You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2013/12/18 15:00:08 UTC
[jira] [Created] (CAMEL-7079) Improvements to camel-shiro's
ShiroSecurityProcessor
Colm O hEigeartaigh created CAMEL-7079:
------------------------------------------
Summary: Improvements to camel-shiro's ShiroSecurityProcessor
Key: CAMEL-7079
URL: https://issues.apache.org/jira/browse/CAMEL-7079
Project: Camel
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Attachments: camel.patch.1, camel.patch.2
I am attaching two different patches for some improvements to the ShiroSecurityProcessor in Camel's camel-shiro component. I'd like some feedback on which patch should apply.
The scenario is that a ShiroSecurityToken object is retrieved in the ShiroSecurityProcessor. Currently, this object is first encrypted, and then decrypted, before authentication/authorization checking applies.
a) Patch "1" makes no change to the current functionality of the processor, but provides a performance improvement to avoid encrypting + decrypting a ShiroSecurityToken object. We only need to decrypt a "String" or "ByteSource" header, not a ShiroSecurityToken object.
b) Patch "2" follows the old pattern of encrypting + decrypting the ShiroSecurityToken object, but replaces the unencrypted token in the exchange, with the subsequent encrypted token. This may help avoid unintentional propagation of plaintext values in subsequent communications.
The tests all pass with both approaches.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)