This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new bad3fba CAMEL-14743 camel-elytron: refactor component to use new SPI
interface from camel-undertow (#3679)
bad3fba is described below
commit bad3fbabab1a84b65ddd1b26e0c71f1ae6449524
Author: JiriOndrusek <[email protected]>
AuthorDate: Thu Mar 26 15:16:13 2020 +0100
CAMEL-14743 camel-elytron: refactor component to use new SPI interface from
camel-undertow (#3679)
---
components/camel-elytron/pom.xml | 16 ++
.../elytron/ElytronComponentConfigurer.java | 55 ----
.../elytron/ElytronEndpointConfigurer.java | 19 --
.../services/org/apache/camel/component.properties | 7 -
.../services/org/apache/camel/component/elytron | 2 -
.../org/apache/camel/configurer/elytron-component | 2 -
.../org/apache/camel/configurer/elytron-endpoint | 2 -
.../apache/camel/component/elytron/elytron.json | 72 -----
.../src/main/docs/elytron-component.adoc | 134 ++--------
.../camel/component/elytron/ElytronComponent.java | 175 ------------
.../camel/component/elytron/ElytronConsumer.java | 84 ------
.../camel/component/elytron/ElytronEndpoint.java | 83 ------
.../component/elytron/ElytronSecurityProvider.java | 156 +++++++++++
.../elytron/ElytronSercurityConfiguration.java | 41 +++
.../camel/component/elytron/BaseElytronTest.java | 42 ++-
.../component/elytron/ElytronBearerTokenTest.java | 17 +-
.../component/ComponentsBuilderFactory.java | 12 -
.../dsl/ElytronComponentBuilderFactory.java | 297 ---------------------
.../src/generated/resources/metadata.json | 20 --
.../modules/ROOT/pages/elytron-component.adoc | 133 ++-------
docs/components/modules/ROOT/pages/index.adoc | 4 +-
21 files changed, 305 insertions(+), 1068 deletions(-)
diff --git a/components/camel-elytron/pom.xml b/components/camel-elytron/pom.xml
index abcf51a..344f5b4 100644
--- a/components/camel-elytron/pom.xml
+++ b/components/camel-elytron/pom.xml
@@ -30,6 +30,7 @@
<packaging>jar</packaging>
<name>Camel :: Elytron</name>
+ <description>Elytron Security Provider for camel-undertow</description>
<dependencies>
<dependency>
@@ -152,5 +153,20 @@
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.camel</groupId>
+ <artifactId>camel-package-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate</id>
+ <phase>none</phase>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
</project>
diff --git
a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronComponentConfigurer.java
b/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronComponentConfigurer.java
deleted file mode 100644
index 0808ccd..0000000
---
a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronComponentConfigurer.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/* Generated by camel build tools - do NOT edit this file! */
-package org.apache.camel.component.elytron;
-
-import java.util.Map;
-
-import org.apache.camel.CamelContext;
-import org.apache.camel.spi.GeneratedPropertyConfigurer;
-import org.apache.camel.spi.PropertyConfigurerGetter;
-import org.apache.camel.util.CaseInsensitiveMap;
-import org.apache.camel.component.undertow.UndertowComponentConfigurer;
-
-/**
- * Generated by camel build tools - do NOT edit this file!
- */
-@SuppressWarnings("unchecked")
-public class ElytronComponentConfigurer extends UndertowComponentConfigurer
implements GeneratedPropertyConfigurer, PropertyConfigurerGetter {
-
- @Override
- public boolean configure(CamelContext camelContext, Object obj, String
name, Object value, boolean ignoreCase) {
- ElytronComponent target = (ElytronComponent) obj;
- switch (ignoreCase ? name.toLowerCase() : name) {
- case "elytronprovider":
- case "elytronProvider":
target.setElytronProvider(property(camelContext,
org.wildfly.security.WildFlyElytronBaseProvider.class, value)); return true;
- case "mechanismname":
- case "mechanismName": target.setMechanismName(property(camelContext,
java.lang.String.class, value)); return true;
- case "securitydomainbuilder":
- case "securityDomainBuilder":
target.setSecurityDomainBuilder(property(camelContext,
org.wildfly.security.auth.server.SecurityDomain.Builder.class, value)); return
true;
- default: return super.configure(camelContext, obj, name, value,
ignoreCase);
- }
- }
-
- @Override
- public Map<String, Object> getAllOptions(Object target) {
- Map<String, Object> answer = super.getAllOptions(target);
- answer.put("elytronProvider",
org.wildfly.security.WildFlyElytronBaseProvider.class);
- answer.put("mechanismName", java.lang.String.class);
- answer.put("securityDomainBuilder",
org.wildfly.security.auth.server.SecurityDomain.Builder.class);
- return answer;
- }
-
- @Override
- public Object getOptionValue(Object obj, String name, boolean ignoreCase) {
- ElytronComponent target = (ElytronComponent) obj;
- switch (ignoreCase ? name.toLowerCase() : name) {
- case "elytronprovider":
- case "elytronProvider": return target.getElytronProvider();
- case "mechanismname":
- case "mechanismName": return target.getMechanismName();
- case "securitydomainbuilder":
- case "securityDomainBuilder": return target.getSecurityDomainBuilder();
- default: return super.getOptionValue(obj, name, ignoreCase);
- }
- }
-}
-
diff --git
a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java
b/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java
deleted file mode 100644
index 806cdef..0000000
---
a/components/camel-elytron/src/generated/java/org/apache/camel/component/elytron/ElytronEndpointConfigurer.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/* Generated by camel build tools - do NOT edit this file! */
-package org.apache.camel.component.elytron;
-
-import java.util.Map;
-
-import org.apache.camel.CamelContext;
-import org.apache.camel.spi.GeneratedPropertyConfigurer;
-import org.apache.camel.spi.PropertyConfigurerGetter;
-import org.apache.camel.util.CaseInsensitiveMap;
-import org.apache.camel.component.undertow.UndertowEndpointConfigurer;
-
-/**
- * Generated by camel build tools - do NOT edit this file!
- */
-@SuppressWarnings("unchecked")
-public class ElytronEndpointConfigurer extends UndertowEndpointConfigurer
implements GeneratedPropertyConfigurer, PropertyConfigurerGetter {
-
-}
-
diff --git
a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component.properties
b/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component.properties
deleted file mode 100644
index db1ccce..0000000
---
a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-# Generated by camel build tools - do NOT edit this file!
-components=elytron
-groupId=org.apache.camel
-artifactId=camel-elytron
-version=3.2.0-SNAPSHOT
-projectName=Camel :: Elytron
-projectDescription=Camel Components
diff --git
a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component/elytron
b/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component/elytron
deleted file mode 100644
index efe0b27..0000000
---
a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/component/elytron
+++ /dev/null
@@ -1,2 +0,0 @@
-# Generated by camel build tools - do NOT edit this file!
-class=org.apache.camel.component.elytron.ElytronComponent
diff --git
a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-component
b/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-component
deleted file mode 100644
index 35ca690..0000000
---
a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-component
+++ /dev/null
@@ -1,2 +0,0 @@
-# Generated by camel build tools - do NOT edit this file!
-class=org.apache.camel.component.elytron.ElytronComponentConfigurer
diff --git
a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-endpoint
b/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-endpoint
deleted file mode 100644
index 14138f5..0000000
---
a/components/camel-elytron/src/generated/resources/META-INF/services/org/apache/camel/configurer/elytron-endpoint
+++ /dev/null
@@ -1,2 +0,0 @@
-# Generated by camel build tools - do NOT edit this file!
-class=org.apache.camel.component.elytron.ElytronEndpointConfigurer
diff --git
a/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json
b/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json
deleted file mode 100644
index d264cb6..0000000
---
a/components/camel-elytron/src/generated/resources/org/apache/camel/component/elytron/elytron.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
- "component": {
- "kind": "component",
- "scheme": "elytron",
- "extendsScheme": "undertow",
- "syntax": "elytron:httpURI",
- "title": "Elytron",
- "description": "The elytron component is allows you to work with the
Elytron Security Framework",
- "label": "http",
- "deprecated": false,
- "async": true,
- "consumerOnly": false,
- "producerOnly": false,
- "lenientProperties": true,
- "javaType": "org.apache.camel.component.elytron.ElytronComponent",
- "firstVersion": "3.1.0",
- "verifiers": "parameters,connectivity",
- "groupId": "org.apache.camel",
- "artifactId": "camel-elytron",
- "version": "3.2.0-SNAPSHOT"
- },
- "componentProperties": {
- "bridgeErrorHandler": { "kind": "property", "displayName": "Bridge Error
Handler", "group": "consumer", "label": "consumer", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Allows for bridging the consumer to the
Camel routing Error Handler, which mean any exceptions occurred while the
consumer is trying to pickup incoming messages, or the likes, will now be
processed as a message and handled by [...]
- "muteException": { "kind": "property", "displayName": "Mute Exception",
"group": "consumer", "label": "consumer", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "secret": false, "defaultValue":
"false", "description": "If enabled and an Exchange failed processing on the
consumer side the response's body won't contain the exception's stack trace." },
- "lazyStartProducer": { "kind": "property", "displayName": "Lazy Start
Producer", "group": "producer", "label": "producer", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Whether the producer should be started
lazy (on the first message). By starting lazy you can use this to allow
CamelContext and routes to startup in situations where a producer may otherwise
fail during starting and cause the r [...]
