camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Przemyslaw Budzik (JIRA)" <>
Subject [jira] Commented: (CAMEL-1211) camel-restlet security extension
Date Fri, 02 Jan 2009 10:08:05 GMT


Przemyslaw Budzik commented on CAMEL-1211:


It is connected with a consumer's life-cycle so it doesn't  take place per request, but anyway
if you have many routes with many endpoints and in tests you tend to start/stop Camel on setUp/tearDown
it is quite verbose.  You're right it is not obvious that's why I was asking not claiming

> camel-restlet security extension
> --------------------------------
>                 Key: CAMEL-1211
>                 URL:
>             Project: Apache Camel
>          Issue Type: Improvement
>          Components: camel-core, camel-restlet
>    Affects Versions: 1.5.1, 2.0.0
>            Reporter: Przemyslaw Budzik
>            Priority: Minor
> Now we have basic http auth. Quick shot is adding digest as it is supported by Restlet,
but I have something more in mind. As I'm using token based auth and for me http auth is not
suitable (pushing credentials back and forth all the time etc). How about a pattern where
from one endpoint you can consume a ticket/token/sessionId and you can use it as a header
to authenticate? As now the realm is to keep login and pass and it could be something like
a bean that can validate the token. Of course that data would not be static so it is more
about a callback (eg. getTokens()) than a static map/list. And finally as we have the uri
we can resolve an "operation" and do authorization (so uri+method is the target). I mean in
my project I have processor that does stuff like that and it would be cool to have all those
things in one place in consumer (and provide only data and have skeletal logic under the hood).
> Now the question is if my idea makes sense and if so what are your suggestions on how
to implement that w/o reinventing the wheel (and not using ACEGI ;-))
> Btw,  Claus, William - logs about attaching/detaching restlets are at info level and
it's kind of spamming if there are say 20 endpoints... Maybe it should be at debug?

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message