[
https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108841#comment-13108841
]
Rich Newcomb commented on CAMEL-4441:
-------------------------------------
Thanks Ashwin! I will update the documentation on the Camel wiki.
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Assignee: Ashwin Karpe
> Fix For: 2.9.0
>
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch,
> CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch,
> CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when
> identifying specific nodes to be encrypted or decrypted. The data format
> will only work for incidental namespace collisions (i.e., when the target XML
> document has elements that happen to use the same namespace prefix as that
> used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition
> mapping to be included as part of the data format configuration. This
> enables true namespace matching, even if the prefix values in the data format
> definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/";);
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy",
> namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5,
> tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by
> leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that
> is defined as part of the camelContext definition can be re-used in context
> within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts"
> password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring";
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/";>
>
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
>
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc";
>
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore
> parameters for asymmetric encryption and decryption. The patch enables the
> XmlSecuritiy component to use instances of the
> org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is
> also illustrated in the examples above. The other methods of KeyStore
> definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security
> engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to
> share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