- "basicPropertyBinding": { "kind": "property", "displayName": "Basic
Property Binding", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Whether the component should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities" },
- "elytronProvider": { "kind": "property", "displayName": "Elytron
Provider", "group": "advanced", "label": "advanced", "required": false, "type":
"object", "javaType": "org.wildfly.security.WildFlyElytronBaseProvider",
"deprecated": false, "secret": false, "defaultValue": "instance of
WildFlyElytronHttpBearerProvider", "description": "Elytron security provider,
has to support mechanism from parameter mechanismName." },
- "hostOptions": { "kind": "property", "displayName": "Host Options",
"group": "advanced", "label": "advanced", "required": false, "type": "object",
"javaType": "org.apache.camel.component.undertow.UndertowHostOptions",
"deprecated": false, "secret": false, "description": "To configure common
options, such as thread pools" },
- "mechanismName": { "kind": "property", "displayName": "Mechanism Name",
"group": "advanced", "label": "advanced", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "secret": false,
"defaultValue": "BEARER_TOKEN", "description": "Name of the mechanism, which
will be used for selection of authentication mechanism." },
- "securityDomainBuilder": { "kind": "property", "displayName": "Security
Domain Builder", "group": "advanced", "label": "advanced", "required": true,
"type": "object", "javaType":
"org.wildfly.security.auth.server.SecurityDomain.Builder", "deprecated": false,
"secret": false, "description": "Definition of Builder, which will be used for
creation of security domain." },
- "undertowHttpBinding": { "kind": "property", "displayName": "Undertow Http
Binding", "group": "advanced", "label": "advanced", "required": false, "type":
"object", "javaType":
"org.apache.camel.component.undertow.UndertowHttpBinding", "deprecated": false,
"secret": false, "description": "To use a custom HttpBinding to control the
mapping between Camel message and HttpClient." },
- "allowedRoles": { "kind": "property", "displayName": "Allowed Roles",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "secret": false,
"description": "Configuration used by UndertowSecurityProvider. Comma separated
list of allowed roles." },
- "securityConfiguration": { "kind": "property", "displayName": "Security
Configuration", "group": "security", "label": "security", "required": false,
"type": "object", "javaType": "java.lang.Object", "deprecated": false,
"secret": false, "description": "Configuration used by
UndertowSecurityProvider. Security configuration object for use from
UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific.
Each provider decides, whether it accepts configuration." },
- "securityProvider": { "kind": "property", "displayName": "Security
Provider", "group": "security", "label": "security", "required": false, "type":
"object", "javaType":
"org.apache.camel.component.undertow.spi.UndertowSecurityProvider",
"deprecated": false, "secret": false, "description": "Security provider allows
plug in the provider, which will be used to secure requests. SPI approach could
be used too (component then finds security provider using SPI)." },
- "sslContextParameters": { "kind": "property", "displayName": "Ssl Context
Parameters", "group": "security", "label": "security", "required": false,
"type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"secret": false, "description": "To configure security using
SSLContextParameters" },
- "useGlobalSslContextParameters": { "kind": "property", "displayName": "Use
Global Ssl Context Parameters", "group": "security", "label": "security",
"required": false, "type": "boolean", "javaType": "boolean", "deprecated":
false, "secret": false, "defaultValue": "false", "description": "Enable usage
of global SSL context parameters." }
- },
- "properties": {
- "httpURI": { "kind": "path", "displayName": "Http URI", "group": "common",
"label": "", "required": true, "type": "string", "javaType": "java.net.URI",
"deprecated": false, "deprecationNote": "", "secret": false, "description":
"The url of the HTTP endpoint to use." },
- "useStreaming": { "kind": "parameter", "displayName": "Use Streaming",
"group": "common", "label": "common", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "secret": false, "defaultValue":
"false", "description": "For HTTP endpoint: if true, text and binary messages
will be wrapped as java.io.InputStream before they are passed to an Exchange;
otherwise they will be passed as byte. For WebSocket endpoint: if true, text
and binary messages will be wra [...]
- "accessLog": { "kind": "parameter", "displayName": "Access Log", "group":
"consumer", "label": "consumer", "required": false, "type": "boolean",
"javaType": "java.lang.Boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "Whether or not the consumer should
write access log" },
- "bridgeErrorHandler": { "kind": "parameter", "displayName": "Bridge Error
Handler", "group": "consumer", "label": "consumer", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Allows for bridging the consumer to the
Camel routing Error Handler, which mean any exceptions occurred while the
consumer is trying to pickup incoming messages, or the likes, will now be
processed as a message and handled b [...]
- "httpMethodRestrict": { "kind": "parameter", "displayName": "Http Method
Restrict", "group": "consumer", "label": "consumer", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "secret": false,
"description": "Used to only allow consuming if the HttpMethod matches, such as
GET\/POST\/PUT etc. Multiple methods can be specified separated by comma." },
- "matchOnUriPrefix": { "kind": "parameter", "displayName": "Match On Uri
Prefix", "group": "consumer", "label": "consumer", "required": false, "type":
"boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret":
false, "defaultValue": "false", "description": "Whether or not the consumer
should try to find a target consumer by matching the URI prefix if no exact
match is found." },
- "muteException": { "kind": "parameter", "displayName": "Mute Exception",
"group": "consumer", "label": "consumer", "required": false, "type": "boolean",
"javaType": "java.lang.Boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "If enabled and an Exchange failed
processing on the consumer side the response's body won't contain the
exception's stack trace." },
- "optionsEnabled": { "kind": "parameter", "displayName": "Options Enabled",
"group": "consumer", "label": "consumer", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "secret": false, "defaultValue":
false, "description": "Specifies whether to enable HTTP OPTIONS for this
Servlet consumer. By default OPTIONS is turned off." },
- "exceptionHandler": { "kind": "parameter", "displayName": "Exception
Handler", "group": "consumer (advanced)", "label": "consumer,advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.spi.ExceptionHandler", "optionalPrefix": "consumer.",
"deprecated": false, "secret": false, "description": "To let the consumer use a
custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled
then this option is not in use. By default the consumer will deal with [...]
- "exchangePattern": { "kind": "parameter", "displayName": "Exchange
Pattern", "group": "consumer (advanced)", "label": "consumer,advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.ExchangePattern", "enum": [ "InOnly", "InOut",
"InOptionalOut" ], "deprecated": false, "secret": false, "description": "Sets
the exchange pattern when the consumer creates an exchange." },
- "handlers": { "kind": "parameter", "displayName": "Handlers", "group":
"consumer (advanced)", "label": "consumer,advanced", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "secret": false,
"description": "Specifies a comma-delimited set of
io.undertow.server.HttpHandler instances to lookup in your Registry. These
handlers are added to the Undertow handler chain (for example, to add
security). Important: You can not use different handlers with [...]
- "cookieHandler": { "kind": "parameter", "displayName": "Cookie Handler",
"group": "producer", "label": "producer", "required": false, "type": "object",
"javaType": "org.apache.camel.http.base.cookie.CookieHandler", "deprecated":
false, "secret": false, "description": "Configure a cookie handler to maintain
a HTTP session" },
- "keepAlive": { "kind": "parameter", "displayName": "Keep Alive", "group":
"producer", "label": "producer", "required": false, "type": "boolean",
"javaType": "java.lang.Boolean", "deprecated": false, "secret": false,
"defaultValue": "true", "description": "Setting to ensure socket is not closed
due to inactivity" },
- "lazyStartProducer": { "kind": "parameter", "displayName": "Lazy Start
Producer", "group": "producer", "label": "producer", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Whether the producer should be started
lazy (on the first message). By starting lazy you can use this to allow
CamelContext and routes to startup in situations where a producer may otherwise
fail during starting and cause the [...]
- "options": { "kind": "parameter", "displayName": "Options", "group":
"producer", "label": "producer", "required": false, "type": "object",
"javaType": "java.util.Map<java.lang.String, java.lang.Object>", "prefix":
"option.", "multiValue": true, "deprecated": false, "secret": false,
"description": "Sets additional channel options. The options that can be used
are defined in org.xnio.Options. To configure from endpoint uri, then prefix
each option with option., such as option.close-abo [...]
- "preserveHostHeader": { "kind": "parameter", "displayName": "Preserve Host
Header", "group": "producer", "label": "producer", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": "true", "description": "If the option is true, UndertowProducer
will set the Host header to the value contained in the current exchange Host
header, useful in reverse proxy applications where you want the Host header
received by the downstream ser [...]
- "reuseAddresses": { "kind": "parameter", "displayName": "Reuse Addresses",
"group": "producer", "label": "producer", "required": false, "type": "boolean",
"javaType": "java.lang.Boolean", "deprecated": false, "secret": false,
"defaultValue": "true", "description": "Setting to facilitate socket
multiplexing" },
- "tcpNoDelay": { "kind": "parameter", "displayName": "Tcp No Delay",
"group": "producer", "label": "producer", "required": false, "type": "boolean",
"javaType": "java.lang.Boolean", "deprecated": false, "secret": false,
"defaultValue": "true", "description": "Setting to improve TCP protocol
performance" },
- "throwExceptionOnFailure": { "kind": "parameter", "displayName": "Throw
Exception On Failure", "group": "producer", "label": "producer", "required":
false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false,
"secret": false, "defaultValue": "true", "description": "Option to disable
throwing the HttpOperationFailedException in case of failed responses from the
remote server. This allows you to get all responses regardless of the HTTP
status code." },
- "transferException": { "kind": "parameter", "displayName": "Transfer
Exception", "group": "producer", "label": "producer", "required": false,
"type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false,
"secret": false, "defaultValue": "false", "description": "If enabled and an
Exchange failed processing on the consumer side and if the caused Exception was
send back serialized in the response as a application\/x-java-serialized-object
content type. On the producer side th [...]
- "accessLogReceiver": { "kind": "parameter", "displayName": "Access Log
Receiver", "group": "advanced", "label": "advanced", "required": false, "type":
"object", "javaType":
"io.undertow.server.handlers.accesslog.AccessLogReceiver", "deprecated": false,
"secret": false, "description": "Which Undertow AccessLogReciever should be
used Will use JBossLoggingAccessLogReceiver if not specifid" },
- "basicPropertyBinding": { "kind": "parameter", "displayName": "Basic
Property Binding", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Whether the endpoint should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities" },
- "headerFilterStrategy": { "kind": "parameter", "displayName": "Header
Filter Strategy", "group": "advanced", "label": "advanced", "required": false,
"type": "object", "javaType": "org.apache.camel.spi.HeaderFilterStrategy",
"deprecated": false, "secret": false, "description": "To use a custom
HeaderFilterStrategy to filter header to and from Camel message." },
- "synchronous": { "kind": "parameter", "displayName": "Synchronous",
"group": "advanced", "label": "advanced", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "secret": false, "defaultValue":
"false", "description": "Sets whether synchronous processing should be strictly
used, or Camel is allowed to use asynchronous processing (if supported)." },
- "undertowHttpBinding": { "kind": "parameter", "displayName": "Undertow
Http Binding", "group": "advanced", "label": "advanced", "required": false,
"type": "object", "javaType":
"org.apache.camel.component.undertow.UndertowHttpBinding", "deprecated": false,
"secret": false, "description": "To use a custom UndertowHttpBinding to control
the mapping between Camel message and undertow." },
- "allowedRoles": { "kind": "parameter", "displayName": "Allowed Roles",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "secret": false,
"description": "List of allowed roles in String format" },
- "securityConfiguration": { "kind": "parameter", "displayName": "Security
Configuration", "group": "security", "label": "security", "required": false,
"type": "object", "javaType": "java.lang.Object", "deprecated": false,
"secret": false, "description": "OConfiguration used by
UndertowSecurityProvider. Security configuration object for use from
UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific.
