You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by GitBox <gi...@apache.org> on 2020/04/22 11:59:50 UTC
[GitHub] [camel] JiriOndrusek opened a new pull request #3767: CAMEL-14950 camel-undertow: secure with spring-security 5
JiriOndrusek opened a new pull request #3767:
URL: https://github.com/apache/camel/pull/3767
DO NOT MERGE - only draft to share idea
[ ] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/CAMEL) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.
[ ] Each commit in the pull request should have a meaningful subject line and body.
[ ] If you're unsure, you can format the pull request title like `[CAMEL-XXX] Fixes bug in camel-file component`, where you replace `CAMEL-XXX` with the appropriate JIRA issue.
[ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
[ ] Run `mvn clean install -Psourcecheck` in your module with source check enabled to make sure basic checks pass and there are no checkstyle violations. A more thorough check will be performed on your pull request automatically.
Below are the contribution guidelines:
https://github.com/apache/camel/blob/master/CONTRIBUTING.md
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] JiriOndrusek commented on issue #3767: CAMEL-14950 camel-undertow: secure with spring-security 5
Posted by GitBox <gi...@apache.org>.
JiriOndrusek commented on issue #3767:
URL: https://github.com/apache/camel/pull/3767#issuecomment-617747982
Hi @oscerd , @davsclaus
I've prepared POC of integration of spring security into camel undertow.
Feature contains of several changes in camel-undertow.
- https://github.com/apache/camel/pull/3767/files#diff-93b0f4a074166b188c9ac9afa9cdfda7 Servlet has to be started (it is required for a filter handling security), but servlet is ignored by not wrapping handler of the servlet
- spi interface was extended by option to start servlet context
The rest of changes is for the new 'component' - which is not component, it is implementation of securityProvider for spring security 5:
- important part is method authenticate, which uses existing servlet and start security filter: https://github.com/apache/camel/pull/3767/files#diff-06f63626d5c86c1d14d65eea55ed1815R38
Here is an example of use: https://github.com/JiriOndrusek/reproducers/pull/3
- User has to define securityContext for sprig security 5 https://github.com/JiriOndrusek/reproducers/pull/3/files#diff-d2f799714dda7811c2142a8266f6ff77
- and create securityConfiguration, which contains referece to security filter:
https://github.com/JiriOndrusek/reproducers/pull/3/files#diff-a92c0708392ea09a0da7483bfd4d616aR67
With example, access to from endpoint is secured by keycloak (https://github.com/JiriOndrusek/reproducers/pull/3/files#diff-a92c0708392ea09a0da7483bfd4d616aR54) and only way how to access this is by addition of bearer token into the request.
I'd like to ask for your opinions about it.
(I know that this code is not finished, but it works as POC)
Things to be added:
- I'm not securing rest endpoint, but it should be done in similar way
- tests are missing
- I see some warning during aplication start in debug level - it should be solved as well
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] JiriOndrusek edited a comment on pull request #3767: CAMEL-14950 camel-undertow: secure with spring-security 5
Posted by GitBox <gi...@apache.org>.
JiriOndrusek edited a comment on pull request #3767:
URL: https://github.com/apache/camel/pull/3767#issuecomment-620439022
@davsclaus I'm planning to create a new PR with a new 'component' (just implementation of UndertowSecurityProvider for spring-security) - https://issues.apache.org/jira/browse/CAMEL-14962
I can probably mention some information there. This feature is a part of security provider which is mentioned in doc already - https://github.com/apache/camel/blob/master/components/camel-undertow/src/main/docs/undertow-component.adoc#security-provider. I agree that it would be better to mention that this simple boolean switch (https://github.com/apache/camel/blob/master/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/spi/UndertowSecurityProvider.java#L80) has greater impact on started undertow server.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] JiriOndrusek commented on pull request #3767: CAMEL-14950 camel-undertow: secure with spring-security 5
Posted by GitBox <gi...@apache.org>.
