[
https://issues.apache.org/jira/browse/CAMEL-7079?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen resolved CAMEL-7079.
--------------------------------
Resolution: Fixed
Fix Version/s: 2.13.0
2.12.3
Assignee: Claus Ibsen
Thanks for the patch.
#2 is good as we store the token as encrypted bytes.
> Improvements to camel-shiro's ShiroSecurityProcessor
> ----------------------------------------------------
>
> Key: CAMEL-7079
> URL: https://issues.apache.org/jira/browse/CAMEL-7079
> Project: Camel
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Claus Ibsen
> Fix For: 2.12.3, 2.13.0
>
> Attachments: camel.patch.1, camel.patch.2
>
>
> I am attaching two different patches for some improvements to the
> ShiroSecurityProcessor in Camel's camel-shiro component. I'd like some
> feedback on which patch should apply.
> The scenario is that a ShiroSecurityToken object is retrieved in the
> ShiroSecurityProcessor. Currently, this object is first encrypted, and then
> decrypted, before authentication/authorization checking applies.
> a) Patch "1" makes no change to the current functionality of the processor,
> but provides a performance improvement to avoid encrypting + decrypting a
> ShiroSecurityToken object. We only need to decrypt a "String" or "ByteSource"
> header, not a ShiroSecurityToken object.
> b) Patch "2" follows the old pattern of encrypting + decrypting the
> ShiroSecurityToken object, but replaces the unencrypted token in the
> exchange, with the subsequent encrypted token. This may help avoid
> unintentional propagation of plaintext values in subsequent communications.
> The tests all pass with both approaches.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
