camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: Camel security
Date Thu, 01 Apr 2010 14:47:11 GMT
On Thu, Apr 1, 2010 at 4:20 PM, Willem Jiang <willem.jiang@gmail.com> wrote:
> Hi Jervis
>
> I'm planing to work on Spring security and Camel integration[1] in the
> coming up few week.
> If everything goes well, I think you can try out the basic security
> implementation with Role based authorization then we can try to integrate
> the Drools part.
>
> [1] https://issues.apache.org/activemq/browse/CAMEL-2579
>

Willem please hold with making major changes into the 2.3 codebase.
We have the features we need for 2.3 and want to use the next 2-3
weeks to get the last pieces done so we can get a 2.3 release out the
door.

And I believe we need to discuss and design the security framework to
be added into Camel in the public.
I think you can start with creating a wiki page at the developer
section at Camel wiki and then we can all take a look and help design
it.

Its important that we do this in a manner so the security framework of
choice can easily be plugged in, as many have different needs.
And some are forced to use JAAS etc.

So it should NOT be a Spring Security that master how we do this in Camel.


> Willem
>
> Claus Ibsen wrote:
>>
>> Hi
>>
>> Sounds great with Drools integration with Camel.
>>
>> No there is not a general security module in Camel.
>> Its something that we will work on and provide in the future.
>> At present time its not on the roadmap short term.
>>
>> Each individual camel component often have their own security settings
>> which you leverage, such as Jetty etc.
>>
>>
>>
>> On Thu, Apr 1, 2010 at 11:04 AM, jliu <jervisliu@gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> I am currently working on Drools (http://www.jboss.org/drools) Camel
>>> integration. One requirement popped up is to provide a secured access to
>>> Drools KnowledgeSession . For those who is not familiar with Drools,
>>> Drools
>>> KnowledgeSession is defined as a Camel process or endpoint. Basically
>>> this
>>> means an authentication framework and an authorization framework that can
>>> be
>>> used to provide service level and method level security. The
>>> authorization
>>> part needs to support both role-based authorization and rule-based
>>> authorization. So for example, with this security in place, I can say
>>> "only
>>> admin type user can access Drools KnowledgeSession " or  "only admin type
>>> user can call insertFact on Drools KnowledgeSession ".  I can also say
>>> "If
>>> the current user has called fireAllRules on Drools KnowledgeSession more
>>> than an average of 5 times in the last minute, then reject the next
>>> invocation, as its possible fraud".
>>>
>>> An example of camle route with authorization may look like below (Please
>>> note, this is not a valid configuration, just used to illustrate the
>>> idea):
>>>
>>> Service level security:
>>>
>>> a camel route without authorization:
>>> <camel:route>
>>>    <camel:from uri="direct:executor" />
>>>    <camel:process ref="DroolsBatchExecutorProcessor"/>
>>>    <camel:to uri="direct:xstreamTransformerResult" />
>>> </camel:route>
>>>
>>> a camel route with simple role based authorization using role mappings
>>> stored in property files:
>>> <camel:route>
>>>   <camel:from uri="direct:executor" />
>>>   <camel:process ref="DroolsBatchExecutorProcessor"
>>> authorization-module="role-based-using-property-file"
>>> rolesAllowed="admin=,
>>> analysis"/>
>>>   <camel:to uri="direct:xstreamTransformerResult" />
>>> </camel:route>
>>>
>>>  a camel route with rule based authorization using Drools:
>>> <camel:route>
>>>    <camel:from uri="direct:executor" />
>>>    <camel:process ref="DroolsBatchExecutorProcessor"
>>> authorization-module="rule-based-using-drools"/>
>>>    <camel:to uri="direct:xstreamTransformerResult" />
>>> </camel:route>
>>>
>>> Method level security:
>>> TBD
>>>
>>> Does such feature exist in Camel or will be supported in the future?
>>>
>>> Thanks,
>>>
>>> Jervis Liu
>>> --
>>> View this message in context:
>>> http://old.nabble.com/Camel-security-tp28106100p28106100.html
>>> Sent from the Camel - Users mailing list archive at Nabble.com.
>>>
>>>
>>
>>
>>
>
>



-- 
Claus Ibsen
Apache Camel Committer

Author of Camel in Action: http://www.manning.com/ibsen/
Open Source Integration: http://fusesource.com
Blog: http://davsclaus.blogspot.com/
Twitter: http://twitter.com/davsclaus

Mime
View raw message