This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 0dabf041a52 [CAMEL-20747] Migrate SpringSecurityAuthorizationPolicy to
Spring 5 (#14082)
0dabf041a52 is described below
commit 0dabf041a528448fb4138e87974ebb72db130acc
Author: Marco Santarelli <[email protected]>
AuthorDate: Wed May 8 16:04:17 2024 +0200
[CAMEL-20747] Migrate SpringSecurityAuthorizationPolicy to Spring 5 (#14082)
* Changed the SpringSecurityAuthorizationPolicy to remove deprecated
methods and classes, using the new Authorization manager.
* Missed an xml resource, fixed tests
* Updated failing integration tests as a result of the component change.
* Added notes to the upgrade guide.
---------
Co-authored-by: Claus Ibsen <[email protected]>
---
.../src/main/docs/spring-security.adoc | 28 +++++--------
.../security/SpringSecurityAccessPolicy.java | 38 -----------------
.../SpringSecurityAuthorizationPolicy.java | 47 ++++++++--------------
.../SpringSecurityAuthorizationPolicyParser.java | 10 +----
.../resources/schema/camel-spring-security.xsd | 6 +--
...pringSecurityAuthorizationPolicyConfigTest.java | 10 ++---
.../spring/security/SpringSecurityCamelContext.xml | 4 +-
.../component/spring/security/commonSecurity.xml | 7 +---
.../config/SpringSecurityAuthorizationPolicy.xml | 2 +-
.../ROOT/pages/camel-4x-upgrade-guide-4_7.adoc | 21 ++++++++++
.../camel/itest/security/GreeterClientTest.java | 2 +-
.../itest/security/CxfMessageCamelContext.xml | 2 +-
.../apache/camel/itest/security/camel-context.xml | 4 +-
.../apache/camel/itest/security/commonSecurity.xml | 7 +---
14 files changed, 68 insertions(+), 120 deletions(-)
diff --git
a/components/camel-spring-security/src/main/docs/spring-security.adoc
b/components/camel-spring-security/src/main/docs/spring-security.adoc
index edb83739f3a..35f58d12da5 100644
--- a/components/camel-spring-security/src/main/docs/spring-security.adoc
+++ b/components/camel-spring-security/src/main/docs/spring-security.adoc
@@ -30,8 +30,8 @@ Access to a route is controlled by an instance of a
`SpringSecurityAuthorizationPolicy` object. A policy object contains the
name of the Spring Security authority (role) required to run a set of
endpoints and references to Spring Security `AuthenticationManager` and
-`AccessDecisionManager` objects used to determine whether the current
-principal has been assigned that role. Policy objects may be configured
+`AuthorizationManager` objects used to determine whether the current
+principal is authorized. Policy objects may be configured
as Spring beans or by using an `<authorizationPolicy>` element in Spring
XML.
