On Thu, Apr 1, 2010 at 4:20 PM, Willem Jiang <[email protected]> wrote: > Hi Jervis > > I'm planing to work on Spring security and Camel integration[1] in the > coming up few week. > If everything goes well, I think you can try out the basic security > implementation with Role based authorization then we can try to integrate > the Drools part. > > [1] https://issues.apache.org/activemq/browse/CAMEL-2579 >
Willem please hold with making major changes into the 2.3 codebase. We have the features we need for 2.3 and want to use the next 2-3 weeks to get the last pieces done so we can get a 2.3 release out the door. And I believe we need to discuss and design the security framework to be added into Camel in the public. I think you can start with creating a wiki page at the developer section at Camel wiki and then we can all take a look and help design it. Its important that we do this in a manner so the security framework of choice can easily be plugged in, as many have different needs. And some are forced to use JAAS etc. So it should NOT be a Spring Security that master how we do this in Camel. > Willem > > Claus Ibsen wrote: >> >> Hi >> >> Sounds great with Drools integration with Camel. >> >> No there is not a general security module in Camel. >> Its something that we will work on and provide in the future. >> At present time its not on the roadmap short term. >> >> Each individual camel component often have their own security settings >> which you leverage, such as Jetty etc. >> >> >> >> On Thu, Apr 1, 2010 at 11:04 AM, jliu <[email protected]> wrote: >>> >>> Hi, >>> >>> I am currently working on Drools (http://www.jboss.org/drools) Camel >>> integration. One requirement popped up is to provide a secured access to >>> Drools KnowledgeSession . For those who is not familiar with Drools, >>> Drools >>> KnowledgeSession is defined as a Camel process or endpoint. Basically >>> this >>> means an authentication framework and an authorization framework that can >>> be >>> used to provide service level and method level security. The >>> authorization >>> part needs to support both role-based authorization and rule-based >>> authorization. So for example, with this security in place, I can say >>> "only >>> admin type user can access Drools KnowledgeSession " or "only admin type >>> user can call insertFact on Drools KnowledgeSession ". I can also say >>> "If >>> the current user has called fireAllRules on Drools KnowledgeSession more >>> than an average of 5 times in the last minute, then reject the next >>> invocation, as its possible fraud". >>> >>> An example of camle route with authorization may look like below (Please >>> note, this is not a valid configuration, just used to illustrate the >>> idea): >>> >>> Service level security: >>> >>> a camel route without authorization: >>> <camel:route> >>> <camel:from uri="direct:executor" /> >>> <camel:process ref="DroolsBatchExecutorProcessor"/> >>> <camel:to uri="direct:xstreamTransformerResult" /> >>> </camel:route> >>> >>> a camel route with simple role based authorization using role mappings >>> stored in property files: >>> <camel:route> >>> <camel:from uri="direct:executor" /> >>> <camel:process ref="DroolsBatchExecutorProcessor" >>> authorization-module="role-based-using-property-file" >>> rolesAllowed="admin=, >>> analysis"/> >>> <camel:to uri="direct:xstreamTransformerResult" /> >>> </camel:route> >>> >>> a camel route with rule based authorization using Drools: >>> <camel:route> >>> <camel:from uri="direct:executor" /> >>> <camel:process ref="DroolsBatchExecutorProcessor" >>> authorization-module="rule-based-using-drools"/> >>> <camel:to uri="direct:xstreamTransformerResult" /> >>> </camel:route> >>> >>> Method level security: >>> TBD >>> >>> Does such feature exist in Camel or will be supported in the future? >>> >>> Thanks, >>> >>> Jervis Liu >>> -- >>> View this message in context: >>> http://old.nabble.com/Camel-security-tp28106100p28106100.html >>> Sent from the Camel - Users mailing list archive at Nabble.com. >>> >>> >> >> >> > > -- Claus Ibsen Apache Camel Committer Author of Camel in Action: http://www.manning.com/ibsen/ Open Source Integration: http://fusesource.com Blog: http://davsclaus.blogspot.com/ Twitter: http://twitter.com/davsclaus
