You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@camel.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2013/12/18 15:00:08 UTC

[jira] [Created] (CAMEL-7079) Improvements to camel-shiro's ShiroSecurityProcessor

Colm O hEigeartaigh created CAMEL-7079:
------------------------------------------

             Summary: Improvements to camel-shiro's ShiroSecurityProcessor
                 Key: CAMEL-7079
                 URL: https://issues.apache.org/jira/browse/CAMEL-7079
             Project: Camel
          Issue Type: Improvement
            Reporter: Colm O hEigeartaigh
         Attachments: camel.patch.1, camel.patch.2


I am attaching two different patches for some improvements to the ShiroSecurityProcessor in Camel's camel-shiro component. I'd like some feedback on which patch should apply.

The scenario is that a ShiroSecurityToken object is retrieved in the ShiroSecurityProcessor. Currently, this object is first encrypted, and then decrypted, before authentication/authorization checking applies. 

a) Patch "1" makes no change to the current functionality of the processor, but provides a performance improvement to avoid encrypting + decrypting a ShiroSecurityToken object. We only need to decrypt a "String" or "ByteSource" header, not a ShiroSecurityToken object.

b) Patch "2" follows the old pattern of encrypting + decrypting the ShiroSecurityToken object, but replaces the unencrypted token in the exchange, with the subsequent encrypted token. This may help avoid unintentional propagation of plaintext values in subsequent communications.

The tests all pass with both approaches. 





--
This message was sent by Atlassian JIRA
(v6.1.4#6159)