You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@camel.apache.org by GitBox <gi...@apache.org> on 2020/04/22 12:26:47 UTC

[GitHub] [camel] JiriOndrusek commented on issue #3767: CAMEL-14950 camel-undertow: secure with spring-security 5

JiriOndrusek commented on issue #3767:
URL: https://github.com/apache/camel/pull/3767#issuecomment-617747982


   Hi @oscerd , @davsclaus 
   I've prepared POC of integration of spring security into camel undertow.
   
   Feature contains of several changes in camel-undertow. 
   -  https://github.com/apache/camel/pull/3767/files#diff-93b0f4a074166b188c9ac9afa9cdfda7 Servlet has to be started (it is required for a filter handling security), but servlet is ignored by not wrapping handler of the servlet
   - spi interface was extended by option to start servlet context
   
   The rest of changes is for the new 'component' - which is not component, it is implementation of securityProvider for spring security 5:
   - important part is method authenticate, which uses existing servlet and start security filter: https://github.com/apache/camel/pull/3767/files#diff-06f63626d5c86c1d14d65eea55ed1815R38
   
   Here is an example of use: https://github.com/JiriOndrusek/reproducers/pull/3
   - User has to define securityContext for sprig security 5 https://github.com/JiriOndrusek/reproducers/pull/3/files#diff-d2f799714dda7811c2142a8266f6ff77
   - and create securityConfiguration, which contains referece to security filter:
   https://github.com/JiriOndrusek/reproducers/pull/3/files#diff-a92c0708392ea09a0da7483bfd4d616aR67
   
   With example, access to from endpoint is secured by keycloak (https://github.com/JiriOndrusek/reproducers/pull/3/files#diff-a92c0708392ea09a0da7483bfd4d616aR54) and only way how to access this is by addition of bearer token  into the request.
   
   I'd like to ask for your opinions about it. 
   (I know that this code is not finished, but it works as POC)
   
   Things to be added:
   - I'm not securing rest endpoint, but it should be done in similar way
   - tests are missing
   - I see some warning during aplication start in debug level - it should be solved as well 
   
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org