You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2020/03/26 14:16:29 UTC
[camel] branch master updated: CAMEL-14743 camel-elytron: refactor
component to use new SPI interface from camel-undertow (#3679)
This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new bad3fba CAMEL-14743 camel-elytron: refactor component to use new SPI interface from camel-undertow (#3679)
bad3fba is described below
commit bad3fbabab1a84b65ddd1b26e0c71f1ae6449524
Author: JiriOndrusek <on...@gmail.com>
AuthorDate: Thu Mar 26 15:16:13 2020 +0100
CAMEL-14743 camel-elytron: refactor component to use new SPI interface from camel-undertow (#3679)
---
components/camel-elytron/pom.xml | 16 ++
.../elytron/ElytronComponentConfigurer.java | 55 ----
.../elytron/ElytronEndpointConfigurer.java | 19 --
.../services/org/apache/camel/component.properties | 7 -
.../services/org/apache/camel/component/elytron | 2 -
.../org/apache/camel/configurer/elytron-component | 2 -
.../org/apache/camel/configurer/elytron-endpoint | 2 -
.../apache/camel/component/elytron/elytron.json | 72 -----
.../src/main/docs/elytron-component.adoc | 134 ++--------
.../camel/component/elytron/ElytronComponent.java | 175 ------------
.../camel/component/elytron/ElytronConsumer.java | 84 ------
.../camel/component/elytron/ElytronEndpoint.java | 83 ------
.../component/elytron/ElytronSecurityProvider.java | 156 +++++++++++
.../elytron/ElytronSercurityConfiguration.java | 41 +++
.../camel/component/elytron/BaseElytronTest.java | 42 ++-
.../component/elytron/ElytronBearerTokenTest.java | 17 +-
.../component/ComponentsBuilderFactory.java | 12 -
.../dsl/ElytronComponentBuilderFactory.java | 297 ---------------------
.../src/generated/resources/metadata.json | 20 --
.../modules/ROOT/pages/elytron-component.adoc | 133 ++-------
docs/components/modules/ROOT/pages/index.adoc | 4 +-
21 files changed, 305 insertions(+), 1068 deletions(-)
diff --git a/components/camel-elytron/pom.xml b/components/camel-elytron/pom.xml
index abcf51a..344f5b4 100644
--- a/components/camel-elytron/pom.xml
+++ b/components/camel-elytron/pom.xml
@@ -30,6 +30,7 @@
<packaging>jar</packaging>
<name>Camel :: Elytron</name>
+ <description>Elytron Security Provider for camel-undertow</description>
<dependencies>
<dependency>
@@ -152,5 +153,20 @@
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.camel</groupId>
+ <artifactId>camel-package-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate</id>
+ <phase>none</phase>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
</project>
diff --git a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronComponentConfigurer.java b/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronComponentConfigurer.java
deleted file mode 100644
index 0808ccd..0000000
--- a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronComponentConfigurer.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/* Generated by camel build tools - do NOT edit this file! */
-package org.apache.camel.component.elytron;
-
-import java.util.Map;
-
-import org.apache.camel.CamelContext;
-import org.apache.camel.spi.GeneratedPropertyConfigurer;
-import org.apache.camel.spi.PropertyConfigurerGetter;
-import org.apache.camel.util.CaseInsensitiveMap;
-import org.apache.camel.component.undertow.UndertowComponentConfigurer;
-
-/**
- * Generated by camel build tools - do NOT edit this file!
- */
-@SuppressWarnings("unchecked")
-public class ElytronComponentConfigurer extends UndertowComponentConfigurer implements GeneratedPropertyConfigurer, PropertyConfigurerGetter {
-
- @Override
- public boolean configure(CamelContext camelContext, Object obj, String name, Object value, boolean ignoreCase) {
- ElytronComponent target = (ElytronComponent) obj;
- switch (ignoreCase ? name.toLowerCase() : name) {
- case "elytronprovider":
- case "elytronProvider": target.setElytronProvider(property(camelContext, org.wildfly.security.WildFlyElytronBaseProvider.class, value)); return true;
- case "mechanismname":
- case "mechanismName": target.setMechanismName(property(camelContext, java.lang.String.class, value)); return true;
- case "securitydomainbuilder":
- case "securityDomainBuilder": target.setSecurityDomainBuilder(property(camelContext, org.wildfly.security.auth.server.SecurityDomain.Builder.class, value)); return true;
- default: return super.configure(camelContext, obj, name, value, ignoreCase);
- }
- }
-
- @Override
- public Map<String, Object> getAllOptions(Object target) {
- Map<String, Object> answer = super.getAllOptions(target);
- answer.put("elytronProvider", org.wildfly.security.WildFlyElytronBaseProvider.class);
- answer.put("mechanismName", java.lang.String.class);
- answer.put("securityDomainBuilder", org.wildfly.security.auth.server.SecurityDomain.Builder.class);
- return answer;
- }
-
- @Override
- public Object getOptionValue(Object obj, String name, boolean ignoreCase) {
- ElytronComponent target = (ElytronComponent) obj;
- switch (ignoreCase ? name.toLowerCase() : name) {
- case "elytronprovider":
- case "elytronProvider": return target.getElytronProvider();
- case "mechanismname":
- case "mechanismName": return target.getMechanismName();
- case "securitydomainbuilder":
- case "securityDomainBuilder": return target.getSecurityDomainBuilder();
- default: return super.getOptionValue(obj, name, ignoreCase);
- }
- }
-}
-
diff --git a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java b/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java
deleted file mode 100644
index 806cdef..0000000
--- a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/* Generated by camel build tools - do NOT edit this file! */
-package org.apache.camel.component.elytron;
-
-import java.util.Map;
-
-import org.apache.camel.CamelContext;
-import org.apache.camel.spi.GeneratedPropertyConfigurer;
-import org.apache.camel.spi.PropertyConfigurerGetter;
-import org.apache.camel.util.CaseInsensitiveMap;
-import org.apache.camel.component.undertow.UndertowEndpointConfigurer;
-
-/**
- * Generated by camel build tools - do NOT edit this file!
- */
-@SuppressWarnings("unchecked")
-public class ElytronEndpointConfigurer extends UndertowEndpointConfigurer implements GeneratedPropertyConfigurer, PropertyConfigurerGetter {
-
-}
-
diff --git a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component.properties b/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component.properties
deleted file mode 100644
index db1ccce..0000000
--- a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-# Generated by camel build tools - do NOT edit this file!
-components=elytron
-groupId=org.apache.camel
-artifactId=camel-elytron
-version=3.2.0-SNAPSHOT
-projectName=Camel :: Elytron
-projectDescription=Camel Components
diff --git a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component/elytron b/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component/elytron
deleted file mode 100644
index efe0b27..0000000
--- a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component/elytron
+++ /dev/null
@@ -1,2 +0,0 @@
-# Generated by camel build tools - do NOT edit this file!
-class=org.apache.camel.component.elytron.ElytronComponent
diff --git a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-component b/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-component
deleted file mode 100644
index 35ca690..0000000
--- a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-component
+++ /dev/null
@@ -1,2 +0,0 @@
-# Generated by camel build tools - do NOT edit this file!
-class=org.apache.camel.component.elytron.ElytronComponentConfigurer
diff --git a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-endpoint b/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-endpoint
deleted file mode 100644
index 14138f5..0000000
--- a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-endpoint
+++ /dev/null
@@ -1,2 +0,0 @@
-# Generated by camel build tools - do NOT edit this file!
-class=org.apache.camel.component.elytron.ElytronEndpointConfigurer
diff --git a/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json b/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json
deleted file mode 100644
index d264cb6..0000000
--- a/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
- "component": {
- "kind": "component",
- "scheme": "elytron",
- "extendsScheme": "undertow",
- "syntax": "elytron:httpURI",
- "title": "Elytron",
- "description": "The elytron component is allows you to work with the Elytron Security Framework",
- "label": "http",
- "deprecated": false,
- "async": true,
- "consumerOnly": false,
- "producerOnly": false,
- "lenientProperties": true,
- "javaType": "org.apache.camel.component.elytron.ElytronComponent",
- "firstVersion": "3.1.0",
- "verifiers": "parameters,connectivity",
- "groupId": "org.apache.camel",
- "artifactId": "camel-elytron",
- "version": "3.2.0-SNAPSHOT"
- },
- "componentProperties": {
- "bridgeErrorHandler": { "kind": "property", "displayName": "Bridge Error Handler", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by [...]
- "muteException": { "kind": "property", "displayName": "Mute Exception", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "If enabled and an Exchange failed processing on the consumer side the response's body won't contain the exception's stack trace." },
- "lazyStartProducer": { "kind": "property", "displayName": "Lazy Start Producer", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the r [...]