JiriOndrusek commented on pull request #3767:
URL: https://github.com/apache/camel/pull/3767#issuecomment-620439022
@davsclaus I'm planning to create a new PR with a new 'component' (just implementation of UndertowSecurityProvider for spring-security) - https://issues.apache.org/jira/browse/CAMEL-14962
I can probably mention some information there. This feature is a part of security provider which is mentioned in doc already - https://issues.apache.org/jira/browse/CAMEL-14962. I agree that it would be better to mention that this simple boolean switch (https://github.com/apache/camel/blob/master/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/spi/UndertowSecurityProvider.java#L80) has greater impact on started undertow server.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] davsclaus commented on pull request #3767: CAMEL-14950 camel-undertow: secure with spring-security 5
Posted by GitBox <gi...@apache.org>.
davsclaus commented on pull request #3767:
URL: https://github.com/apache/camel/pull/3767#issuecomment-620435262
Thanks @JiriOndrusek the karaf undertow feature has been removed as undertow no longer support osgi.
It would be good to get a bit more in the undertow-component.adoc documentation file about this new feature. Maybe you can send another PR with doc updates?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] JiriOndrusek removed a comment on pull request #3767: CAMEL-14950 camel-undertow: secure with spring-security 5
Posted by GitBox <gi...@apache.org>.
JiriOndrusek removed a comment on pull request #3767:
URL: https://github.com/apache/camel/pull/3767#issuecomment-617747982
Hi @oscerd , @davsclaus
I've prepared POC of integration of spring security into camel undertow.
Feature contains of several changes in camel-undertow.
- https://github.com/apache/camel/pull/3767/files#diff-93b0f4a074166b188c9ac9afa9cdfda7 Servlet has to be started (it is required for a filter handling security), but servlet is ignored by not wrapping handler of the servlet
- spi interface was extended by option to start servlet context
The rest of changes is for the new 'component' - which is not component, it is implementation of securityProvider for spring security 5:
- important part is method authenticate, which uses existing servlet and start security filter: https://github.com/apache/camel/pull/3767/files#diff-06f63626d5c86c1d14d65eea55ed1815R38
Here is an example of use: https://github.com/JiriOndrusek/reproducers/pull/3
- User has to define securityContext for sprig security 5 https://github.com/JiriOndrusek/reproducers/pull/3/files#diff-d2f799714dda7811c2142a8266f6ff77
- and create securityConfiguration, which contains referece to security filter:
https://github.com/JiriOndrusek/reproducers/pull/3/files#diff-a92c0708392ea09a0da7483bfd4d616aR67
With example, access to from endpoint is secured by keycloak (https://github.com/JiriOndrusek/reproducers/pull/3/files#diff-a92c0708392ea09a0da7483bfd4d616aR54) and only way how to access this is by addition of bearer token into the request.
I'd like to ask for your opinions about it.
(I know that this code is not finished, but it works as POC)
Things to be added:
- I'm not securing rest endpoint, but it should be done in similar way
- tests are missing
- I see some warning during aplication start in debug level - it should be solved as well
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] davsclaus commented on pull request #3767: CAMEL-14950 camel-undertow: secure with spring-security 5
Posted by GitBox <gi...@apache.org>.
davsclaus commented on pull request #3767:
URL: https://github.com/apache/camel/pull/3767#issuecomment-619212547
Thanks this may require to update camel-undertow in karaf features file to include the undertow servlet dependency
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] davsclaus commented on pull request #3767: CAMEL-14950 camel-undertow: secure with spring-security 5
Posted by GitBox <gi...@apache.org>.
davsclaus commented on pull request #3767:
URL: https://github.com/apache/camel/pull/3767#issuecomment-619212983
In the registerHandler with the new servlet manager deploy thingy, just wonder if there is anything you may need to do when unregistering the handler (eg when its undeployed). I guess for spring boot its doesnt matter as much as the JVM is terminated anyway - in case there was something dangling.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] JiriOndrusek edited a comment on pull request #3767: CAMEL-14950 camel-undertow: secure with spring-security 5
Posted by GitBox <gi...@apache.org>.
JiriOndrusek edited a comment on pull request #3767:
URL: https://github.com/apache/camel/pull/3767#issuecomment-620439022
@davsclaus I'm planning to create a new PR with a new 'component' (just implementation of UndertowSecurityProvider for spring-security) - https://issues.apache.org/jira/browse/CAMEL-14977
I can probably mention some information there. This feature is a part of security provider which is mentioned in doc already - https://github.com/apache/camel/blob/master/components/camel-undertow/src/main/docs/undertow-component.adoc#security-provider. I agree that it would be better to mention that this simple boolean switch (https://github.com/apache/camel/blob/master/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/spi/UndertowSecurityProvider.java#L80) has greater impact on started undertow server.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org