single header
with key ShiroSecurityConstants.SHIRO_SECURITY_TOKEN with the token. Then token is either
a <code>ShiroSecurityToken</code> instance, or a base64 representation as a String
(the latter is when you have set base64=true).</p></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message