@@ -45,13 +45,10 @@ attributes:
|`id` |`null` |The unique Spring bean identifier which is used to reference
the policy
in routes (required)
-|`access` |`null` |The Spring Security authority name that is passed to the
access decision
-manager (required)
-
|`authenticationManager` |`authenticationManager` |The name of the Spring
Security `AuthenticationManager` object in the
context
-|`accessDecisionManager` |`accessDecisionManager` |The name of the Spring
Security `AccessDecisionManager` object in the
+|`authorizationManager` |`authorizationManager` |The name of the Spring
Security `AuthorizationManager` object in the
context
|`authenticationAdapter` |DefaultAuthenticationAdapter |The name of a
*camel-spring-security*
@@ -70,7 +67,7 @@ header under `Exchange.AUTHENTICATION`, check the Spring
Security
[[SpringSecurity-ControllingaccesstoCamelroutes]]
== Controlling access to Camel routes
-A Spring Security `AuthenticationManager` and `AccessDecisionManager`
+A Spring Security `AuthenticationManager` and `AuthorizationManager`
are required to use this component. Here is an example of how to
configure these objects in Spring XML using the Spring Security
namespace:
@@ -83,14 +80,9 @@ namespace:
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd";>
- <bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
- <property name="allowIfAllAbstainDecisions" value="true"/>
- <property name="decisionVoters">
- <list>
- <bean class="org.springframework.security.access.vote.RoleVoter"/>
- </list>
- </property>
- </bean>
+ <bean id="authorizationManager" class="
org.springframework.security.authorization.AuthorityAuthorizationManager">
+ <constructor-arg name="authorities" value="ROLE_ADMIN"/>
+ </bean>
<spring-security:authentication-manager alias="authenticationManager">
<spring-security:authentication-provider
user-service-ref="userDetailsService"/>
@@ -121,10 +113,10 @@ to a route:
<!-- import the Spring security configuration -->
<import resource=
"classpath:org/apache/camel/component/spring/security/commonSecurity.xml"/>
- <authorizationPolicy id="admin" access="ROLE_ADMIN"
+ <authorizationPolicy id="admin"
+ authorizationManager="authorizationManager"
authenticationManager="authenticationManager"
- accessDecisionManager="accessDecisionManager"
- xmlns="http://camel.apache.org/schema/spring-security"/>
+ xmlns="http://camel.apache.org/schema/spring-security "/>
<camelContext id="myCamelContext"
xmlns="http://camel.apache.org/schema/spring";>
<route>
diff --git
a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAccessPolicy.java
b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAccessPolicy.java
deleted file mode 100644
index a3dad559c77..00000000000
---
a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAccessPolicy.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.component.spring.security;
-
-import java.util.List;
-
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
-import org.springframework.util.Assert;
-
-public class SpringSecurityAccessPolicy {
-
- private final List<ConfigAttribute> configAttributes;
-
- public SpringSecurityAccessPolicy(String access) {
- Assert.isTrue(access != null, "The access attribute must not be
null.");
- configAttributes =
SecurityConfig.createListFromCommaDelimitedString(access);
- }
-
- public List<ConfigAttribute> getConfigAttributes() {
- return configAttributes;
- }
-
-}
diff --git
a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy.java
b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy.java
index fa961fc9575..52a53292e00 100644
---
a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy.java
+++
b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy.java
@@ -16,8 +16,6 @@
*/
package org.apache.camel.component.spring.security;
-import java.util.List;
-
import javax.security.auth.Subject;
import org.apache.camel.CamelAuthorizationException;
@@ -35,12 +33,12 @@ import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
-import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.event.AuthorizationFailureEvent;
-import org.springframework.security.access.event.AuthorizedEvent;
import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationManager;
+import
org.springframework.security.authorization.event.AuthorizationDeniedEvent;
+import
org.springframework.security.authorization.event.AuthorizationGrantedEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;
@@ -48,11 +46,10 @@ import org.springframework.util.Assert;
public class SpringSecurityAuthorizationPolicy extends IdentifiedType
implements AuthorizationPolicy, InitializingBean,
