You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by je...@apache.org on 2021/08/05 20:33:15 UTC
[camel] branch main updated: CAMEL-16851: camel-salesforce: JWT
audience configurable.
This is an automated email from the ASF dual-hosted git repository.
jeremyross pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new c731e25 CAMEL-16851: camel-salesforce: JWT audience configurable.
c731e25 is described below
commit c731e25a8579c25599ddb8e62358185c4e6d39d2
Author: Jeremy Ross <je...@gmail.com>
AuthorDate: Thu Aug 5 15:30:36 2021 -0500
CAMEL-16851: camel-salesforce: JWT audience configurable.
---
.../camel/catalog/docs/salesforce-component.adoc | 8 ++------
.../salesforce/SalesforceComponentConfigurer.java | 6 ++++++
.../apache/camel/component/salesforce/salesforce.json | 1 +
.../src/main/docs/salesforce-component.adoc | 8 ++------
.../component/salesforce/SalesforceComponent.java | 14 ++++++++++++++
.../component/salesforce/SalesforceLoginConfig.java | 14 +++++++++++++-
.../salesforce/internal/SalesforceSession.java | 3 ++-
.../dsl/SalesforceComponentBuilderFactory.java | 18 ++++++++++++++++++
.../modules/ROOT/pages/salesforce-component.adoc | 8 ++------
9 files changed, 60 insertions(+), 20 deletions(-)
diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs/salesforce-component.adoc b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs/salesforce-component.adoc
index f867807..727c344 100644
--- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs/salesforce-component.adoc
+++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs/salesforce-component.adoc
@@ -39,10 +39,7 @@ setup your environment for running integration tests.
// component options: START
-== Component Options
-
-
-The Salesforce component supports 84 options, which are listed below.
+The Salesforce component supports 85 options, which are listed below.
@@ -124,6 +121,7 @@ The Salesforce component supports 84 options, which are listed below.
| *httpProxyUseDigestAuth* (security) | If set to true Digest authentication will be used when authenticating to the HTTP proxy, otherwise Basic authorization method will be used | false | boolean
| *httpProxyUsername* (security) | Username to use to authenticate against the HTTP proxy server. | | String
| *instanceUrl* (security) | URL of the Salesforce instance used after authentication, by default received from Salesforce on successful authentication | | String
+| *jwtAudience* (security) | Value to use for the Audience claim (aud) when using OAuth JWT flow. If not set, the login URL will be used, which is appropriate in most cases. | | String
| *keystore* (security) | KeyStore parameters to use in OAuth JWT flow. The KeyStore should contain only one entry with private key and certificate. Salesforce does not verify the certificate chain, so this can easily be a selfsigned certificate. Make sure that you upload the certificate to the corresponding connected app. | | KeyStoreParameters
| *lazyLogin* (security) | If set to true prevents the component from authenticating to Salesforce with the start of the component. You would generally set this to the (default) false and authenticate early and be immediately aware of any authentication issues. | false | boolean
| *loginConfig* (security) | All authentication configuration in one nested bean, all properties set there can be set directly on the component as well | | SalesforceLoginConfig
@@ -136,8 +134,6 @@ The Salesforce component supports 84 options, which are listed below.
|===
// component options: END
// endpoint options: START
-== Endpoint Options
-
The Salesforce endpoint is configured using URI syntax:
----
diff --git a/components/camel-salesforce/camel-salesforce-component/src/generated/java/org/apache/camel/component/salesforce/SalesforceComponentConfigurer.java b/components/camel-salesforce/camel-salesforce-component/src/generated/java/org/apache/camel/component/salesforce/SalesforceComponentConfigurer.java
index 281478f..8d4192a 100644
--- a/components/camel-salesforce/camel-salesforce-component/src/generated/java/org/apache/camel/component/salesforce/SalesforceComponentConfigurer.java
+++ b/components/camel-salesforce/camel-salesforce-component/src/generated/java/org/apache/camel/component/salesforce/SalesforceComponentConfigurer.java
@@ -104,6 +104,8 @@ public class SalesforceComponentConfigurer extends PropertyConfigurerSupport imp
case "instanceUrl": target.setInstanceUrl(property(camelContext, java.lang.String.class, value)); return true;
case "jobid":
case "jobId": getOrCreateConfig(target).setJobId(property(camelContext, java.lang.String.class, value)); return true;
+ case "jwtaudience":
+ case "jwtAudience": target.setJwtAudience(property(camelContext, java.lang.String.class, value)); return true;
case "keystore": target.setKeystore(property(camelContext, org.apache.camel.support.jsse.KeyStoreParameters.class, value)); return true;
