camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r901095 - in /websites/production/camel/content: cache/main.pageCache spring-security.html
Date Tue, 11 Mar 2014 11:22:30 GMT
Author: buildbot
Date: Tue Mar 11 11:22:29 2014
New Revision: 901095

Log:
Production update by buildbot for camel

Modified:
    websites/production/camel/content/cache/main.pageCache
    websites/production/camel/content/spring-security.html

Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/camel/content/spring-security.html
==============================================================================
--- websites/production/camel/content/spring-security.html (original)
+++ websites/production/camel/content/spring-security.html Tue Mar 11 11:22:29 2014
@@ -86,28 +86,7 @@
 	<tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><h2 id="SpringSecurity-SpringSecurity">Spring
Security </h2>
-<p><strong>Available as of Camel 2.3</strong> </p>
-
-<p>The <strong>camel-spring-security</strong> component provides role-based
authorization for Camel routes.  It leverages the authentication and user services provided
by <a shape="rect" class="external-link" href="http://static.springsource.org/spring-security/site/index.html"
rel="nofollow">Spring Security</a> (formerly Acegi Security) and adds a declarative,
role-based policy system to control whether a route can be executed by a given principal.</p>
-
-<p>If you are not familiar with the Spring Security authentication and authorization
system, please review the current reference documentation on the SpringSource web site linked
above.</p>
-
-<h3 id="SpringSecurity-Creatingauthorizationpolicies">Creating authorization policies</h3>
-
-<p>Access to a route is controlled by an instance of a <code>SpringSecurityAuthorizationPolicy</code>
object.  A policy object contains the name of the Spring Security authority (role) required
to run a set of endpoints and references to Spring Security <code>AuthenticationManager</code>
and <code>AccessDecisionManager</code> objects used to determine whether the current
principal has been assigned that role.  Policy objects may be configured as Spring beans or
by using an <code>&lt;authorizationPolicy&gt;</code> element in Spring
XML.</p>
-
-<p>The <code>&lt;authorizationPolicy&gt;</code> element may contain
the following attributes:</p>
-
-<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Default Value</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>id</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The unique Spring bean identifier
which is used to reference the policy in routes (required)</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>access</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The Spring Security authority name
that is passed to the access decision manager (required)</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>authenticationMana
 ger</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>authenticationManager</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The name of the Spring Security <code>AuthenticationManager</code>
object in the context</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>accessDecisionManager</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>accessDecisionManager</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The name of the Spring Security <code>AccessDecisionManager</code>
object in the context</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>authenticationAdapter</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>DefaultAuthenticationAdapter</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Camel 2.4</strong>
The name of a <strong>camel-spring-security</strong> <code>AuthenticationAdapter</code>
object in the context that
  is used to convert a <code>javax.security.auth.Subject</code> into a Spring
Security <code>Authentication</code> instance.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>useThreadSecurityContext</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>If a <code>javax.security.auth.Subject</code>
cannot be found in the In message header under Exchange.AUTHENTICATION, check the Spring Security
<code>SecurityContextHolder</code> for an <code>Authentication</code>
object.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>alwaysReauthenticate</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>If set to true, the <code>SpringSecurityAuthorizationPolicy</code>
will always call <code>AuthenticationManager.authenticate()</code> each time the
policy is access
 ed.</p></td></tr></tbody></table></div>
-
-
-
-<h3 id="SpringSecurity-ControllingaccesstoCamelroutes">Controlling access to Camel
routes</h3>
-
-<p>A Spring Security <code>AuthenticationManager</code> and <code>AccessDecisionManager</code>
are required to use this component.  Here is an example of how to configure these objects
in Spring XML using the Spring Security namespace:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<div class="wiki-content maincontent"><h2 id="SpringSecurity-SpringSecurity">Spring
Security</h2><p><strong>Available as of Camel 2.3</strong></p><p>The
<strong>camel-spring-security</strong> component provides role-based authorization
for Camel routes. It leverages the authentication and user services provided by <a shape="rect"
class="external-link" href="http://static.springsource.org/spring-security/site/index.html"
rel="nofollow">Spring Security</a> (formerly Acegi Security) and adds a declarative,
role-based policy system to control whether a route can be executed by a given principal.</p><p>If
you are not familiar with the Spring Security authentication and authorization system, please
review the current reference documentation on the SpringSource web site linked above.</p><h3
id="SpringSecurity-Creatingauthorizationpolicies">Creating authorization policies</h3><p>Access
to a route is controlled by an instance of a <code>SpringSecurityAuthorizationPolicy</code>
object. A poli
 cy object contains the name of the Spring Security authority (role) required to run a set
of endpoints and references to Spring Security <code>AuthenticationManager</code>
and <code>AccessDecisionManager</code> objects used to determine whether the current
principal has been assigned that role. Policy objects may be configured as Spring beans or
by using an <code>&lt;authorizationPolicy&gt;</code> element in Spring
XML.</p><p>The <code>&lt;authorizationPolicy&gt;</code> element
may contain the following attributes:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Default Value</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>id</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class
 ="confluenceTd"><p>The unique Spring bean identifier which is used to reference
the policy in routes (required)</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>access</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The Spring Security authority name
that is passed to the access decision manager (required)</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>authenticationManager</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>authenticationManager</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The name of the Spring Security <code>AuthenticationManager</code>
object in the context</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>accessDecisionManager</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>accessDecisionManager</code></p></td><td
colspan
 ="1" rowspan="1" class="confluenceTd"><p>The name of the Spring Security <code>AccessDecisionManager</code>
object in the context</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>authenticationAdapter</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>DefaultAuthenticationAdapter</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Camel 2.4</strong>
The name of a <strong>camel-spring-security</strong> <code>AuthenticationAdapter</code>
object in the context that is used to convert a <code>javax.security.auth.Subject</code>
into a Spring Security <code>Authentication</code> instance.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>useThreadSecurityContext</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>If a <code>javax.security.auth.Subject</code>
cannot be found in the In message header under Exchange.AU
 THENTICATION, check the Spring Security <code>SecurityContextHolder</code> for
an <code>Authentication</code> object.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>alwaysReauthenticate</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>If set to true, the <code>SpringSecurityAuthorizationPolicy</code>
will always call <code>AuthenticationManager.authenticate()</code> each time the
policy is accessed.</p></td></tr></tbody></table></div><h3
id="SpringSecurity-ControllingaccesstoCamelroutes">Controlling access to Camel routes</h3><p>A
Spring Security <code>AuthenticationManager</code> and <code>AccessDecisionManager</code>
are required to use this component. Here is an example of how to configure these objects in
Spring XML using the Spring Security namespace:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 &lt;beans xmlns=&quot;http://www.springframework.org/schema/beans&quot;
        xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
@@ -137,11 +116,7 @@
 
