Controlling access to Camel routes - 6.3

Talend ESB Mediation Developer Guide

EnrichVersion
6.3
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
task
Design and Development
EnrichPlatform
Talend ESB

A Spring Security AuthenticationManager and AccessDecisionManager are required to use this component. Here is an example of how to configure these objects in Spring XML using the Spring Security namespace:

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:spring-security="http://www.springframework.org/schema/security"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
   <bean id="accessDecisionManager" 
      class="org.springframework.security.access.vote.AffirmativeBased">
      <property name="allowIfAllAbstainDecisions" value="true"/>
      <property name="decisionVoters">
         <list>
            <bean 
               class="org.springframework.security.access.vote.RoleVoter"/>
         </list>
      </property>
   </bean>
    
   <spring-security:authentication-manager alias="authenticationManager">
      <spring-security:authentication-provider 
         user-service-ref="userDetailsService"/>
   </spring-security:authentication-manager>
   
   <spring-security:user-service id="userDetailsService">
      <spring-security:user name="jim" 
         password="jimspassword" authorities="ROLE_USER, ROLE_ADMIN"/>
      <spring-security:user name="bob" 
         password="bobspassword" authorities="ROLE_USER"/>
   </spring-security:user-service>

</beans>

Now that the underlying security objects are set up, we can use them to configure an authorization policy and use that policy to control access to a route:

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:spring-security="http://www.springframework.org/schema/security"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://camel.apache.org/schema/spring
http://camel.apache.org/schema/spring/camel-spring.xsd
http://camel.apache.org/schema/spring-security
http://camel.apache.org/schema/spring-security/camel-spring-security.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

    <!-- import the Spring security configuration  -->
    <import resource=
"classpath:org/apache/camel/component/spring/security/ \\
commonSecurity.xml"/>

   <authorizationPolicy id="admin" access="ROLE_ADMIN"
      authenticationManager="authenticationManager"
      accessDecisionManager="accessDecisionManager"
      xmlns="http://camel.apache.org/schema/spring-security"/>

   <camelContext id="myCamelContext" 
      xmlns="http://camel.apache.org/schema/spring">
      <route>
         <from uri="direct:start"/>
         <!-- The exchange should be authenticated with the role -->
         <!-- of ADMIN before it is send to mock:endpoint -->
         <policy ref="admin">
            <to uri="mock:end"/>
         </policy>
      </route>
   </camelContext>

</beans>

In this example, the endpoint mock:end will not be executed unless a Spring Security Authentication object that has been or can be authenticated and contains the ROLE_ADMIN authority can be located by the admin SpringSecurityAuthorizationPolicy.