camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oals...@apache.org
Subject [camel] branch master updated: CAMEL-14208 camel-undertow: add option to secure endpoints with Keycloak on spring-boot
Date Thu, 19 Mar 2020 16:16:24 GMT
This is an automated email from the ASF dual-hosted git repository.

oalsafi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/master by this push:
     new 9784e28  CAMEL-14208 camel-undertow: add option to secure endpoints with Keycloak on spring-boot
     new 3281313  Merge pull request #3652 from JiriOndrusek/CAMEL-14208_camel-undertow-keycloak
9784e28 is described below

commit 9784e2841b382f16cc81f11be487bd09b26e7918
Author: JiriOndrusek <ondrusek.jiri@gmail.com>
AuthorDate: Wed Mar 18 14:14:22 2020 +0100

    CAMEL-14208 camel-undertow: add option to secure endpoints with Keycloak on spring-boot
---
 .../elytron/ElytronEndpointConfigurer.java         |   9 --
 .../apache/camel/component/elytron/elytron.json    |   5 +-
 .../src/main/docs/elytron-component.adoc           |   9 +-
 .../camel/component/elytron/ElytronConsumer.java   |  18 +--
 .../camel/component/elytron/ElytronEndpoint.java   |  16 +--
 .../camel/component/elytron/BaseElytronTest.java   |   4 +-
 .../undertow/UndertowComponentConfigurer.java      |   4 +
 .../undertow/UndertowEndpointConfigurer.java       |   4 +
 .../apache/camel/component/undertow/undertow.json  |   4 +
 .../src/main/docs/undertow-component.adoc          |  17 ++-
 .../component/undertow/UndertowComponent.java      |  29 ++++
 .../camel/component/undertow/UndertowConsumer.java |  17 +++
 .../camel/component/undertow/UndertowEndpoint.java |  64 +++++++++
 .../undertow/spi/UndertowSecurityProvider.java     |  64 +++++++++
 .../undertow/spi/AbstractSecurityProviderTest.java | 136 ++++++++++++++++++
 .../spi/SecurityProviderNoAcceptanceTest.java      |  48 +++++++
 .../undertow/spi/SecurityProviderTest.java         |  61 ++++++++
 .../dsl/ElytronComponentBuilderFactory.java        |  30 ++++
 .../dsl/UndertowComponentBuilderFactory.java       |  30 ++++
 .../dsl/ElytronEndpointBuilderFactory.java         | 156 ++++++++++++++++-----
 .../dsl/UndertowEndpointBuilderFactory.java        | 126 +++++++++++++++++
 .../modules/ROOT/pages/elytron-component.adoc      |   9 +-
 docs/components/modules/ROOT/pages/index.adoc      |   2 +-
 .../modules/ROOT/pages/undertow-component.adoc     |  17 ++-
 24 files changed, 805 insertions(+), 74 deletions(-)

diff --git a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java b/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java
index 06d6417..514c334 100644
--- a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java
+++ b/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java
@@ -11,15 +11,6 @@ import org.apache.camel.component.undertow.UndertowEndpointConfigurer;
 @SuppressWarnings("unchecked")
 public class ElytronEndpointConfigurer extends UndertowEndpointConfigurer implements GeneratedPropertyConfigurer {
 
-    @Override
-    public boolean configure(CamelContext camelContext, Object obj, String name, Object value, boolean ignoreCase) {
-        ElytronEndpoint target = (ElytronEndpoint) obj;
-        switch (ignoreCase ? name.toLowerCase() : name) {
-        case "allowedroles":
-        case "allowedRoles": target.setAllowedRoles(property(camelContext, java.lang.String.class, value)); return true;
-        default: return super.configure(camelContext, obj, name, value, ignoreCase);
-        }
-    }
 
 }
 
diff --git a/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json b/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json
index 8897b51..76201e4 100644
--- a/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json
+++ b/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json
@@ -29,12 +29,13 @@
     "mechanismName": { "kind": "property", "displayName": "Mechanism Name", "group": "advanced", "label": "advanced", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "defaultValue": "BEARER_TOKEN", "description": "Name of the mechanism, which will be used for selection of authentication mechanism." },
     "securityDomainBuilder": { "kind": "property", "displayName": "Security Domain Builder", "group": "advanced", "label": "advanced", "required": true, "type": "object", "javaType": "org.wildfly.security.auth.server.SecurityDomain.Builder", "deprecated": false, "secret": false, "description": "Definition of Builder, which will be used for creation of security domain." },
     "undertowHttpBinding": { "kind": "property", "displayName": "Undertow Http Binding", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.UndertowHttpBinding", "deprecated": false, "secret": false, "description": "To use a custom HttpBinding to control the mapping between Camel message and HttpClient." },
+    "allowedRoles": { "kind": "property", "displayName": "Allowed Roles", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles." },
+    "securityConfiguration": { "kind": "property", "displayName": "Security Configuration", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.lang.Object", "deprecated": false, "secret": false, "description": "Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration." },
     "sslContextParameters": { "kind": "property", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "secret": false, "description": "To configure security using SSLContextParameters" },
     "useGlobalSslContextParameters": { "kind": "property", "displayName": "Use Global Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Enable usage of global SSL context parameters." }
   },
   "properties": {
     "httpURI": { "kind": "path", "displayName": "Http URI", "group": "common", "label": "", "required": true, "type": "string", "javaType": "java.net.URI", "deprecated": false, "deprecationNote": "", "secret": false, "description": "The url of the HTTP endpoint to use." },
-    "allowedRoles": { "kind": "parameter", "displayName": "Allowed Roles", "group": "common", "label": "common", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Comma separated list of allowed roles." },
     "useStreaming": { "kind": "parameter", "displayName": "Use Streaming", "group": "common", "label": "common", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "For HTTP endpoint: if true, text and binary messages will be wrapped as java.io.InputStream before they are passed to an Exchange; otherwise they will be passed as byte. For WebSocket endpoint: if true, text and binary messages will be wra [...]
     "accessLog": { "kind": "parameter", "displayName": "Access Log", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Whether or not the consumer should write access log" },
     "bridgeErrorHandler": { "kind": "parameter", "displayName": "Bridge Error Handler", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled b [...]
@@ -59,6 +60,8 @@
     "headerFilterStrategy": { "kind": "parameter", "displayName": "Header Filter Strategy", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "secret": false, "description": "To use a custom HeaderFilterStrategy to filter header to and from Camel message." },
     "synchronous": { "kind": "parameter", "displayName": "Synchronous", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported)." },
     "undertowHttpBinding": { "kind": "parameter", "displayName": "Undertow Http Binding", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.UndertowHttpBinding", "deprecated": false, "secret": false, "description": "To use a custom UndertowHttpBinding to control the mapping between Camel message and undertow." },
+    "allowedRoles": { "kind": "parameter", "displayName": "Allowed Roles", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "List of allowed roles in String format" },
+    "securityConfiguration": { "kind": "parameter", "displayName": "Security Configuration", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.lang.Object", "deprecated": false, "secret": false, "description": "OConfiguration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration." },
     "sslContextParameters": { "kind": "parameter", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "secret": false, "description": "To configure security using SSLContextParameters" },
     "fireWebSocketChannelEvents": { "kind": "parameter", "displayName": "Fire Web Socket Channel Events", "group": "websocket", "label": "consumer,websocket", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "if true, the consumer will post notifications to the route when a new WebSocket peer connects, disconnects, etc. See UndertowConstants.EVENT_TYPE and EventType." },
     "sendTimeout": { "kind": "parameter", "displayName": "Send Timeout", "group": "websocket", "label": "producer,websocket", "required": false, "type": "integer", "javaType": "java.lang.Integer", "deprecated": false, "secret": false, "defaultValue": "30000", "description": "Timeout in milliseconds when sending to a websocket channel. The default timeout is 30000 (30 seconds)." },
diff --git a/components/camel-elytron/src/main/docs/elytron-component.adoc b/components/camel-elytron/src/main/docs/elytron-component.adoc
index e46214b..85bc671 100644
--- a/components/camel-elytron/src/main/docs/elytron-component.adoc
+++ b/components/camel-elytron/src/main/docs/elytron-component.adoc
@@ -49,7 +49,7 @@ You can append query options to the URI in the following format,
 == Options
 
 // component options: START
-The Elytron component supports 11 options, which are listed below.
+The Elytron component supports 13 options, which are listed below.
 
