You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by mgiammarco <mg...@gmail.com> on 2012/04/05 20:54:06 UTC
Re: How can Shiro be used with camel to limit access to a route?
Ok I have found the bug:
ShiroSecurityTokenInjector creates a bytearray and puts it in the message
header.
The bytearray do not pass through openwire...
But the bytearray content is a string text with only ascii chars! So I
manually put it as an header of string type.
--
View this message in context: http://camel.465427.n5.nabble.com/How-can-Shiro-be-used-with-camel-to-limit-access-to-a-route-tp5521623p5621207.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: How can Shiro be used with camel to limit access to a route?
Posted by "jethwani.bipin@gmail.com" <je...@gmail.com>.
Does it makes sense to have alwaysReauthenticate set from shiro.ini [main]
block?
I believe seeing the ShiroSecurityPolicy.java code that it won't pick that
setting from ini file for now.
--
View this message in context: http://camel.465427.n5.nabble.com/How-can-Shiro-be-used-with-camel-to-limit-access-to-a-route-tp5521623p5732069.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: How can Shiro be used with camel to limit access to a route?
Posted by Claus Ibsen <cl...@gmail.com>.
You can use your own messageConverter with the camel-jms component and
do all the to/from JMS yourselves. This is of course too much work.
But that gives you full power.
You can use interceptors to match when sending to jms, where you can
then transform the header to a valid JMS type.
And then have a type converter on the other side to go from
base64/String -> ByteSource
http://camel.apache.org/intercept
On Mon, May 6, 2013 at 7:49 AM, jethwani.bipin@gmail.com
<je...@gmail.com> wrote:
> Thank you for the reply.
> Is there a way to make the type converter work for camel header?
> Currently, I have a camel processor to reset the base64 shiro token to
> ByteSource, on the side where authentication has to be done
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/How-can-Shiro-be-used-with-camel-to-limit-access-to-a-route-tp5521623p5732055.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
--
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
Re: How can Shiro be used with camel to limit access to a route?
Posted by "jethwani.bipin@gmail.com" <je...@gmail.com>.
Thank you for the reply.
Is there a way to make the type converter work for camel header?
Currently, I have a camel processor to reset the base64 shiro token to
ByteSource, on the side where authentication has to be done
--
View this message in context: http://camel.465427.n5.nabble.com/How-can-Shiro-be-used-with-camel-to-limit-access-to-a-route-tp5521623p5732055.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: How can Shiro be used with camel to limit access to a route?
Posted by Claus Ibsen <cl...@gmail.com>.
Hi
Yeah we could add a new option to camel-shiro to use base64 as a
String type for the token. Then that header is safely transferable
over JMS.
BytesSource has a toBase64 method, and as well a method to create a
BytesSource from a String. So that should be fairly easy to do.
org.apache.shiro.util.ByteSource#toBase64
org.apache.shiro.util.ByteSource.Util#bytes
Fell free to log a JIRA ticket and contributions is always welcome
http://camel.apache.org/contributing.html
On Sun, May 5, 2013 at 1:31 PM, jethwani.bipin@gmail.com
<je...@gmail.com> wrote:
> I doubt if type converter works for camel header.
> Has this camel shiro issue been resolved? It shouldn't actually be
> ByteSource object??
> Let me know I am kind of struck with this.
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/How-can-Shiro-be-used-with-camel-to-limit-access-to-a-route-tp5521623p5732037.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
--
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
Re: How can Shiro be used with camel to limit access to a route?
Posted by "jethwani.bipin@gmail.com" <je...@gmail.com>.
I doubt if type converter works for camel header.
Has this camel shiro issue been resolved? It shouldn't actually be
ByteSource object??
Let me know I am kind of struck with this.
--
View this message in context: http://camel.465427.n5.nabble.com/How-can-Shiro-be-used-with-camel-to-limit-access-to-a-route-tp5521623p5732037.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: How can Shiro be used with camel to limit access to a route?
Posted by Claus Ibsen <cl...@gmail.com>.
On Fri, Apr 6, 2012 at 10:36 AM, mgiammarco <mg...@gmail.com> wrote:
> 2012/4/6, Claus Ibsen-2 [via Camel] <ml...@n5.nabble.com>:
>>
>>
>> On Thu, Apr 5, 2012 at 8:54 PM, mgiammarco <mg...@gmail.com> wrote:
>>> Ok I have found the bug:
>>>
>>> ShiroSecurityTokenInjector creates a bytearray and puts it in the message
>>> header.
>>>
>>> The bytearray do not pass through openwire...