ApplicationEventPublisherAware {
private static final Logger LOG =
LoggerFactory.getLogger(SpringSecurityAuthorizationPolicy.class);
- private AccessDecisionManager accessDecisionManager;
+ private AuthorizationManager<Exchange> authorizationManager;
private AuthenticationManager authenticationManager;
private AuthenticationAdapter authenticationAdapter;
private ApplicationEventPublisher eventPublisher;
- private SpringSecurityAccessPolicy accessPolicy;
private boolean alwaysReauthenticate;
private boolean useThreadSecurityContext = true;
@@ -67,28 +64,27 @@ public class SpringSecurityAuthorizationPolicy extends
IdentifiedType
}
protected void beforeProcess(Exchange exchange) throws Exception {
- List<ConfigAttribute> attributes = accessPolicy.getConfigAttributes();
-
try {
Authentication authToken = getAuthentication(exchange.getIn());
if (authToken == null) {
throw new CamelAuthorizationException("Cannot find the
Authentication instance.", exchange);
}
- Authentication authenticated = authenticateIfRequired(authToken);
+ Authentication authentication = authenticateIfRequired(authToken);
+ AuthorizationDecision decision =
this.authorizationManager.check(() -> authentication, exchange);
// Attempt authorization with exchange
try {
- this.accessDecisionManager.decide(authenticated, exchange,
attributes);
+ this.authorizationManager.verify(() -> authentication,
exchange);
} catch (AccessDeniedException accessDeniedException) {
exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
- AuthorizationFailureEvent event = new
AuthorizationFailureEvent(
- exchange, attributes, authenticated,
- accessDeniedException);
+ AuthorizationDeniedEvent<Exchange> event = new
AuthorizationDeniedEvent<>(
+ () -> authentication, exchange, decision);
publishEvent(event);
throw accessDeniedException;
}
- publishEvent(new AuthorizedEvent(exchange, attributes,
authenticated));
+
+ publishEvent(new AuthorizationGrantedEvent<Exchange>(() ->
authentication, exchange, decision));
} catch (RuntimeException exception) {
exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
@@ -128,8 +124,7 @@ public class SpringSecurityAuthorizationPolicy extends
IdentifiedType
@Override
public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationManager, "An AuthenticationManager
is required");
- Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager
is required");
- Assert.notNull(this.accessPolicy, "The accessPolicy is required");
+ Assert.notNull(this.authorizationManager, "An AuthorizationManager is
required");
}
private Authentication authenticateIfRequired(Authentication
authentication) {
@@ -166,8 +161,8 @@ public class SpringSecurityAuthorizationPolicy extends
IdentifiedType
this.authenticationAdapter = adapter;
}
- public AccessDecisionManager getAccessDecisionManager() {
- return accessDecisionManager;
+ public AuthorizationManager<Exchange> getAuthorizationManager() {
+ return authorizationManager;
}
public AuthenticationManager getAuthenticationManager() {
@@ -179,14 +174,6 @@ public class SpringSecurityAuthorizationPolicy extends
IdentifiedType
this.eventPublisher = applicationEventPublisher;
}
- public void setSpringSecurityAccessPolicy(SpringSecurityAccessPolicy
policy) {
- this.accessPolicy = policy;
- }
-
- public SpringSecurityAccessPolicy getSpringSecurityAccessPolicy() {
- return accessPolicy;
- }
-
public boolean isAlwaysReauthenticate() {
return alwaysReauthenticate;
}
@@ -207,7 +194,7 @@ public class SpringSecurityAuthorizationPolicy extends
IdentifiedType
this.authenticationManager = newManager;
}
- public void setAccessDecisionManager(AccessDecisionManager
accessDecisionManager) {
- this.accessDecisionManager = accessDecisionManager;
+ public void setAuthorizationManager(AuthorizationManager<Exchange>
authorizationManager) {
+ this.authorizationManager = authorizationManager;
}
}
diff --git
a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyParser.java
b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyParser.java
index 236c2ef4fb2..b68c04c643b 100644
---
a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyParser.java
+++
b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyParser.java
@@ -18,7 +18,6 @@ package org.apache.camel.component.spring.security.config;
import org.w3c.dom.Element;
-import org.apache.camel.component.spring.security.SpringSecurityAccessPolicy;
import
org.apache.camel.component.spring.security.SpringSecurityAuthorizationPolicy;
import org.apache.camel.util.ObjectHelper;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@@ -32,7 +31,7 @@ public class SpringSecurityAuthorizationPolicyParser extends