 
 
@@ -65,6 +65,8 @@ The Elytron component supports 11 options, which are listed below.
 | *mechanismName* (advanced) | Name of the mechanism, which will be used for selection of authentication mechanism. | BEARER_TOKEN | String
 | *securityDomainBuilder* (advanced) | *Required* Definition of Builder, which will be used for creation of security domain. |  | Builder
 | *undertowHttpBinding* (advanced) | To use a custom HttpBinding to control the mapping between Camel message and HttpClient. |  | UndertowHttpBinding
+| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles. |  | String
+| *securityConfiguration* (security) | Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration. |  | Object
 | *sslContextParameters* (security) | To configure security using SSLContextParameters |  | SSLContextParameters
 | *useGlobalSslContextParameters* (security) | Enable usage of global SSL context parameters. | false | boolean
 |===
@@ -90,13 +92,12 @@ with the following path and query parameters:
 |===
 
 
-=== Query Parameters (29 parameters):
+=== Query Parameters (30 parameters):
 
 
 [width="100%",cols="2,5,^1,2",options="header"]
 |===
 | Name | Description | Default | Type
-| *allowedRoles* (common) | Comma separated list of allowed roles. |  | String
 | *useStreaming* (common) | For HTTP endpoint: if true, text and binary messages will be wrapped as java.io.InputStream before they are passed to an Exchange; otherwise they will be passed as byte. For WebSocket endpoint: if true, text and binary messages will be wrapped as java.io.Reader and java.io.InputStream respectively before they are passed to an Exchange; otherwise they will be passed as String and byte respectively. | false | boolean
 | *accessLog* (consumer) | Whether or not the consumer should write access log | false | Boolean
 | *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean
@@ -121,6 +122,8 @@ with the following path and query parameters:
 | *headerFilterStrategy* (advanced) | To use a custom HeaderFilterStrategy to filter header to and from Camel message. |  | HeaderFilterStrategy
 | *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
 | *undertowHttpBinding* (advanced) | To use a custom UndertowHttpBinding to control the mapping between Camel message and undertow. |  | UndertowHttpBinding
+| *allowedRoles* (security) | List of allowed roles in String format |  | String
+| *securityConfiguration* (security) | OConfiguration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration. |  | Object
 | *sslContextParameters* (security) | To configure security using SSLContextParameters |  | SSLContextParameters
 | *fireWebSocketChannelEvents* (websocket) | if true, the consumer will post notifications to the route when a new WebSocket peer connects, disconnects, etc. See UndertowConstants.EVENT_TYPE and EventType. | false | boolean
 | *sendTimeout* (websocket) | Timeout in milliseconds when sending to a websocket channel. The default timeout is 30000 (30 seconds). | 30000 | Integer
diff --git a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java
index f81e33b..30f0b34 100644
--- a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java
+++ b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java
@@ -16,6 +16,7 @@
  */
 package org.apache.camel.component.elytron;
 
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -57,7 +58,7 @@ public class ElytronConsumer extends UndertowConsumer {
                 }
             }
 
-            if (isAllowed(roles, getElytronEndpoint().getAllowedRolesList())) {
+            if (isAllowed(roles, getElytronEndpoint().getAllowedRoles())) {
                 super.handleRequest(httpExchange);
             } else {
                 httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
@@ -69,14 +70,15 @@ public class ElytronConsumer extends UndertowConsumer {
 
         super.handleRequest(httpExchange);
     }
-
-    public boolean isAllowed(Set<String> roles, List<String> allowedRoles) {
-        for (String role : allowedRoles) {
-            if (roles.contains(role)) {
-                return true;
+    public boolean isAllowed(Set<String> roles, String allowedRolesString) {
+        if (allowedRolesString != null) {
+            List<String> allowedRoles = Arrays.asList(allowedRolesString.split("\\s*,\\s*"));
+            for (String role : allowedRoles) {
+                if (roles.contains(role)) {
+                    return true;
+                }
             }
         }
-
-        return false;
+        return false;        
     }
 }
diff --git a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java
index fc17047..78bb1957 100644
--- a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java
+++ b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java
@@ -44,9 +44,8 @@ public class ElytronEndpoint extends UndertowEndpoint {
      */
     public static final String SECURITY_IDENTITY_HEADER = "securityIdentity";
 
-    @UriParam(label = "common")
-    private String allowedRoles = "";
-    private List<String> allowedRolesList = Collections.emptyList();
+    @UriParam(label = "security", description = "List of allowed roles in String format")
+    private String allowedRoles;
 
     public ElytronEndpoint(String uri, UndertowComponent component) {
         super(uri, component);
@@ -72,18 +71,13 @@ public class ElytronEndpoint extends UndertowEndpoint {
         return exchange;
     }
 
-    public List<String> getAllowedRolesList() {
-        return allowedRolesList;
-    }
-
-    /**
-     * Comma separated list of allowed roles.
-     */
+    @Override
     public String getAllowedRoles() {
         return allowedRoles;
     }
 
+    @Override
     public void setAllowedRoles(String allowedRoles) {
-        this.allowedRolesList = allowedRoles == null ? null : Arrays.asList(allowedRoles.split("\\s*,\\s*"));
+        this.allowedRoles = allowedRoles;
     }
 }
diff --git a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
index 902009c..3834073 100644
--- a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
+++ b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
@@ -105,7 +105,9 @@ public abstract class BaseElytronTest extends CamelTestSupport {
     }
 
     private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
-        return KeyPairGenerator.getInstance("RSA").generateKeyPair();
+        KeyPairGenerator generator =  KeyPairGenerator.getInstance("RSA");
+        generator.initialize(2048);
+        return generator.generateKeyPair();
     }
 