 &lt;/beans&gt;
 ]]></script>
-</div></div>
-
-<p>Now that the underlying security objects are set up, we can use them to configure
an authorization policy and use that policy to control access to a route:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p>Now that the underlying security objects are set up, we
can use them to configure an authorization policy and use that policy to control access to
a route:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 &lt;beans xmlns=&quot;http://www.springframework.org/schema/beans&quot;
        xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
@@ -172,17 +147,8 @@
 
 &lt;/beans&gt;
 ]]></script>
-</div></div>
-
-<p>In this example, the endpoint <code>mock:end</code> will not be executed
unless a Spring Security <code>Authentication</code> object that has been or can
be authenticated and contains the <code>ROLE_ADMIN</code> authority can be located
by the <em>admin</em> <code>SpringSecurityAuthorizationPolicy</code>.</p>
-
-<h3 id="SpringSecurity-Authentication">Authentication</h3>
-
-<p>The process of obtaining security credentials that are used for authorization is
not specified by this component.  You can write your own processors or components which get
authentication information from the exchange depending on your needs.  For example, you might
create a processor that gets credentials from an HTTP request header originating in the <a
shape="rect" href="jetty.html">Jetty</a> component.  No matter how the credentials
are collected, they need to be placed in the In message or the <code>SecurityContextHolder</code>
so the Camel <a shape="rect" href="spring-security.html">Spring Security</a> component
can access them:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-import javax.security.auth.Subject;
+</div></div><p>In this example, the endpoint <code>mock:end</code>
will not be executed unless a Spring Security <code>Authentication</code> object
that has been or can be authenticated and contains the <code>ROLE_ADMIN</code>
authority can be located by the <em>admin</em> <code>SpringSecurityAuthorizationPolicy</code>.</p><h3
id="SpringSecurity-Authentication">Authentication</h3><p>The process of obtaining
security credentials that are used for authorization is not specified by this component. You
can write your own processors or components which get authentication information from the
exchange depending on your needs. For example, you might create a processor that gets credentials
from an HTTP request header originating in the <a shape="rect" href="jetty.html">Jetty</a>
component. No matter how the credentials are collected, they need to be placed in the In message
or the <code>SecurityContextHolder</code> so the Camel <a shape="rect" href="spring-security.html">Spring
Security</a
 > component can access them:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[import
javax.security.auth.Subject;
 import org.apache.camel.*;
 import org.apache.commons.codec.binary.Base64;
 import org.springframework.security.authentication.*;
@@ -193,14 +159,14 @@ public class MyAuthService implements Pr
         // get the username and password from the HTTP header
         // http://en.wikipedia.org/wiki/Basic_access_authentication
         String userpass = new String(Base64.decodeBase64(exchange.getIn().getHeader(&quot;Authorization&quot;,
String.class)));
-        String[] tokens= userpass.split(&quot;:&quot;);
+        String[] tokens = userpass.split(&quot;:&quot;);
         
