Hi,
I just added a design notes[1] for the Camel Security which shows a
rough design of Camel Security API, which just leverage the Camel Policy
API to delegate the access control to the AuthorizationPolicy. In this
way we can plugin different AuthoriztionPolicy implementation based on
different security framework easily.
For the authentication, as camel doesn't have any GUI or other interface
to type the user name and password. We just store the authentication
instance into the exchange property and let the camel client to deal
with authentication work. In the feature we could add some
authentication support on the camel-servlet, camel-jetty consumer.
Any thought?
[1]http://cwiki.apache.org/confluence/display/CAMEL/Camel+Security
Willem