 }
diff --git a/components/camel-undertow/src/generated/java/org/apache/camel/component/undertow/UndertowComponentConfigurer.java b/components/camel-undertow/src/generated/java/org/apache/camel/component/undertow/UndertowComponentConfigurer.java
index 72de3c0..a8dfd8f 100644
--- a/components/camel-undertow/src/generated/java/org/apache/camel/component/undertow/UndertowComponentConfigurer.java
+++ b/components/camel-undertow/src/generated/java/org/apache/camel/component/undertow/UndertowComponentConfigurer.java
@@ -15,6 +15,8 @@ public class UndertowComponentConfigurer extends PropertyConfigurerSupport imple
     public boolean configure(CamelContext camelContext, Object obj, String name, Object value, boolean ignoreCase) {
         UndertowComponent target = (UndertowComponent) obj;
         switch (ignoreCase ? name.toLowerCase() : name) {
+        case "allowedroles":
+        case "allowedRoles": target.setAllowedRoles(property(camelContext, java.lang.String.class, value)); return true;
         case "basicpropertybinding":
         case "basicPropertyBinding": target.setBasicPropertyBinding(property(camelContext, boolean.class, value)); return true;
         case "bridgeerrorhandler":
@@ -25,6 +27,8 @@ public class UndertowComponentConfigurer extends PropertyConfigurerSupport imple
         case "lazyStartProducer": target.setLazyStartProducer(property(camelContext, boolean.class, value)); return true;
         case "muteexception":
         case "muteException": target.setMuteException(property(camelContext, boolean.class, value)); return true;
+        case "securityconfiguration":
+        case "securityConfiguration": target.setSecurityConfiguration(property(camelContext, java.lang.Object.class, value)); return true;
         case "sslcontextparameters":
         case "sslContextParameters": target.setSslContextParameters(property(camelContext, org.apache.camel.support.jsse.SSLContextParameters.class, value)); return true;
         case "undertowhttpbinding":
diff --git a/components/camel-undertow/src/generated/java/org/apache/camel/component/undertow/UndertowEndpointConfigurer.java b/components/camel-undertow/src/generated/java/org/apache/camel/component/undertow/UndertowEndpointConfigurer.java
index 0a7014a..17ed3d6 100644
--- a/components/camel-undertow/src/generated/java/org/apache/camel/component/undertow/UndertowEndpointConfigurer.java
+++ b/components/camel-undertow/src/generated/java/org/apache/camel/component/undertow/UndertowEndpointConfigurer.java
@@ -19,6 +19,8 @@ public class UndertowEndpointConfigurer extends PropertyConfigurerSupport implem
         case "accessLog": target.setAccessLog(property(camelContext, java.lang.Boolean.class, value)); return true;
         case "accesslogreceiver":
         case "accessLogReceiver": target.setAccessLogReceiver(property(camelContext, io.undertow.server.handlers.accesslog.AccessLogReceiver.class, value)); return true;
+        case "allowedroles":
+        case "allowedRoles": target.setAllowedRoles(property(camelContext, java.lang.String.class, value)); return true;
         case "basicpropertybinding":
         case "basicPropertyBinding": target.setBasicPropertyBinding(property(camelContext, boolean.class, value)); return true;
         case "bridgeerrorhandler":
@@ -51,6 +53,8 @@ public class UndertowEndpointConfigurer extends PropertyConfigurerSupport implem
         case "preserveHostHeader": target.setPreserveHostHeader(property(camelContext, boolean.class, value)); return true;
         case "reuseaddresses":
         case "reuseAddresses": target.setReuseAddresses(property(camelContext, java.lang.Boolean.class, value)); return true;
+        case "securityconfiguration":
+        case "securityConfiguration": target.setSecurityConfiguration(property(camelContext, java.lang.Object.class, value)); return true;
         case "sendtimeout":
         case "sendTimeout": target.setSendTimeout(property(camelContext, java.lang.Integer.class, value)); return true;
         case "sendtoall":
diff --git a/components/camel-undertow/src/generated/resources/org/apache/camel/component/undertow/undertow.json b/components/camel-undertow/src/generated/resources/org/apache/camel/component/undertow/undertow.json
index 9548044..d1c30aa 100644
--- a/components/camel-undertow/src/generated/resources/org/apache/camel/component/undertow/undertow.json
+++ b/components/camel-undertow/src/generated/resources/org/apache/camel/component/undertow/undertow.json
@@ -26,6 +26,8 @@
     "basicPropertyBinding": { "kind": "property", "displayName": "Basic Property Binding", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities" },
     "hostOptions": { "kind": "property", "displayName": "Host Options", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.UndertowHostOptions", "deprecated": false, "secret": false, "description": "To configure common options, such as thread pools" },
     "undertowHttpBinding": { "kind": "property", "displayName": "Undertow Http Binding", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.UndertowHttpBinding", "deprecated": false, "secret": false, "description": "To use a custom HttpBinding to control the mapping between Camel message and HttpClient." },
+    "allowedRoles": { "kind": "property", "displayName": "Allowed Roles", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles." },
+    "securityConfiguration": { "kind": "property", "displayName": "Security Configuration", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.lang.Object", "deprecated": false, "secret": false, "description": "Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration." },
     "sslContextParameters": { "kind": "property", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "secret": false, "description": "To configure security using SSLContextParameters" },
     "useGlobalSslContextParameters": { "kind": "property", "displayName": "Use Global Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Enable usage of global SSL context parameters." }
   },
@@ -55,6 +57,8 @@
     "headerFilterStrategy": { "kind": "parameter", "displayName": "Header Filter Strategy", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "secret": false, "description": "To use a custom HeaderFilterStrategy to filter header to and from Camel message." },
     "synchronous": { "kind": "parameter", "displayName": "Synchronous", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported)." },
     "undertowHttpBinding": { "kind": "parameter", "displayName": "Undertow Http Binding", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.UndertowHttpBinding", "deprecated": false, "secret": false, "description": "To use a custom UndertowHttpBinding to control the mapping between Camel message and undertow." },
+    "allowedRoles": { "kind": "parameter", "displayName": "Allowed Roles", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles." },
+    "securityConfiguration": { "kind": "parameter", "displayName": "Security Configuration", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.lang.Object", "deprecated": false, "secret": false, "description": "OConfiguration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration." },
     "sslContextParameters": { "kind": "parameter", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "secret": false, "description": "To configure security using SSLContextParameters" },
     "fireWebSocketChannelEvents": { "kind": "parameter", "displayName": "Fire Web Socket Channel Events", "group": "websocket", "label": "consumer,websocket", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "if true, the consumer will post notifications to the route when a new WebSocket peer connects, disconnects, etc. See UndertowConstants.EVENT_TYPE and EventType." },
     "sendTimeout": { "kind": "parameter", "displayName": "Send Timeout", "group": "websocket", "label": "producer,websocket", "required": false, "type": "integer", "javaType": "java.lang.Integer", "deprecated": false, "secret": false, "defaultValue": "30000", "description": "Timeout in milliseconds when sending to a websocket channel. The default timeout is 30000 (30 seconds)." },
diff --git a/components/camel-undertow/src/main/docs/undertow-component.adoc b/components/camel-undertow/src/main/docs/undertow-component.adoc
index 4969d8d..0348679 100644
--- a/components/camel-undertow/src/main/docs/undertow-component.adoc
+++ b/components/camel-undertow/src/main/docs/undertow-component.adoc
@@ -47,7 +47,7 @@ You can append query options to the URI in the following format,
 == Options
 
 // component options: START
-The Undertow component supports 8 options, which are listed below.
+The Undertow component supports 10 options, which are listed below.
 