Each provider decides whether accepts configuration." },
- "securityProvider": { "kind": "parameter", "displayName": "Security
Provider", "group": "security", "label": "security", "required": false, "type":
"object", "javaType":
"org.apache.camel.component.undertow.spi.UndertowSecurityProvider",
"deprecated": false, "secret": false, "description": "Security provider allows
plug in the provider, which will be used to secure requests. SPI approach could
be used too (endpoint then finds security provider using SPI)." },
- "sslContextParameters": { "kind": "parameter", "displayName": "Ssl Context
Parameters", "group": "security", "label": "security", "required": false,
"type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"secret": false, "description": "To configure security using
SSLContextParameters" },
- "fireWebSocketChannelEvents": { "kind": "parameter", "displayName": "Fire
Web Socket Channel Events", "group": "websocket", "label":
"consumer,websocket", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "secret": false, "defaultValue": "false",
"description": "if true, the consumer will post notifications to the route when
a new WebSocket peer connects, disconnects, etc. See
UndertowConstants.EVENT_TYPE and EventType." },
- "sendTimeout": { "kind": "parameter", "displayName": "Send Timeout",
"group": "websocket", "label": "producer,websocket", "required": false, "type":
"integer", "javaType": "java.lang.Integer", "deprecated": false, "secret":
false, "defaultValue": "30000", "description": "Timeout in milliseconds when
sending to a websocket channel. The default timeout is 30000 (30 seconds)." },
- "sendToAll": { "kind": "parameter", "displayName": "Send To All", "group":
"websocket", "label": "producer,websocket", "required": false, "type":
"boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret":
false, "description": "To send to all websocket subscribers. Can be used to
configure on endpoint level, instead of having to use the
UndertowConstants.SEND_TO_ALL header on the message." }
- }
-}
diff --git a/components/camel-elytron/src/main/docs/elytron-component.adoc
b/components/camel-elytron/src/main/docs/elytron-component.adoc
index 8178d52..4319931 100644
--- a/components/camel-elytron/src/main/docs/elytron-component.adoc
+++ b/components/camel-elytron/src/main/docs/elytron-component.adoc
@@ -1,26 +1,35 @@
[[elytron-component]]
-= Elytron Component
+= Undertow Elytron Security Provider
-*Since Camel 3.1*
+*Since Camel 3.2*
// HEADER START
-*Both producer and consumer is supported*
+*Replaces component camel-elytron*
// HEADER END
*OSGi is not supported*
-The Elytron component provides Elytron security over camel-undertow component.
-It extends camel-undertow component and adds several parameters.
-In componont it is securityDomainBuilder and mechanismName, in endpoint it is
allowedRoles.
+The Elytron Security Provider provides Elytron security over camel-undertow
component.
+It enables camel-undertow component use Elytron security capabilities.
+To force camel-undertow to use elytron security provider, add elytron security
provider library
+on classpath and provide instance of ElytronSercurityConfiguration as
`securityConfiguration`
+parameter into camel-undertow component or provide both
`securityConfiguration` and `securityProvider`
+into camel-undertow component.
-User has to define its SecurityDomain.Builder, which will be used for creation
of security domain.
-MechanismName then allows to define mechanism, which will take care of
authentication from security context.
-(MechanismName should be selected with regard to default securityRealm. For
example: to use bearer_token security, mechanism name has to be "BEARER_TOKEN"
-and realm has to be TokenSecurityRealm.)
-ElytronProvider has to be defined with respect of mechnismName.
+Configuration has to provide all 3 security attributes:
+[width="100%"]
+|===
+| Name | Description | Type
+| *domainBuilder* | Builder for security domain. | SecurityDomain.Builder
+| *mechanismName* | MechanismName should be selected with regard to default
securityRealm. For
+example: to use bearer_token security, mechanism name has to be "BEARER_TOKEN"
and realm has to be
+TokenSecurityReal | String
+| *elytronProvider* | Instance of WildFlyElytronBaseProvider ith respect of
mechanismName | WildFlyElytronBaseProvider
+|===
-Each exchange created by Elytron endpoint contains header 'securityIdentity'
with current Elytron's secrity identity as value.
-('org.wildfly.security.auth.server.SecurityIdentity')
+Each exchange created by Undertow endpoint with Elytron security contains
header 'securityIdentity'
+with current Elytron's security identity as value.
+('org.wildfly.security.auth.server.SecurityIdentity') or is FORBIDDEN (status
code 403)
Maven users will need to add the following dependency to their `pom.xml`
for this component:
@@ -35,102 +44,3 @@ for this component:
</dependency>
----
-== URI format
-
-[source,text]
-----
-elytron:http://hostname[:port][/resourceUri][?options]
-elytron:https://hostname[:port][/resourceUri][?options]
-----
-
-You can append query options to the URI in the following format,
-`?option=value&option=value&...`
-
-== Options
-
-// component options: START
-The Elytron component supports 14 options, which are listed below.
-
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the
Camel routing Error Handler, which mean any exceptions occurred while the
consumer is trying to pickup incoming messages, or the likes, will now be
processed as a message and handled by the routing Error Handler. By default the
consumer will use the org.apache.camel.spi.ExceptionHandler to deal with
exceptions, that will be logged at WARN or ERROR level and ignored. | false |
boolean
-| *muteException* (consumer) | If enabled and an Exchange failed processing on
the consumer side the response's body won't contain the exception's stack
trace. | false | boolean
-| *lazyStartProducer* (producer) | Whether the producer should be started lazy
(on the first message). By starting lazy you can use this to allow CamelContext
and routes to startup in situations where a producer may otherwise fail during
starting and cause the route to fail being started. By deferring this startup
to be lazy then the startup failure can be handled during routing messages via
Camel's routing error handlers. Beware that when the first message is processed
then creating and [...]
-| *basicPropertyBinding* (advanced) | Whether the component should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities | false | boolean
-| *elytronProvider* (advanced) | Elytron security provider, has to support
mechanism from parameter mechanismName. | instance of
WildFlyElytronHttpBearerProvider | WildFlyElytronBaseProvider
-| *hostOptions* (advanced) | To configure common options, such as thread pools
| | UndertowHostOptions
-| *mechanismName* (advanced) | Name of the mechanism, which will be used for
selection of authentication mechanism. | BEARER_TOKEN | String
-| *securityDomainBuilder* (advanced) | *Required* Definition of Builder, which
will be used for creation of security domain. | | Builder
-| *undertowHttpBinding* (advanced) | To use a custom HttpBinding to control
the mapping between Camel message and HttpClient. | | UndertowHttpBinding
-| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider.
Comma separated list of allowed roles. | | String
-| *securityConfiguration* (security) | Configuration used by
UndertowSecurityProvider. Security configuration object for use from
UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific.
Each provider decides, whether it accepts configuration. | | Object
-| *securityProvider* (security) | Security provider allows plug in the
provider, which will be used to secure requests. SPI approach could be used too
(component then finds security provider using SPI). | |
UndertowSecurityProvider
-| *sslContextParameters* (security) | To configure security using
SSLContextParameters | | SSLContextParameters
-| *useGlobalSslContextParameters* (security) | Enable usage of global SSL
context parameters. | false | boolean
-|===
-// component options: END
-
-
-// endpoint options: START
-The Elytron endpoint is configured using URI syntax:
-
-----
-elytron:httpURI
-----
-
-with the following path and query parameters:
-
-=== Path Parameters (1 parameters):
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *httpURI* | *Required* The url of the HTTP endpoint to use. | | URI
-|===
-
-
-=== Query Parameters (31 parameters):
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *useStreaming* (common) | For HTTP endpoint: if true, text and binary
messages will be wrapped as java.io.InputStream before they are passed to an
Exchange; otherwise they will be passed as byte. For WebSocket endpoint: if
true, text and binary messages will be wrapped as java.io.Reader and
java.io.InputStream respectively before they are passed to an Exchange;
otherwise they will be passed as String and byte respectively. | false | boolean
-| *accessLog* (consumer) | Whether or not the consumer should write access log
| false | Boolean
-| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the
Camel routing Error Handler, which mean any exceptions occurred while the
consumer is trying to pickup incoming messages, or the likes, will now be
processed as a message and handled by the routing Error Handler. By default the
consumer will use the org.apache.camel.spi.ExceptionHandler to deal with
exceptions, that will be logged at WARN or ERROR level and ignored. | false |
boolean
-| *httpMethodRestrict* (consumer) | Used to only allow consuming if the
HttpMethod matches, such as GET/POST/PUT etc. Multiple methods can be specified
separated by comma. | | String
-| *matchOnUriPrefix* (consumer) | Whether or not the consumer should try to
find a target consumer by matching the URI prefix if no exact match is found. |
false | Boolean
-| *muteException* (consumer) | If enabled and an Exchange failed processing on
the consumer side the response's body won't contain the exception's stack
trace. | false | Boolean
-| *optionsEnabled* (consumer) | Specifies whether to enable HTTP OPTIONS for
this Servlet consumer. By default OPTIONS is turned off. | false | boolean
-| *exceptionHandler* (consumer) | To let the consumer use a custom
ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this
option is not in use. By default the consumer will deal with exceptions, that
will be logged at WARN or ERROR level and ignored. | | ExceptionHandler
-| *exchangePattern* (consumer) | Sets the exchange pattern when the consumer
creates an exchange. The value can be one of: InOnly, InOut, InOptionalOut | |
ExchangePattern
-| *handlers* (consumer) | Specifies a comma-delimited set of
io.undertow.server.HttpHandler instances to lookup in your Registry. These
handlers are added to the Undertow handler chain (for example, to add
security). Important: You can not use different handlers with different
Undertow endpoints using the same port number. The handlers is associated to
the port number. If you need different handlers, then use different port
numbers. | | String
-| *cookieHandler* (producer) | Configure a cookie handler to maintain a HTTP
session | | CookieHandler
-| *keepAlive* (producer) | Setting to ensure socket is not closed due to
inactivity | true | Boolean
-| *lazyStartProducer* (producer) | Whether the producer should be started lazy
(on the first message). By starting lazy you can use this to allow CamelContext
and routes to startup in situations where a producer may otherwise fail during
starting and cause the route to fail being started. By deferring this startup
to be lazy then the startup failure can be handled during routing messages via
Camel's routing error handlers. Beware that when the first message is processed
then creating and [...]