- "basicPropertyBinding": { "kind": "property", "displayName": "Basic Property Binding", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities" },
- "elytronProvider": { "kind": "property", "displayName": "Elytron Provider", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.wildfly.security.WildFlyElytronBaseProvider", "deprecated": false, "secret": false, "defaultValue": "instance of WildFlyElytronHttpBearerProvider", "description": "Elytron security provider, has to support mechanism from parameter mechanismName." },
- "hostOptions": { "kind": "property", "displayName": "Host Options", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.UndertowHostOptions", "deprecated": false, "secret": false, "description": "To configure common options, such as thread pools" },
- "mechanismName": { "kind": "property", "displayName": "Mechanism Name", "group": "advanced", "label": "advanced", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "defaultValue": "BEARER_TOKEN", "description": "Name of the mechanism, which will be used for selection of authentication mechanism." },
- "securityDomainBuilder": { "kind": "property", "displayName": "Security Domain Builder", "group": "advanced", "label": "advanced", "required": true, "type": "object", "javaType": "org.wildfly.security.auth.server.SecurityDomain.Builder", "deprecated": false, "secret": false, "description": "Definition of Builder, which will be used for creation of security domain." },
- "undertowHttpBinding": { "kind": "property", "displayName": "Undertow Http Binding", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.UndertowHttpBinding", "deprecated": false, "secret": false, "description": "To use a custom HttpBinding to control the mapping between Camel message and HttpClient." },
- "allowedRoles": { "kind": "property", "displayName": "Allowed Roles", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles." },
- "securityConfiguration": { "kind": "property", "displayName": "Security Configuration", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.lang.Object", "deprecated": false, "secret": false, "description": "Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration." },
- "securityProvider": { "kind": "property", "displayName": "Security Provider", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.spi.UndertowSecurityProvider", "deprecated": false, "secret": false, "description": "Security provider allows plug in the provider, which will be used to secure requests. SPI approach could be used too (component then finds security provider using SPI)." },
- "sslContextParameters": { "kind": "property", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "secret": false, "description": "To configure security using SSLContextParameters" },
- "useGlobalSslContextParameters": { "kind": "property", "displayName": "Use Global Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Enable usage of global SSL context parameters." }
- },
- "properties": {
- "httpURI": { "kind": "path", "displayName": "Http URI", "group": "common", "label": "", "required": true, "type": "string", "javaType": "java.net.URI", "deprecated": false, "deprecationNote": "", "secret": false, "description": "The url of the HTTP endpoint to use." },
- "useStreaming": { "kind": "parameter", "displayName": "Use Streaming", "group": "common", "label": "common", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "For HTTP endpoint: if true, text and binary messages will be wrapped as java.io.InputStream before they are passed to an Exchange; otherwise they will be passed as byte. For WebSocket endpoint: if true, text and binary messages will be wra [...]
- "accessLog": { "kind": "parameter", "displayName": "Access Log", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Whether or not the consumer should write access log" },
- "bridgeErrorHandler": { "kind": "parameter", "displayName": "Bridge Error Handler", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled b [...]
- "httpMethodRestrict": { "kind": "parameter", "displayName": "Http Method Restrict", "group": "consumer", "label": "consumer", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Used to only allow consuming if the HttpMethod matches, such as GET\/POST\/PUT etc. Multiple methods can be specified separated by comma." },
- "matchOnUriPrefix": { "kind": "parameter", "displayName": "Match On Uri Prefix", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Whether or not the consumer should try to find a target consumer by matching the URI prefix if no exact match is found." },
- "muteException": { "kind": "parameter", "displayName": "Mute Exception", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "If enabled and an Exchange failed processing on the consumer side the response's body won't contain the exception's stack trace." },
- "optionsEnabled": { "kind": "parameter", "displayName": "Options Enabled", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Specifies whether to enable HTTP OPTIONS for this Servlet consumer. By default OPTIONS is turned off." },
- "exceptionHandler": { "kind": "parameter", "displayName": "Exception Handler", "group": "consumer (advanced)", "label": "consumer,advanced", "required": false, "type": "object", "javaType": "org.apache.camel.spi.ExceptionHandler", "optionalPrefix": "consumer.", "deprecated": false, "secret": false, "description": "To let the consumer use a custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this option is not in use. By default the consumer will deal with [...]
- "exchangePattern": { "kind": "parameter", "displayName": "Exchange Pattern", "group": "consumer (advanced)", "label": "consumer,advanced", "required": false, "type": "object", "javaType": "org.apache.camel.ExchangePattern", "enum": [ "InOnly", "InOut", "InOptionalOut" ], "deprecated": false, "secret": false, "description": "Sets the exchange pattern when the consumer creates an exchange." },
- "handlers": { "kind": "parameter", "displayName": "Handlers", "group": "consumer (advanced)", "label": "consumer,advanced", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Specifies a comma-delimited set of io.undertow.server.HttpHandler instances to lookup in your Registry. These handlers are added to the Undertow handler chain (for example, to add security). Important: You can not use different handlers with [...]
- "cookieHandler": { "kind": "parameter", "displayName": "Cookie Handler", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "org.apache.camel.http.base.cookie.CookieHandler", "deprecated": false, "secret": false, "description": "Configure a cookie handler to maintain a HTTP session" },
- "keepAlive": { "kind": "parameter", "displayName": "Keep Alive", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "defaultValue": "true", "description": "Setting to ensure socket is not closed due to inactivity" },
- "lazyStartProducer": { "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the [...]
- "options": { "kind": "parameter", "displayName": "Options", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "java.util.Map<java.lang.String, java.lang.Object>", "prefix": "option.", "multiValue": true, "deprecated": false, "secret": false, "description": "Sets additional channel options. The options that can be used are defined in org.xnio.Options. To configure from endpoint uri, then prefix each option with option., such as option.close-abo [...]
- "preserveHostHeader": { "kind": "parameter", "displayName": "Preserve Host Header", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "true", "description": "If the option is true, UndertowProducer will set the Host header to the value contained in the current exchange Host header, useful in reverse proxy applications where you want the Host header received by the downstream ser [...]
- "reuseAddresses": { "kind": "parameter", "displayName": "Reuse Addresses", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "defaultValue": "true", "description": "Setting to facilitate socket multiplexing" },
- "tcpNoDelay": { "kind": "parameter", "displayName": "Tcp No Delay", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "defaultValue": "true", "description": "Setting to improve TCP protocol performance" },
- "throwExceptionOnFailure": { "kind": "parameter", "displayName": "Throw Exception On Failure", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "defaultValue": "true", "description": "Option to disable throwing the HttpOperationFailedException in case of failed responses from the remote server. This allows you to get all responses regardless of the HTTP status code." },
- "transferException": { "kind": "parameter", "displayName": "Transfer Exception", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "If enabled and an Exchange failed processing on the consumer side and if the caused Exception was send back serialized in the response as a application\/x-java-serialized-object content type. On the producer side th [...]
- "accessLogReceiver": { "kind": "parameter", "displayName": "Access Log Receiver", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "io.undertow.server.handlers.accesslog.AccessLogReceiver", "deprecated": false, "secret": false, "description": "Which Undertow AccessLogReciever should be used Will use JBossLoggingAccessLogReceiver if not specifid" },
- "basicPropertyBinding": { "kind": "parameter", "displayName": "Basic Property Binding", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Whether the endpoint should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities" },
- "headerFilterStrategy": { "kind": "parameter", "displayName": "Header Filter Strategy", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "secret": false, "description": "To use a custom HeaderFilterStrategy to filter header to and from Camel message." },
- "synchronous": { "kind": "parameter", "displayName": "Synchronous", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported)." },
- "undertowHttpBinding": { "kind": "parameter", "displayName": "Undertow Http Binding", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.UndertowHttpBinding", "deprecated": false, "secret": false, "description": "To use a custom UndertowHttpBinding to control the mapping between Camel message and undertow." },
- "allowedRoles": { "kind": "parameter", "displayName": "Allowed Roles", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "List of allowed roles in String format" },
- "securityConfiguration": { "kind": "parameter", "displayName": "Security Configuration", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.lang.Object", "deprecated": false, "secret": false, "description": "OConfiguration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration." },
- "securityProvider": { "kind": "parameter", "displayName": "Security Provider", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.component.undertow.spi.UndertowSecurityProvider", "deprecated": false, "secret": false, "description": "Security provider allows plug in the provider, which will be used to secure requests. SPI approach could be used too (endpoint then finds security provider using SPI)." },
- "sslContextParameters": { "kind": "parameter", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "secret": false, "description": "To configure security using SSLContextParameters" },
- "fireWebSocketChannelEvents": { "kind": "parameter", "displayName": "Fire Web Socket Channel Events", "group": "websocket", "label": "consumer,websocket", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "if true, the consumer will post notifications to the route when a new WebSocket peer connects, disconnects, etc. See UndertowConstants.EVENT_TYPE and EventType." },
- "sendTimeout": { "kind": "parameter", "displayName": "Send Timeout", "group": "websocket", "label": "producer,websocket", "required": false, "type": "integer", "javaType": "java.lang.Integer", "deprecated": false, "secret": false, "defaultValue": "30000", "description": "Timeout in milliseconds when sending to a websocket channel. The default timeout is 30000 (30 seconds)." },
- "sendToAll": { "kind": "parameter", "displayName": "Send To All", "group": "websocket", "label": "producer,websocket", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "description": "To send to all websocket subscribers. Can be used to configure on endpoint level, instead of having to use the UndertowConstants.SEND_TO_ALL header on the message." }
- }
-}
diff --git a/components/camel-elytron/src/main/docs/elytron-component.adoc b/components/camel-elytron/src/main/docs/elytron-component.adoc
index 8178d52..4319931 100644
--- a/components/camel-elytron/src/main/docs/elytron-component.adoc
+++ b/components/camel-elytron/src/main/docs/elytron-component.adoc
@@ -1,26 +1,35 @@
[[elytron-component]]
-= Elytron Component
+= Undertow Elytron Security Provider
-*Since Camel 3.1*
+*Since Camel 3.2*
// HEADER START
-*Both producer and consumer is supported*
+*Replaces component camel-elytron*
// HEADER END
*OSGi is not supported*
-The Elytron component provides Elytron security over camel-undertow component.