 
 
@@ -60,6 +60,8 @@ The Undertow component supports 8 options, which are listed below.
 | *basicPropertyBinding* (advanced) | Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | boolean
 | *hostOptions* (advanced) | To configure common options, such as thread pools |  | UndertowHostOptions
 | *undertowHttpBinding* (advanced) | To use a custom HttpBinding to control the mapping between Camel message and HttpClient. |  | UndertowHttpBinding
+| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles. |  | String
+| *securityConfiguration* (security) | Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration. |  | Object
 | *sslContextParameters* (security) | To configure security using SSLContextParameters |  | SSLContextParameters
 | *useGlobalSslContextParameters* (security) | Enable usage of global SSL context parameters. | false | boolean
 |===
@@ -85,7 +87,7 @@ with the following path and query parameters:
 |===
 
 
-=== Query Parameters (28 parameters):
+=== Query Parameters (30 parameters):
 
 
 [width="100%",cols="2,5,^1,2",options="header"]
@@ -115,6 +117,8 @@ with the following path and query parameters:
 | *headerFilterStrategy* (advanced) | To use a custom HeaderFilterStrategy to filter header to and from Camel message. |  | HeaderFilterStrategy
 | *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
 | *undertowHttpBinding* (advanced) | To use a custom UndertowHttpBinding to control the mapping between Camel message and undertow. |  | UndertowHttpBinding
+| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles. |  | String
+| *securityConfiguration* (security) | OConfiguration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration. |  | Object
 | *sslContextParameters* (security) | To configure security using SSLContextParameters |  | SSLContextParameters
 | *fireWebSocketChannelEvents* (websocket) | if true, the consumer will post notifications to the route when a new WebSocket peer connects, disconnects, etc. See UndertowConstants.EVENT_TYPE and EventType. | false | boolean
 | *sendTimeout* (websocket) | Timeout in milliseconds when sending to a websocket channel. The default timeout is 30000 (30 seconds). | 30000 | Integer
@@ -204,5 +208,14 @@ If you actually want to expose routes by HTTP and already have a
 Servlet, you should instead refer to the
 xref:servlet-component.adoc[Servlet Transport].
 
+== Security provider
+
+To plugin security provider for endpoint authentication, implement SPI interface
+`org.apache.camel.component.undertow.spi.UndertowSecurityProvider`.
+
+Undertow components locates all implementations of `UndertowSecurityProvider` using
+Java SPI (Service Provider Interfaces). If there is an object passed to component
+as parameter `securityConfiguration` and provider accepts it. Provider will be used
+for authentication of all requests.
 
 include::camel-spring-boot::page$undertow-starter.adoc[]
diff --git a/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowComponent.java b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowComponent.java
index de3e329..e6ecbc0 100644
--- a/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowComponent.java
+++ b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowComponent.java
@@ -73,6 +73,11 @@ public class UndertowComponent extends DefaultComponent implements RestConsumerF
     private UndertowHostOptions hostOptions;
     @Metadata(label = "consumer", defaultValue = "false")
     private boolean muteException;
+    @Metadata(label = "security")
+    private Object securityConfiguration;
+    @Metadata(label = "security")
+    private String allowedRoles;
+
 
     public UndertowComponent() {
         this(null);
@@ -86,6 +91,7 @@ public class UndertowComponent extends DefaultComponent implements RestConsumerF
 
     @Override
     protected Endpoint createEndpoint(String uri, String remaining, Map<String, Object> parameters) throws Exception {
+
         URI uriHttpUriAddress = new URI(UnsafeUriCharactersEncoder.encodeHttpURI(remaining));
         URI endpointUri = URISupport.createRemainingURI(uriHttpUriAddress, parameters);
 
@@ -406,4 +412,27 @@ public class UndertowComponent extends DefaultComponent implements RestConsumerF
     public Set<HttpHandlerRegistrationInfo> getHandlers() {
         return handlers;
     }
+
+    public Object getSecurityConfiguration() {
+        return securityConfiguration;
+    }
+
+    /**
+     * Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider.
+     * Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration.
+     */
+    public void setSecurityConfiguration(Object securityConfiguration) {
+        this.securityConfiguration = securityConfiguration;
+    }
+
+    public String getAllowedRoles() {
+        return allowedRoles;
+    }
+
+    /**
+     * Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles.
+     */
+    public void setAllowedRoles(String allowedRoles) {
+        this.allowedRoles = allowedRoles;
+    }
 }
diff --git a/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowConsumer.java b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowConsumer.java
index b104f7e..9f753e3 100644
--- a/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowConsumer.java
+++ b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowConsumer.java
@@ -21,7 +21,9 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.URI;
 import java.nio.ByteBuffer;
+import java.util.Arrays;
 import java.util.Collection;
+import java.util.List;
 
 import io.undertow.Handlers;
 import io.undertow.server.HttpHandler;
@@ -81,6 +83,11 @@ public class UndertowConsumer extends DefaultConsumer implements HttpHandler, Su
         return (UndertowEndpoint) super.getEndpoint();
     }
 
+    public List<String> getAllowedRoles() {
+        String allowedRolesString = getEndpoint().getAllowedRoles();
+        return allowedRolesString == null ? null : Arrays.asList(allowedRolesString.split("\\s*,\\s*"));
+    }
+
     @Override
     protected void doStart() throws Exception {
         super.doStart();
@@ -170,6 +177,16 @@ public class UndertowConsumer extends DefaultConsumer implements HttpHandler, Su
             return;
         }
 
+        if (getEndpoint().getSecurityProvider() != null) {
+            //security provider decides, whether endpoint is accessible
+            int statusCode = getEndpoint().getSecurityProvider().authenticate(httpExchange, getAllowedRoles());
+            if (statusCode != StatusCodes.OK) {
+                httpExchange.setStatusCode(statusCode);
+                httpExchange.endExchange();
+                return;
+            }
+        }
+
         //create new Exchange
         //binding is used to extract header and payload(if available)
         Exchange camelExchange = getEndpoint().createExchange(httpExchange);
diff --git a/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowEndpoint.java b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowEndpoint.java
index 010af01..2af5e03 100644
--- a/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowEndpoint.java
+++ b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowEndpoint.java
@@ -17,8 +17,12 @@
 package org.apache.camel.component.undertow;
 
 import java.net.URI;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.ServiceLoader;
 
 import javax.net.ssl.SSLContext;
 
@@ -36,6 +40,7 @@ import org.apache.camel.cloud.DiscoverableService;
 import org.apache.camel.cloud.ServiceDefinition;
 import org.apache.camel.component.undertow.UndertowConstants.EventType;
 import org.apache.camel.component.undertow.handlers.CamelWebSocketHandler;
+import org.apache.camel.component.undertow.spi.UndertowSecurityProvider;
 import org.apache.camel.http.base.cookie.CookieHandler;
 import org.apache.camel.spi.HeaderFilterStrategy;
 import org.apache.camel.spi.HeaderFilterStrategyAware;
@@ -123,6 +128,14 @@ public class UndertowEndpoint extends DefaultEndpoint implements AsyncEndpoint,
             + " this allows applications which use the Host header to generate accurate URL's for a proxied service."
     )
     private boolean preserveHostHeader = true;
+    @UriParam(label = "security", description = "OConfiguration used by UndertowSecurityProvider. Security configuration object for use "
+            + "from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration.")
+    private Object securityConfiguration;
+    @UriParam(label = "security", description = "Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles.")
+    private String allowedRoles;
+
+    private UndertowSecurityProvider securityProvider;
+
     public UndertowEndpoint(String uri, UndertowComponent component) {
         super(uri, component);
         this.component = component;
@@ -133,6 +146,10 @@ public class UndertowEndpoint extends DefaultEndpoint implements AsyncEndpoint,
         return component;
     }
 
+    public UndertowSecurityProvider getSecurityProvider() {
+        return securityProvider;
+    }
+
     @Override
     public Producer createProducer() throws Exception {
         return new UndertowProducer(this, optionMap);
@@ -171,6 +188,11 @@ public class UndertowEndpoint extends DefaultEndpoint implements AsyncEndpoint,
 
         Message in = getUndertowHttpBinding().toCamelMessage(httpExchange, exchange);
 
+        //securityProvider could add its own header into result exchange
+        if (getSecurityProvider() != null) {
+            getSecurityProvider().addHeader((key, value) -> in.setHeader(key, value), httpExchange);
+        }
+
         exchange.setProperty(Exchange.CHARSET_NAME, httpExchange.getRequestCharset());
         in.setHeader(Exchange.HTTP_CHARACTER_ENCODING, httpExchange.getRequestCharset());
 