-| *options* (producer) | Sets additional channel options. The options that can
be used are defined in org.xnio.Options. To configure from endpoint uri, then
prefix each option with option., such as
option.close-abort=true&option.send-buffer=8192 | | Map
-| *preserveHostHeader* (producer) | If the option is true, UndertowProducer
will set the Host header to the value contained in the current exchange Host
header, useful in reverse proxy applications where you want the Host header
received by the downstream server to reflect the URL called by the upstream
client, this allows applications which use the Host header to generate accurate
URL's for a proxied service. | true | boolean
-| *reuseAddresses* (producer) | Setting to facilitate socket multiplexing |
true | Boolean
-| *tcpNoDelay* (producer) | Setting to improve TCP protocol performance | true
| Boolean
-| *throwExceptionOnFailure* (producer) | Option to disable throwing the
HttpOperationFailedException in case of failed responses from the remote
server. This allows you to get all responses regardless of the HTTP status
code. | true | Boolean
-| *transferException* (producer) | If enabled and an Exchange failed
processing on the consumer side and if the caused Exception was send back
serialized in the response as a application/x-java-serialized-object content
type. On the producer side the exception will be deserialized and thrown as is
instead of the HttpOperationFailedException. The caused exception is required
to be serialized. This is by default turned off. If you enable this then be
aware that Java will deserialize the in [...]
-| *accessLogReceiver* (advanced) | Which Undertow AccessLogReciever should be
used Will use JBossLoggingAccessLogReceiver if not specifid | |
AccessLogReceiver
-| *basicPropertyBinding* (advanced) | Whether the endpoint should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities | false | boolean
-| *headerFilterStrategy* (advanced) | To use a custom HeaderFilterStrategy to
filter header to and from Camel message. | | HeaderFilterStrategy
-| *synchronous* (advanced) | Sets whether synchronous processing should be
strictly used, or Camel is allowed to use asynchronous processing (if
supported). | false | boolean
-| *undertowHttpBinding* (advanced) | To use a custom UndertowHttpBinding to
control the mapping between Camel message and undertow. | | UndertowHttpBinding
-| *allowedRoles* (security) | List of allowed roles in String format | |
String
-| *securityConfiguration* (security) | OConfiguration used by
UndertowSecurityProvider. Security configuration object for use from
UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific.
Each provider decides whether accepts configuration. | | Object
-| *securityProvider* (security) | Security provider allows plug in the
provider, which will be used to secure requests. SPI approach could be used too
(endpoint then finds security provider using SPI). | | UndertowSecurityProvider
-| *sslContextParameters* (security) | To configure security using
SSLContextParameters | | SSLContextParameters
-| *fireWebSocketChannelEvents* (websocket) | if true, the consumer will post
notifications to the route when a new WebSocket peer connects, disconnects,
etc. See UndertowConstants.EVENT_TYPE and EventType. | false | boolean
-| *sendTimeout* (websocket) | Timeout in milliseconds when sending to a
websocket channel. The default timeout is 30000 (30 seconds). | 30000 | Integer
-| *sendToAll* (websocket) | To send to all websocket subscribers. Can be used
to configure on endpoint level, instead of having to use the
UndertowConstants.SEND_TO_ALL header on the message. | | Boolean
-|===
-// endpoint options: END
-
-include::camel-spring-boot::page$elytron-starter.adoc[]
diff --git
a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronComponent.java
b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronComponent.java
deleted file mode 100644
index ff3fc3d..0000000
---
a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronComponent.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.component.elytron;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.Provider;
-import java.util.Collections;
-
-import javax.net.ssl.SSLContext;
-
-import io.undertow.security.handlers.AuthenticationCallHandler;
-import io.undertow.security.handlers.AuthenticationConstraintHandler;
-import io.undertow.server.HttpHandler;
-import org.apache.camel.CamelContext;
-import org.apache.camel.component.undertow.HttpHandlerRegistrationInfo;
-import org.apache.camel.component.undertow.UndertowComponent;
-import org.apache.camel.component.undertow.UndertowConsumer;
-import org.apache.camel.component.undertow.UndertowEndpoint;
-import org.apache.camel.spi.Metadata;
-import org.apache.camel.spi.annotations.Component;
-import
org.wildfly.elytron.web.undertow.server.ElytronContextAssociationHandler;
-import org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler;
-import org.wildfly.security.WildFlyElytronBaseProvider;
-import org.wildfly.security.auth.server.MechanismConfiguration;
-import org.wildfly.security.auth.server.MechanismConfigurationSelector;
-import org.wildfly.security.auth.server.MechanismRealmConfiguration;
-import org.wildfly.security.auth.server.SecurityDomain;
-import org.wildfly.security.auth.server.http.HttpAuthenticationFactory;
-import org.wildfly.security.http.HttpAuthenticationException;
-import org.wildfly.security.http.HttpConstants;
-import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory;
-import org.wildfly.security.http.bearer.WildFlyElytronHttpBearerProvider;
-import org.wildfly.security.http.util.FilterServerMechanismFactory;
-import org.wildfly.security.http.util.SecurityProviderServerMechanismFactory;
-
-/**
- * Elytron component brings elytron security over camel-undertow component.
- *
- * Component work either as producer and as consumer.
- *
- * User has to define its SecurityDomain.Builder which will be used for
creation of security domain.
- * MechanismName then allows to define mechanism, which will take care of
authentication from security context.
- * MechanismName should be selected with regard to default securityRealm.
- *
- * Example: to use bearer_token, mechanism name has to be "BEARER_TOKEN" and
realm has to be TokenSecurityRealm.
- *
- */
-@Metadata(label = "verifiers", enums = "parameters,connectivity")
-@Component("elytron")
-public class ElytronComponent extends UndertowComponent {
-
- @Metadata(label = "advanced", required = true)
- private SecurityDomain.Builder securityDomainBuilder;
- @Metadata(label = "advanced", defaultValue = HttpConstants.BEARER_TOKEN)
- private String mechanismName = HttpConstants.BEARER_TOKEN;
- @Metadata(label = "advanced", defaultValue = "instance of
WildFlyElytronHttpBearerProvider")
- private WildFlyElytronBaseProvider elytronProvider =
WildFlyElytronHttpBearerProvider.getInstance();
-
- private SecurityDomain securityDomain;
-
- public ElytronComponent() {
- }
-
- public ElytronComponent(CamelContext context) {
- super(context);
- }
-
- @Override
- protected String getComponentName() {
- return "elytron";
- }
-
-
- @Override
- protected UndertowEndpoint createEndpointInstance(URI endpointUri,
UndertowComponent component) throws URISyntaxException {
- return new ElytronEndpoint(endpointUri.toString(), component);
- }
-
- @Override
- public HttpHandler registerEndpoint(UndertowConsumer consumer,
HttpHandlerRegistrationInfo registrationInfo, SSLContext sslContext,
HttpHandler handler) throws Exception {
- //injecting elytron
- return super.registerEndpoint(consumer, registrationInfo, sslContext,
wrap(handler, getSecurityDomain()));
- }
-
- /**
- * Definition of Builder, which will be used for creation of security
domain.
- */
- public SecurityDomain.Builder getSecurityDomainBuilder() {
- return securityDomainBuilder;
- }
-
- public void setSecurityDomainBuilder(SecurityDomain.Builder
securityDomainBuilder) {
- this.securityDomainBuilder = securityDomainBuilder;
- }
-
- /**
- * Name of the mechanism, which will be used for selection of
authentication mechanism.
- */
- public String getMechanismName() {
- return mechanismName;
- }
-
- public void setMechanismName(String mechanismName) {
- this.mechanismName = mechanismName;
- }
-
- /**
- * Elytron security provider, has to support mechanism from parameter
mechanismName.
