On Thu, Apr 8, 2010 at 7:09 AM, Martin Krasser <[email protected]> wrote: > Hi Willem, > > I like that. > > One additional thing I could imagine is to have an AOP style for applying > policies to endpoints. For example, instead of writing a policy() directly > into the route one could have: > > // access control DSL (AOP style) > enforce("adminPolicy").at("direct:myEndpoint") > > // route to which the access control DSL applies > from(...).process(...).to("direct:myEndpoint") > > What do you think? >
I think we should do this in 2 steps 1) As currently without DSL changes but getting the camel-spring-security component and all the other pieces into place 2) In a future release introduce a nice DSL for easier setting up security in the routes, eg to separate it out from the route logic, as Martin have suggested. The DSL needs to be intuitive and work well for both Java DSL and Spring XML (and to be added for Scala DSL as well) > Am 07.04.2010 15:25, schrieb Willem Jiang: >> >> Hi, >> >> I just added a design notes[1] for the Camel Security which shows a rough >> design of Camel Security API, which just leverage the Camel Policy API to >> delegate the access control to the AuthorizationPolicy. In this way we can >> plugin different AuthoriztionPolicy implementation based on different >> security framework easily. >> >> For the authentication, as camel doesn't have any GUI or other interface >> to type the user name and password. We just store the authentication >> instance into the exchange property and let the camel client to deal with >> authentication work. In the feature we could add some authentication support >> on the camel-servlet, camel-jetty consumer. >> >> Any thought? >> >> [1]http://cwiki.apache.org/confluence/display/CAMEL/Camel+Security >> >> Willem > > -- Claus Ibsen Apache Camel Committer Author of Camel in Action: http://www.manning.com/ibsen/ Open Source Integration: http://fusesource.com Blog: http://davsclaus.blogspot.com/ Twitter: http://twitter.com/davsclaus
