Return-Path: X-Original-To: apmail-camel-users-archive@www.apache.org Delivered-To: apmail-camel-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D950AD7AE for ; Wed, 7 Nov 2012 01:47:28 +0000 (UTC) Received: (qmail 39183 invoked by uid 500); 7 Nov 2012 01:47:28 -0000 Delivered-To: apmail-camel-users-archive@camel.apache.org Received: (qmail 39140 invoked by uid 500); 7 Nov 2012 01:47:28 -0000 Mailing-List: contact users-help@camel.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@camel.apache.org Delivered-To: mailing list users@camel.apache.org Received: (qmail 39130 invoked by uid 99); 7 Nov 2012 01:47:28 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Nov 2012 01:47:28 +0000 X-ASF-Spam-Status: No, hits=0.6 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of willem.jiang@gmail.com designates 209.85.160.45 as permitted sender) Received: from [209.85.160.45] (HELO mail-pb0-f45.google.com) (209.85.160.45) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Nov 2012 01:47:21 +0000 Received: by mail-pb0-f45.google.com with SMTP id rp2so845556pbb.32 for ; Tue, 06 Nov 2012 17:47:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:message-id:in-reply-to:references:subject:x-mailer :mime-version:content-type:content-transfer-encoding :content-disposition; bh=8fvxHK93KxFRcU84VKmhzmmHi96oIfm3fSCUNQYqqj4=; b=KK/MdgmWCfZGVoYkiUJTJZBEjwSH1B48CuVGVacO5xpUgVNoqY3jStyW7DYVoYOH16 JiAg17BcccEpyZQ45Ic0f16wfCx1m7O8krXzZ0TzmxvdMW4W+TkWZgWr8piGR3hQTC3c ImCC5JoHV+dF2vIW9dMmiQ/VJTAq8kiiIGwv9rEvzCJmhoy6d4n/K0V55o4Oi1b0S0ty IAiCEKg2mFdWZCHO8yJ/FdrHNuij+Ywi1y+VJshgI38MkcRYmycBJ4u/ppKZ8GRY/KVp 7MeoEu4Kfsy5Umuhc1B2k5DAcvH7QBB6FkCa7NBlSdOHohvG4Qo7L+AogPhTsBS2Mzw5 MElg== Received: by 10.68.192.66 with SMTP id he2mr8820016pbc.112.1352252820567; Tue, 06 Nov 2012 17:47:00 -0800 (PST) Received: from [192.168.1.135] ([123.116.40.101]) by mx.google.com with ESMTPS id rg9sm12375710pbc.46.2012.11.06.17.46.58 (version=SSLv3 cipher=OTHER); Tue, 06 Nov 2012 17:46:59 -0800 (PST) Date: Wed, 7 Nov 2012 09:46:56 +0800 From: Willem jiang To: users@camel.apache.org Message-ID: <8B844F9BD93F480687D4FAC4391F4283@gmail.com> In-Reply-To: <1352228836589-5722250.post@n5.nabble.com> References: <1350333517863-5721076.post@n5.nabble.com> <1FDF643586E54971820CB4E8C552231E@gmail.com> <1352228836589-5722250.post@n5.nabble.com> Subject: Re: Jetty proxy routes confused behavior. X-Mailer: sparrow 1.6.4 (build 1176) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked by ClamAV on apache.org As the servlet is called from the web container which should take care of the transport security issue. It makes sense that you can do the security setup through the WebContainer like Jetty or Tomcat. -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.javaeye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: willemjiang On Wednesday, November 7, 2012 at 3:07 AM, dvsridhar wrote: > William, > With your suggestion I was able to stood up the spring-security oauth for > http proxy routes. However, I just learnt that camel-servlet component > doesn't have support Camel JSSE Utility > (http://camel.apache.org/camel-configuration-utilities.html). *We have a > requirement to support FIPS140 and NIST compliance for SSL transport layer > and we use RSA JsafeJCE crypto jars for strong encryption. For this > compliance to work, I need to override the default cipher suites and supply > the following cipher suites SSL_RSA_WITH_AES_128_CBC_SHA and > SSL_RSA_WITH_AES_256_CBC_SHA.*(http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=%2Fcom.ibm.mq.csqzaw.doc%2Fja34740_.htm) > > > *I really don't know what to do here. > camel-jetty doesn't work with spring security, but it supports JSSE. > camel-http4 only produce to http endpoints. > camel-servlet can consume http content but doesn't work with JSSE. > * > Looks like I have to change my direction completely and only use CXF for > security (oauth) and FIPS compliance. But the part I hate the most with this > approach is for a simple REST URL http redirect use case I have to stand up > dummy RestImplmentation which makes a no sense for a proxy layer. > > *For example:* > > > > > > > > > > > serviceClass="com.xyz.rest.resource.impl.VendorRSImpl" * > loggingFeatureEnabled="true"> > > > > > > > serviceClass="com.xyz.rest.resource.api.VendorRS" inheritHeaders="true" > loggingFeatureEnabled="true" > > > > To make this route work I have to stand this dummy implementation > "com.xyz.rest.resource.impl.VendorRSImpl", where as my actual service > provider is present at a different URL("http://myhost:7001/FDX/Vendor"). > > /In the above configuration "com.ams.momapi.rest.resource.api.VendorRS" is a > JAX_RS based REST interface and com.xyz.rest.resource.impl.VendorRSImpl is > the dummy implementation./ > > What would be recommendation for this. Any help appreciated. > > Thanks, > Sridhar > > > > -- > View this message in context: http://camel.465427.n5.nabble.com/Jetty-proxy-routes-confused-behavior-tp5721076p5722250.html > Sent from the Camel - Users mailing list archive at Nabble.com (http://Nabble.com).