-It extends camel-undertow component and adds several parameters.
-In componont it is securityDomainBuilder and mechanismName, in endpoint it is allowedRoles.
+The Elytron Security Provider provides Elytron security over camel-undertow component.
+It enables camel-undertow component use Elytron security capabilities.
+To force camel-undertow to use elytron security provider, add elytron security provider library
+on classpath and provide instance of ElytronSercurityConfiguration as `securityConfiguration`
+parameter into camel-undertow component or provide both `securityConfiguration` and `securityProvider`
+into camel-undertow component.
-User has to define its SecurityDomain.Builder, which will be used for creation of security domain.
-MechanismName then allows to define mechanism, which will take care of authentication from security context.
-(MechanismName should be selected with regard to default securityRealm. For example: to use bearer_token security, mechanism name has to be "BEARER_TOKEN"
-and realm has to be TokenSecurityRealm.)
-ElytronProvider has to be defined with respect of mechnismName.
+Configuration has to provide all 3 security attributes:
+[width="100%"]
+|===
+| Name | Description | Type
+| *domainBuilder* | Builder for security domain. | SecurityDomain.Builder
+| *mechanismName* | MechanismName should be selected with regard to default securityRealm. For
+example: to use bearer_token security, mechanism name has to be "BEARER_TOKEN" and realm has to be
+TokenSecurityReal | String
+| *elytronProvider* | Instance of WildFlyElytronBaseProvider ith respect of mechanismName | WildFlyElytronBaseProvider
+|===
-Each exchange created by Elytron endpoint contains header 'securityIdentity' with current Elytron's secrity identity as value.
-('org.wildfly.security.auth.server.SecurityIdentity')
+Each exchange created by Undertow endpoint with Elytron security contains header 'securityIdentity'
+with current Elytron's security identity as value.
+('org.wildfly.security.auth.server.SecurityIdentity') or is FORBIDDEN (status code 403)
Maven users will need to add the following dependency to their `pom.xml`
for this component:
@@ -35,102 +44,3 @@ for this component:
</dependency>
----
-== URI format
-
-[source,text]
-----
-elytron:http://hostname[:port][/resourceUri][?options]
-elytron:https://hostname[:port][/resourceUri][?options]
-----
-
-You can append query options to the URI in the following format,
-`?option=value&option=value&...`
-
-== Options
-
-// component options: START
-The Elytron component supports 14 options, which are listed below.
-
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean
-| *muteException* (consumer) | If enabled and an Exchange failed processing on the consumer side the response's body won't contain the exception's stack trace. | false | boolean
-| *lazyStartProducer* (producer) | Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and [...]
-| *basicPropertyBinding* (advanced) | Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | boolean
-| *elytronProvider* (advanced) | Elytron security provider, has to support mechanism from parameter mechanismName. | instance of WildFlyElytronHttpBearerProvider | WildFlyElytronBaseProvider
-| *hostOptions* (advanced) | To configure common options, such as thread pools | | UndertowHostOptions
-| *mechanismName* (advanced) | Name of the mechanism, which will be used for selection of authentication mechanism. | BEARER_TOKEN | String
-| *securityDomainBuilder* (advanced) | *Required* Definition of Builder, which will be used for creation of security domain. | | Builder
-| *undertowHttpBinding* (advanced) | To use a custom HttpBinding to control the mapping between Camel message and HttpClient. | | UndertowHttpBinding
-| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles. | | String
-| *securityConfiguration* (security) | Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration. | | Object
-| *securityProvider* (security) | Security provider allows plug in the provider, which will be used to secure requests. SPI approach could be used too (component then finds security provider using SPI). | | UndertowSecurityProvider
-| *sslContextParameters* (security) | To configure security using SSLContextParameters | | SSLContextParameters
-| *useGlobalSslContextParameters* (security) | Enable usage of global SSL context parameters. | false | boolean
-|===
-// component options: END
-
-
-// endpoint options: START
-The Elytron endpoint is configured using URI syntax:
-
-----
-elytron:httpURI
-----
-
-with the following path and query parameters:
-
-=== Path Parameters (1 parameters):
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *httpURI* | *Required* The url of the HTTP endpoint to use. | | URI
-|===
-
-
-=== Query Parameters (31 parameters):
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *useStreaming* (common) | For HTTP endpoint: if true, text and binary messages will be wrapped as java.io.InputStream before they are passed to an Exchange; otherwise they will be passed as byte. For WebSocket endpoint: if true, text and binary messages will be wrapped as java.io.Reader and java.io.InputStream respectively before they are passed to an Exchange; otherwise they will be passed as String and byte respectively. | false | boolean
-| *accessLog* (consumer) | Whether or not the consumer should write access log | false | Boolean
-| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean
-| *httpMethodRestrict* (consumer) | Used to only allow consuming if the HttpMethod matches, such as GET/POST/PUT etc. Multiple methods can be specified separated by comma. | | String
-| *matchOnUriPrefix* (consumer) | Whether or not the consumer should try to find a target consumer by matching the URI prefix if no exact match is found. | false | Boolean
-| *muteException* (consumer) | If enabled and an Exchange failed processing on the consumer side the response's body won't contain the exception's stack trace. | false | Boolean
-| *optionsEnabled* (consumer) | Specifies whether to enable HTTP OPTIONS for this Servlet consumer. By default OPTIONS is turned off. | false | boolean
-| *exceptionHandler* (consumer) | To let the consumer use a custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this option is not in use. By default the consumer will deal with exceptions, that will be logged at WARN or ERROR level and ignored. | | ExceptionHandler
-| *exchangePattern* (consumer) | Sets the exchange pattern when the consumer creates an exchange. The value can be one of: InOnly, InOut, InOptionalOut | | ExchangePattern
-| *handlers* (consumer) | Specifies a comma-delimited set of io.undertow.server.HttpHandler instances to lookup in your Registry. These handlers are added to the Undertow handler chain (for example, to add security). Important: You can not use different handlers with different Undertow endpoints using the same port number. The handlers is associated to the port number. If you need different handlers, then use different port numbers. | | String
-| *cookieHandler* (producer) | Configure a cookie handler to maintain a HTTP session | | CookieHandler
-| *keepAlive* (producer) | Setting to ensure socket is not closed due to inactivity | true | Boolean
-| *lazyStartProducer* (producer) | Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and [...]
-| *options* (producer) | Sets additional channel options. The options that can be used are defined in org.xnio.Options. To configure from endpoint uri, then prefix each option with option., such as option.close-abort=true&option.send-buffer=8192 | | Map
-| *preserveHostHeader* (producer) | If the option is true, UndertowProducer will set the Host header to the value contained in the current exchange Host header, useful in reverse proxy applications where you want the Host header received by the downstream server to reflect the URL called by the upstream client, this allows applications which use the Host header to generate accurate URL's for a proxied service. | true | boolean
-| *reuseAddresses* (producer) | Setting to facilitate socket multiplexing | true | Boolean
-| *tcpNoDelay* (producer) | Setting to improve TCP protocol performance | true | Boolean
-| *throwExceptionOnFailure* (producer) | Option to disable throwing the HttpOperationFailedException in case of failed responses from the remote server. This allows you to get all responses regardless of the HTTP status code. | true | Boolean
-| *transferException* (producer) | If enabled and an Exchange failed processing on the consumer side and if the caused Exception was send back serialized in the response as a application/x-java-serialized-object content type. On the producer side the exception will be deserialized and thrown as is instead of the HttpOperationFailedException. The caused exception is required to be serialized. This is by default turned off. If you enable this then be aware that Java will deserialize the in [...]
