You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by "Paul Mietz Egli (JIRA)" <ji...@apache.org> on 2010/07/22 00:09:51 UTC
[jira] Updated: (CAMEL-2796) camel-spring-security: provide
reference to the policy when authorization fails
[ https://issues.apache.org/activemq/browse/CAMEL-2796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Mietz Egli updated CAMEL-2796:
-----------------------------------
Attachment: CAMEL-2796.patch
patch to SpringSecurityAuthorizationPolicy that adds the policyId prior to throwing CamelAuthorizationException in the event of a RuntimeException, unit test to reproduce the issue/check for regression.
> camel-spring-security: provide reference to the policy when authorization fails
> -------------------------------------------------------------------------------
>
> Key: CAMEL-2796
> URL: https://issues.apache.org/activemq/browse/CAMEL-2796
> Project: Apache Camel
> Issue Type: Improvement
> Affects Versions: 2.3.0
> Reporter: Paul Mietz Egli
> Assignee: Willem Jiang
> Fix For: 2.4.0
>
> Attachments: CAMEL-2796.patch
>
>
> While it is possible to set up different policies to enforce authorization rules on Camel routes with the new camel-spring-security plugin, there is currently no way to tell which policy was being enforced when a org.springframework.security.SpringSecurityException is thrown. It would be very helpful to have a reference to the policy ID in the CamelAuthorizationException or in the headers so we can use it in the onException handlers.
> For example, let's say you have two policies:
> {code}
> <authorizationPolicy id="user" access="ROLE_USER" authenticationManager="authenticationManager" accessDecisionManager="accessDecisionManager"
> xmlns="http://camel.apache.org/schema/spring-security" />
> <authorizationPolicy id="admin" access="ROLE_ADMIN" authenticationManager="authenticationManager" accessDecisionManager="accessDecisionManager"
> xmlns="http://camel.apache.org/schema/spring-security" />
> {code}
> You also have two routes which use these policies:
> {code}
> <camelContext id="myCamelContext" xmlns="http://camel.apache.org/schema/spring">
> <onException useOriginalMessage="true">
> <exception>org.springframework.security.BadCredentialsException</exception>
> <handled><constant>true</constant></handled>
> <to uri="log:auth_error" />
> </onException>
> <route>
> <from uri="direct:adminStart"/>
> <policy ref="admin">
> <to uri="mock:end"/>
> </policy>
> </route>
> <route>
> <from uri="direct:userStart"/>
> <policy ref="admin">
> <to uri="mock:end"/>
> </policy>
> </route>
> </camelContext>
> {code}
> Both of these routes will fail with an AccessDeniedException if the user doesn't have the proper role, but it would be desirable to handle exceptions for the ROLE_ADMIN failure differently than the ROLE_USER failure, maybe by using a <choice> element in the <onException> element.
> I know we have the CamelFailureEndpoint header, but this isn't very useful when more than one route uses the same authorization policy.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.