         // create an Authentication object
         UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(tokens[0],
tokens[1]);
 
         // wrap it in a Subject
         Subject subject = new Subject();
-        subject.getPrincipals().add(token);
+        subject.getPrincipals().add(authToken);
 
         // place the Subject in the In message
         exchange.getIn().setHeader(Exchange.AUTHENTICATION, subject);
@@ -210,21 +176,8 @@ public class MyAuthService implements Pr
     }
 }
 ]]></script>
-</div></div>
-
-<p>The <code>SpringSecurityAuthorizationPolicy</code> will automatically
authenticate the <code>Authentication</code> object if necessary.</p>
-
-<p>There are two issues to be aware of when using the <code>SecurityContextHolder</code>
instead of or in addition to the <code>Exchange.AUTHENTICATION</code> header.
 First, the context holder uses a thread-local variable to hold the <code>Authentication</code>
object.  Any routes that cross thread boundaries, like <strong>seda</strong> or
<strong>jms</strong>, will lose the <code>Authentication</code> object.
 Second, the Spring Security system appears to expect that an <code>Authentication</code>
object in the context is already authenticated and has roles (see the Technical Overview <a
shape="rect" class="external-link" href="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/technical-overview.html#tech-intro-authentication"
rel="nofollow">section 5.3.1</a> for more details).</p>
-
-<p>The default behavior of <strong>camel-spring-security</strong> is to
look for a <code>Subject</code> in the <code>Exchange.AUTHENTICATION</code>
header.  This <code>Subject</code> must contain at least one principal, which
must be a subclass of <code>org.springframework.security.core.Authentication</code>.
 You can customize the mapping of <code>Subject</code> to <code>Authentication</code>
object by providing an implementation of the <code>org.apache.camel.component.spring.security.AuthenticationAdapter</code>
to your <code>&lt;authorizationPolicy&gt;</code> bean.  This can be useful
if you are working with components that do not use Spring Security but do provide a <code>Subject</code>.
 At this time, only the <a shape="rect" href="cxf.html">CXF</a> component populates
the <code>Exchange.AUTHENTICATION</code> header.</p>
-
-<h3 id="SpringSecurity-Handlingauthenticationandauthorizationerrors">Handling authentication
and authorization errors</h3>
-
-<p>If authentication or authorization fails in the <code>SpringSecurityAuthorizationPolicy</code>,
a <code>CamelAuthorizationException</code> will be thrown.  This can be handled
using Camel's standard exception handling methods, like the <a shape="rect" href="exception-clause.html">Exception
Clause</a>.  The <code>CamelAuthorizationException</code> will have a reference
to the ID of the policy which threw the exception so you can handle errors based on the policy
as well as the type of exception:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;onException&gt;
+</div></div><p>The <code>SpringSecurityAuthorizationPolicy</code>
will automatically authenticate the <code>Authentication</code> object if necessary.</p><p>There
are two issues to be aware of when using the <code>SecurityContextHolder</code>
instead of or in addition to the <code>Exchange.AUTHENTICATION</code> header.
First, the context holder uses a thread-local variable to hold the <code>Authentication</code>
object. Any routes that cross thread boundaries, like <strong>seda</strong> or
<strong>jms</strong>, will lose the <code>Authentication</code> object.
Second, the Spring Security system appears to expect that an <code>Authentication</code>
object in the context is already authenticated and has roles (see the Technical Overview <a
shape="rect" class="external-link" href="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/technical-overview.html#tech-intro-authentication"
rel="nofollow">section 5.3.1</a> for more details).</p><p>The default
behavior of <s
 trong>camel-spring-security</strong> is to look for a <code>Subject</code>
in the <code>Exchange.AUTHENTICATION</code> header. This <code>Subject</code>
must contain at least one principal, which must be a subclass of <code>org.springframework.security.core.Authentication</code>.
You can customize the mapping of <code>Subject</code> to <code>Authentication</code>
object by providing an implementation of the <code>org.apache.camel.component.spring.security.AuthenticationAdapter</code>
to your <code>&lt;authorizationPolicy&gt;</code> bean. This can be useful
if you are working with components that do not use Spring Security but do provide a <code>Subject</code>.
At this time, only the <a shape="rect" href="cxf.html">CXF</a> component populates
the <code>Exchange.AUTHENTICATION</code> header.</p><h3 id="SpringSecurity-Handlingauthenticationandauthorizationerrors">Handling
authentication and authorization errors</h3><p>If authentication or authorization
fails in the <code>SpringSecurity
 AuthorizationPolicy</code>, a <code>CamelAuthorizationException</code>
will be thrown. This can be handled using Camel's standard exception handling methods, like
the <a shape="rect" href="exception-clause.html">Exception Clause</a>. The <code>CamelAuthorizationException</code>
will have a reference to the ID of the policy which threw the exception so you can handle
errors based on the policy as well as the type of exception:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;onException&gt;
   &lt;exception&gt;org.springframework.security.authentication.AccessDeniedException&lt;/exception&gt;
   &lt;choice&gt;
     &lt;when&gt;
@@ -242,13 +195,7 @@ public class MyAuthService implements Pr
   &lt;/choice&gt;
 &lt;/onException&gt;
 ]]></script>
-</div></div>
-
-<h3 id="SpringSecurity-Dependencies">Dependencies </h3>
-
-<p>Maven users will need to add the following dependency to their <code>pom.xml</code>
for this component:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><h3 id="SpringSecurity-Dependencies">Dependencies</h3><p>Maven
users will need to add the following dependency to their <code>pom.xml</code>
for this component:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[