-| *accessLogReceiver* (advanced) | Which Undertow AccessLogReciever should be used Will use JBossLoggingAccessLogReceiver if not specifid | | AccessLogReceiver
-| *basicPropertyBinding* (advanced) | Whether the endpoint should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | boolean
-| *headerFilterStrategy* (advanced) | To use a custom HeaderFilterStrategy to filter header to and from Camel message. | | HeaderFilterStrategy
-| *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
-| *undertowHttpBinding* (advanced) | To use a custom UndertowHttpBinding to control the mapping between Camel message and undertow. | | UndertowHttpBinding
-| *allowedRoles* (security) | List of allowed roles in String format | | String
-| *securityConfiguration* (security) | OConfiguration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration. | | Object
-| *securityProvider* (security) | Security provider allows plug in the provider, which will be used to secure requests. SPI approach could be used too (endpoint then finds security provider using SPI). | | UndertowSecurityProvider
-| *sslContextParameters* (security) | To configure security using SSLContextParameters | | SSLContextParameters
-| *fireWebSocketChannelEvents* (websocket) | if true, the consumer will post notifications to the route when a new WebSocket peer connects, disconnects, etc. See UndertowConstants.EVENT_TYPE and EventType. | false | boolean
-| *sendTimeout* (websocket) | Timeout in milliseconds when sending to a websocket channel. The default timeout is 30000 (30 seconds). | 30000 | Integer
-| *sendToAll* (websocket) | To send to all websocket subscribers. Can be used to configure on endpoint level, instead of having to use the UndertowConstants.SEND_TO_ALL header on the message. | | Boolean
-|===
-// endpoint options: END
-
-include::camel-spring-boot::page$elytron-starter.adoc[]
diff --git a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronComponent.java b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronComponent.java
deleted file mode 100644
index ff3fc3d..0000000
--- a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronComponent.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.component.elytron;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.Provider;
-import java.util.Collections;
-
-import javax.net.ssl.SSLContext;
-
-import io.undertow.security.handlers.AuthenticationCallHandler;
-import io.undertow.security.handlers.AuthenticationConstraintHandler;
-import io.undertow.server.HttpHandler;
-import org.apache.camel.CamelContext;
-import org.apache.camel.component.undertow.HttpHandlerRegistrationInfo;
-import org.apache.camel.component.undertow.UndertowComponent;
-import org.apache.camel.component.undertow.UndertowConsumer;
-import org.apache.camel.component.undertow.UndertowEndpoint;
-import org.apache.camel.spi.Metadata;
-import org.apache.camel.spi.annotations.Component;
-import org.wildfly.elytron.web.undertow.server.ElytronContextAssociationHandler;
-import org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler;
-import org.wildfly.security.WildFlyElytronBaseProvider;
-import org.wildfly.security.auth.server.MechanismConfiguration;
-import org.wildfly.security.auth.server.MechanismConfigurationSelector;
-import org.wildfly.security.auth.server.MechanismRealmConfiguration;
-import org.wildfly.security.auth.server.SecurityDomain;
-import org.wildfly.security.auth.server.http.HttpAuthenticationFactory;
-import org.wildfly.security.http.HttpAuthenticationException;
-import org.wildfly.security.http.HttpConstants;
-import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory;
-import org.wildfly.security.http.bearer.WildFlyElytronHttpBearerProvider;
-import org.wildfly.security.http.util.FilterServerMechanismFactory;
-import org.wildfly.security.http.util.SecurityProviderServerMechanismFactory;
-
-/**
- * Elytron component brings elytron security over camel-undertow component.
- *
- * Component work either as producer and as consumer.
- *
- * User has to define its SecurityDomain.Builder which will be used for creation of security domain.
- * MechanismName then allows to define mechanism, which will take care of authentication from security context.
- * MechanismName should be selected with regard to default securityRealm.
- *
- * Example: to use bearer_token, mechanism name has to be "BEARER_TOKEN" and realm has to be TokenSecurityRealm.
- *
- */
-@Metadata(label = "verifiers", enums = "parameters,connectivity")
-@Component("elytron")
-public class ElytronComponent extends UndertowComponent {
-
- @Metadata(label = "advanced", required = true)
- private SecurityDomain.Builder securityDomainBuilder;
- @Metadata(label = "advanced", defaultValue = HttpConstants.BEARER_TOKEN)
- private String mechanismName = HttpConstants.BEARER_TOKEN;
- @Metadata(label = "advanced", defaultValue = "instance of WildFlyElytronHttpBearerProvider")
- private WildFlyElytronBaseProvider elytronProvider = WildFlyElytronHttpBearerProvider.getInstance();
-
- private SecurityDomain securityDomain;
-
- public ElytronComponent() {
- }
-
- public ElytronComponent(CamelContext context) {
- super(context);
- }
-
- @Override
- protected String getComponentName() {
- return "elytron";
- }
-
-
- @Override
- protected UndertowEndpoint createEndpointInstance(URI endpointUri, UndertowComponent component) throws URISyntaxException {
- return new ElytronEndpoint(endpointUri.toString(), component);
- }
-
- @Override
- public HttpHandler registerEndpoint(UndertowConsumer consumer, HttpHandlerRegistrationInfo registrationInfo, SSLContext sslContext, HttpHandler handler) throws Exception {
- //injecting elytron
- return super.registerEndpoint(consumer, registrationInfo, sslContext, wrap(handler, getSecurityDomain()));
- }
-
- /**
- * Definition of Builder, which will be used for creation of security domain.
- */
- public SecurityDomain.Builder getSecurityDomainBuilder() {
- return securityDomainBuilder;
- }
-
- public void setSecurityDomainBuilder(SecurityDomain.Builder securityDomainBuilder) {
- this.securityDomainBuilder = securityDomainBuilder;
- }
-
- /**
- * Name of the mechanism, which will be used for selection of authentication mechanism.
- */
- public String getMechanismName() {
- return mechanismName;
- }
-
- public void setMechanismName(String mechanismName) {
- this.mechanismName = mechanismName;
- }
-
- /**
- * Elytron security provider, has to support mechanism from parameter mechanismName.
- */
- public WildFlyElytronBaseProvider getElytronProvider() {
- return elytronProvider;
- }
-
- public void setElytronProvider(WildFlyElytronBaseProvider elytronProvider) {
- this.elytronProvider = elytronProvider;
- }
-
- SecurityDomain getSecurityDomain() {
- if (securityDomain == null) {
- securityDomain = securityDomainBuilder.build();
- }
-
- return securityDomain;
- }
-
- private HttpHandler wrap(final HttpHandler toWrap, final SecurityDomain securityDomain) {
- HttpAuthenticationFactory httpAuthenticationFactory = createHttpAuthenticationFactory(securityDomain);
-
- HttpHandler rootHandler = new ElytronRunAsHandler(toWrap);
- rootHandler = new AuthenticationCallHandler(rootHandler);
- rootHandler = new AuthenticationConstraintHandler(rootHandler);
-
- return ElytronContextAssociationHandler.builder()
- .setNext(rootHandler)
- .setMechanismSupplier(() -> {
- try {
- return Collections.singletonList(httpAuthenticationFactory.createMechanism(mechanismName));
- } catch (HttpAuthenticationException e) {
- throw new RuntimeException(e);
- }
- }).build();
- }
-
-
- private HttpAuthenticationFactory createHttpAuthenticationFactory(final SecurityDomain securityDomain) {
- HttpServerAuthenticationMechanismFactory providerFactory = new SecurityProviderServerMechanismFactory(() -> new Provider[]{getElytronProvider()});
- HttpServerAuthenticationMechanismFactory httpServerMechanismFactory = new FilterServerMechanismFactory(providerFactory, true, mechanismName);
-
- return HttpAuthenticationFactory.builder()
- .setSecurityDomain(securityDomain)
- .setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(
- MechanismConfiguration.builder()
- .addMechanismRealm(MechanismRealmConfiguration.builder().setRealmName("Elytron Realm").build())
- .build()))
- .setFactory(httpServerMechanismFactory)
- .build();
- }
-
-
-}
diff --git a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java
deleted file mode 100644
index 30f0b34..0000000
--- a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.component.elytron;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import io.undertow.server.HttpServerExchange;
-import io.undertow.util.StatusCodes;
-import org.apache.camel.Processor;
-import org.apache.camel.component.undertow.UndertowConsumer;
-import org.apache.camel.component.undertow.UndertowEndpoint;
-import org.wildfly.security.auth.server.SecurityIdentity;
-import org.wildfly.security.authz.Roles;
-
-/**
- * Consumer contains decides if request contains required roles (which are defined for endpoint)
- *
- */
-public class ElytronConsumer extends UndertowConsumer {
-
- public ElytronConsumer(UndertowEndpoint endpoint, Processor processor) {
- super(endpoint, processor);
- }
-
- public ElytronEndpoint getElytronEndpoint() {
- return (ElytronEndpoint) super.getEndpoint();
- }
-
- @Override
- public void handleRequest(HttpServerExchange httpExchange) throws Exception {
- SecurityIdentity identity = getElytronEndpoint().getElytronComponent().getSecurityDomain().getCurrentSecurityIdentity();
-
- if (identity != null) {
- //already authenticated
- Set<String> roles = new HashSet<>();
- Roles identityRoles = identity.getRoles();
-
- if (identityRoles != null) {
- for (String roleName : identityRoles) {
- roles.add(roleName);
- }
- }
-
- if (isAllowed(roles, getElytronEndpoint().getAllowedRoles())) {
- super.handleRequest(httpExchange);
- } else {
- httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
- httpExchange.endExchange();
- }
-
- return;
- }
-
- super.handleRequest(httpExchange);
- }
- public boolean isAllowed(Set<String> roles, String allowedRolesString) {
- if (allowedRolesString != null) {
- List<String> allowedRoles = Arrays.asList(allowedRolesString.split("\\s*,\\s*"));
- for (String role : allowedRoles) {
- if (roles.contains(role)) {
- return true;
- }
- }
- }
- return false;
- }
-}
diff --git a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java
deleted file mode 100644
index 78bb1957..0000000
--- a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.camel.component.elytron;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
-import io.undertow.server.HttpServerExchange;
-import org.apache.camel.Consumer;
-import org.apache.camel.Exchange;
-import org.apache.camel.Processor;
-import org.apache.camel.component.undertow.UndertowComponent;
-import org.apache.camel.component.undertow.UndertowEndpoint;
-import org.apache.camel.spi.UriEndpoint;
-import org.apache.camel.spi.UriParam;
-import org.wildfly.security.auth.server.SecurityIdentity;
-
-/**
- * The elytron component is allows you to work with the Elytron Security Framework
- *
- */
-@UriEndpoint(firstVersion = "3.1.0", scheme = "elytron", title = "Elytron", syntax = "elytron:httpURI",
- label = "http", lenientProperties = true, extendsScheme = "undertow")
-public class ElytronEndpoint extends UndertowEndpoint {
-
- /**
- * Name of the header which contains associated security identity if request is authenticated.
