You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@camel.apache.org by Glen Mazza <gm...@talend.com> on 2011/12/09 16:22:48 UTC

intended scope of CamelAuthorizationException?

Hello, org.apache.camel.CamelAuthorizationException[1] was missing a 
JavaDoc header comment, I added a generic but possibly inaccurate one in 
the latest patch that Claus applied (it's viewable here[1] now).

Question: What's the purpose of this exception--is it purely for (a) 
*authorization* errors (person is Bob alright but he's not allowed to 
eat any of the cookies) or for (b) *authentication* errors (no, that 
person isn't even Bob) or (c) either?  The present method 
implementations appear to indicate it's for authentication and 
(possibly) not authorization issues.

Thanks,
Glen

[1] 
http://svn.apache.org/viewvc/camel/trunk/camel-core/src/main/java/org/apache/camel/CamelAuthorizationException.java?view=markup

-- 
Glen Mazza
Talend Community Coders
http://coders.talend.com
blog: http://www.jroller.com/gmazza

Re: intended scope of CamelAuthorizationException?

Posted by Claus Ibsen <cl...@gmail.com>.

Hi

Its used by camel-shiro and camel-spring-security, where you can
define a security policy in the DSL.
There is a AuthorizationPolicy in the SPI package in camel-core.

I guess its intend is to be used when an user is denied an action, and
Camel should not process the message,
whether that deny was due authorization or authentication error.

However as always maybe it needs to be better documented, or we need
more fine grained exceptions?

Any thoughts?


On Fri, Dec 9, 2011 at 4:22 PM, Glen Mazza <gm...@talend.com> wrote:
> Hello, org.apache.camel.CamelAuthorizationException[1] was missing a JavaDoc
> header comment, I added a generic but possibly inaccurate one in the latest
> patch that Claus applied (it's viewable here[1] now).
>
> Question: What's the purpose of this exception--is it purely for (a)
> *authorization* errors (person is Bob alright but he's not allowed to eat
> any of the cookies) or for (b) *authentication* errors (no, that person
> isn't even Bob) or (c) either?  The present method implementations appear to
> indicate it's for authentication and (possibly) not authorization issues.
>
> Thanks,
> Glen
>
> [1]
> http://svn.apache.org/viewvc/camel/trunk/camel-core/src/main/java/org/apache/camel/CamelAuthorizationException.java?view=markup
>
> --
> Glen Mazza
> Talend Community Coders
> http://coders.talend.com
> blog: http://www.jroller.com/gmazza
>



-- 
Claus Ibsen
-----------------
FuseSource
Email: cibsen@fusesource.com
Web: http://fusesource.com
Twitter: davsclaus, fusenews
Blog: http://davsclaus.blogspot.com/
Author of Camel in Action: http://www.manning.com/ibsen/