camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <>
Subject Re: intended scope of CamelAuthorizationException?
Date Fri, 09 Dec 2011 16:10:17 GMT

Its used by camel-shiro and camel-spring-security, where you can
define a security policy in the DSL.
There is a AuthorizationPolicy in the SPI package in camel-core.

I guess its intend is to be used when an user is denied an action, and
Camel should not process the message,
whether that deny was due authorization or authentication error.

However as always maybe it needs to be better documented, or we need
more fine grained exceptions?

Any thoughts?

On Fri, Dec 9, 2011 at 4:22 PM, Glen Mazza <> wrote:
> Hello, org.apache.camel.CamelAuthorizationException[1] was missing a JavaDoc
> header comment, I added a generic but possibly inaccurate one in the latest
> patch that Claus applied (it's viewable here[1] now).
> Question: What's the purpose of this exception--is it purely for (a)
> *authorization* errors (person is Bob alright but he's not allowed to eat
> any of the cookies) or for (b) *authentication* errors (no, that person
> isn't even Bob) or (c) either?  The present method implementations appear to
> indicate it's for authentication and (possibly) not authorization issues.
> Thanks,
> Glen
> [1]
> --
> Glen Mazza
> Talend Community Coders
> blog:

Claus Ibsen
Twitter: davsclaus, fusenews
Author of Camel in Action:

View raw message