[
https://issues.apache.org/activemq/browse/CAMEL-2796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Willem Jiang resolved CAMEL-2796.
---------------------------------
Fix Version/s: 2.4.0
Resolution: Fixed
> camel-spring-security: provide reference to the policy when authorization
> fails
> -------------------------------------------------------------------------------
>
> Key: CAMEL-2796
> URL: https://issues.apache.org/activemq/browse/CAMEL-2796
> Project: Apache Camel
> Issue Type: Improvement
> Affects Versions: 2.3.0
> Reporter: Paul Mietz Egli
> Assignee: Willem Jiang
> Fix For: 2.4.0
>
>
> While it is possible to set up different policies to enforce authorization
> rules on Camel routes with the new camel-spring-security plugin, there is
> currently no way to tell which policy was being enforced when a
> org.springframework.security.SpringSecurityException is thrown. It would be
> very helpful to have a reference to the policy ID in the
> CamelAuthorizationException or in the headers so we can use it in the
> onException handlers.
> For example, let's say you have two policies:
> {code}
> <authorizationPolicy id="user" access="ROLE_USER"
> authenticationManager="authenticationManager"
> accessDecisionManager="accessDecisionManager"
> xmlns="http://camel.apache.org/schema/spring-security"; />
> <authorizationPolicy id="admin" access="ROLE_ADMIN"
> authenticationManager="authenticationManager"
> accessDecisionManager="accessDecisionManager"
> xmlns="http://camel.apache.org/schema/spring-security"; />
> {code}
> You also have two routes which use these policies:
> {code}
> <camelContext id="myCamelContext"
> xmlns="http://camel.apache.org/schema/spring";>
> <onException useOriginalMessage="true">
>
> <exception>org.springframework.security.BadCredentialsException</exception>
> <handled><constant>true</constant></handled>
> <to uri="log:auth_error" />
> </onException>
> <route>
> <from uri="direct:adminStart"/>
> <policy ref="admin">
> <to uri="mock:end"/>
> </policy>
> </route>
> <route>
> <from uri="direct:userStart"/>
> <policy ref="admin">
> <to uri="mock:end"/>
> </policy>
> </route>
> </camelContext>
> {code}
> Both of these routes will fail with an AccessDeniedException if the user
> doesn't have the proper role, but it would be desirable to handle exceptions
> for the ROLE_ADMIN failure differently than the ROLE_USER failure, maybe by
> using a <choice> element in the <onException> element.
> I know we have the CamelFailureEndpoint header, but this isn't very useful
> when more than one route uses the same authorization policy.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