- */
- public static final String SECURITY_IDENTITY_HEADER = "securityIdentity";
-
- @UriParam(label = "security", description = "List of allowed roles in String format")
- private String allowedRoles;
-
- public ElytronEndpoint(String uri, UndertowComponent component) {
- super(uri, component);
- }
-
- public ElytronComponent getElytronComponent() {
- return (ElytronComponent) super.getComponent();
- }
-
- @Override
- public Consumer createConsumer(Processor processor) throws Exception {
- return new ElytronConsumer(this, processor);
- }
-
- @Override
- public Exchange createExchange(HttpServerExchange httpExchange) throws Exception {
- Exchange exchange = super.createExchange(httpExchange);
-
- SecurityIdentity securityIdentity = getElytronComponent().getSecurityDomain().getCurrentSecurityIdentity();
- //add security principal to headers
- exchange.getIn().setHeader(SECURITY_IDENTITY_HEADER, securityIdentity);
-
- return exchange;
- }
-
- @Override
- public String getAllowedRoles() {
- return allowedRoles;
- }
-
- @Override
- public void setAllowedRoles(String allowedRoles) {
- this.allowedRoles = allowedRoles;
- }
-}
diff --git a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSecurityProvider.java b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSecurityProvider.java
new file mode 100644
index 0000000..54ea662
--- /dev/null
+++ b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSecurityProvider.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.elytron;
+
+import java.security.Provider;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.function.BiConsumer;
+
+import io.undertow.security.handlers.AuthenticationCallHandler;
+import io.undertow.security.handlers.AuthenticationConstraintHandler;
+import io.undertow.server.HttpHandler;
+import io.undertow.server.HttpServerExchange;
+import io.undertow.util.StatusCodes;
+import org.apache.camel.component.undertow.spi.UndertowSecurityProvider;
+import org.wildfly.elytron.web.undertow.server.ElytronContextAssociationHandler;
+import org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler;
+import org.wildfly.security.WildFlyElytronBaseProvider;
+import org.wildfly.security.auth.server.MechanismConfiguration;
+import org.wildfly.security.auth.server.MechanismConfigurationSelector;
+import org.wildfly.security.auth.server.MechanismRealmConfiguration;
+import org.wildfly.security.auth.server.SecurityDomain;
+import org.wildfly.security.auth.server.SecurityIdentity;
+import org.wildfly.security.auth.server.http.HttpAuthenticationFactory;
+import org.wildfly.security.authz.Roles;
+import org.wildfly.security.http.HttpAuthenticationException;
+import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory;
+import org.wildfly.security.http.util.FilterServerMechanismFactory;
+import org.wildfly.security.http.util.SecurityProviderServerMechanismFactory;
+
+/**
+ * Implementation of `UndertowSecurityProvider` which adds elytron capability into camel-undertow.
+ * Provider requires instance of `ElytronSecurityConfiguration` to be provided as `securityConfiguration`
+ * parameter in camel-undertow.
+ */
+public class ElytronSecurityProvider implements UndertowSecurityProvider {
+ /**
+ * Name of the header which contains associated security identity if request is authenticated.
+ */
+ public static final String SECURITY_IDENTITY_HEADER = "securityIdentity";
+
+ private SecurityDomain securityDomain;
+ private WildFlyElytronBaseProvider elytronProvider;
+ private String mechanismName;
+
+ /**
+ * Provider adds header `securityIdentity` with value of type `SecurityIdentity` after successful authentication.
+ */
+ @Override
+ public void addHeader(BiConsumer<String, Object> consumer, HttpServerExchange httpExchange) throws Exception {
+ SecurityIdentity securityIdentity = this.securityDomain.getCurrentSecurityIdentity();
+ //add security principal to headers
+ consumer.accept(SECURITY_IDENTITY_HEADER, securityIdentity);
+ }
+
+ /**
+ * Authentication is verified by securityDomain from configuration.
+ */
+ @Override
+ public int authenticate(HttpServerExchange httpExchange, List<String> allowedRoles) throws Exception {
+ SecurityIdentity identity = this.securityDomain.getCurrentSecurityIdentity();
+
+ if (identity != null) {
+ //already authenticated
+ Set<String> roles = new HashSet<>();
+ Roles identityRoles = identity.getRoles();
+
+ if (identityRoles != null) {
+ for (String roleName : identityRoles) {
+ roles.add(roleName);
+ }
+ }
+
+ if (isAllowed(roles, allowedRoles)) {
+ return StatusCodes.OK;
+ }
+ }
+
+ return StatusCodes.FORBIDDEN;
+ }
+
+ @Override
+ public boolean acceptConfiguration(Object configuration, String endpointUri) throws Exception {
+ if (configuration instanceof ElytronSercurityConfiguration) {
+ ElytronSercurityConfiguration conf = (ElytronSercurityConfiguration)configuration;
+ this.securityDomain = conf.getDomainBuilder().build();
+ this.mechanismName = conf.getMechanismName();
+ this.elytronProvider = conf.getElytronProvider();
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Elytron hook into undertow is by creation of wrapping httpHandler.
+ */
+ @Override
+ public HttpHandler wrapHttpHandler(HttpHandler httpHandler) throws Exception {
+ HttpAuthenticationFactory httpAuthenticationFactory = createHttpAuthenticationFactory(securityDomain);
+
+ HttpHandler rootHandler = new ElytronRunAsHandler(httpHandler);
+ rootHandler = new AuthenticationCallHandler(rootHandler);
+ rootHandler = new AuthenticationConstraintHandler(rootHandler);
+
+ return ElytronContextAssociationHandler.builder()
+ .setNext(rootHandler)
+ .setMechanismSupplier(() -> {
+ try {
+ return Collections.singletonList(httpAuthenticationFactory.createMechanism(mechanismName));
+ } catch (HttpAuthenticationException e) {
+ throw new RuntimeException(e);
+ }
+ }).build();
+ }
+
+
+ private HttpAuthenticationFactory createHttpAuthenticationFactory(final SecurityDomain securityDomain) {
+ HttpServerAuthenticationMechanismFactory providerFactory = new SecurityProviderServerMechanismFactory(() -> new Provider[]{this.elytronProvider});
+ HttpServerAuthenticationMechanismFactory httpServerMechanismFactory = new FilterServerMechanismFactory(providerFactory, true, this.mechanismName);
+
+ return HttpAuthenticationFactory.builder()
+ .setSecurityDomain(securityDomain)
+ .setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(
+ MechanismConfiguration.builder()
+ .addMechanismRealm(MechanismRealmConfiguration.builder().setRealmName("Elytron Realm").build())
+ .build()))
+ .setFactory(httpServerMechanismFactory)
+ .build();
+ }
+
+ public boolean isAllowed(Set<String> roles, List<String> allowedRoles) {
+ for (String role : allowedRoles) {
+ if (roles.contains(role)) {
+ return true;
+ }
+ }
+ return false;
+ }
+}
diff --git a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSercurityConfiguration.java b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSercurityConfiguration.java
new file mode 100644
index 0000000..e0d50ea
--- /dev/null
+++ b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSercurityConfiguration.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.elytron;
+
+import org.wildfly.security.WildFlyElytronBaseProvider;
+import org.wildfly.security.auth.server.SecurityDomain;
+
+/**
+ * Instance of this interface has to be provided as `securityConfiguration` parameter into camel-undertow.
+ */
+public interface ElytronSercurityConfiguration {
+
+ /**
+ * Elytron security provider, has to support mechanism from parameter mechanismName.
+ */
+ WildFlyElytronBaseProvider getElytronProvider();
+
+ /**
+ * Name of the mechanism, which will be used for selection of authentication mechanism.
+ */
+ String getMechanismName();
+
+ /**
+ * Definition of Builder, which will be used for creation of security domain.
