Hello,
I have a requirement to provide a service using Camel Jetty component and
SSL. I have the SSL working fine for server certificate validation by
clients.
The route basically looks like this:
from("jetty://https://0.0.0.0:thePort/theSecureAPI";).to(...)
The code that configures the SSL for the Jetty component looks like below
and works fine:
private void configureJettyComponentForSsl() {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(trustStorePath);
ksp.setPassword(trustStorePassword);
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword(keyPassword);
SSLContextParameters scp = new SSLContextParameters();
scp.setKeyManagers(kmp);
JettyHttpComponent jettyComponent = getContext().getComponent("jetty",
JettyHttpComponent.class);
jettyComponent.setSslContextParameters(scp);
}
Now I need to add client certificate validation, and to restrict
connections to a particular IP. What would be the best approach?
Maybe using SslSocketConnectors like:
final HashMap<Integer, Connector> portToConnectorMap = new HashMap<>();
portToConnectorMap.put(thePort, what-here?? )
jettyComponent.setSslSocketConnectors(portToConnectorMap);
Or, maybe I could accept the call into the route and use a processor that
would reject it if it does not come from the required IP? (how can I get
the client IP from within the route?) I would still need to perfor the
client certificate validation.
Can I use a spring security filter?
Any guidance would be welcome.