>>>
>>
>> Ah crap, yeah JMS spec have limitations on what can be transfered over
>> JMS in JMS properties.
>> We have some notes about this at the Camel JMS wiki page
>> http://camel.apache.org/jms
>>
>> I wonder if we can always safely convert the shiro token as a String
>> representation instead of byte[]?
>> A string is always supported.
>>
>> I dont assume we need to base encode the byte array or something? The
>> token may already be representable out of the box in a String.
>>
>> Maybe you could check a bit on Shiro and see about this about the
>> token? And if possible we could maybe adjust the code in camel-shiro.
>
> Ok I was optimist about toString().
>
> To make all things work I do this:
> from ByteSource get byte[]
> encode the token to base64 (using apache commons codec)
> send it to jms
> decode from base64
> new ByteSource( byte[] decoded)
> put it in the shiro token header
> Then all works.
>
Cool. Do you do request/reply over JMS or something?
I noticed there is a toBase64() method on org.apache.shiro.util.ByteSource
so you may have this out of the box.
So it could be a matter of having type converter from String ->
org.apache.shiro.util.ByteSource
and the reverse converter.
> Mario
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/How-can-Shiro-be-used-with-camel-to-limit-access-to-a-route-tp5521623p5622341.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
--
Claus Ibsen
-----------------
CamelOne 2012 Conference, May 15-16, 2012: http://camelone.com
FuseSource
Email: cibsen@fusesource.com
Web: http://fusesource.com
Twitter: davsclaus, fusenews
Blog: http://davsclaus.blogspot.com/
Author of Camel in Action: http://www.manning.com/ibsen/
Re: How can Shiro be used with camel to limit access to a route?
Posted by mgiammarco <mg...@gmail.com>.
2012/4/6, Claus Ibsen-2 [via Camel] <ml...@n5.nabble.com>:
>
>
> On Thu, Apr 5, 2012 at 8:54 PM, mgiammarco <mg...@gmail.com> wrote:
>> Ok I have found the bug:
>>
>> ShiroSecurityTokenInjector creates a bytearray and puts it in the message
>> header.
>>
>> The bytearray do not pass through openwire...
>>
>
> Ah crap, yeah JMS spec have limitations on what can be transfered over
> JMS in JMS properties.
> We have some notes about this at the Camel JMS wiki page
> http://camel.apache.org/jms
>
> I wonder if we can always safely convert the shiro token as a String
> representation instead of byte[]?
> A string is always supported.
>
> I dont assume we need to base encode the byte array or something? The
> token may already be representable out of the box in a String.
>
> Maybe you could check a bit on Shiro and see about this about the
> token? And if possible we could maybe adjust the code in camel-shiro.
Ok I was optimist about toString().
To make all things work I do this:
from ByteSource get byte[]
encode the token to base64 (using apache commons codec)
send it to jms
decode from base64
new ByteSource( byte[] decoded)
put it in the shiro token header
Then all works.
Mario
--
View this message in context: http://camel.465427.n5.nabble.com/How-can-Shiro-be-used-with-camel-to-limit-access-to-a-route-tp5521623p5622341.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: How can Shiro be used with camel to limit access to a route?
Posted by Claus Ibsen <cl...@gmail.com>.
On Thu, Apr 5, 2012 at 8:54 PM, mgiammarco <mg...@gmail.com> wrote:
> Ok I have found the bug:
>
> ShiroSecurityTokenInjector creates a bytearray and puts it in the message
> header.
>
> The bytearray do not pass through openwire...
>
Ah crap, yeah JMS spec have limitations on what can be transfered over
JMS in JMS properties.
We have some notes about this at the Camel JMS wiki page
http://camel.apache.org/jms
I wonder if we can always safely convert the shiro token as a String
representation instead of byte[]?
A string is always supported.
I dont assume we need to base encode the byte array or something? The
token may already be representable out of the box in a String.
Maybe you could check a bit on Shiro and see about this about the
token? And if possible we could maybe adjust the code in camel-shiro.
> But the bytearray content is a string text with only ascii chars! So I
> manually put it as an header of string type.
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/How-can-Shiro-be-used-with-camel-to-limit-access-to-a-route-tp5521623p5621207.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
--
Claus Ibsen
-----------------
CamelOne 2012 Conference, May 15-16, 2012: http://camelone.com
FuseSource
Email: cibsen@fusesource.com
Web: http://fusesource.com
Twitter: davsclaus, fusenews
Blog: http://davsclaus.blogspot.com/
Author of Camel in Action: http://www.manning.com/ibsen/