+ */
+ SecurityDomain.Builder getDomainBuilder();
+}
diff --git a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
index 3834073..f486fcf 100644
--- a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
+++ b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
@@ -16,6 +16,10 @@
*/
package org.apache.camel.component.elytron;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.Writer;
+import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
@@ -24,6 +28,8 @@ import java.util.concurrent.atomic.AtomicInteger;
import org.apache.camel.BindToRegistry;
import org.apache.camel.CamelContext;
+import org.apache.camel.component.undertow.UndertowComponent;
+import org.apache.camel.component.undertow.spi.UndertowSecurityProvider;
import org.apache.camel.test.AvailablePortFinder;
import org.apache.camel.test.junit4.CamelTestSupport;
import org.junit.BeforeClass;
@@ -47,7 +53,7 @@ public abstract class BaseElytronTest extends CamelTestSupport {
abstract String getMechanismName();
- abstract TokenSecurityRealm createBearerRealm() throws NoSuchAlgorithmException;
+ abstract TokenSecurityRealm createBearerRealm();
abstract WildFlyElytronBaseProvider getElytronProvider();
@@ -55,6 +61,16 @@ public abstract class BaseElytronTest extends CamelTestSupport {
public static void initPort() throws Exception {
port = AvailablePortFinder.getNextAvailable();
keyPair = null;
+
+ URL location = ElytronSecurityProvider.class.getProtectionDomain().getCodeSource().getLocation();
+ File file = new File(location.getPath() + "META-INF/services/" + UndertowSecurityProvider.class.getName());
+ file.getParentFile().mkdirs();
+
+ Writer output = new FileWriter(file);
+ output.write(ElytronSecurityProvider.class.getName());
+ output.close();
+
+ file.deleteOnExit();
}
protected static int getPort() {
@@ -75,14 +91,30 @@ public abstract class BaseElytronTest extends CamelTestSupport {
context.getPropertiesComponent().setLocation("ref:prop");
- context.getComponent("elytron", ElytronComponent.class).setSecurityDomainBuilder(getSecurityDomainBuilder());
- context.getComponent("elytron", ElytronComponent.class).setMechanismName(getMechanismName());
- context.getComponent("elytron", ElytronComponent.class).setElytronProvider(getElytronProvider());
+
+
+ context.getComponent("undertow", UndertowComponent.class).setSecurityConfiguration(new ElytronSercurityConfiguration() {
+ @Override
+ public WildFlyElytronBaseProvider getElytronProvider() {
+ return BaseElytronTest.this.getElytronProvider();
+ }
+
+ @Override
+ public String getMechanismName() {
+ return BaseElytronTest.this.getMechanismName();
+ }
+
+ @Override
+ public SecurityDomain.Builder getDomainBuilder() {
+ return getSecurityDomainBuilder();
+ }
+
+ });
return context;
}
- SecurityDomain.Builder getSecurityDomainBuilder() throws Exception {
+ SecurityDomain.Builder getSecurityDomainBuilder() {
SecurityDomain.Builder builder = SecurityDomain.builder()
.setDefaultRealmName("realm");
diff --git a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/ElytronBearerTokenTest.java b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/ElytronBearerTokenTest.java
index dfd6929..6f5ab179 100644
--- a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/ElytronBearerTokenTest.java
+++ b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/ElytronBearerTokenTest.java
@@ -49,9 +49,14 @@ public class ElytronBearerTokenTest extends BaseElytronTest {
}
@Override
- TokenSecurityRealm createBearerRealm() throws NoSuchAlgorithmException {
- return TokenSecurityRealm.builder().principalClaimName("username")
- .validator(JwtValidator.builder().publicKey(getKeyPair().getPublic()).build()).build();
+ TokenSecurityRealm createBearerRealm() {
+ try {
+ return TokenSecurityRealm.builder().principalClaimName("username")
+ .validator(JwtValidator.builder().publicKey(getKeyPair().getPublic()).build()).build();
+ } catch (NoSuchAlgorithmException e) {
+ fail("Can not prepare realm becase of " + e);
+ }
+ return null;
}
@Override
@@ -61,7 +66,7 @@ public class ElytronBearerTokenTest extends BaseElytronTest {
@Test
public void testBearerToken() throws Exception {
- String response = template.requestBodyAndHeader("elytron:http://localhost:{{port}}/myapp",
+ String response = template.requestBodyAndHeader("undertow:http://localhost:{{port}}/myapp",
"empty body",
Headers.AUTHORIZATION.toString(),
"Bearer " + createToken("alice", "user", new Date(new Date().getTime() + 10000), getKeyPair().getPrivate()),
@@ -73,7 +78,7 @@ public class ElytronBearerTokenTest extends BaseElytronTest {
@Test
public void testBearerTokenBadRole() throws Exception {
try {
- String response = template.requestBodyAndHeader("elytron:http://localhost:{{port}}/myapp",
+ String response = template.requestBodyAndHeader("undertow:http://localhost:{{port}}/myapp",
"empty body",
Headers.AUTHORIZATION.toString(),
"Bearer " + createToken("alice", "guest", new Date(new Date().getTime() + 10000), getKeyPair().getPrivate()),
@@ -90,7 +95,7 @@ public class ElytronBearerTokenTest extends BaseElytronTest {
protected RouteBuilder createRouteBuilder() throws Exception {
return new RouteBuilder() {
public void configure() {
- from("elytron:http://localhost:{{port}}/myapp?allowedRoles=user")
+ from("undertow:http://localhost:{{port}}/myapp?allowedRoles=user")
.transform(simple("Hello ${in.header.securityIdentity.principal}!"));
}
};
diff --git a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java
index e7c8244..8cfd0d4 100644
--- a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java
+++ b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java
@@ -1299,18 +1299,6 @@ public interface ComponentsBuilderFactory {
return org.apache.camel.builder.component.dsl.ElsqlComponentBuilderFactory.elsql();
}
/**
- * Elytron (camel-elytron)
- * The elytron component is allows you to work with the Elytron Security
- * Framework
- *
- * Category: http
- * Since: 3.1
- * Maven coordinates: org.apache.camel:camel-elytron
- */
- static org.apache.camel.builder.component.dsl.ElytronComponentBuilderFactory.ElytronComponentBuilder elytron() {
- return org.apache.camel.builder.component.dsl.ElytronComponentBuilderFactory.elytron();
- }
- /**
* Etcd Keys (camel-etcd)
* Camel Etcd support
*
diff --git a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
index b6947c0..e69de29 100644
--- a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
+++ b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
@@ -1,297 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.builder.component.dsl;
-
-import javax.annotation.Generated;
-import org.apache.camel.Component;
-import org.apache.camel.builder.component.AbstractComponentBuilder;
-import org.apache.camel.builder.component.ComponentBuilder;
-import org.apache.camel.component.elytron.ElytronComponent;
-
-/**
- * The elytron component is allows you to work with the Elytron Security
- * Framework
- *
- * Generated by camel-package-maven-plugin - do not edit this file!
- */
-@Generated("org.apache.camel.maven.packaging.ComponentDslMojo")
-public interface ElytronComponentBuilderFactory {
-
- /**
- * Elytron (camel-elytron)
- * The elytron component is allows you to work with the Elytron Security
- * Framework
- *
- * Category: http
- * Since: 3.1
- * Maven coordinates: org.apache.camel:camel-elytron
- */
- static ElytronComponentBuilder elytron() {
- return new ElytronComponentBuilderImpl();
- }
-
- /**
- * Builder for the Elytron component.
- */
- interface ElytronComponentBuilder
- extends
- ComponentBuilder<ElytronComponent> {
- /**
- * Allows for bridging the consumer to the Camel routing Error Handler,
- * which mean any exceptions occurred while the consumer is trying to
- * pickup incoming messages, or the likes, will now be processed as a
- * message and handled by the routing Error Handler. By default the
- * consumer will use the org.apache.camel.spi.ExceptionHandler to deal
- * with exceptions, that will be logged at WARN or ERROR level and
- * ignored.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: consumer
- */
- default ElytronComponentBuilder bridgeErrorHandler(
- boolean bridgeErrorHandler) {
- doSetProperty("bridgeErrorHandler", bridgeErrorHandler);
- return this;
- }
- /**
- * If enabled and an Exchange failed processing on the consumer side the
- * response's body won't contain the exception's stack trace.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: consumer
- */
- default ElytronComponentBuilder muteException(boolean muteException) {
- doSetProperty("muteException", muteException);
- return this;
- }
- /**
- * Whether the producer should be started lazy (on the first message).
- * By starting lazy you can use this to allow CamelContext and routes to
- * startup in situations where a producer may otherwise fail during
- * starting and cause the route to fail being started. By deferring this
- * startup to be lazy then the startup failure can be handled during
- * routing messages via Camel's routing error handlers. Beware that when
- * the first message is processed then creating and starting the
- * producer may take a little time and prolong the total processing time
- * of the processing.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: producer
- */
- default ElytronComponentBuilder lazyStartProducer(
- boolean lazyStartProducer) {
- doSetProperty("lazyStartProducer", lazyStartProducer);
- return this;
- }
- /**
- * Whether the component should use basic property binding (Camel 2.x)
- * or the newer property binding with additional capabilities.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: advanced
- */
- default ElytronComponentBuilder basicPropertyBinding(
- boolean basicPropertyBinding) {
- doSetProperty("basicPropertyBinding", basicPropertyBinding);
- return this;
- }
- /**
- * Elytron security provider, has to support mechanism from parameter
- * mechanismName.
- *
- * The option is a:
- * <code>org.wildfly.security.WildFlyElytronBaseProvider</code> type.
- *
- * Default: instance of WildFlyElytronHttpBearerProvider
- * Group: advanced
- */
- default ElytronComponentBuilder elytronProvider(
- org.wildfly.security.WildFlyElytronBaseProvider elytronProvider) {
- doSetProperty("elytronProvider", elytronProvider);
- return this;
- }
- /**
- * To configure common options, such as thread pools.
- *
- * The option is a:
- * <code>org.apache.camel.component.undertow.UndertowHostOptions</code>
- * type.
