camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Willem Jiang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CAMEL-3750) Provide a common mechanism to facilitate configuration of TLS across Camel components
Date Mon, 18 Apr 2011 12:27:05 GMT

    [ https://issues.apache.org/jira/browse/CAMEL-3750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13020998#comment-13020998
] 

Willem Jiang commented on CAMEL-3750:
-------------------------------------

Hi David

For number 1) A. If you take a look at the generated schema there is an schema import of "http://camel.apache.org/schema/spring"
But for the keyStoreParameters, secureRandomParameters and sslContextParameters they have
nothing to do with the CamelContext, and they should support to be reused in different camel
context. So I don't think they need to extend the AbstractCamelFactoryBean.

For number 1) B. I think the using the TCCL could be enough for SSLContextParameters to load
the resource, as the spring application will set the TCCL with the application classloader,
and the user can import the other bundle package if the resource is in the other bundle.

For number 2) It could be difficult to maintain schema map rightly if there are lots of http
endpoints are deployed into the container like servicemix. I agree we leave http component
this way, when we move the http-client4 we could drop the support camel-http.

> Provide a common mechanism to facilitate configuration of TLS across Camel components
> -------------------------------------------------------------------------------------
>
>                 Key: CAMEL-3750
>                 URL: https://issues.apache.org/jira/browse/CAMEL-3750
>             Project: Camel
>          Issue Type: New Feature
>          Components: camel-core, camel-http, camel-jetty
>            Reporter: David Valeri
>            Assignee: Willem Jiang
>             Fix For: Future
>
>         Attachments: CAMEL-3750-camel-core-xml.patch, CAMEL-3750-camel-core.patch, CAMEL-3750-camel-http.patch,
CAMEL-3750-camel-http4.patch, CAMEL-3750-camel-itest-osgi.patch, CAMEL-3750-camel-jetty.patch,
CAMEL-3750-camel-spring.patch
>
>
> CXF provides a nice Spring Namespace handler for configuring TLS options on the Jetty
transport.  Configuring these options using XML in Spring or through a simplified set of utility
classes decreases the learning curve for users by sheltering them from the horrors of JSSE.
> There are a large number of components in Camel that deal with socket communication at
some level, but they all require users to learn the specific low level configuration capabilities
of the library on which the component is based in order to configure custom TLS options.
> It would be convenient if users didn't need to learn the advanced networking configuration
options for each component.
> This enhancement suggests a similar Spring Namespace handler and utility classes that
allow for simplified configuration of an SSLContext as well as adding provisions to some of
the Camel components in order to accept this new configuration mechanism.  The initial components
to support the new configuration mechanism are the http, http4, and Jetty components.  Other
components would follow.
> An example usage is below.
> Programmatic configuration:
> {code}
> KeyStoreParameters ksp = new KeyStoreParameters();
> ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString());
> ksp.setPassword(pwd);
> ksp.setContext(context);
>         
> KeyManagersParameters kmp = new KeyManagersParameters();
> kmp.setKeyPassword(pwd);
> kmp.setKeyStore(ksp);
> TrustManagersParameters tmp = new TrustManagersParameters();
> tmp.setKeyStore(ksp);
>         
> SSLContextParameters sslContextParameters = new SSLContextParameters();
> sslContextParameters.setKeyManagers(kmp);
> sslContextParameters.setTrustManagers(tmp);
> {code}
> XML Configuration:
> {code:XML}
> <SSLContextParameters id="sslContextParameters" secureSocketProtocol="TLS">
>   <keyManagers
>       keyPassword="password">
>     <keyStore resource="./localhost.jks" password="password"/>
>   </keyManagers>
>   <secureSocketProtocolsFilter>
>     <include>TLS.*</include>
>   </secureSocketProtocolsFilter>
> </SSLContextParameters>
> {code}
> Usage in a route:
> {code}
> from("jetty:https://localhost:443/hello?sslContextParametersRef=sslContextParameters").process(proc);
> {code}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message