@@ -431,10 +453,29 @@ public class UndertowEndpoint extends DefaultEndpoint implements AsyncEndpoint,
         return preserveHostHeader;
     }
 
+    public Object getSecurityConfiguration() {
+        return this.securityConfiguration == null ? getComponent().getSecurityConfiguration() : this.securityConfiguration;
+    }
+
+    public void setSecurityConfiguration(Object securityConfiguration) {
+        this.securityConfiguration = securityConfiguration;
+    }
+
+
+    public String getAllowedRoles() {
+        return allowedRoles == null ? getComponent().getAllowedRoles() : allowedRoles;
+    }
+
+    public void setAllowedRoles(String allowedRoles) {
+        this.allowedRoles = allowedRoles;
+    }
+
     @Override
     protected void doStart() throws Exception {
         super.doStart();
 
+        initSecurityProvider();
+
         final String scheme = httpURI.getScheme();
         this.isWebSocket = UndertowConstants.WS_PROTOCOL.equalsIgnoreCase(scheme) || UndertowConstants.WSS_PROTOCOL.equalsIgnoreCase(scheme);
 
@@ -493,6 +534,29 @@ public class UndertowEndpoint extends DefaultEndpoint implements AsyncEndpoint,
         }
     }
 
+    private void initSecurityProvider() throws Exception {
+        Object securityConfiguration = getSecurityConfiguration();
+        if (securityConfiguration != null) {
+            ServiceLoader<UndertowSecurityProvider> securityProvider = ServiceLoader.load(UndertowSecurityProvider.class);
+
+            Iterator<UndertowSecurityProvider> iter = securityProvider.iterator();
+            List<String> providers = new LinkedList();
+            while (iter.hasNext()) {
+                UndertowSecurityProvider security =  iter.next();
+                //only securityProvider, who accepts security configuration, could be used
+                if (security.acceptConfiguration(securityConfiguration, getEndpointUri())) {
+                    this.securityProvider = security;
+                    LOG.info("Security provider found {}", securityProvider.getClass().getName());
+                    break;
+                }
+                providers.add(security.getClass().getName());
+            }
+            if (this.securityProvider == null) {
+                LOG.info("Security provider for configuration {} not found {}", securityConfiguration, providers);
+            }
+        }
+    }
+
     /**
      * @return {@code true} if {@link #getHttpURI()}'s scheme is {@code ws} or {@code wss}
      */
diff --git a/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/spi/UndertowSecurityProvider.java b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/spi/UndertowSecurityProvider.java
new file mode 100644
index 0000000..426c261
--- /dev/null
+++ b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/spi/UndertowSecurityProvider.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.undertow.spi;
+
+import java.util.List;
+import java.util.function.BiConsumer;
+
+import io.undertow.server.HttpServerExchange;
+
+/**
+ * SPI interface. Camel-undertow component will locate all available providers and will use first of then which
+ * returns true in method acceptConfiguration.
+ *
+ * To implement this interface you have to advertise SPI class of type UndertowSecurityProvider.
+ *
+ * Instance of that provider is initialized by call of acceptConfiguration and then will be used to authenticate requests.
+ */
+public interface UndertowSecurityProvider {
+
+    /**
+     * Provider can add headers into Camel's exchange. Method is called right after creation of Camel's exchange.
+     * Typical usage is to add authentication information into message (eg. authenticated principal)
+     *
+     * @param consumer BiConsumer is the only way how to add parameter into exchange (it accepts pair String, Object)
+     * @param httpExchange Undertow exchange (could contain information from security provider)
+     */
+    void addHeader(BiConsumer<String, Object> consumer, HttpServerExchange httpExchange) throws Exception;
+
+    /**
+     * Method to handle incoming request for security purposes. Method returns status code with result (typically 200 if request is authenticated,
+     * 403 if not, some security provider needs to return more specific codes)
+     *
+     * @param httpExchange Undertow exchange
+     * @param allowedRoles List of allowed roles defined on endpoint.
+     * @return Status code 200 if, request is authorized, other code if not.
+     */
+    int authenticate(HttpServerExchange httpExchange, List<String> allowedRoles) throws Exception;
+
+    /**
+     * Initialization of securityProvider from configuration.
+     * Object passed to camel-undertow as 'securityConfiguration' should be tested here, if it is meant for this
+     * securityProvider and provider should initialize its state from it.
+     * If configuration is not acceptable, return false.
+     *
+     * @param configuration Object which contain connfiguration passed to camel-undertow
+     * @param endpointUri Uri of endpoint (could be important for intialization)
+     * @return True if securityProvider is initialized from data and is able to authenticate requests.
+     */
+    boolean acceptConfiguration(Object configuration, String endpointUri) throws Exception;
+}
diff --git a/components/camel-undertow/src/test/java/org/apache/camel/component/undertow/spi/AbstractSecurityProviderTest.java b/components/camel-undertow/src/test/java/org/apache/camel/component/undertow/spi/AbstractSecurityProviderTest.java
new file mode 100644
index 0000000..d562b2c
--- /dev/null
+++ b/components/camel-undertow/src/test/java/org/apache/camel/component/undertow/spi/AbstractSecurityProviderTest.java
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.undertow.spi;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.Writer;
+import java.net.URL;
+import java.util.Collections;
+import java.util.List;
+import java.util.function.BiConsumer;
+
+import io.undertow.server.HttpServerExchange;
+import io.undertow.util.AttachmentKey;
+import io.undertow.util.StatusCodes;
+import org.apache.camel.CamelContext;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.undertow.BaseUndertowTest;
+import org.apache.camel.component.undertow.UndertowComponent;
+import org.junit.BeforeClass;
+
+/**
+ * Abstract parent for test involving securityProvider.
+ */
+public abstract class  AbstractSecurityProviderTest extends BaseUndertowTest {
+
+    private static final String PRINCIPAL_PARAMETER = "principal_parameter";
+
+    MockSecurityConfiguration securityConfiguration;
+
+    public static final class MockSecurityProvider implements UndertowSecurityProvider {
+
+        private static final AttachmentKey<String> PRINCIPAL_KEY = AttachmentKey.create(String.class);
+
+        private MockSecurityConfiguration configuration;
+
+        @Override
+        public void addHeader(BiConsumer<String, Object> consumer, HttpServerExchange httpExchange) throws Exception {
+            String principal = httpExchange.getAttachment(PRINCIPAL_KEY);
+            if (principal != null) {
+                consumer.accept(PRINCIPAL_PARAMETER, principal);
+            }
+        }
+
+        @Override
+        public int authenticate(HttpServerExchange httpExchange, List<String> allowedRoles) throws Exception {
+            if (configuration.getRoleToAssign() != null && allowedRoles != null && allowedRoles.contains(configuration.getRoleToAssign())) {
+                httpExchange.putAttachment(PRINCIPAL_KEY, configuration.getRoleToAssign());
+                return StatusCodes.OK;
+            }
+            return StatusCodes.FORBIDDEN;
+        }
+
+        @Override
+        public boolean acceptConfiguration(Object configuration, String endpointUri) throws Exception {
+            if (configuration instanceof MockSecurityConfiguration) {
+                this.configuration = (MockSecurityConfiguration) configuration;
+                return this.configuration.isAccept();
+            }
+            return false;
+        }
+    }
+
+    public static final class MockSecurityConfiguration {
+
+        private String roleToAssign;
+
+        private boolean accept = true;
+
+        public String getRoleToAssign() {
+            return roleToAssign;
+        }
+
+        public void setRoleToAssign(String roleToAssign) {
+            this.roleToAssign = roleToAssign;
+        }
+
+        public boolean isAccept() {
+            return accept;
+        }
+
+        public void setAccept(boolean accept) {
+            this.accept = accept;
+        }
+    }
+
+    @Override
+    protected CamelContext createCamelContext() throws Exception {
+        CamelContext camelContext =  super.createCamelContext();
+        UndertowComponent component = camelContext.getComponent("undertow", UndertowComponent.class);
+
+        securityConfiguration = new MockSecurityConfiguration();
+        component.setSecurityConfiguration(securityConfiguration);
+        return camelContext;
+    }
+
+    @BeforeClass
+    public static void createSecurtyProviderConfigurationFile() throws Exception {
+        URL location = MockSecurityProvider.class.getProtectionDomain().getCodeSource().getLocation();
+        File file = new File(location.getPath() + "META-INF/services/" + UndertowSecurityProvider.class.getName());
+        file.getParentFile().mkdirs();
+
+        Writer output = new FileWriter(file);