- */
- public WildFlyElytronBaseProvider getElytronProvider() {
- return elytronProvider;
- }
-
- public void setElytronProvider(WildFlyElytronBaseProvider elytronProvider)
{
- this.elytronProvider = elytronProvider;
- }
-
- SecurityDomain getSecurityDomain() {
- if (securityDomain == null) {
- securityDomain = securityDomainBuilder.build();
- }
-
- return securityDomain;
- }
-
- private HttpHandler wrap(final HttpHandler toWrap, final SecurityDomain
securityDomain) {
- HttpAuthenticationFactory httpAuthenticationFactory =
createHttpAuthenticationFactory(securityDomain);
-
- HttpHandler rootHandler = new ElytronRunAsHandler(toWrap);
- rootHandler = new AuthenticationCallHandler(rootHandler);
- rootHandler = new AuthenticationConstraintHandler(rootHandler);
-
- return ElytronContextAssociationHandler.builder()
- .setNext(rootHandler)
- .setMechanismSupplier(() -> {
- try {
- return
Collections.singletonList(httpAuthenticationFactory.createMechanism(mechanismName));
- } catch (HttpAuthenticationException e) {
- throw new RuntimeException(e);
- }
- }).build();
- }
-
-
- private HttpAuthenticationFactory createHttpAuthenticationFactory(final
SecurityDomain securityDomain) {
- HttpServerAuthenticationMechanismFactory providerFactory = new
SecurityProviderServerMechanismFactory(() -> new
Provider[]{getElytronProvider()});
- HttpServerAuthenticationMechanismFactory httpServerMechanismFactory =
new FilterServerMechanismFactory(providerFactory, true, mechanismName);
-
- return HttpAuthenticationFactory.builder()
- .setSecurityDomain(securityDomain)
-
.setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(
- MechanismConfiguration.builder()
-
.addMechanismRealm(MechanismRealmConfiguration.builder().setRealmName("Elytron
Realm").build())
- .build()))
- .setFactory(httpServerMechanismFactory)
- .build();
- }
-
-
-}
diff --git
a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java
b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java
deleted file mode 100644
index 30f0b34..0000000
---
a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronConsumer.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.component.elytron;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import io.undertow.server.HttpServerExchange;
-import io.undertow.util.StatusCodes;
-import org.apache.camel.Processor;
-import org.apache.camel.component.undertow.UndertowConsumer;
-import org.apache.camel.component.undertow.UndertowEndpoint;
-import org.wildfly.security.auth.server.SecurityIdentity;
-import org.wildfly.security.authz.Roles;
-
-/**
- * Consumer contains decides if request contains required roles (which are
defined for endpoint)
- *
- */
-public class ElytronConsumer extends UndertowConsumer {
-
- public ElytronConsumer(UndertowEndpoint endpoint, Processor processor) {
- super(endpoint, processor);
- }
-
- public ElytronEndpoint getElytronEndpoint() {
- return (ElytronEndpoint) super.getEndpoint();
- }
-
- @Override
- public void handleRequest(HttpServerExchange httpExchange) throws
Exception {
- SecurityIdentity identity =
getElytronEndpoint().getElytronComponent().getSecurityDomain().getCurrentSecurityIdentity();
-
- if (identity != null) {
- //already authenticated
- Set<String> roles = new HashSet<>();
- Roles identityRoles = identity.getRoles();
-
- if (identityRoles != null) {
- for (String roleName : identityRoles) {
- roles.add(roleName);
- }
- }
-
- if (isAllowed(roles, getElytronEndpoint().getAllowedRoles())) {
- super.handleRequest(httpExchange);
- } else {
- httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
- httpExchange.endExchange();
- }
-
- return;
- }
-
- super.handleRequest(httpExchange);
- }
- public boolean isAllowed(Set<String> roles, String allowedRolesString) {
- if (allowedRolesString != null) {
- List<String> allowedRoles =
Arrays.asList(allowedRolesString.split("\\s*,\\s*"));
- for (String role : allowedRoles) {
- if (roles.contains(role)) {
- return true;
- }
- }
- }
- return false;
- }
-}
diff --git
a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java
b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java
deleted file mode 100644
index 78bb1957..0000000
---
a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronEndpoint.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.camel.component.elytron;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
-import io.undertow.server.HttpServerExchange;
-import org.apache.camel.Consumer;
-import org.apache.camel.Exchange;
-import org.apache.camel.Processor;
-import org.apache.camel.component.undertow.UndertowComponent;
-import org.apache.camel.component.undertow.UndertowEndpoint;
-import org.apache.camel.spi.UriEndpoint;
-import org.apache.camel.spi.UriParam;
-import org.wildfly.security.auth.server.SecurityIdentity;
-
-/**
- * The elytron component is allows you to work with the Elytron Security
Framework
- *
- */
-@UriEndpoint(firstVersion = "3.1.0", scheme = "elytron", title = "Elytron",
syntax = "elytron:httpURI",
- label = "http", lenientProperties = true, extendsScheme = "undertow")
-public class ElytronEndpoint extends UndertowEndpoint {
-
- /**
- * Name of the header which contains associated security identity if
request is authenticated.
- */
- public static final String SECURITY_IDENTITY_HEADER = "securityIdentity";
-
- @UriParam(label = "security", description = "List of allowed roles in
String format")
- private String allowedRoles;
-
- public ElytronEndpoint(String uri, UndertowComponent component) {
- super(uri, component);
- }
-
- public ElytronComponent getElytronComponent() {
- return (ElytronComponent) super.getComponent();
- }
-
- @Override
- public Consumer createConsumer(Processor processor) throws Exception {
- return new ElytronConsumer(this, processor);
- }
-
- @Override
- public Exchange createExchange(HttpServerExchange httpExchange) throws
Exception {
- Exchange exchange = super.createExchange(httpExchange);
-
- SecurityIdentity securityIdentity =
getElytronComponent().getSecurityDomain().getCurrentSecurityIdentity();
- //add security principal to headers
- exchange.getIn().setHeader(SECURITY_IDENTITY_HEADER, securityIdentity);
-
- return exchange;
- }
-
- @Override
- public String getAllowedRoles() {
- return allowedRoles;
- }
-
- @Override
- public void setAllowedRoles(String allowedRoles) {
- this.allowedRoles = allowedRoles;
- }
-}
diff --git
a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSecurityProvider.java
b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSecurityProvider.java
new file mode 100644
index 0000000..54ea662
--- /dev/null
+++
b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSecurityProvider.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.elytron;
+
+import java.security.Provider;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.function.BiConsumer;
+
+import io.undertow.security.handlers.AuthenticationCallHandler;
+import io.undertow.security.handlers.AuthenticationConstraintHandler;
+import io.undertow.server.HttpHandler;
+import io.undertow.server.HttpServerExchange;
+import io.undertow.util.StatusCodes;
+import org.apache.camel.component.undertow.spi.UndertowSecurityProvider;
+import
org.wildfly.elytron.web.undertow.server.ElytronContextAssociationHandler;
+import org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler;
+import org.wildfly.security.WildFlyElytronBaseProvider;
+import org.wildfly.security.auth.server.MechanismConfiguration;
+import org.wildfly.security.auth.server.MechanismConfigurationSelector;
+import org.wildfly.security.auth.server.MechanismRealmConfiguration;
+import org.wildfly.security.auth.server.SecurityDomain;
+import org.wildfly.security.auth.server.SecurityIdentity;
+import org.wildfly.security.auth.server.http.HttpAuthenticationFactory;
+import org.wildfly.security.authz.Roles;
+import org.wildfly.security.http.HttpAuthenticationException;
+import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory;
+import org.wildfly.security.http.util.FilterServerMechanismFactory;
+import org.wildfly.security.http.util.SecurityProviderServerMechanismFactory;
+
+/**
+ * Implementation of `UndertowSecurityProvider` which adds elytron capability
into camel-undertow.
+ * Provider requires instance of `ElytronSecurityConfiguration` to be provided
as `securityConfiguration`
+ * parameter in camel-undertow.
+ */
+public class ElytronSecurityProvider implements UndertowSecurityProvider {
+ /**
+ * Name of the header which contains associated security identity if
request is authenticated.
+ */
+ public static final String SECURITY_IDENTITY_HEADER = "securityIdentity";
+
+ private SecurityDomain securityDomain;
+ private WildFlyElytronBaseProvider elytronProvider;
+ private String mechanismName;
+
+ /**
+ * Provider adds header `securityIdentity` with value of type
`SecurityIdentity` after successful authentication.
+ */
+ @Override
+ public void addHeader(BiConsumer<String, Object> consumer,
HttpServerExchange httpExchange) throws Exception {
+ SecurityIdentity securityIdentity =
this.securityDomain.getCurrentSecurityIdentity();
+ //add security principal to headers
+ consumer.accept(SECURITY_IDENTITY_HEADER, securityIdentity);
+ }
+
+ /**
+ * Authentication is verified by securityDomain from configuration.
+ */
+ @Override
+ public int authenticate(HttpServerExchange httpExchange, List<String>
allowedRoles) throws Exception {
+ SecurityIdentity identity =
this.securityDomain.getCurrentSecurityIdentity();
+
+ if (identity != null) {
+ //already authenticated
+ Set<String> roles = new HashSet<>();
+ Roles identityRoles = identity.getRoles();
+
+ if (identityRoles != null) {
+ for (String roleName : identityRoles) {
+ roles.add(roleName);
+ }
+ }
+
+ if (isAllowed(roles, allowedRoles)) {
+ return StatusCodes.OK;
+ }
+ }
+
+ return StatusCodes.FORBIDDEN;
+ }
+
+ @Override
+ public boolean acceptConfiguration(Object configuration, String
endpointUri) throws Exception {
+ if (configuration instanceof ElytronSercurityConfiguration) {
+ ElytronSercurityConfiguration conf =
(ElytronSercurityConfiguration)configuration;
+ this.securityDomain = conf.getDomainBuilder().build();
+ this.mechanismName = conf.getMechanismName();
+ this.elytronProvider = conf.getElytronProvider();
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Elytron hook into undertow is by creation of wrapping httpHandler.
+ */
+ @Override
+ public HttpHandler wrapHttpHandler(HttpHandler httpHandler) throws
Exception {
+ HttpAuthenticationFactory httpAuthenticationFactory =
createHttpAuthenticationFactory(securityDomain);
+
+ HttpHandler rootHandler = new ElytronRunAsHandler(httpHandler);
+ rootHandler = new AuthenticationCallHandler(rootHandler);
+ rootHandler = new AuthenticationConstraintHandler(rootHandler);
+
+ return ElytronContextAssociationHandler.builder()
+ .setNext(rootHandler)
+ .setMechanismSupplier(() -> {
+ try {
+ return
Collections.singletonList(httpAuthenticationFactory.createMechanism(mechanismName));
+ } catch (HttpAuthenticationException e) {
+ throw new RuntimeException(e);
+ }
+ }).build();
+ }
+
+
+ private HttpAuthenticationFactory createHttpAuthenticationFactory(final
SecurityDomain securityDomain) {
+ HttpServerAuthenticationMechanismFactory providerFactory = new
SecurityProviderServerMechanismFactory(() -> new
Provider[]{this.elytronProvider});
+ HttpServerAuthenticationMechanismFactory httpServerMechanismFactory =
new FilterServerMechanismFactory(providerFactory, true, this.mechanismName);
+
+ return HttpAuthenticationFactory.builder()
+ .setSecurityDomain(securityDomain)
+
.setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(
+ MechanismConfiguration.builder()
+
.addMechanismRealm(MechanismRealmConfiguration.builder().setRealmName("Elytron
Realm").build())
+ .build()))
+ .setFactory(httpServerMechanismFactory)
+ .build();
+ }
+
+ public boolean isAllowed(Set<String> roles, List<String> allowedRoles) {
+ for (String role : allowedRoles) {
+ if (roles.contains(role)) {
+ return true;
+ }
+ }
+ return false;
+ }
+}
diff --git
a/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSercurityConfiguration.java
b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSercurityConfiguration.java
new file mode 100644
index 0000000..e0d50ea
--- /dev/null
+++
b/components/camel-elytron/src/main/java/org/apache/camel/component/elytron/ElytronSercurityConfiguration.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.elytron;
+
+import org.wildfly.security.WildFlyElytronBaseProvider;
+import org.wildfly.security.auth.server.SecurityDomain;
+
+/**
+ * Instance of this interface has to be provided as `securityConfiguration`
parameter into camel-undertow.
+ */
+public interface ElytronSercurityConfiguration {
+
+ /**
+ * Elytron security provider, has to support mechanism from parameter
mechanismName.
+ */
+ WildFlyElytronBaseProvider getElytronProvider();
+
+ /**
+ * Name of the mechanism, which will be used for selection of
authentication mechanism.