- *
- * Group: advanced
- */
- default ElytronComponentBuilder hostOptions(
- org.apache.camel.component.undertow.UndertowHostOptions hostOptions) {
- doSetProperty("hostOptions", hostOptions);
- return this;
- }
- /**
- * Name of the mechanism, which will be used for selection of
- * authentication mechanism.
- *
- * The option is a: <code>java.lang.String</code> type.
- *
- * Default: BEARER_TOKEN
- * Group: advanced
- */
- default ElytronComponentBuilder mechanismName(
- java.lang.String mechanismName) {
- doSetProperty("mechanismName", mechanismName);
- return this;
- }
- /**
- * Definition of Builder, which will be used for creation of security
- * domain.
- *
- * The option is a:
- * <code>org.wildfly.security.auth.server.SecurityDomain.Builder</code>
- * type.
- *
- * Group: advanced
- */
- default ElytronComponentBuilder securityDomainBuilder(
- org.wildfly.security.auth.server.SecurityDomain.Builder securityDomainBuilder) {
- doSetProperty("securityDomainBuilder", securityDomainBuilder);
- return this;
- }
- /**
- * To use a custom HttpBinding to control the mapping between Camel
- * message and HttpClient.
- *
- * The option is a:
- * <code>org.apache.camel.component.undertow.UndertowHttpBinding</code>
- * type.
- *
- * Group: advanced
- */
- default ElytronComponentBuilder undertowHttpBinding(
- org.apache.camel.component.undertow.UndertowHttpBinding undertowHttpBinding) {
- doSetProperty("undertowHttpBinding", undertowHttpBinding);
- return this;
- }
- /**
- * Configuration used by UndertowSecurityProvider. Comma separated list
- * of allowed roles.
- *
- * The option is a: <code>java.lang.String</code> type.
- *
- * Group: security
- */
- default ElytronComponentBuilder allowedRoles(
- java.lang.String allowedRoles) {
- doSetProperty("allowedRoles", allowedRoles);
- return this;
- }
- /**
- * Configuration used by UndertowSecurityProvider. Security
- * configuration object for use from UndertowSecurityProvider.
- * Configuration is UndertowSecurityProvider specific. Each provider
- * decides, whether it accepts configuration.
- *
- * The option is a: <code>java.lang.Object</code> type.
- *
- * Group: security
- */
- default ElytronComponentBuilder securityConfiguration(
- java.lang.Object securityConfiguration) {
- doSetProperty("securityConfiguration", securityConfiguration);
- return this;
- }
- /**
- * Security provider allows plug in the provider, which will be used to
- * secure requests. SPI approach could be used too (component then finds
- * security provider using SPI).
- *
- * The option is a:
- * <code>org.apache.camel.component.undertow.spi.UndertowSecurityProvider</code> type.
- *
- * Group: security
- */
- default ElytronComponentBuilder securityProvider(
- org.apache.camel.component.undertow.spi.UndertowSecurityProvider securityProvider) {
- doSetProperty("securityProvider", securityProvider);
- return this;
- }
- /**
- * To configure security using SSLContextParameters.
- *
- * The option is a:
- * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type.
- *
- * Group: security
- */
- default ElytronComponentBuilder sslContextParameters(
- org.apache.camel.support.jsse.SSLContextParameters sslContextParameters) {
- doSetProperty("sslContextParameters", sslContextParameters);
- return this;
- }
- /**
- * Enable usage of global SSL context parameters.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: security
- */
- default ElytronComponentBuilder useGlobalSslContextParameters(
- boolean useGlobalSslContextParameters) {
- doSetProperty("useGlobalSslContextParameters", useGlobalSslContextParameters);
- return this;
- }
- }
-
- class ElytronComponentBuilderImpl
- extends
- AbstractComponentBuilder<ElytronComponent>
- implements
- ElytronComponentBuilder {
- @Override
- protected ElytronComponent buildConcreteComponent() {
- return new ElytronComponent();
- }
- @Override
- protected boolean setPropertyOnComponent(
- Component component,
- String name,
- Object value) {
- switch (name) {
- case "bridgeErrorHandler": ((ElytronComponent) component).setBridgeErrorHandler((boolean) value); return true;
- case "muteException": ((ElytronComponent) component).setMuteException((boolean) value); return true;
- case "lazyStartProducer": ((ElytronComponent) component).setLazyStartProducer((boolean) value); return true;
- case "basicPropertyBinding": ((ElytronComponent) component).setBasicPropertyBinding((boolean) value); return true;
- case "elytronProvider": ((ElytronComponent) component).setElytronProvider((org.wildfly.security.WildFlyElytronBaseProvider) value); return true;
- case "hostOptions": ((ElytronComponent) component).setHostOptions((org.apache.camel.component.undertow.UndertowHostOptions) value); return true;
- case "mechanismName": ((ElytronComponent) component).setMechanismName((java.lang.String) value); return true;
- case "securityDomainBuilder": ((ElytronComponent) component).setSecurityDomainBuilder((org.wildfly.security.auth.server.SecurityDomain.Builder) value); return true;
- case "undertowHttpBinding": ((ElytronComponent) component).setUndertowHttpBinding((org.apache.camel.component.undertow.UndertowHttpBinding) value); return true;
- case "allowedRoles": ((ElytronComponent) component).setAllowedRoles((java.lang.String) value); return true;
- case "securityConfiguration": ((ElytronComponent) component).setSecurityConfiguration((java.lang.Object) value); return true;
- case "securityProvider": ((ElytronComponent) component).setSecurityProvider((org.apache.camel.component.undertow.spi.UndertowSecurityProvider) value); return true;
- case "sslContextParameters": ((ElytronComponent) component).setSslContextParameters((org.apache.camel.support.jsse.SSLContextParameters) value); return true;
- case "useGlobalSslContextParameters": ((ElytronComponent) component).setUseGlobalSslContextParameters((boolean) value); return true;
- default: return false;
- }
- }
- }
-}
\ No newline at end of file
diff --git a/core/camel-componentdsl/src/generated/resources/metadata.json b/core/camel-componentdsl/src/generated/resources/metadata.json
index d55e077..af8d730 100644
--- a/core/camel-componentdsl/src/generated/resources/metadata.json
+++ b/core/camel-componentdsl/src/generated/resources/metadata.json
@@ -2189,26 +2189,6 @@
"artifactId": "camel-elsql",
"version": "3.2.0-SNAPSHOT"
},
- "ElytronComponentBuilderFactory": {
- "kind": "component",
- "scheme": "elytron",
- "extendsScheme": "undertow",
- "syntax": "elytron:httpURI",
- "title": "Elytron",
- "description": "The elytron component is allows you to work with the Elytron Security Framework",
- "label": "http",
- "deprecated": false,
- "deprecationNote": "http",
- "async": true,
- "consumerOnly": false,
- "producerOnly": false,
- "lenientProperties": true,
- "javaType": "org.apache.camel.component.elytron.ElytronComponent",
- "firstVersion": "3.1.0",
- "groupId": "org.apache.camel",
- "artifactId": "camel-elytron",
- "version": "3.2.0-SNAPSHOT"
- },
"EtcdKeysComponentBuilderFactory": {
"kind": "component",
"scheme": "etcd-keys",
diff --git a/docs/components/modules/ROOT/pages/elytron-component.adoc b/docs/components/modules/ROOT/pages/elytron-component.adoc
index 6aaca9a..010efbb 100644
--- a/docs/components/modules/ROOT/pages/elytron-component.adoc
+++ b/docs/components/modules/ROOT/pages/elytron-component.adoc
@@ -1,27 +1,35 @@
[[elytron-component]]
-= Elytron Component
+= Undertow Elytron Security Provider
:page-source: components/camel-elytron/src/main/docs/elytron-component.adoc
-*Since Camel 3.1*
+*Since Camel 3.2*
// HEADER START
-*Both producer and consumer is supported*
+*Replaces component camel-elytron*
// HEADER END
*OSGi is not supported*
-The Elytron component provides Elytron security over camel-undertow component.
-It extends camel-undertow component and adds several parameters.
-In componont it is securityDomainBuilder and mechanismName, in endpoint it is allowedRoles.
+The Elytron Security Provider provides Elytron security over camel-undertow component.
+It enables camel-undertow component use Elytron security capabilities.
+To force camel-undertow to use elytron security provider, add elytron security provider library
+on classpath and provide instance of ElytronSercurityConfiguration as `securityConfiguration`
+parameter into camel-undertow component or provide both `securityConfiguration` and `securityProvider`
+into camel-undertow component.
-User has to define its SecurityDomain.Builder, which will be used for creation of security domain.
-MechanismName then allows to define mechanism, which will take care of authentication from security context.
-(MechanismName should be selected with regard to default securityRealm. For example: to use bearer_token security, mechanism name has to be "BEARER_TOKEN"
-and realm has to be TokenSecurityRealm.)
-ElytronProvider has to be defined with respect of mechnismName.
+Configuration has to provide all 3 security attributes:
+[width="100%"]
+|===
+| Name | Description | Type
+| *domainBuilder* | Builder for security domain. | SecurityDomain.Builder
+| *mechanismName* | MechanismName should be selected with regard to default securityRealm. For
+example: to use bearer_token security, mechanism name has to be "BEARER_TOKEN" and realm has to be
+TokenSecurityReal | String
+|===
-Each exchange created by Elytron endpoint contains header 'securityIdentity' with current Elytron's secrity identity as value.
