Spring Security Example

This example shows you how to leverage the Spring Security already provides authentication mechanism and authoriationPolicy which is provided in camel-spring-security module to implement a role based authorization application.

This example consumes messages from a servlet endpoint which is secured by Spring Security with http basic authentication, there are two service:

 "http://localhost:8080/camel/user" is for the authenticated user whose role is ROLE_USER
 "http://localhost:8080/camel/admin" is for the authenticated user whose role is ROLE_ADMIN

You will need to compile this example first:

  cd $CAMEL_HOME/examples/camel-example-spring-security
  mvn clean install

To run the example, you need to start up the server by typing

  mvn jetty:run

To stop the server hit ctrl + c

Then you can use the script in the client directory to send the request and check the response, or use browser to access upper service with the user/password ("jim/jimspassword" with the admin and user role or "rob/robspassword" with user role).

Here is the camel route configuration:

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:spring-security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
         http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
         http://camel.apache.org/schema/spring-security http://camel.apache.org/schema/spring-security/camel-spring-security.xsd
         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

  <spring-security:http realm="User Restrict Realm">
    <spring-security:intercept-url pattern="/camel/**" access="ROLE_USER"/>
    <spring-security:http-basic/>
    <spring-security:remember-me/>
  </spring-security:http>

    <!--  set up the user configuration here -->
  <spring-security:authentication-manager alias="authenticationManager">
    <spring-security:authentication-provider user-service-ref="userDetailsService"/>
  </spring-security:authentication-manager>

  <spring-security:user-service id="userDetailsService">
    <spring-security:user name="jim" password="jimspassword" authorities="ROLE_USER, ROLE_ADMIN"/>
    <spring-security:user name="bob" password="bobspassword" authorities="ROLE_USER"/>
  </spring-security:user-service>

  <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
    <property name="allowIfAllAbstainDecisions" value="true"/>
    <property name="decisionVoters">
      <list>
        <bean class="org.springframework.security.access.vote.RoleVoter"/>
      </list>
    </property>
  </bean>

  <!-- The Policy for checking the authentication role of ADMIN -->
  <authorizationPolicy id="admin" access="ROLE_ADMIN"
                       authenticationManager="authenticationManager"
                       accessDecisionManager="accessDecisionManager"
                       xmlns="http://camel.apache.org/schema/spring-security"/>

  <!-- The Policy for checking the authentication role of USER -->
  <authorizationPolicy id="user" access="ROLE_USER"
                       xmlns="http://camel.apache.org/schema/spring-security"/>

  <camelContext id="myCamelContext" xmlns="http://camel.apache.org/schema/spring">
    <!-- Catch the authorization exception and set the Access Denied message back -->
    <onException>
      <exception>org.apache.camel.CamelAuthorizationException</exception>
      <handled>
        <constant>true</constant>
      </handled>
      <transform>
        <simple>Access Denied with the Policy of ${exception.policyId} !</simple>
      </transform>
    </onException>

    <route>
      <from uri="servlet:///user"/>
      <!-- wrap the route in the policy which enforces security check -->
      <policy ref="user">
        <transform>
          <simple>Normal user can access this service</simple>
        </transform>
      </policy>
    </route>

    <route>
      <from uri="servlet:///admin"/>
      <!-- wrap the route in the policy which enforces security check -->
      <policy ref="admin">
        <transform>
          <simple>Call the admin operation OK</simple>
        </transform>
      </policy>
    </route>

  </camelContext>

</beans>

You can find how to configure the camel-servlet with http basic authentication by check the files in WEB-INF

© 2004-2011 The Apache Software Foundation.
Apache Camel, Camel, Apache, the Apache feather logo, and the Apache Camel project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
Graphic Design By Hiram