Hi Claus,
My comments are in the mail.
Claus Ibsen wrote:
Hi Willem
Looks great.
Only think is that I wonder if introducing another schema
(spring/security) in Camel.
Is it entirely spring-security based? Maybe the schema should be named
to reflect this to avoid it being a _general_ security schema for
Camel.
etc name it (spring/spring-security) if it based 100% on the Spring
Security Framework only.
The new schema is based on spring-security to make the user configure
the AuthorizationPolicy easily. I don't want to introduce a
_general_security schema for camel at this time.
I assume if the Exchange is denied then a CamelAuthorizationException
is thrown. And this exception is from camel-core? eg org.apache.camel
package.
Then each different camel security component can create their own sub
class of this exception if they need specialized details in their
exception.
+1
To support Spring Security framework we can store the authentication instance
of Spring security with Exchange.AUTHENTICATION
as the key into the exchange property, if we want to support other security
framework, we could also store other framework's authentication
information into the exchange .
I wonder if we should store this in a Camel standard way? eg have the
information stored as some kind of interface which the different
security components
can adapt and understand? If we want to use the same key for all
security components, then I think we need a common type it must be
stored as.
How about introduce a common Authentication interface, and we could let
the different security component implement it themselves, and provides
customer converters to turn the common Authentication instance into the
Authentication instance which can be used in the security component.
On Wed, Apr 7, 2010 at 3:25 PM, Willem Jiang <[email protected]> wrote:
Hi,
I just added a design notes[1] for the Camel Security which shows a rough
design of Camel Security API, which just leverage the Camel Policy API to
delegate the access control to the AuthorizationPolicy. In this way we can
plugin different AuthoriztionPolicy implementation based on different
security framework easily.
For the authentication, as camel doesn't have any GUI or other interface to
type the user name and password. We just store the authentication instance
into the exchange property and let the camel client to deal with
authentication work. In the feature we could add some authentication support
on the camel-servlet, camel-jetty consumer.
Any thought?
[1]http://cwiki.apache.org/confluence/display/CAMEL/Camel+Security
Willem
Willem