+        output.write(MockSecurityProvider.class.getName());
+        output.close();
+
+        file.deleteOnExit();
+    }
+
+    @Override
+    protected RouteBuilder createRouteBuilder() throws Exception {
+        return new RouteBuilder() {
+            @Override
+            public void configure() throws Exception {
+                from("undertow:http://localhost:{{port}}/foo?allowedRoles=user")
+                        .to("mock:input")
+                        .transform(simple("${in.header." + PRINCIPAL_PARAMETER + "}"));
+            }
+        };
+    }
+
+}
diff --git a/components/camel-undertow/src/test/java/org/apache/camel/component/undertow/spi/SecurityProviderNoAcceptanceTest.java b/components/camel-undertow/src/test/java/org/apache/camel/component/undertow/spi/SecurityProviderNoAcceptanceTest.java
new file mode 100644
index 0000000..2fe18a9
--- /dev/null
+++ b/components/camel-undertow/src/test/java/org/apache/camel/component/undertow/spi/SecurityProviderNoAcceptanceTest.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.undertow.spi;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.Exchange;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Test of basic securityProvider scenario, when provider does not accepts security configuration.
+ */
+public class SecurityProviderNoAcceptanceTest extends AbstractSecurityProviderTest {
+
+    @Override
+    protected CamelContext createCamelContext() throws Exception {
+        CamelContext camelContext =  super.createCamelContext();
+        this.securityConfiguration.setAccept(false);
+        return camelContext;
+    }
+
+    @Test
+    public void testSecuredNotAllowedButNotApplied() throws Exception {
+        securityConfiguration.setRoleToAssign("admin");
+
+        getMockEndpoint("mock:input").expectedHeaderReceived(Exchange.HTTP_METHOD, "GET");
+
+        String out = template.requestBody("undertow:http://localhost:{{port}}/foo", null, String.class);
+
+        Assert.assertEquals("", out);
+
+        assertMockEndpointsSatisfied();
+    }
+}
diff --git a/components/camel-undertow/src/test/java/org/apache/camel/component/undertow/spi/SecurityProviderTest.java b/components/camel-undertow/src/test/java/org/apache/camel/component/undertow/spi/SecurityProviderTest.java
new file mode 100644
index 0000000..d6808c44
--- /dev/null
+++ b/components/camel-undertow/src/test/java/org/apache/camel/component/undertow/spi/SecurityProviderTest.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.undertow.spi;
+
+import org.apache.camel.CamelExecutionException;
+import org.apache.camel.Exchange;
+import org.apache.camel.http.base.HttpOperationFailedException;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Basic tests with securityProvider, tests whether securityProvider allows or denies access.
+ */
+public class SecurityProviderTest extends AbstractSecurityProviderTest {
+
+
+    @Test
+    public void testSecuredAllowed() throws Exception {
+        securityConfiguration.setRoleToAssign("user");
+
+        getMockEndpoint("mock:input").expectedHeaderReceived(Exchange.HTTP_METHOD, "GET");
+
+        String out = template.requestBody("undertow:http://localhost:{{port}}/foo", null, String.class);
+
+        Assert.assertEquals("user", out);
+
+        assertMockEndpointsSatisfied();
+    }
+
+    @Test
+    public void testSecuredNotAllowed() throws Exception {
+        securityConfiguration.setRoleToAssign("admin");
+
+        getMockEndpoint("mock:input").expectedHeaderReceived(Exchange.HTTP_METHOD, "GET");
+
+        try {
+            template.requestBody("undertow:http://localhost:{{port}}/foo", null, String.class);
+
+            fail("Should throw exception");
+
+        } catch (CamelExecutionException e) {
+            HttpOperationFailedException he = assertIsInstanceOf(HttpOperationFailedException.class, e.getCause());
+            assertEquals(403, he.getStatusCode());
+        }
+    }
+
+}
diff --git a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
index 729cbf0..7ae625e 100644
--- a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
+++ b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
@@ -191,6 +191,34 @@ public interface ElytronComponentBuilderFactory {
             return this;
         }
         /**
+         * Configuration used by UndertowSecurityProvider. Comma separated list
+         * of allowed roles.
+         * 
+         * The option is a: <code>java.lang.String</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronComponentBuilder allowedRoles(
+                java.lang.String allowedRoles) {
+            doSetProperty("allowedRoles", allowedRoles);
+            return this;
+        }
+        /**
+         * Configuration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides, whether it accepts configuration.
+         * 
+         * The option is a: <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronComponentBuilder securityConfiguration(
+                java.lang.Object securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
          * To configure security using SSLContextParameters.
          * 
          * The option is a:
@@ -242,6 +270,8 @@ public interface ElytronComponentBuilderFactory {
             case "mechanismName": ((ElytronComponent) component).setMechanismName((java.lang.String) value); return true;
             case "securityDomainBuilder": ((ElytronComponent) component).setSecurityDomainBuilder((org.wildfly.security.auth.server.SecurityDomain.Builder) value); return true;
             case "undertowHttpBinding": ((ElytronComponent) component).setUndertowHttpBinding((org.apache.camel.component.undertow.UndertowHttpBinding) value); return true;
+            case "allowedRoles": ((ElytronComponent) component).setAllowedRoles((java.lang.String) value); return true;
+            case "securityConfiguration": ((ElytronComponent) component).setSecurityConfiguration((java.lang.Object) value); return true;
             case "sslContextParameters": ((ElytronComponent) component).setSslContextParameters((org.apache.camel.support.jsse.SSLContextParameters) value); return true;
             case "useGlobalSslContextParameters": ((ElytronComponent) component).setUseGlobalSslContextParameters((boolean) value); return true;
             default: return false;
diff --git a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/UndertowComponentBuilderFactory.java b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/UndertowComponentBuilderFactory.java
index dfb624c..044c28e 100644
--- a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/UndertowComponentBuilderFactory.java
+++ b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/UndertowComponentBuilderFactory.java
@@ -147,6 +147,34 @@ public interface UndertowComponentBuilderFactory {
             return this;
         }
         /**
+         * Configuration used by UndertowSecurityProvider. Comma separated list
+         * of allowed roles.
+         * 
+         * The option is a: <code>java.lang.String</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowComponentBuilder allowedRoles(
+                java.lang.String allowedRoles) {
+            doSetProperty("allowedRoles", allowedRoles);
+            return this;
+        }
+        /**
+         * Configuration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides, whether it accepts configuration.
+         * 
+         * The option is a: <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowComponentBuilder securityConfiguration(
+                java.lang.Object securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
          * To configure security using SSLContextParameters.
          * 
          * The option is a:
@@ -195,6 +223,8 @@ public interface UndertowComponentBuilderFactory {
             case "basicPropertyBinding": ((UndertowComponent) component).setBasicPropertyBinding((boolean) value); return true;
             case "hostOptions": ((UndertowComponent) component).setHostOptions((org.apache.camel.component.undertow.UndertowHostOptions) value); return true;
             case "undertowHttpBinding": ((UndertowComponent) component).setUndertowHttpBinding((org.apache.camel.component.undertow.UndertowHttpBinding) value); return true;
+            case "allowedRoles": ((UndertowComponent) component).setAllowedRoles((java.lang.String) value); return true;
+            case "securityConfiguration": ((UndertowComponent) component).setSecurityConfiguration((java.lang.Object) value); return true;
             case "sslContextParameters": ((UndertowComponent) component).setSslContextParameters((org.apache.camel.support.jsse.SSLContextParameters) value); return true;
             case "useGlobalSslContextParameters": ((UndertowComponent) component).setUseGlobalSslContextParameters((boolean) value); return true;
             default: return false;
diff --git a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElytronEndpointBuilderFactory.java b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElytronEndpointBuilderFactory.java
index 51f3a8c..bc98945 100644
--- a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElytronEndpointBuilderFactory.java
+++ b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElytronEndpointBuilderFactory.java
@@ -46,17 +46,6 @@ public interface ElytronEndpointBuilderFactory {
             return (AdvancedElytronEndpointConsumerBuilder) this;
         }