case "lazylogin":
case "lazyLogin": target.setLazyLogin(property(camelContext, boolean.class, value)); return true;
@@ -273,6 +275,8 @@ public class SalesforceComponentConfigurer extends PropertyConfigurerSupport imp
case "instanceUrl": return java.lang.String.class;
case "jobid":
case "jobId": return java.lang.String.class;
+ case "jwtaudience":
+ case "jwtAudience": return java.lang.String.class;
case "keystore": return org.apache.camel.support.jsse.KeyStoreParameters.class;
case "lazylogin":
case "lazyLogin": return boolean.class;
@@ -443,6 +447,8 @@ public class SalesforceComponentConfigurer extends PropertyConfigurerSupport imp
case "instanceUrl": return target.getInstanceUrl();
case "jobid":
case "jobId": return getOrCreateConfig(target).getJobId();
+ case "jwtaudience":
+ case "jwtAudience": return target.getJwtAudience();
case "keystore": return target.getKeystore();
case "lazylogin":
case "lazyLogin": return target.isLazyLogin();
diff --git a/components/camel-salesforce/camel-salesforce-component/src/generated/resources/org/apache/camel/component/salesforce/salesforce.json b/components/camel-salesforce/camel-salesforce-component/src/generated/resources/org/apache/camel/component/salesforce/salesforce.json
index 735feae..1bfb9ae 100644
--- a/components/camel-salesforce/camel-salesforce-component/src/generated/resources/org/apache/camel/component/salesforce/salesforce.json
+++ b/components/camel-salesforce/camel-salesforce-component/src/generated/resources/org/apache/camel/component/salesforce/salesforce.json
@@ -98,6 +98,7 @@
"httpProxyUseDigestAuth": { "kind": "property", "displayName": "Http Proxy Use Digest Auth", "group": "security", "label": "common,proxy,security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "If set to true Digest authentication will be used when authenticating to the HTTP proxy, otherwise Basic authorization method will be used" },
"httpProxyUsername": { "kind": "property", "displayName": "Http Proxy Username", "group": "security", "label": "common,proxy,security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "description": "Username to use to authenticate against the HTTP proxy server." },
"instanceUrl": { "kind": "property", "displayName": "Instance Url", "group": "security", "label": "common,security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "description": "URL of the Salesforce instance used after authentication, by default received from Salesforce on successful authentication" },
+ "jwtAudience": { "kind": "property", "displayName": "Jwt Audience", "group": "security", "label": "common,security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "description": "Value to use for the Audience claim (aud) when using OAuth JWT flow. If not set, the login URL will be used, which is appropriate in most cases." },
"keystore": { "kind": "property", "displayName": "Keystore", "group": "security", "label": "common,security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.KeyStoreParameters", "deprecated": false, "autowired": false, "secret": true, "description": "KeyStore parameters to use in OAuth JWT flow. The KeyStore should contain only one entry with private key and certificate. Salesforce does not verify the certificate chain, so this can easily be a selfsig [...]
"lazyLogin": { "kind": "property", "displayName": "Lazy Login", "group": "security", "label": "common,security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "If set to true prevents the component from authenticating to Salesforce with the start of the component. You would generally set this to the (default) false and authenticate early and be immediately aware of any authe [...]
"loginConfig": { "kind": "property", "displayName": "Login Config", "group": "security", "label": "common,security", "required": false, "type": "object", "javaType": "org.apache.camel.component.salesforce.SalesforceLoginConfig", "deprecated": false, "autowired": false, "secret": false, "description": "All authentication configuration in one nested bean, all properties set there can be set directly on the component as well" },
diff --git a/components/camel-salesforce/camel-salesforce-component/src/main/docs/salesforce-component.adoc b/components/camel-salesforce/camel-salesforce-component/src/main/docs/salesforce-component.adoc
index f867807..727c344 100644
--- a/components/camel-salesforce/camel-salesforce-component/src/main/docs/salesforce-component.adoc
+++ b/components/camel-salesforce/camel-salesforce-component/src/main/docs/salesforce-component.adoc
@@ -39,10 +39,7 @@ setup your environment for running integration tests.
// component options: START
-== Component Options
-
-
-The Salesforce component supports 84 options, which are listed below.
+The Salesforce component supports 85 options, which are listed below.
