Claus Ibsen wrote:
On Thu, Apr 1, 2010 at 4:20 PM, Willem Jiang <[email protected]> wrote:
Hi Jervis
I'm planing to work on Spring security and Camel integration[1] in the
coming up few week.
If everything goes well, I think you can try out the basic security
implementation with Role based authorization then we can try to integrate
the Drools part.
[1] https://issues.apache.org/activemq/browse/CAMEL-2579
Willem please hold with making major changes into the 2.3 codebase.
We have the features we need for 2.3 and want to use the next 2-3
weeks to get the last pieces done so we can get a 2.3 release out the
door.
And I believe we need to discuss and design the security framework to
be added into Camel in the public.
I think you can start with creating a wiki page at the developer
section at Camel wiki and then we can all take a look and help design
it.
Sure, I will work on the design document first.
Its important that we do this in a manner so the security framework of
choice can easily be plugged in, as many have different needs.
And some are forced to use JAAS etc.
So it should NOT be a Spring Security that master how we do this in Camel.
Willem
Claus Ibsen wrote:
Hi
Sounds great with Drools integration with Camel.
No there is not a general security module in Camel.
Its something that we will work on and provide in the future.
At present time its not on the roadmap short term.
Each individual camel component often have their own security settings
which you leverage, such as Jetty etc.
On Thu, Apr 1, 2010 at 11:04 AM, jliu <[email protected]> wrote:
Hi,
I am currently working on Drools (http://www.jboss.org/drools) Camel
integration. One requirement popped up is to provide a secured access to
Drools KnowledgeSession . For those who is not familiar with Drools,
Drools
KnowledgeSession is defined as a Camel process or endpoint. Basically
this
means an authentication framework and an authorization framework that can
be
used to provide service level and method level security. The
authorization
part needs to support both role-based authorization and rule-based
authorization. So for example, with this security in place, I can say
"only
admin type user can access Drools KnowledgeSession " or "only admin type
user can call insertFact on Drools KnowledgeSession ". I can also say
"If
the current user has called fireAllRules on Drools KnowledgeSession more
than an average of 5 times in the last minute, then reject the next
invocation, as its possible fraud".
An example of camle route with authorization may look like below (Please
note, this is not a valid configuration, just used to illustrate the
idea):
Service level security:
a camel route without authorization:
<camel:route>
<camel:from uri="direct:executor" />
<camel:process ref="DroolsBatchExecutorProcessor"/>
<camel:to uri="direct:xstreamTransformerResult" />
</camel:route>
a camel route with simple role based authorization using role mappings
stored in property files:
<camel:route>
<camel:from uri="direct:executor" />
<camel:process ref="DroolsBatchExecutorProcessor"
authorization-module="role-based-using-property-file"
rolesAllowed="admin=,
analysis"/>
<camel:to uri="direct:xstreamTransformerResult" />
</camel:route>
a camel route with rule based authorization using Drools:
<camel:route>
<camel:from uri="direct:executor" />
<camel:process ref="DroolsBatchExecutorProcessor"
authorization-module="rule-based-using-drools"/>
<camel:to uri="direct:xstreamTransformerResult" />
</camel:route>
Method level security:
TBD
Does such feature exist in Camel or will be supported in the future?
Thanks,
Jervis Liu
--
View this message in context:
http://old.nabble.com/Camel-security-tp28106100p28106100.html
Sent from the Camel - Users mailing list archive at Nabble.com.