         /**
-         * Comma separated list of allowed roles.
-         * 
-         * The option is a: <code>java.lang.String</code> type.
-         * 
-         * Group: common
-         */
-        default ElytronEndpointConsumerBuilder allowedRoles(String allowedRoles) {
-            doSetProperty("allowedRoles", allowedRoles);
-            return this;
-        }
-        /**
          * For HTTP endpoint: if true, text and binary messages will be wrapped
          * as java.io.InputStream before they are passed to an Exchange;
          * otherwise they will be passed as byte. For WebSocket endpoint: if
@@ -255,6 +244,47 @@ public interface ElytronEndpointBuilderFactory {
             return this;
         }
         /**
+         * List of allowed roles in String format.
+         * 
+         * The option is a: <code>java.lang.String</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronEndpointConsumerBuilder allowedRoles(String allowedRoles) {
+            doSetProperty("allowedRoles", allowedRoles);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option is a: <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronEndpointConsumerBuilder securityConfiguration(
+                Object securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option will be converted to a <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronEndpointConsumerBuilder securityConfiguration(
+                String securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
          * To configure security using SSLContextParameters.
          * 
          * The option is a:
@@ -571,17 +601,6 @@ public interface ElytronEndpointBuilderFactory {
             return (AdvancedElytronEndpointProducerBuilder) this;
         }
         /**
-         * Comma separated list of allowed roles.
-         * 
-         * The option is a: <code>java.lang.String</code> type.
-         * 
-         * Group: common
-         */
-        default ElytronEndpointProducerBuilder allowedRoles(String allowedRoles) {
-            doSetProperty("allowedRoles", allowedRoles);
-            return this;
-        }
-        /**
          * For HTTP endpoint: if true, text and binary messages will be wrapped
          * as java.io.InputStream before they are passed to an Exchange;
          * otherwise they will be passed as byte. For WebSocket endpoint: if
@@ -903,6 +922,47 @@ public interface ElytronEndpointBuilderFactory {
             return this;
         }
         /**
+         * List of allowed roles in String format.
+         * 
+         * The option is a: <code>java.lang.String</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronEndpointProducerBuilder allowedRoles(String allowedRoles) {
+            doSetProperty("allowedRoles", allowedRoles);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option is a: <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronEndpointProducerBuilder securityConfiguration(
+                Object securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option will be converted to a <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronEndpointProducerBuilder securityConfiguration(
+                String securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
          * To configure security using SSLContextParameters.
          * 
          * The option is a:
@@ -1150,17 +1210,6 @@ public interface ElytronEndpointBuilderFactory {
             return (AdvancedElytronEndpointBuilder) this;
         }
         /**
-         * Comma separated list of allowed roles.
-         * 
-         * The option is a: <code>java.lang.String</code> type.
-         * 
-         * Group: common
-         */
-        default ElytronEndpointBuilder allowedRoles(String allowedRoles) {
-            doSetProperty("allowedRoles", allowedRoles);
-            return this;
-        }
-        /**
          * For HTTP endpoint: if true, text and binary messages will be wrapped
          * as java.io.InputStream before they are passed to an Exchange;
          * otherwise they will be passed as byte. For WebSocket endpoint: if
@@ -1197,6 +1246,47 @@ public interface ElytronEndpointBuilderFactory {
             return this;
         }
         /**
+         * List of allowed roles in String format.
+         * 
+         * The option is a: <code>java.lang.String</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronEndpointBuilder allowedRoles(String allowedRoles) {
+            doSetProperty("allowedRoles", allowedRoles);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option is a: <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronEndpointBuilder securityConfiguration(
+                Object securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option will be converted to a <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default ElytronEndpointBuilder securityConfiguration(
+                String securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
          * To configure security using SSLContextParameters.
          * 
          * The option is a:
diff --git a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/UndertowEndpointBuilderFactory.java b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/UndertowEndpointBuilderFactory.java
index 26c18ab..f2b4890 100644
--- a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/UndertowEndpointBuilderFactory.java
+++ b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/UndertowEndpointBuilderFactory.java
@@ -245,6 +245,48 @@ public interface UndertowEndpointBuilderFactory {
             return this;
         }
         /**
+         * Configuration used by UndertowSecurityProvider. Comma separated list
+         * of allowed roles.
+         * 
+         * The option is a: <code>java.lang.String</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowEndpointConsumerBuilder allowedRoles(String allowedRoles) {
+            doSetProperty("allowedRoles", allowedRoles);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option is a: <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowEndpointConsumerBuilder securityConfiguration(
+                Object securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option will be converted to a <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowEndpointConsumerBuilder securityConfiguration(
+                String securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
          * To configure security using SSLContextParameters.
          * 
          * The option is a:
@@ -883,6 +925,48 @@ public interface UndertowEndpointBuilderFactory {
             return this;
         }
         /**
+         * Configuration used by UndertowSecurityProvider. Comma separated list
+         * of allowed roles.
+         * 
+         * The option is a: <code>java.lang.String</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowEndpointProducerBuilder allowedRoles(String allowedRoles) {
+            doSetProperty("allowedRoles", allowedRoles);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option is a: <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowEndpointProducerBuilder securityConfiguration(
+                Object securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option will be converted to a <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowEndpointProducerBuilder securityConfiguration(
+                String securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
          * To configure security using SSLContextParameters.
          * 
          * The option is a:
@@ -1166,6 +1250,48 @@ public interface UndertowEndpointBuilderFactory {
             return this;
         }
         /**
+         * Configuration used by UndertowSecurityProvider. Comma separated list
+         * of allowed roles.
+         * 
+         * The option is a: <code>java.lang.String</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowEndpointBuilder allowedRoles(String allowedRoles) {
+            doSetProperty("allowedRoles", allowedRoles);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option is a: <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowEndpointBuilder securityConfiguration(
+                Object securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
+         * OConfiguration used by UndertowSecurityProvider. Security
+         * configuration object for use from UndertowSecurityProvider.
+         * Configuration is UndertowSecurityProvider specific. Each provider
+         * decides whether accepts configuration.
+         * 
+         * The option will be converted to a <code>java.lang.Object</code> type.
+         * 
+         * Group: security
+         */
+        default UndertowEndpointBuilder securityConfiguration(
+                String securityConfiguration) {
+            doSetProperty("securityConfiguration", securityConfiguration);
+            return this;
+        }
+        /**
          * To configure security using SSLContextParameters.
          * 
          * The option is a:
diff --git a/docs/components/modules/ROOT/pages/elytron-component.adoc b/docs/components/modules/ROOT/pages/elytron-component.adoc
index 6d82d74..a982cef 100644
--- a/docs/components/modules/ROOT/pages/elytron-component.adoc
+++ b/docs/components/modules/ROOT/pages/elytron-component.adoc
@@ -50,7 +50,7 @@ You can append query options to the URI in the following format,
 == Options
 