+ */
+ String getMechanismName();
+
+ /**
+ * Definition of Builder, which will be used for creation of security
domain.
+ */
+ SecurityDomain.Builder getDomainBuilder();
+}
diff --git
a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
index 3834073..f486fcf 100644
---
a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
+++
b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/BaseElytronTest.java
@@ -16,6 +16,10 @@
*/
package org.apache.camel.component.elytron;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.Writer;
+import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
@@ -24,6 +28,8 @@ import java.util.concurrent.atomic.AtomicInteger;
import org.apache.camel.BindToRegistry;
import org.apache.camel.CamelContext;
+import org.apache.camel.component.undertow.UndertowComponent;
+import org.apache.camel.component.undertow.spi.UndertowSecurityProvider;
import org.apache.camel.test.AvailablePortFinder;
import org.apache.camel.test.junit4.CamelTestSupport;
import org.junit.BeforeClass;
@@ -47,7 +53,7 @@ public abstract class BaseElytronTest extends
CamelTestSupport {
abstract String getMechanismName();
- abstract TokenSecurityRealm createBearerRealm() throws
NoSuchAlgorithmException;
+ abstract TokenSecurityRealm createBearerRealm();
abstract WildFlyElytronBaseProvider getElytronProvider();
@@ -55,6 +61,16 @@ public abstract class BaseElytronTest extends
CamelTestSupport {
public static void initPort() throws Exception {
port = AvailablePortFinder.getNextAvailable();
keyPair = null;
+
+ URL location =
ElytronSecurityProvider.class.getProtectionDomain().getCodeSource().getLocation();
+ File file = new File(location.getPath() + "META-INF/services/" +
UndertowSecurityProvider.class.getName());
+ file.getParentFile().mkdirs();
+
+ Writer output = new FileWriter(file);
+ output.write(ElytronSecurityProvider.class.getName());
+ output.close();
+
+ file.deleteOnExit();
}
protected static int getPort() {
@@ -75,14 +91,30 @@ public abstract class BaseElytronTest extends
CamelTestSupport {
context.getPropertiesComponent().setLocation("ref:prop");
- context.getComponent("elytron",
ElytronComponent.class).setSecurityDomainBuilder(getSecurityDomainBuilder());
- context.getComponent("elytron",
ElytronComponent.class).setMechanismName(getMechanismName());
- context.getComponent("elytron",
ElytronComponent.class).setElytronProvider(getElytronProvider());
+
+
+ context.getComponent("undertow",
UndertowComponent.class).setSecurityConfiguration(new
ElytronSercurityConfiguration() {
+ @Override
+ public WildFlyElytronBaseProvider getElytronProvider() {
+ return BaseElytronTest.this.getElytronProvider();
+ }
+
+ @Override
+ public String getMechanismName() {
+ return BaseElytronTest.this.getMechanismName();
+ }
+
+ @Override
+ public SecurityDomain.Builder getDomainBuilder() {
+ return getSecurityDomainBuilder();
+ }
+
+ });
return context;
}
- SecurityDomain.Builder getSecurityDomainBuilder() throws Exception {
+ SecurityDomain.Builder getSecurityDomainBuilder() {
SecurityDomain.Builder builder = SecurityDomain.builder()
.setDefaultRealmName("realm");
diff --git
a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/ElytronBearerTokenTest.java
b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/ElytronBearerTokenTest.java
index dfd6929..6f5ab179 100644
---
a/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/ElytronBearerTokenTest.java
+++
b/components/camel-elytron/src/test/java/org/apache/camel/component/elytron/ElytronBearerTokenTest.java
@@ -49,9 +49,14 @@ public class ElytronBearerTokenTest extends BaseElytronTest {
}
@Override
- TokenSecurityRealm createBearerRealm() throws NoSuchAlgorithmException {
- return TokenSecurityRealm.builder().principalClaimName("username")
-
.validator(JwtValidator.builder().publicKey(getKeyPair().getPublic()).build()).build();
+ TokenSecurityRealm createBearerRealm() {
+ try {
+ return TokenSecurityRealm.builder().principalClaimName("username")
+
.validator(JwtValidator.builder().publicKey(getKeyPair().getPublic()).build()).build();
+ } catch (NoSuchAlgorithmException e) {
+ fail("Can not prepare realm becase of " + e);
+ }
+ return null;
}
@Override
@@ -61,7 +66,7 @@ public class ElytronBearerTokenTest extends BaseElytronTest {
@Test
public void testBearerToken() throws Exception {
- String response =
template.requestBodyAndHeader("elytron:http://localhost:{{port}}/myapp";,
+ String response =
template.requestBodyAndHeader("undertow:http://localhost:{{port}}/myapp";,
"empty body",
Headers.AUTHORIZATION.toString(),
"Bearer " + createToken("alice", "user", new Date(new
Date().getTime() + 10000), getKeyPair().getPrivate()),
@@ -73,7 +78,7 @@ public class ElytronBearerTokenTest extends BaseElytronTest {
@Test
public void testBearerTokenBadRole() throws Exception {
try {
- String response =
template.requestBodyAndHeader("elytron:http://localhost:{{port}}/myapp";,
+ String response =
template.requestBodyAndHeader("undertow:http://localhost:{{port}}/myapp";,
"empty body",
Headers.AUTHORIZATION.toString(),
"Bearer " + createToken("alice", "guest", new Date(new
Date().getTime() + 10000), getKeyPair().getPrivate()),
@@ -90,7 +95,7 @@ public class ElytronBearerTokenTest extends BaseElytronTest {
protected RouteBuilder createRouteBuilder() throws Exception {
return new RouteBuilder() {
public void configure() {
-
from("elytron:http://localhost:{{port}}/myapp?allowedRoles=user";)
+
from("undertow:http://localhost:{{port}}/myapp?allowedRoles=user";)
.transform(simple("Hello
${in.header.securityIdentity.principal}!"));
}
};
diff --git
a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java
b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java
index e7c8244..8cfd0d4 100644
---
a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java
+++
b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java
@@ -1299,18 +1299,6 @@ public interface ComponentsBuilderFactory {
return
org.apache.camel.builder.component.dsl.ElsqlComponentBuilderFactory.elsql();
}
/**
- * Elytron (camel-elytron)
- * The elytron component is allows you to work with the Elytron Security
- * Framework
- *
- * Category: http
- * Since: 3.1
- * Maven coordinates: org.apache.camel:camel-elytron
- */
- static
org.apache.camel.builder.component.dsl.ElytronComponentBuilderFactory.ElytronComponentBuilder
elytron() {
- return
org.apache.camel.builder.component.dsl.ElytronComponentBuilderFactory.elytron();
- }
- /**
* Etcd Keys (camel-etcd)
* Camel Etcd support
*
diff --git
a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
index b6947c0..e69de29 100644
---
a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
+++
b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElytronComponentBuilderFactory.java
@@ -1,297 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.builder.component.dsl;
-
-import javax.annotation.Generated;
-import org.apache.camel.Component;
-import org.apache.camel.builder.component.AbstractComponentBuilder;
-import org.apache.camel.builder.component.ComponentBuilder;
-import org.apache.camel.component.elytron.ElytronComponent;
-
-/**
- * The elytron component is allows you to work with the Elytron Security
- * Framework
- *
- * Generated by camel-package-maven-plugin - do not edit this file!
- */
-@Generated("org.apache.camel.maven.packaging.ComponentDslMojo")
-public interface ElytronComponentBuilderFactory {
-
- /**
- * Elytron (camel-elytron)
- * The elytron component is allows you to work with the Elytron Security
- * Framework
- *
- * Category: http
- * Since: 3.1
- * Maven coordinates: org.apache.camel:camel-elytron
- */
- static ElytronComponentBuilder elytron() {
- return new ElytronComponentBuilderImpl();
- }
-
- /**
- * Builder for the Elytron component.
- */
- interface ElytronComponentBuilder
- extends
- ComponentBuilder<ElytronComponent> {
- /**
- * Allows for bridging the consumer to the Camel routing Error Handler,
- * which mean any exceptions occurred while the consumer is trying to
- * pickup incoming messages, or the likes, will now be processed as a
- * message and handled by the routing Error Handler. By default the
- * consumer will use the org.apache.camel.spi.ExceptionHandler to deal
- * with exceptions, that will be logged at WARN or ERROR level and
- * ignored.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: consumer
- */
- default ElytronComponentBuilder bridgeErrorHandler(
- boolean bridgeErrorHandler) {
- doSetProperty("bridgeErrorHandler", bridgeErrorHandler);
- return this;
- }
- /**
- * If enabled and an Exchange failed processing on the consumer side
the
- * response's body won't contain the exception's stack trace.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: consumer
- */
- default ElytronComponentBuilder muteException(boolean muteException) {
- doSetProperty("muteException", muteException);
- return this;
- }
- /**
- * Whether the producer should be started lazy (on the first message).
- * By starting lazy you can use this to allow CamelContext and routes
to
- * startup in situations where a producer may otherwise fail during
- * starting and cause the route to fail being started. By deferring
this
- * startup to be lazy then the startup failure can be handled during
- * routing messages via Camel's routing error handlers. Beware that
when
- * the first message is processed then creating and starting the
- * producer may take a little time and prolong the total processing
time
- * of the processing.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: producer
- */
- default ElytronComponentBuilder lazyStartProducer(
- boolean lazyStartProducer) {
- doSetProperty("lazyStartProducer", lazyStartProducer);
- return this;
- }
- /**
- * Whether the component should use basic property binding (Camel 2.x)
- * or the newer property binding with additional capabilities.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: advanced
- */
- default ElytronComponentBuilder basicPropertyBinding(
- boolean basicPropertyBinding) {
- doSetProperty("basicPropertyBinding", basicPropertyBinding);
- return this;
- }
- /**
- * Elytron security provider, has to support mechanism from parameter
- * mechanismName.
- *
- * The option is a:
- * <code>org.wildfly.security.WildFlyElytronBaseProvider</code> type.
- *
- * Default: instance of WildFlyElytronHttpBearerProvider
- * Group: advanced
- */
- default ElytronComponentBuilder elytronProvider(
- org.wildfly.security.WildFlyElytronBaseProvider
elytronProvider) {
- doSetProperty("elytronProvider", elytronProvider);
- return this;
- }
- /**
- * To configure common options, such as thread pools.
- *
- * The option is a:
- * <code>org.apache.camel.component.undertow.UndertowHostOptions</code>
- * type.
