camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jliu <jervis...@gmail.com>
Subject Camel security
Date Thu, 01 Apr 2010 09:04:02 GMT

Hi, 

I am currently working on Drools (http://www.jboss.org/drools) Camel
integration. One requirement popped up is to provide a secured access to
Drools KnowledgeSession . For those who is not familiar with Drools, Drools
KnowledgeSession is defined as a Camel process or endpoint. Basically this
means an authentication framework and an authorization framework that can be
used to provide service level and method level security. The authorization
part needs to support both role-based authorization and rule-based
authorization. So for example, with this security in place, I can say "only
admin type user can access Drools KnowledgeSession " or  "only admin type
user can call insertFact on Drools KnowledgeSession ".  I can also say "If
the current user has called fireAllRules on Drools KnowledgeSession more
than an average of 5 times in the last minute, then reject the next
invocation, as its possible fraud".

An example of camle route with authorization may look like below (Please
note, this is not a valid configuration, just used to illustrate the idea): 

Service level security:

a camel route without authorization:
<camel:route>
     <camel:from uri="direct:executor" />
     <camel:process ref="DroolsBatchExecutorProcessor"/>
     <camel:to uri="direct:xstreamTransformerResult" />
</camel:route>

a camel route with simple role based authorization using role mappings
stored in property files:
<camel:route>
    <camel:from uri="direct:executor" />
    <camel:process ref="DroolsBatchExecutorProcessor"
authorization-module="role-based-using-property-file" rolesAllowed="admin=,
analysis"/>
    <camel:to uri="direct:xstreamTransformerResult" />
</camel:route>

 a camel route with rule based authorization using Drools:
<camel:route>
     <camel:from uri="direct:executor" />
     <camel:process ref="DroolsBatchExecutorProcessor"
authorization-module="rule-based-using-drools"/>
     <camel:to uri="direct:xstreamTransformerResult" />
</camel:route>

Method level security:
TBD

Does such feature exist in Camel or will be supported in the future?

Thanks,

Jervis Liu
-- 
View this message in context: http://old.nabble.com/Camel-security-tp28106100p28106100.html
Sent from the Camel - Users mailing list archive at Nabble.com.


Mime
View raw message