@@ -124,6 +121,7 @@ The Salesforce component supports 84 options, which are listed below.
| *httpProxyUseDigestAuth* (security) | If set to true Digest authentication will be used when authenticating to the HTTP proxy, otherwise Basic authorization method will be used | false | boolean
| *httpProxyUsername* (security) | Username to use to authenticate against the HTTP proxy server. | | String
| *instanceUrl* (security) | URL of the Salesforce instance used after authentication, by default received from Salesforce on successful authentication | | String
+| *jwtAudience* (security) | Value to use for the Audience claim (aud) when using OAuth JWT flow. If not set, the login URL will be used, which is appropriate in most cases. | | String
| *keystore* (security) | KeyStore parameters to use in OAuth JWT flow. The KeyStore should contain only one entry with private key and certificate. Salesforce does not verify the certificate chain, so this can easily be a selfsigned certificate. Make sure that you upload the certificate to the corresponding connected app. | | KeyStoreParameters
| *lazyLogin* (security) | If set to true prevents the component from authenticating to Salesforce with the start of the component. You would generally set this to the (default) false and authenticate early and be immediately aware of any authentication issues. | false | boolean
| *loginConfig* (security) | All authentication configuration in one nested bean, all properties set there can be set directly on the component as well | | SalesforceLoginConfig
@@ -136,8 +134,6 @@ The Salesforce component supports 84 options, which are listed below.
|===
// component options: END
// endpoint options: START
-== Endpoint Options
-
The Salesforce endpoint is configured using URI syntax:
----
diff --git a/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceComponent.java b/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceComponent.java
index 5955082..a4fcd33 100644
--- a/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceComponent.java
+++ b/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceComponent.java
@@ -146,6 +146,11 @@ public class SalesforceComponent extends DefaultComponent implements SSLContextP
label = "common,security", secret = true)
private KeyStoreParameters keystore;
+ @Metadata(description = "Value to use for the Audience claim (aud) when using OAuth JWT flow. If not set, the login URL will be used, which is"
+ + " appropriate in most cases.",
+ label = "common,security")
+ private String jwtAudience;
+
@Metadata(description = "Explicit authentication method to be used, one of USERNAME_PASSWORD, REFRESH_TOKEN or JWT."
+ " Salesforce component can auto-determine the authentication method to use from the properties set, set this "
+ " property to eliminate any ambiguity.",
@@ -362,6 +367,7 @@ public class SalesforceComponent extends DefaultComponent implements SSLContextP
loginConfig.setClientId(clientId);
loginConfig.setClientSecret(clientSecret);
loginConfig.setKeystore(keystore);
+ loginConfig.setJwtAudience(jwtAudience);
loginConfig.setLazyLogin(lazyLogin);
loginConfig.setLoginUrl(loginUrl);
loginConfig.setPassword(password);
@@ -522,6 +528,14 @@ public class SalesforceComponent extends DefaultComponent implements SSLContextP
return keystore;
}
+ public String getJwtAudience() {
+ return jwtAudience;
+ }
+
+ public void setJwtAudience(String jwtAudience) {
+ this.jwtAudience = jwtAudience;
+ }
+
public String getRefreshToken() {
return refreshToken;
}
diff --git a/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceLoginConfig.java b/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceLoginConfig.java
index 2c24486..c97a9cc 100644
--- a/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceLoginConfig.java
+++ b/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceLoginConfig.java
@@ -40,6 +40,7 @@ public class SalesforceLoginConfig {
private boolean lazyLogin;
private KeyStoreParameters keystore;
+ private String jwtAudience;
public SalesforceLoginConfig() {
loginUrl = DEFAULT_LOGIN_URL;
@@ -128,6 +129,17 @@ public class SalesforceLoginConfig {
return keystore;
}
+ /**
+ * If not null, used as Audience (aud) value for OAuth JWT flow
+ */
+ public void setJwtAudience(String jwtAudience) {
+ this.jwtAudience = jwtAudience;
+ }
+
+ public String getJwtAudience() {
+ return jwtAudience;
+ }
+
public String getRefreshToken() {
return refreshToken;
}
@@ -244,7 +256,7 @@ public class SalesforceLoginConfig {
return "SalesforceLoginConfig[" + "instanceUrl= '" + instanceUrl + "', loginUrl='" + loginUrl + '\'' + ","
+ "clientId='" + clientId + '\'' + ", clientSecret='********'"
+ ", refreshToken='" + refreshToken + '\'' + ", userName='" + userName + '\'' + ", password=********'"
- + ", keystore=********'"
+ + ", keystore=********', audience='" + jwtAudience + '\'' + ","
+ ", lazyLogin=" + lazyLogin + ']';
}
}
diff --git a/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/internal/SalesforceSession.java b/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/internal/SalesforceSession.java
index 0c3a408..a600ef1 100644
--- a/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/internal/SalesforceSession.java
+++ b/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/internal/SalesforceSession.java
@@ -188,10 +188,11 @@ public class SalesforceSession extends ServiceSupport {
String generateJwtAssertion() {
final long utcPlusWindow = Clock.systemUTC().millis() / 1000 + JWT_CLAIM_WINDOW;
+ final String audience = config.getJwtAudience() != null ? config.getJwtAudience() : config.getLoginUrl();
final StringBuilder claim = new StringBuilder().append("{\"iss\":\"").append(config.getClientId())
.append("\",\"sub\":\"").append(config.getUserName())
- .append("\",\"aud\":\"").append(config.getLoginUrl()).append("\",\"exp\":\"").append(utcPlusWindow)
+ .append("\",\"aud\":\"").append(audience).append("\",\"exp\":\"").append(utcPlusWindow)
.append("\"}");
final StringBuilder token = new StringBuilder(JWT_HEADER).append('.')
