camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Willem Jiang <willem.ji...@gmail.com>
Subject Re: Camel security
Date Fri, 02 Apr 2010 07:59:29 GMT
Claus Ibsen wrote:
> On Thu, Apr 1, 2010 at 4:20 PM, Willem Jiang <willem.jiang@gmail.com> wrote:
>> Hi Jervis
>>
>> I'm planing to work on Spring security and Camel integration[1] in the
>> coming up few week.
>> If everything goes well, I think you can try out the basic security
>> implementation with Role based authorization then we can try to integrate
>> the Drools part.
>>
>> [1] https://issues.apache.org/activemq/browse/CAMEL-2579
>>
> 
> Willem please hold with making major changes into the 2.3 codebase.
> We have the features we need for 2.3 and want to use the next 2-3
> weeks to get the last pieces done so we can get a 2.3 release out the
> door.
> 
> And I believe we need to discuss and design the security framework to
> be added into Camel in the public.
> I think you can start with creating a wiki page at the developer
> section at Camel wiki and then we can all take a look and help design
> it.

Sure, I will work on the design document first.

> 
> Its important that we do this in a manner so the security framework of
> choice can easily be plugged in, as many have different needs.
> And some are forced to use JAAS etc.
> 
> So it should NOT be a Spring Security that master how we do this in Camel.
> 
> 
>> Willem
>>
>> Claus Ibsen wrote:
>>> Hi
>>>
>>> Sounds great with Drools integration with Camel.
>>>
>>> No there is not a general security module in Camel.
>>> Its something that we will work on and provide in the future.
>>> At present time its not on the roadmap short term.
>>>
>>> Each individual camel component often have their own security settings
>>> which you leverage, such as Jetty etc.
>>>
>>>
>>>
>>> On Thu, Apr 1, 2010 at 11:04 AM, jliu <jervisliu@gmail.com> wrote:
>>>> Hi,
>>>>
>>>> I am currently working on Drools (http://www.jboss.org/drools) Camel
>>>> integration. One requirement popped up is to provide a secured access to
>>>> Drools KnowledgeSession . For those who is not familiar with Drools,
>>>> Drools
>>>> KnowledgeSession is defined as a Camel process or endpoint. Basically
>>>> this
>>>> means an authentication framework and an authorization framework that can
>>>> be
>>>> used to provide service level and method level security. The
>>>> authorization
>>>> part needs to support both role-based authorization and rule-based
>>>> authorization. So for example, with this security in place, I can say
>>>> "only
>>>> admin type user can access Drools KnowledgeSession " or  "only admin type
>>>> user can call insertFact on Drools KnowledgeSession ".  I can also say
>>>> "If
>>>> the current user has called fireAllRules on Drools KnowledgeSession more
>>>> than an average of 5 times in the last minute, then reject the next
>>>> invocation, as its possible fraud".
>>>>
>>>> An example of camle route with authorization may look like below (Please
>>>> note, this is not a valid configuration, just used to illustrate the
>>>> idea):
>>>>
>>>> Service level security:
>>>>
>>>> a camel route without authorization:
>>>> <camel:route>
>>>>    <camel:from uri="direct:executor" />
>>>>    <camel:process ref="DroolsBatchExecutorProcessor"/>
>>>>    <camel:to uri="direct:xstreamTransformerResult" />
>>>> </camel:route>
>>>>
>>>> a camel route with simple role based authorization using role mappings
>>>> stored in property files:
>>>> <camel:route>
>>>>   <camel:from uri="direct:executor" />
>>>>   <camel:process ref="DroolsBatchExecutorProcessor"
>>>> authorization-module="role-based-using-property-file"
>>>> rolesAllowed="admin=,
>>>> analysis"/>
>>>>   <camel:to uri="direct:xstreamTransformerResult" />
>>>> </camel:route>
>>>>
>>>>  a camel route with rule based authorization using Drools:
>>>> <camel:route>
>>>>    <camel:from uri="direct:executor" />
>>>>    <camel:process ref="DroolsBatchExecutorProcessor"
>>>> authorization-module="rule-based-using-drools"/>
>>>>    <camel:to uri="direct:xstreamTransformerResult" />
>>>> </camel:route>
>>>>
>>>> Method level security:
>>>> TBD
>>>>
>>>> Does such feature exist in Camel or will be supported in the future?
>>>>
>>>> Thanks,
>>>>
>>>> Jervis Liu
>>>> --
>>>> View this message in context:
>>>> http://old.nabble.com/Camel-security-tp28106100p28106100.html
>>>> Sent from the Camel - Users mailing list archive at Nabble.com.
>>>>
>>>>
>>>
>>>
>>
> 
> 
> 


Mime
View raw message