BeanDefinitionParse
@Override
protected boolean isEligibleAttribute(String attributeName) {
- if ("access".equals(attributeName) ||
"accessDecisionManager".equals(attributeName)
+ if ("access".equals(attributeName) ||
"authorizationManager".equals(attributeName)
|| "authenticationManager".equals(attributeName)) {
return false;
} else {
@@ -42,16 +41,11 @@ public class SpringSecurityAuthorizationPolicyParser
extends BeanDefinitionParse
@Override
protected void postProcess(BeanDefinitionBuilder builder, Element element)
{
- setReferenceIfAttributeDefine(builder, element,
"accessDecisionManager");
+ setReferenceIfAttributeDefine(builder, element,
"authorizationManager");
setReferenceIfAttributeDefine(builder, element,
"authenticationManager");
if
(ObjectHelper.isNotEmpty(element.getAttribute("authenticationAdapter"))) {
builder.addPropertyReference("authenticationAdapter",
element.getAttribute("authenticationAdapter"));
}
-
- BeanDefinitionBuilder accessPolicyBuilder =
BeanDefinitionBuilder.genericBeanDefinition(
- SpringSecurityAccessPolicy.class.getCanonicalName());
-
accessPolicyBuilder.addConstructorArgValue(element.getAttribute("access"));
- builder.addPropertyValue("springSecurityAccessPolicy",
accessPolicyBuilder.getBeanDefinition());
}
protected void setReferenceIfAttributeDefine(BeanDefinitionBuilder
builder, Element element, String attribute) {
diff --git
a/components/camel-spring-security/src/main/resources/schema/camel-spring-security.xsd
b/components/camel-spring-security/src/main/resources/schema/camel-spring-security.xsd
index 1af02c46d59..f5725057bf1 100644
---
a/components/camel-spring-security/src/main/resources/schema/camel-spring-security.xsd
+++
b/components/camel-spring-security/src/main/resources/schema/camel-spring-security.xsd
@@ -33,10 +33,10 @@
<xsd:complexType>
<xsd:attribute name="id" type="xsd:ID" use="required" />
<xsd:attribute name="access" type="xsd:string" />
- <xsd:attribute name="accessDecisionManager" type="xsd:string" />
<xsd:attribute name="authenticationAdapter" type="xsd:string" />
- <xsd:attribute name="authenticationManager" type="xsd:string" />
- <xsd:attribute name="useThreadSecurityContext"
type="xsd:boolean" default="true"/>
+ <xsd:attribute name="authenticationManager" type="xsd:string"
/>
+ <xsd:attribute name="authorizationManager" type="xsd:string"
/>
+ <xsd:attribute name="useThreadSecurityContext"
type="xsd:boolean" default="true"/>
<xsd:attribute name="alwaysReauthenticate" type="xsd:boolean"
default="false"/>
</xsd:complexType>
</xsd:element>
diff --git
a/components/camel-spring-security/src/test/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyConfigTest.java
b/components/camel-spring-security/src/test/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyConfigTest.java
index 4c2ca3bb7e1..06a56e171b6 100644
---
a/components/camel-spring-security/src/test/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyConfigTest.java
+++
b/components/camel-spring-security/src/test/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyConfigTest.java
@@ -47,18 +47,16 @@ public class SpringSecurityAuthorizationPolicyConfigTest {
SpringSecurityAuthorizationPolicy adminPolicy =
context.getBean("admin", SpringSecurityAuthorizationPolicy.class);
assertNotNull(adminPolicy, "We should get admin policy");
- assertNotNull(adminPolicy.getAccessDecisionManager(), "The
accessDecisionManager should not be null");
+ assertNotNull(adminPolicy.getAuthorizationManager(), "The
authorizationManager should not be null");
assertNotNull(adminPolicy.getAuthenticationManager(), "The
authenticationManager should not be null");
- assertNotNull(adminPolicy.getSpringSecurityAccessPolicy(), "The
springSecurityAccessPolicy should not be null");
SpringSecurityAuthorizationPolicy userPolicy = context.getBean("user",
SpringSecurityAuthorizationPolicy.class);
assertNotNull(userPolicy, "We should get user policy");
- assertNotNull(userPolicy.getAccessDecisionManager(), "The
accessDecisionManager should not be null");
+ assertNotNull(adminPolicy.getAuthorizationManager(), "The
authorizationManager should not be null");
assertNotNull(userPolicy.getAuthenticationManager(), "The
authenticationManager should not be null");
- assertNotNull(userPolicy.getSpringSecurityAccessPolicy(), "The
springSecurityAccessPolicy should not be null");
- assertEquals(adminPolicy.getAccessDecisionManager(),
userPolicy.getAccessDecisionManager(),
- "user policy and admin policy should have same
accessDecisionManager");
+ assertEquals(adminPolicy.getAuthorizationManager(),