diff --git a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/SalesforceComponentBuilderFactory.java b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/SalesforceComponentBuilderFactory.java
index 7a4a8c6..6e0cce7 100644
--- a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/SalesforceComponentBuilderFactory.java
+++ b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/SalesforceComponentBuilderFactory.java
@@ -1268,6 +1268,23 @@ public interface SalesforceComponentBuilderFactory {
return this;
}
/**
+ * Value to use for the Audience claim (aud) when using OAuth JWT flow.
+ * If not set, the login URL will be used, which is appropriate in most
+ * cases.
+ *
+ * The option is a: <code>java.lang.String</code> type.
+ *
+ * Group: security
+ *
+ * @param jwtAudience the value to set
+ * @return the dsl builder
+ */
+ default SalesforceComponentBuilder jwtAudience(
+ java.lang.String jwtAudience) {
+ doSetProperty("jwtAudience", jwtAudience);
+ return this;
+ }
+ /**
* KeyStore parameters to use in OAuth JWT flow. The KeyStore should
* contain only one entry with private key and certificate. Salesforce
* does not verify the certificate chain, so this can easily be a
@@ -1525,6 +1542,7 @@ public interface SalesforceComponentBuilderFactory {
case "httpProxyUseDigestAuth": ((SalesforceComponent) component).setHttpProxyUseDigestAuth((boolean) value); return true;
case "httpProxyUsername": ((SalesforceComponent) component).setHttpProxyUsername((java.lang.String) value); return true;
case "instanceUrl": ((SalesforceComponent) component).setInstanceUrl((java.lang.String) value); return true;
+ case "jwtAudience": ((SalesforceComponent) component).setJwtAudience((java.lang.String) value); return true;
case "keystore": ((SalesforceComponent) component).setKeystore((org.apache.camel.support.jsse.KeyStoreParameters) value); return true;
case "lazyLogin": ((SalesforceComponent) component).setLazyLogin((boolean) value); return true;
case "loginConfig": ((SalesforceComponent) component).setLoginConfig((org.apache.camel.component.salesforce.SalesforceLoginConfig) value); return true;
diff --git a/docs/components/modules/ROOT/pages/salesforce-component.adoc b/docs/components/modules/ROOT/pages/salesforce-component.adoc
index adde9af..b534602 100644
--- a/docs/components/modules/ROOT/pages/salesforce-component.adoc
+++ b/docs/components/modules/ROOT/pages/salesforce-component.adoc
@@ -41,10 +41,7 @@ setup your environment for running integration tests.
// component options: START
-== Component Options
-
-
-The Salesforce component supports 84 options, which are listed below.
+The Salesforce component supports 85 options, which are listed below.
@@ -126,6 +123,7 @@ The Salesforce component supports 84 options, which are listed below.
| *httpProxyUseDigestAuth* (security) | If set to true Digest authentication will be used when authenticating to the HTTP proxy, otherwise Basic authorization method will be used | false | boolean
| *httpProxyUsername* (security) | Username to use to authenticate against the HTTP proxy server. | | String
| *instanceUrl* (security) | URL of the Salesforce instance used after authentication, by default received from Salesforce on successful authentication | | String
+| *jwtAudience* (security) | Value to use for the Audience claim (aud) when using OAuth JWT flow. If not set, the login URL will be used, which is appropriate in most cases. | | String
| *keystore* (security) | KeyStore parameters to use in OAuth JWT flow. The KeyStore should contain only one entry with private key and certificate. Salesforce does not verify the certificate chain, so this can easily be a selfsigned certificate. Make sure that you upload the certificate to the corresponding connected app. | | KeyStoreParameters
| *lazyLogin* (security) | If set to true prevents the component from authenticating to Salesforce with the start of the component. You would generally set this to the (default) false and authenticate early and be immediately aware of any authentication issues. | false | boolean
| *loginConfig* (security) | All authentication configuration in one nested bean, all properties set there can be set directly on the component as well | | SalesforceLoginConfig
@@ -138,8 +136,6 @@ The Salesforce component supports 84 options, which are listed below.
|===
// component options: END
// endpoint options: START
-== Endpoint Options
-
The Salesforce endpoint is configured using URI syntax:
----