The ShiroSecurityPolicy, tests and permits incoming message exchanges containing a encrypted SecurityToken in the Message Header to proceed further following proper authentication. The SecurityToken object contains a Username/Password details that are used to determine where the user is a valid user.
protected RouteBuilder createRouteBuilder() throws Exception {
final ShiroSecurityPolicy securityPolicy =
new ShiroSecurityPolicy("classpath:shiro.ini", passPhrase);
return new RouteBuilder() {
public void configure() {
onException(UnknownAccountException.class)
.to("mock:authenticationException");
onException(IncorrectCredentialsException.class)
.to("mock:authenticationException");
onException(LockedAccountException.class)
.to("mock:authenticationException");
onException(AuthenticationException.class)
.to("mock:authenticationException");
from("direct:secureEndpoint")
.to("log:incoming payload")
.policy(securityPolicy)
.to("mock:success");
}
};
}