-('org.wildfly.security.auth.server.SecurityIdentity')
+Each exchange created by Undertow endpoint with Elytron security contains header 'securityIdentity'
+with current Elytron's security identity as value.
+('org.wildfly.security.auth.server.SecurityIdentity') or is FORBIDDEN (status code 403)
Maven users will need to add the following dependency to their `pom.xml`
for this component:
@@ -36,102 +44,3 @@ for this component:
</dependency>
----
-== URI format
-
-[source,text]
-----
-elytron:http://hostname[:port][/resourceUri][?options]
-elytron:https://hostname[:port][/resourceUri][?options]
-----
-
-You can append query options to the URI in the following format,
-`?option=value&option=value&...`
-
-== Options
-
-// component options: START
-The Elytron component supports 14 options, which are listed below.
-
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean
-| *muteException* (consumer) | If enabled and an Exchange failed processing on the consumer side the response's body won't contain the exception's stack trace. | false | boolean
-| *lazyStartProducer* (producer) | Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and [...]
-| *basicPropertyBinding* (advanced) | Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | boolean
-| *elytronProvider* (advanced) | Elytron security provider, has to support mechanism from parameter mechanismName. | instance of WildFlyElytronHttpBearerProvider | WildFlyElytronBaseProvider
-| *hostOptions* (advanced) | To configure common options, such as thread pools | | UndertowHostOptions
-| *mechanismName* (advanced) | Name of the mechanism, which will be used for selection of authentication mechanism. | BEARER_TOKEN | String
-| *securityDomainBuilder* (advanced) | *Required* Definition of Builder, which will be used for creation of security domain. | | Builder
-| *undertowHttpBinding* (advanced) | To use a custom HttpBinding to control the mapping between Camel message and HttpClient. | | UndertowHttpBinding
-| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider. Comma separated list of allowed roles. | | String
-| *securityConfiguration* (security) | Configuration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides, whether it accepts configuration. | | Object
-| *securityProvider* (security) | Security provider allows plug in the provider, which will be used to secure requests. SPI approach could be used too (component then finds security provider using SPI). | | UndertowSecurityProvider
-| *sslContextParameters* (security) | To configure security using SSLContextParameters | | SSLContextParameters
-| *useGlobalSslContextParameters* (security) | Enable usage of global SSL context parameters. | false | boolean
-|===
-// component options: END
-
-
-// endpoint options: START
-The Elytron endpoint is configured using URI syntax:
-
-----
-elytron:httpURI
-----
-
-with the following path and query parameters:
-
-=== Path Parameters (1 parameters):
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *httpURI* | *Required* The url of the HTTP endpoint to use. | | URI
-|===
-
-
-=== Query Parameters (31 parameters):
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *useStreaming* (common) | For HTTP endpoint: if true, text and binary messages will be wrapped as java.io.InputStream before they are passed to an Exchange; otherwise they will be passed as byte. For WebSocket endpoint: if true, text and binary messages will be wrapped as java.io.Reader and java.io.InputStream respectively before they are passed to an Exchange; otherwise they will be passed as String and byte respectively. | false | boolean
-| *accessLog* (consumer) | Whether or not the consumer should write access log | false | Boolean
-| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean
-| *httpMethodRestrict* (consumer) | Used to only allow consuming if the HttpMethod matches, such as GET/POST/PUT etc. Multiple methods can be specified separated by comma. | | String
-| *matchOnUriPrefix* (consumer) | Whether or not the consumer should try to find a target consumer by matching the URI prefix if no exact match is found. | false | Boolean
-| *muteException* (consumer) | If enabled and an Exchange failed processing on the consumer side the response's body won't contain the exception's stack trace. | false | Boolean
-| *optionsEnabled* (consumer) | Specifies whether to enable HTTP OPTIONS for this Servlet consumer. By default OPTIONS is turned off. | false | boolean
-| *exceptionHandler* (consumer) | To let the consumer use a custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this option is not in use. By default the consumer will deal with exceptions, that will be logged at WARN or ERROR level and ignored. | | ExceptionHandler
-| *exchangePattern* (consumer) | Sets the exchange pattern when the consumer creates an exchange. The value can be one of: InOnly, InOut, InOptionalOut | | ExchangePattern
-| *handlers* (consumer) | Specifies a comma-delimited set of io.undertow.server.HttpHandler instances to lookup in your Registry. These handlers are added to the Undertow handler chain (for example, to add security). Important: You can not use different handlers with different Undertow endpoints using the same port number. The handlers is associated to the port number. If you need different handlers, then use different port numbers. | | String
-| *cookieHandler* (producer) | Configure a cookie handler to maintain a HTTP session | | CookieHandler
-| *keepAlive* (producer) | Setting to ensure socket is not closed due to inactivity | true | Boolean
-| *lazyStartProducer* (producer) | Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and [...]
-| *options* (producer) | Sets additional channel options. The options that can be used are defined in org.xnio.Options. To configure from endpoint uri, then prefix each option with option., such as option.close-abort=true&option.send-buffer=8192 | | Map
-| *preserveHostHeader* (producer) | If the option is true, UndertowProducer will set the Host header to the value contained in the current exchange Host header, useful in reverse proxy applications where you want the Host header received by the downstream server to reflect the URL called by the upstream client, this allows applications which use the Host header to generate accurate URL's for a proxied service. | true | boolean
-| *reuseAddresses* (producer) | Setting to facilitate socket multiplexing | true | Boolean
-| *tcpNoDelay* (producer) | Setting to improve TCP protocol performance | true | Boolean
-| *throwExceptionOnFailure* (producer) | Option to disable throwing the HttpOperationFailedException in case of failed responses from the remote server. This allows you to get all responses regardless of the HTTP status code. | true | Boolean
-| *transferException* (producer) | If enabled and an Exchange failed processing on the consumer side and if the caused Exception was send back serialized in the response as a application/x-java-serialized-object content type. On the producer side the exception will be deserialized and thrown as is instead of the HttpOperationFailedException. The caused exception is required to be serialized. This is by default turned off. If you enable this then be aware that Java will deserialize the in [...]
-| *accessLogReceiver* (advanced) | Which Undertow AccessLogReciever should be used Will use JBossLoggingAccessLogReceiver if not specifid | | AccessLogReceiver
-| *basicPropertyBinding* (advanced) | Whether the endpoint should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | boolean
-| *headerFilterStrategy* (advanced) | To use a custom HeaderFilterStrategy to filter header to and from Camel message. | | HeaderFilterStrategy
-| *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
-| *undertowHttpBinding* (advanced) | To use a custom UndertowHttpBinding to control the mapping between Camel message and undertow. | | UndertowHttpBinding
-| *allowedRoles* (security) | List of allowed roles in String format | | String
-| *securityConfiguration* (security) | OConfiguration used by UndertowSecurityProvider. Security configuration object for use from UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific. Each provider decides whether accepts configuration. | | Object
-| *securityProvider* (security) | Security provider allows plug in the provider, which will be used to secure requests. SPI approach could be used too (endpoint then finds security provider using SPI). | | UndertowSecurityProvider
-| *sslContextParameters* (security) | To configure security using SSLContextParameters | | SSLContextParameters
-| *fireWebSocketChannelEvents* (websocket) | if true, the consumer will post notifications to the route when a new WebSocket peer connects, disconnects, etc. See UndertowConstants.EVENT_TYPE and EventType. | false | boolean
-| *sendTimeout* (websocket) | Timeout in milliseconds when sending to a websocket channel. The default timeout is 30000 (30 seconds). | 30000 | Integer
-| *sendToAll* (websocket) | To send to all websocket subscribers. Can be used to configure on endpoint level, instead of having to use the UndertowConstants.SEND_TO_ALL header on the message. | | Boolean
-|===
-// endpoint options: END
-
-include::camel-spring-boot::page$elytron-starter.adoc[]
diff --git a/docs/components/modules/ROOT/pages/index.adoc b/docs/components/modules/ROOT/pages/index.adoc
index 20180bf..22fb0a6 100644
--- a/docs/components/modules/ROOT/pages/index.adoc
+++ b/docs/components/modules/ROOT/pages/index.adoc
@@ -11,7 +11,7 @@ Below is the list of components that are provided by Apache Camel.
== List of Components
// components: START
-Number of Components: 332 in 265 JAR artifacts (1 deprecated)
+Number of Components: 331 in 264 JAR artifacts (1 deprecated)
[width="100%",cols="4,1,5",options="header"]
|===
@@ -223,8 +223,6 @@ Number of Components: 332 in 265 JAR artifacts (1 deprecated)
| xref:elsql-component.adoc[ElSQL] (camel-elsql) | 2.16 | The elsql component is an extension to the existing SQL Component that uses ElSql to define the SQL queries.
-| xref:elytron-component.adoc[Elytron] (camel-elytron) | 3.1 | The elytron component is allows you to work with the Elytron Security Framework
-
| xref:etcd-keys-component.adoc[Etcd Keys] (camel-etcd) | 2.18 | Camel Etcd support
| xref:etcd-stats-component.adoc[Etcd Stats] (camel-etcd) | 2.18 | The camel etcd component allows you to work with Etcd, a distributed reliable key-value store.