 // component options: START
-The Elytron component supports 11 options, which are listed below.
+The Elytron component supports 13 options, which are listed below.
 
 
 
@@ -66,6 +66,8 @@ The Elytron component supports 11 options, which are listed below.
 | *mechanismName* (advanced) | Name of the mechanism, which will be used for selection of authentication mechanism. | BEARER_TOKEN | String
 | *securityDomainBuilder* (advanced) | *Required* Definition of Builder, which will be used for creation of security domain. |  | Builder
 | *undertowHttpBinding* (advanced) | To use a custom HttpBinding to control the mapping between Camel message and HttpClient. |  | UndertowHttpBinding
+| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles. |  | String
+| *securityConfiguration* (security) | Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration. |  | Object
 | *sslContextParameters* (security) | To configure security using SSLContextParameters |  | SSLContextParameters
 | *useGlobalSslContextParameters* (security) | Enable usage of global SSL context parameters. | false | boolean
 |===
@@ -91,13 +93,12 @@ with the following path and query parameters:
 |===
 
 
-=== Query Parameters (29 parameters):
+=== Query Parameters (30 parameters):
 
 
 [width="100%",cols="2,5,^1,2",options="header"]
 |===
 | Name | Description | Default | Type
-| *allowedRoles* (common) | Comma separated list of allowed roles. |  | String
 | *useStreaming* (common) | For HTTP endpoint: if true, text and binary messages will be wrapped as java.io.InputStream before they are passed to an Exchange; otherwise they will be passed as byte. For WebSocket endpoint: if true, text and binary messages will be wrapped as java.io.Reader and java.io.InputStream respectively before they are passed to an Exchange; otherwise they will be passed as String and byte respectively. | false | boolean
 | *accessLog* (consumer) | Whether or not the consumer should write access log | false | Boolean
 | *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean
@@ -122,6 +123,8 @@ with the following path and query parameters:
 | *headerFilterStrategy* (advanced) | To use a custom HeaderFilterStrategy to filter header to and from Camel message. |  | HeaderFilterStrategy
 | *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
 | *undertowHttpBinding* (advanced) | To use a custom UndertowHttpBinding to control the mapping between Camel message and undertow. |  | UndertowHttpBinding
+| *allowedRoles* (security) | List of allowed roles in String format |  | String
+| *securityConfiguration* (security) | OConfiguration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration. |  | Object
 | *sslContextParameters* (security) | To configure security using SSLContextParameters |  | SSLContextParameters
 | *fireWebSocketChannelEvents* (websocket) | if true, the consumer will post notifications to the route when a new WebSocket peer connects, disconnects, etc. See UndertowConstants.EVENT_TYPE and EventType. | false | boolean
 | *sendTimeout* (websocket) | Timeout in milliseconds when sending to a websocket channel. The default timeout is 30000 (30 seconds). | 30000 | Integer
diff --git a/docs/components/modules/ROOT/pages/index.adoc b/docs/components/modules/ROOT/pages/index.adoc
index f38c5c1..5ccc9ba 100644
--- a/docs/components/modules/ROOT/pages/index.adoc
+++ b/docs/components/modules/ROOT/pages/index.adoc
@@ -832,7 +832,7 @@ Number of Languages: 17 in 11 JAR artifacts (0 deprecated)
 == Miscellaneous Components
 
 // others: START
-Number of Miscellaneous Components: 36 in 36 JAR artifacts (0 deprecated)
+Number of Miscellaneous Components: 37 in 37 JAR artifacts (0 deprecated)
 
 [width="100%",cols="4,1,5",options="header"]
 |===
diff --git a/docs/components/modules/ROOT/pages/undertow-component.adoc b/docs/components/modules/ROOT/pages/undertow-component.adoc
index 014f64a..bd4c28a 100644
--- a/docs/components/modules/ROOT/pages/undertow-component.adoc
+++ b/docs/components/modules/ROOT/pages/undertow-component.adoc
@@ -48,7 +48,7 @@ You can append query options to the URI in the following format,
 == Options
 
 // component options: START
-The Undertow component supports 8 options, which are listed below.
+The Undertow component supports 10 options, which are listed below.
 
 
 
@@ -61,6 +61,8 @@ The Undertow component supports 8 options, which are listed below.
 | *basicPropertyBinding* (advanced) | Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | boolean
 | *hostOptions* (advanced) | To configure common options, such as thread pools |  | UndertowHostOptions
 | *undertowHttpBinding* (advanced) | To use a custom HttpBinding to control the mapping between Camel message and HttpClient. |  | UndertowHttpBinding
+| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles. |  | String
+| *securityConfiguration* (security) | Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration. |  | Object
 | *sslContextParameters* (security) | To configure security using SSLContextParameters |  | SSLContextParameters
 | *useGlobalSslContextParameters* (security) | Enable usage of global SSL context parameters. | false | boolean
 |===
@@ -86,7 +88,7 @@ with the following path and query parameters:
 |===
 
 
-=== Query Parameters (28 parameters):
+=== Query Parameters (30 parameters):
 
 
 [width="100%",cols="2,5,^1,2",options="header"]
@@ -116,6 +118,8 @@ with the following path and query parameters:
 | *headerFilterStrategy* (advanced) | To use a custom HeaderFilterStrategy to filter header to and from Camel message. |  | HeaderFilterStrategy
 | *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
 | *undertowHttpBinding* (advanced) | To use a custom UndertowHttpBinding to control the mapping between Camel message and undertow. |  | UndertowHttpBinding
+| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles. |  | String
+| *securityConfiguration* (security) | OConfiguration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration. |  | Object
 | *sslContextParameters* (security) | To configure security using SSLContextParameters |  | SSLContextParameters
 | *fireWebSocketChannelEvents* (websocket) | if true, the consumer will post notifications to the route when a new WebSocket peer connects, disconnects, etc. See UndertowConstants.EVENT_TYPE and EventType. | false | boolean
 | *sendTimeout* (websocket) | Timeout in milliseconds when sending to a websocket channel. The default timeout is 30000 (30 seconds). | 30000 | Integer
@@ -205,5 +209,14 @@ If you actually want to expose routes by HTTP and already have a
 Servlet, you should instead refer to the
 xref:servlet-component.adoc[Servlet Transport].
 
+== Security provider
+
+To plugin security provider for endpoint authentication, implement SPI interface
+`org.apache.camel.component.undertow.spi.UndertowSecurityProvider`.
+
+Undertow components locates all implementations of `UndertowSecurityProvider` using
+Java SPI (Service Provider Interfaces). If there is an object passed to component
+as parameter `securityConfiguration` and provider accepts it. Provider will be used
+for authentication of all requests.
 
 include::camel-spring-boot::page$undertow-starter.adoc[]


Mime
View raw message