- *
- * Group: advanced
- */
- default ElytronComponentBuilder hostOptions(
- org.apache.camel.component.undertow.UndertowHostOptions
hostOptions) {
- doSetProperty("hostOptions", hostOptions);
- return this;
- }
- /**
- * Name of the mechanism, which will be used for selection of
- * authentication mechanism.
- *
- * The option is a: <code>java.lang.String</code> type.
- *
- * Default: BEARER_TOKEN
- * Group: advanced
- */
- default ElytronComponentBuilder mechanismName(
- java.lang.String mechanismName) {
- doSetProperty("mechanismName", mechanismName);
- return this;
- }
- /**
- * Definition of Builder, which will be used for creation of security
- * domain.
- *
- * The option is a:
- * <code>org.wildfly.security.auth.server.SecurityDomain.Builder</code>
- * type.
- *
- * Group: advanced
- */
- default ElytronComponentBuilder securityDomainBuilder(
- org.wildfly.security.auth.server.SecurityDomain.Builder
securityDomainBuilder) {
- doSetProperty("securityDomainBuilder", securityDomainBuilder);
- return this;
- }
- /**
- * To use a custom HttpBinding to control the mapping between Camel
- * message and HttpClient.
- *
- * The option is a:
- * <code>org.apache.camel.component.undertow.UndertowHttpBinding</code>
- * type.
- *
- * Group: advanced
- */
- default ElytronComponentBuilder undertowHttpBinding(
- org.apache.camel.component.undertow.UndertowHttpBinding
undertowHttpBinding) {
- doSetProperty("undertowHttpBinding", undertowHttpBinding);
- return this;
- }
- /**
- * Configuration used by UndertowSecurityProvider. Comma separated list
- * of allowed roles.
- *
- * The option is a: <code>java.lang.String</code> type.
- *
- * Group: security
- */
- default ElytronComponentBuilder allowedRoles(
- java.lang.String allowedRoles) {
- doSetProperty("allowedRoles", allowedRoles);
- return this;
- }
- /**
- * Configuration used by UndertowSecurityProvider. Security
- * configuration object for use from UndertowSecurityProvider.
- * Configuration is UndertowSecurityProvider specific. Each provider
- * decides, whether it accepts configuration.
- *
- * The option is a: <code>java.lang.Object</code> type.
- *
- * Group: security
- */
- default ElytronComponentBuilder securityConfiguration(
- java.lang.Object securityConfiguration) {
- doSetProperty("securityConfiguration", securityConfiguration);
- return this;
- }
- /**
- * Security provider allows plug in the provider, which will be used to
- * secure requests. SPI approach could be used too (component then
finds
- * security provider using SPI).
- *
- * The option is a:
- *
<code>org.apache.camel.component.undertow.spi.UndertowSecurityProvider</code>
type.
- *
- * Group: security
- */
- default ElytronComponentBuilder securityProvider(
-
org.apache.camel.component.undertow.spi.UndertowSecurityProvider
securityProvider) {
- doSetProperty("securityProvider", securityProvider);
- return this;
- }
- /**
- * To configure security using SSLContextParameters.
- *
- * The option is a:
- * <code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
- *
- * Group: security
- */
- default ElytronComponentBuilder sslContextParameters(
- org.apache.camel.support.jsse.SSLContextParameters
sslContextParameters) {
- doSetProperty("sslContextParameters", sslContextParameters);
- return this;
- }
- /**
- * Enable usage of global SSL context parameters.
- *
- * The option is a: <code>boolean</code> type.
- *
- * Default: false
- * Group: security
- */
- default ElytronComponentBuilder useGlobalSslContextParameters(
- boolean useGlobalSslContextParameters) {
- doSetProperty("useGlobalSslContextParameters",
useGlobalSslContextParameters);
- return this;
- }
- }
-
- class ElytronComponentBuilderImpl
- extends
- AbstractComponentBuilder<ElytronComponent>
- implements
- ElytronComponentBuilder {
- @Override
- protected ElytronComponent buildConcreteComponent() {
- return new ElytronComponent();
- }
- @Override
- protected boolean setPropertyOnComponent(
- Component component,
- String name,
- Object value) {
- switch (name) {
- case "bridgeErrorHandler": ((ElytronComponent)
component).setBridgeErrorHandler((boolean) value); return true;
- case "muteException": ((ElytronComponent)
component).setMuteException((boolean) value); return true;
- case "lazyStartProducer": ((ElytronComponent)
component).setLazyStartProducer((boolean) value); return true;
- case "basicPropertyBinding": ((ElytronComponent)
component).setBasicPropertyBinding((boolean) value); return true;
- case "elytronProvider": ((ElytronComponent)
component).setElytronProvider((org.wildfly.security.WildFlyElytronBaseProvider)
value); return true;
- case "hostOptions": ((ElytronComponent)
component).setHostOptions((org.apache.camel.component.undertow.UndertowHostOptions)
value); return true;
- case "mechanismName": ((ElytronComponent)
component).setMechanismName((java.lang.String) value); return true;
- case "securityDomainBuilder": ((ElytronComponent)
component).setSecurityDomainBuilder((org.wildfly.security.auth.server.SecurityDomain.Builder)
value); return true;
- case "undertowHttpBinding": ((ElytronComponent)
component).setUndertowHttpBinding((org.apache.camel.component.undertow.UndertowHttpBinding)
value); return true;
- case "allowedRoles": ((ElytronComponent)
component).setAllowedRoles((java.lang.String) value); return true;
- case "securityConfiguration": ((ElytronComponent)
component).setSecurityConfiguration((java.lang.Object) value); return true;
- case "securityProvider": ((ElytronComponent)
component).setSecurityProvider((org.apache.camel.component.undertow.spi.UndertowSecurityProvider)
value); return true;
- case "sslContextParameters": ((ElytronComponent)
component).setSslContextParameters((org.apache.camel.support.jsse.SSLContextParameters)
value); return true;
- case "useGlobalSslContextParameters": ((ElytronComponent)
component).setUseGlobalSslContextParameters((boolean) value); return true;
- default: return false;
- }
- }
- }
-}
\ No newline at end of file
diff --git a/core/camel-componentdsl/src/generated/resources/metadata.json
b/core/camel-componentdsl/src/generated/resources/metadata.json
index d55e077..af8d730 100644
--- a/core/camel-componentdsl/src/generated/resources/metadata.json
+++ b/core/camel-componentdsl/src/generated/resources/metadata.json
@@ -2189,26 +2189,6 @@
"artifactId": "camel-elsql",
"version": "3.2.0-SNAPSHOT"
},
- "ElytronComponentBuilderFactory": {
- "kind": "component",
- "scheme": "elytron",
- "extendsScheme": "undertow",
- "syntax": "elytron:httpURI",
- "title": "Elytron",
- "description": "The elytron component is allows you to work with the
Elytron Security Framework",
- "label": "http",
- "deprecated": false,
- "deprecationNote": "http",
- "async": true,
- "consumerOnly": false,
- "producerOnly": false,
- "lenientProperties": true,
- "javaType": "org.apache.camel.component.elytron.ElytronComponent",
- "firstVersion": "3.1.0",
- "groupId": "org.apache.camel",
- "artifactId": "camel-elytron",
- "version": "3.2.0-SNAPSHOT"
- },
"EtcdKeysComponentBuilderFactory": {
"kind": "component",
"scheme": "etcd-keys",
diff --git a/docs/components/modules/ROOT/pages/elytron-component.adoc
b/docs/components/modules/ROOT/pages/elytron-component.adoc
index 6aaca9a..010efbb 100644
--- a/docs/components/modules/ROOT/pages/elytron-component.adoc
+++ b/docs/components/modules/ROOT/pages/elytron-component.adoc
@@ -1,27 +1,35 @@
[[elytron-component]]
-= Elytron Component
+= Undertow Elytron Security Provider
:page-source: components/camel-elytron/src/main/docs/elytron-component.adoc
-*Since Camel 3.1*
+*Since Camel 3.2*
// HEADER START
-*Both producer and consumer is supported*
+*Replaces component camel-elytron*
// HEADER END
*OSGi is not supported*
-The Elytron component provides Elytron security over camel-undertow component.
-It extends camel-undertow component and adds several parameters.
-In componont it is securityDomainBuilder and mechanismName, in endpoint it is
allowedRoles.
+The Elytron Security Provider provides Elytron security over camel-undertow
component.
+It enables camel-undertow component use Elytron security capabilities.
+To force camel-undertow to use elytron security provider, add elytron security
provider library
+on classpath and provide instance of ElytronSercurityConfiguration as
`securityConfiguration`
+parameter into camel-undertow component or provide both
`securityConfiguration` and `securityProvider`
+into camel-undertow component.
-User has to define its SecurityDomain.Builder, which will be used for creation
of security domain.
-MechanismName then allows to define mechanism, which will take care of
authentication from security context.
-(MechanismName should be selected with regard to default securityRealm. For
example: to use bearer_token security, mechanism name has to be "BEARER_TOKEN"
-and realm has to be TokenSecurityRealm.)
-ElytronProvider has to be defined with respect of mechnismName.
+Configuration has to provide all 3 security attributes:
+[width="100%"]
+|===
+| Name | Description | Type
+| *domainBuilder* | Builder for security domain. | SecurityDomain.Builder
+| *mechanismName* | MechanismName should be selected with regard to default
securityRealm. For
+example: to use bearer_token security, mechanism name has to be "BEARER_TOKEN"
and realm has to be
+TokenSecurityReal | String
+|===
-Each exchange created by Elytron endpoint contains header 'securityIdentity'
with current Elytron's secrity identity as value.
-('org.wildfly.security.auth.server.SecurityIdentity')
+Each exchange created by Undertow endpoint with Elytron security contains
header 'securityIdentity'
+with current Elytron's security identity as value.
+('org.wildfly.security.auth.server.SecurityIdentity') or is FORBIDDEN (status
code 403)
Maven users will need to add the following dependency to their `pom.xml`
for this component:
@@ -36,102 +44,3 @@ for this component:
</dependency>
----
-== URI format
-
-[source,text]
-----
-elytron:http://hostname[:port][/resourceUri][?options]
-elytron:https://hostname[:port][/resourceUri][?options]
-----
-
-You can append query options to the URI in the following format,
-`?option=value&option=value&...`
-
-== Options
-
-// component options: START
-The Elytron component supports 14 options, which are listed below.