 &lt;dependency&gt; 
   &lt;groupId&gt;org.apache.camel&lt;/groupId&gt; 
@@ -256,13 +203,8 @@ public class MyAuthService implements Pr
   &lt;version&gt;2.4.0&lt;/version&gt; 
 &lt;/dependency&gt; 
 ]]></script>
-</div></div> 
-
-<p>This dependency will also pull in <code>org.springframework.security:spring-security-core:3.0.3.RELEASE</code>
and <code>org.springframework.security:spring-security-config:3.0.3.RELEASE</code>.</p>
-
-<h3 id="SpringSecurity-SeeAlso">See Also</h3>
-<ul><li><a shape="rect" href="configuring-camel.html">Configuring Camel</a></li><li><a
shape="rect" href="component.html">Component</a></li><li><a shape="rect"
href="endpoint.html">Endpoint</a></li><li><a shape="rect" href="getting-started.html">Getting
Started</a></li></ul>
-<ul class="alternate"><li><a shape="rect" href="components.html">Components</a></li></ul></div>
+</div></div><p>This dependency will also pull in <code>org.springframework.security:spring-security-core:3.0.3.RELEASE</code>
and <code>org.springframework.security:spring-security-config:3.0.3.RELEASE</code>.</p><p></p><h3
id="SpringSecurity-SeeAlso">See Also</h3>
+<ul><li><a shape="rect" href="configuring-camel.html">Configuring Camel</a></li><li><a
shape="rect" href="component.html">Component</a></li><li><a shape="rect"
href="endpoint.html">Endpoint</a></li><li><a shape="rect" href="getting-started.html">Getting
Started</a></li></ul><ul class="alternate"><li><a shape="rect"
href="components.html">Components</a></li></ul></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message