userPolicy.getAuthorizationManager(),
+ "user policy and admin policy should have same
authorizationManager");
assertEquals(adminPolicy.getAuthenticationManager(),
userPolicy.getAuthenticationManager(),
"user policy and admin policy should have same
authenticationManager");
}
diff --git
a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/SpringSecurityCamelContext.xml
b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/SpringSecurityCamelContext.xml
index 9248509ab45..701c2a4ca7b 100644
---
a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/SpringSecurityCamelContext.xml
+++
b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/SpringSecurityCamelContext.xml
@@ -30,9 +30,9 @@
<!-- import the spring security configuration -->
<import
resource="classpath:org/apache/camel/component/spring/security/commonSecurity.xml"/>
- <authorizationPolicy id="admin" access="ROLE_ADMIN"
+ <authorizationPolicy id="admin"
authenticationManager="authenticationManager"
- accessDecisionManager="accessDecisionManager"
+ authorizationManager="authorizationManager"
xmlns="http://camel.apache.org/schema/spring-security"/>
<camelContext id="myCamelContext"
xmlns="http://camel.apache.org/schema/spring";>
diff --git
a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/commonSecurity.xml
b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/commonSecurity.xml
index 74286a08f3a..c08bbfa0d0d 100644
---
a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/commonSecurity.xml
+++
b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/commonSecurity.xml
@@ -26,11 +26,8 @@
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd";>
- <bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
- <constructor-arg index="0">
- <bean class="org.springframework.security.access.vote.RoleVoter"/>
- </constructor-arg>
- <property name="allowIfAllAbstainDecisions" value="true"/>
+ <bean id="authorizationManager" class="
org.springframework.security.authorization.AuthorityAuthorizationManager">
+ <constructor-arg name="authorities" value="ROLE_ADMIN"/>
</bean>
<spring-security:authentication-manager alias="authenticationManager">
diff --git
a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicy.xml
b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicy.xml
index b854129d1e4..eee09626c05 100644
---
a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicy.xml
+++
b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicy.xml
@@ -30,7 +30,7 @@
<authorizationPolicy id="admin" access="ROLE_ADMIN"
authenticationManager="authenticationManager"
- accessDecisionManager="accessDecisionManager"
+ authorizationManager="authorizationManager"
xmlns="http://camel.apache.org/schema/spring-security"/>
<authorizationPolicy id="user" access="ROLE_USER"
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_7.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_7.adoc
index 35a0a3ffdea..17db7a4f4da 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_7.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_7.adoc
@@ -10,3 +10,24 @@ from both 4.0 to 4.1 and 4.1 to 4.2.
Add default values to `ThrottlingExceptionRoutePolicy` route policy.
+=== camel-spring-security
+
+The `camel-spring-security` component has been updated to improve readiness
for Spring Security 7.x. Since Spring Security 5.8 the `AccessDecisionManager`
interface and the related cooperating classes have been deprecated in favor of
`AuthorizationManager` based patterns.
+If you are creating Spring Security route policies in your code, you must now
refactor them to be based on an `AuthorizationManager`.
+
+For example, you might have a route policy defined as follows:
+```java
+SpringSecurityAuthorizationPolicy authorizationPolicy = new
SpringSecurityAuthorizationPolicy();
+authorizationPolicy.setAuthenticationManager(authenticationManager);
+authorizationPolicy.setSpringSecurityAccessPolicy(new
SpringSecurityAccessPolicy("ROLE_ADMIN"));
+authorizationPolicy.setAccessDecisionManager(new
AffirmativeBased(Collections.singletonList(new RoleVoter())));
+```
+With the changes implemented in this release, that must be refactored to:
+```java
+SpringSecurityAuthorizationPolicy authorizationPolicy = new
SpringSecurityAuthorizationPolicy();
+authorizationPolicy.setAuthenticationManager(authenticationManager);
+authorizationPolicy.setAuthorizationManager(AuthorityAuthorizationManager.hasRole("ADMIN"));
+```
+This new pattern supports a more expressive language to define your own
authorization rules, exposing the full power of the Spring Security framework
to Camel route policies.
