camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rich Newcomb (JIRA)" <>
Subject [jira] [Commented] (CAMEL-4441) Add Namespace Support to XMLSecurity Component
Date Tue, 20 Sep 2011 17:29:12 GMT


Rich Newcomb commented on CAMEL-4441:

Thanks Ashwin!  I will update the documentation on the Camel wiki.

> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>                 Key: CAMEL-4441
>                 URL:
>             Project: Camel
>          Issue Type: Improvement
>            Reporter: Rich Newcomb
>            Assignee: Ashwin Karpe
>             Fix For: 2.9.0
>         Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch,
CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
> The camel-xmlsecurity data format does not support namespaces when identifying specific
nodes to be encrypted or decrypted.  The data format will only work for incidental namespace
collisions (i.e., when the target XML document  has elements that happen to use the same namespace
prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition  mapping  to
be included as part of the data format configuration.  This enables true namespace matching,
even if the prefix values in the data format definition and the target xml document are not
equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml} 
>         final Map<String, String> namespaces = new HashMap<String, String>();
>         namespaces.put("cust", "");
>         final KeyStoreParameters tsParameters = new KeyStoreParameters();
>         tsParameters.setPassword("password");
>         tsParameters.setResource("sender.ts");
>         context.addRoutes(new RouteBuilder() {
>             public void configure() {
>                 from("direct:start")
>                     .marshal().secureXML("//cust:cheesesites/italy", namespaces, true,
"recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> 		  }
>         }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging
the Camel NamespaceAware interface.  Thus, a namespace prefix that is defined as part of the
camelContext definition can be re-used in context within the data format secureTag attribute
of the secureXML element.
> For example:
> {code:xml}
>     <!--  trust store configuration -->                          
>     <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
>     <camelContext id="springXmlSecurityDataFormatTestCamelContext" 
>                   xmlns=""
>                   xmlns:cheese="">    
>         <route>
>             <from uri="direct://start"/>
>                  <marshal>
>                     <secureXML
>                         secureTag="//cheese:cheesesites/italy"
>                         secureTagContents="true"
>                         xmlCipherAlgorithm=""
>                         keyCipherAlgorithm=""
>                         recipientKeyAlias="recipient"
>                         keyOrTrustStoreParametersId="trustStoreParams" />
>                 </marshal> 
> 		...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters
for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to
use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose.
This is also illustrated in the examples above. The other methods of KeyStore definition are
deprecated by the patch.
> Minor and related changes provided by the patch include:
>  *  Fixes an error where unit tests were incorrectly skipped (due to security engine
not initialized) even when the related crypto algorithms are available.
>  *  Adds a Spring Xml route definition example in the unit tests
>  *  Configures the xmlunit version in the parent.pom and updates camel-jmx to share this

This message is automatically generated by JIRA.
For more information on JIRA, see:


View raw message