-
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the
Camel routing Error Handler, which mean any exceptions occurred while the
consumer is trying to pickup incoming messages, or the likes, will now be
processed as a message and handled by the routing Error Handler. By default the
consumer will use the org.apache.camel.spi.ExceptionHandler to deal with
exceptions, that will be logged at WARN or ERROR level and ignored. | false |
boolean
-| *muteException* (consumer) | If enabled and an Exchange failed processing on
the consumer side the response's body won't contain the exception's stack
trace. | false | boolean
-| *lazyStartProducer* (producer) | Whether the producer should be started lazy
(on the first message). By starting lazy you can use this to allow CamelContext
and routes to startup in situations where a producer may otherwise fail during
starting and cause the route to fail being started. By deferring this startup
to be lazy then the startup failure can be handled during routing messages via
Camel's routing error handlers. Beware that when the first message is processed
then creating and [...]
-| *basicPropertyBinding* (advanced) | Whether the component should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities | false | boolean
-| *elytronProvider* (advanced) | Elytron security provider, has to support
mechanism from parameter mechanismName. | instance of
WildFlyElytronHttpBearerProvider | WildFlyElytronBaseProvider
-| *hostOptions* (advanced) | To configure common options, such as thread pools
| | UndertowHostOptions
-| *mechanismName* (advanced) | Name of the mechanism, which will be used for
selection of authentication mechanism. | BEARER_TOKEN | String
-| *securityDomainBuilder* (advanced) | *Required* Definition of Builder, which
will be used for creation of security domain. | | Builder
-| *undertowHttpBinding* (advanced) | To use a custom HttpBinding to control
the mapping between Camel message and HttpClient. | | UndertowHttpBinding
-| *allowedRoles* (security) | Configuration used by UndertowSecurityProvider.
Comma separated list of allowed roles. | | String
-| *securityConfiguration* (security) | Configuration used by
UndertowSecurityProvider. Security configuration object for use from
UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific.
Each provider decides, whether it accepts configuration. | | Object
-| *securityProvider* (security) | Security provider allows plug in the
provider, which will be used to secure requests. SPI approach could be used too
(component then finds security provider using SPI). | |
UndertowSecurityProvider
-| *sslContextParameters* (security) | To configure security using
SSLContextParameters | | SSLContextParameters
-| *useGlobalSslContextParameters* (security) | Enable usage of global SSL
context parameters. | false | boolean
-|===
-// component options: END
-
-
-// endpoint options: START
-The Elytron endpoint is configured using URI syntax:
-
-----
-elytron:httpURI
-----
-
-with the following path and query parameters:
-
-=== Path Parameters (1 parameters):
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *httpURI* | *Required* The url of the HTTP endpoint to use. | | URI
-|===
-
-
-=== Query Parameters (31 parameters):
-
-
-[width="100%",cols="2,5,^1,2",options="header"]
-|===
-| Name | Description | Default | Type
-| *useStreaming* (common) | For HTTP endpoint: if true, text and binary
messages will be wrapped as java.io.InputStream before they are passed to an
Exchange; otherwise they will be passed as byte. For WebSocket endpoint: if
true, text and binary messages will be wrapped as java.io.Reader and
java.io.InputStream respectively before they are passed to an Exchange;
otherwise they will be passed as String and byte respectively. | false | boolean
-| *accessLog* (consumer) | Whether or not the consumer should write access log
| false | Boolean
-| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the
Camel routing Error Handler, which mean any exceptions occurred while the
consumer is trying to pickup incoming messages, or the likes, will now be
processed as a message and handled by the routing Error Handler. By default the
consumer will use the org.apache.camel.spi.ExceptionHandler to deal with
exceptions, that will be logged at WARN or ERROR level and ignored. | false |
boolean
-| *httpMethodRestrict* (consumer) | Used to only allow consuming if the
HttpMethod matches, such as GET/POST/PUT etc. Multiple methods can be specified
separated by comma. | | String
-| *matchOnUriPrefix* (consumer) | Whether or not the consumer should try to
find a target consumer by matching the URI prefix if no exact match is found. |
false | Boolean
-| *muteException* (consumer) | If enabled and an Exchange failed processing on
the consumer side the response's body won't contain the exception's stack
trace. | false | Boolean
-| *optionsEnabled* (consumer) | Specifies whether to enable HTTP OPTIONS for
this Servlet consumer. By default OPTIONS is turned off. | false | boolean
-| *exceptionHandler* (consumer) | To let the consumer use a custom
ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this
option is not in use. By default the consumer will deal with exceptions, that
will be logged at WARN or ERROR level and ignored. | | ExceptionHandler
-| *exchangePattern* (consumer) | Sets the exchange pattern when the consumer
creates an exchange. The value can be one of: InOnly, InOut, InOptionalOut | |
ExchangePattern
-| *handlers* (consumer) | Specifies a comma-delimited set of
io.undertow.server.HttpHandler instances to lookup in your Registry. These
handlers are added to the Undertow handler chain (for example, to add
security). Important: You can not use different handlers with different
Undertow endpoints using the same port number. The handlers is associated to
the port number. If you need different handlers, then use different port
numbers. | | String
-| *cookieHandler* (producer) | Configure a cookie handler to maintain a HTTP
session | | CookieHandler
-| *keepAlive* (producer) | Setting to ensure socket is not closed due to
inactivity | true | Boolean
-| *lazyStartProducer* (producer) | Whether the producer should be started lazy
(on the first message). By starting lazy you can use this to allow CamelContext
and routes to startup in situations where a producer may otherwise fail during
starting and cause the route to fail being started. By deferring this startup
to be lazy then the startup failure can be handled during routing messages via
Camel's routing error handlers. Beware that when the first message is processed
then creating and [...]
-| *options* (producer) | Sets additional channel options. The options that can
be used are defined in org.xnio.Options. To configure from endpoint uri, then
prefix each option with option., such as
option.close-abort=true&option.send-buffer=8192 | | Map
-| *preserveHostHeader* (producer) | If the option is true, UndertowProducer
will set the Host header to the value contained in the current exchange Host
header, useful in reverse proxy applications where you want the Host header
received by the downstream server to reflect the URL called by the upstream
client, this allows applications which use the Host header to generate accurate
URL's for a proxied service. | true | boolean
-| *reuseAddresses* (producer) | Setting to facilitate socket multiplexing |
true | Boolean
-| *tcpNoDelay* (producer) | Setting to improve TCP protocol performance | true
| Boolean
-| *throwExceptionOnFailure* (producer) | Option to disable throwing the
HttpOperationFailedException in case of failed responses from the remote
server. This allows you to get all responses regardless of the HTTP status
code. | true | Boolean
-| *transferException* (producer) | If enabled and an Exchange failed
processing on the consumer side and if the caused Exception was send back
serialized in the response as a application/x-java-serialized-object content
type. On the producer side the exception will be deserialized and thrown as is
instead of the HttpOperationFailedException. The caused exception is required
to be serialized. This is by default turned off. If you enable this then be
aware that Java will deserialize the in [...]
-| *accessLogReceiver* (advanced) | Which Undertow AccessLogReciever should be
used Will use JBossLoggingAccessLogReceiver if not specifid | |
AccessLogReceiver
-| *basicPropertyBinding* (advanced) | Whether the endpoint should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities | false | boolean
-| *headerFilterStrategy* (advanced) | To use a custom HeaderFilterStrategy to
filter header to and from Camel message. | | HeaderFilterStrategy
-| *synchronous* (advanced) | Sets whether synchronous processing should be
strictly used, or Camel is allowed to use asynchronous processing (if
supported). | false | boolean
-| *undertowHttpBinding* (advanced) | To use a custom UndertowHttpBinding to
control the mapping between Camel message and undertow. | | UndertowHttpBinding
-| *allowedRoles* (security) | List of allowed roles in String format | |
String
-| *securityConfiguration* (security) | OConfiguration used by
UndertowSecurityProvider. Security configuration object for use from
UndertowSecurityProvider. Configuration is UndertowSecurityProvider specific.
Each provider decides whether accepts configuration. | | Object
-| *securityProvider* (security) | Security provider allows plug in the
provider, which will be used to secure requests. SPI approach could be used too
(endpoint then finds security provider using SPI). | | UndertowSecurityProvider
-| *sslContextParameters* (security) | To configure security using
SSLContextParameters | | SSLContextParameters
-| *fireWebSocketChannelEvents* (websocket) | if true, the consumer will post
notifications to the route when a new WebSocket peer connects, disconnects,
etc. See UndertowConstants.EVENT_TYPE and EventType. | false | boolean
-| *sendTimeout* (websocket) | Timeout in milliseconds when sending to a
websocket channel. The default timeout is 30000 (30 seconds). | 30000 | Integer
-| *sendToAll* (websocket) | To send to all websocket subscribers. Can be used
to configure on endpoint level, instead of having to use the
UndertowConstants.SEND_TO_ALL header on the message. | | Boolean
-|===
-// endpoint options: END
-
-include::camel-spring-boot::page$elytron-starter.adoc[]
diff --git a/docs/components/modules/ROOT/pages/index.adoc
b/docs/components/modules/ROOT/pages/index.adoc
index 20180bf..22fb0a6 100644
--- a/docs/components/modules/ROOT/pages/index.adoc
+++ b/docs/components/modules/ROOT/pages/index.adoc
@@ -11,7 +11,7 @@ Below is the list of components that are provided by Apache
Camel.
== List of Components
// components: START
-Number of Components: 332 in 265 JAR artifacts (1 deprecated)
+Number of Components: 331 in 264 JAR artifacts (1 deprecated)
[width="100%",cols="4,1,5",options="header"]
|===
@@ -223,8 +223,6 @@ Number of Components: 332 in 265 JAR artifacts (1
deprecated)
| xref:elsql-component.adoc[ElSQL] (camel-elsql) | 2.16 | The elsql component
is an extension to the existing SQL Component that uses ElSql to define the SQL
queries.
-| xref:elytron-component.adoc[Elytron] (camel-elytron) | 3.1 | The elytron
component is allows you to work with the Elytron Security Framework
-
| xref:etcd-keys-component.adoc[Etcd Keys] (camel-etcd) | 2.18 | Camel Etcd
support
| xref:etcd-stats-component.adoc[Etcd Stats] (camel-etcd) | 2.18 | The camel
etcd component allows you to work with Etcd, a distributed reliable key-value
store.