+See the
https://docs.spring.io/spring-security/reference/5.8/migration/servlet/authorization.html#servlet-replace-permissionevaluator-bean-with-methodsecurityexpression-handler[spring
documentation] for further details on how to migrate your custom code from
`AccessDecisionManager` to `AuthorizationManager`.
+
diff --git
a/tests/camel-itest/src/test/java/org/apache/camel/itest/security/GreeterClientTest.java
b/tests/camel-itest/src/test/java/org/apache/camel/itest/security/GreeterClientTest.java
index 38bf6f2e553..906199e3035 100644
---
a/tests/camel-itest/src/test/java/org/apache/camel/itest/security/GreeterClientTest.java
+++
b/tests/camel-itest/src/test/java/org/apache/camel/itest/security/GreeterClientTest.java
@@ -122,7 +122,7 @@ public class GreeterClientTest {
"Get a wrong exception message");
assertTrue(
ex.getMessage().endsWith(
- "Caused by:
[org.springframework.security.access.AccessDeniedException - Access is
denied]"),
+ "Caused by:
[org.springframework.security.access.AccessDeniedException - Access Denied]"),
"Get a wrong exception message");
}
}
diff --git
a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/CxfMessageCamelContext.xml
b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/CxfMessageCamelContext.xml
index 9b47c2cfb56..740c549d7c4 100644
---
a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/CxfMessageCamelContext.xml
+++
b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/CxfMessageCamelContext.xml
@@ -34,7 +34,7 @@
<authorizationPolicy id="admin" access="ROLE_ADMIN"
authenticationAdapter="myAuthenticationAdapter"
authenticationManager="authenticationManager"
- accessDecisionManager="accessDecisionManager"
+ authorizationManager="authorizationManager"
xmlns="http://camel.apache.org/schema/spring-security"/>
<bean id="myAuthenticationAdapter"
class="org.apache.camel.itest.security.MyAuthenticationAdapter"/>
diff --git
a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/camel-context.xml
b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/camel-context.xml
index ce00be31c5f..0b843eb4f6f 100644
---
a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/camel-context.xml
+++
b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/camel-context.xml
@@ -31,10 +31,10 @@
<!-- import the spring security configuration -->
<import
resource="classpath:org/apache/camel/itest/security/commonSecurity.xml"/>
- <authorizationPolicy id="admin" access="ROLE_ADMIN"
+ <authorizationPolicy id="admin"
authenticationAdapter="myAuthenticationAdapter"
authenticationManager="authenticationManager"
- accessDecisionManager="accessDecisionManager"
+ authorizationManager="authorizationManager"
xmlns="http://camel.apache.org/schema/spring-security"/>
<bean id="myAuthenticationAdapter"
class="org.apache.camel.itest.security.MyAuthenticationAdapter"/>
diff --git
a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/commonSecurity.xml
b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/commonSecurity.xml
index d75cc2ef0ba..54cf44943a1 100644
---
a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/commonSecurity.xml
+++
b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/commonSecurity.xml
@@ -32,11 +32,8 @@
</spring-security:authentication-provider>
</spring-security:authentication-manager>
- <bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
- <constructor-arg index="0">
- <bean class="org.springframework.security.access.vote.RoleVoter"/>
- </constructor-arg>
- <property name="allowIfAllAbstainDecisions" value="true"/>
+ <bean id="authorizationManager" class="
org.springframework.security.authorization.AuthorityAuthorizationManager">
+ <constructor-arg name="authorities" value="ROLE_ADMIN"/>
</bean>
<bean id="passwordEncoder"
class="org.springframework.security.crypto.password.NoOpPasswordEncoder"/>
