camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Willem Jiang (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (CAMEL-2796) camel-spring-security: provide reference to the policy when authorization fails
Date Thu, 22 Jul 2010 02:05:52 GMT

     [ https://issues.apache.org/activemq/browse/CAMEL-2796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Willem Jiang resolved CAMEL-2796.
---------------------------------

    Fix Version/s: 2.5.0
                       (was: 2.4.0)
       Resolution: Fixed

Applied patch with thanks to Paul.

> camel-spring-security: provide reference to the policy when authorization fails
> -------------------------------------------------------------------------------
>
>                 Key: CAMEL-2796
>                 URL: https://issues.apache.org/activemq/browse/CAMEL-2796
>             Project: Apache Camel
>          Issue Type: Improvement
>    Affects Versions: 2.3.0
>            Reporter: Paul Mietz Egli
>            Assignee: Willem Jiang
>             Fix For: 2.5.0
>
>         Attachments: CAMEL-2796.patch
>
>
> While it is possible to set up different policies to enforce authorization rules on Camel
routes with the new camel-spring-security plugin, there is currently no way to tell which
policy was being enforced when a org.springframework.security.SpringSecurityException is thrown.
 It would be very helpful to have a reference to the policy ID in the CamelAuthorizationException
or in the headers so we can use it in the onException handlers.
> For example, let's say you have two policies:
> {code}
>   <authorizationPolicy id="user" access="ROLE_USER" authenticationManager="authenticationManager"
accessDecisionManager="accessDecisionManager"
>     xmlns="http://camel.apache.org/schema/spring-security" />
>   <authorizationPolicy id="admin" access="ROLE_ADMIN" authenticationManager="authenticationManager"
accessDecisionManager="accessDecisionManager"
>     xmlns="http://camel.apache.org/schema/spring-security" />
> {code}
> You also have two routes which use these policies:
> {code}
>     <camelContext id="myCamelContext" xmlns="http://camel.apache.org/schema/spring">
>           <onException useOriginalMessage="true">
>             <exception>org.springframework.security.BadCredentialsException</exception>
>             <handled><constant>true</constant></handled>
>             <to uri="log:auth_error" />
>         </onException>
>         <route>
>             <from uri="direct:adminStart"/>
>             <policy ref="admin">
>                 <to uri="mock:end"/>
>             </policy>
>         </route>
>         <route>
>             <from uri="direct:userStart"/>
>             <policy ref="admin">
>                 <to uri="mock:end"/>
>             </policy>
>         </route>
>     </camelContext>
> {code}
> Both of these routes will fail with an AccessDeniedException if the user doesn't have
the proper role, but it would be desirable to handle exceptions for the ROLE_ADMIN failure
differently than the ROLE_USER failure, maybe by using a <choice> element in the <onException>
element.
> I know we have the CamelFailureEndpoint header, but this isn't very useful when more
than one route uses the same authorization policy.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message