[
https://issues.apache.org/jira/browse/CAMEL-20747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen updated CAMEL-20747:
--------------------------------
Component/s: camel-spring-security
> Remove usage of deprecated Spring Security classes for route policies
> ---------------------------------------------------------------------
>
> Key: CAMEL-20747
> URL: https://issues.apache.org/jira/browse/CAMEL-20747
> Project: Camel
> Issue Type: Improvement
> Components: camel-spring-security
> Reporter: Marco Santarelli
> Priority: Major
> Fix For: 4.7.0
>
>
> You can currently define route policies as follows:
> {code:java}
> @Bean(RolePolicy.ADMIN) public AuthorizationPolicy
> authorizationPolicyAdmin(AuthenticationManager authenticationManager) {
> SpringSecurityAuthorizationPolicy authorizationPolicy = new
> SpringSecurityAuthorizationPolicy();
> authorizationPolicy.setAuthenticationManager(authenticationManager);
> authorizationPolicy.setSpringSecurityAccessPolicy(new
> SpringSecurityAccessPolicy("ROLE_ADMIN"));
> authorizationPolicy.setAccessDecisionManager(new
> AffirmativeBased(Collections.singletonList(new RoleVoter()))); return
> authorizationPolicy; }{code}
> {{ }}
> This is however using deprecated classes that will disappear in spring
> security 7, and is leveraging the deprecated AccessDecisionManager concept
> instead of the new AuthorizationManager.
> See the following references and discussions for details:
> -
> https://docs.spring.io/spring-security/reference/5.8/migration/servlet/authorization.html
> -
> https://docs.spring.io/spring-security/reference/servlet/authorization/architecture.html#authz-access-decision-manager
> -
> https://camel.zulipchat.com/#narrow/stream/257301-camel-spring-boot/topic/Route.20Policies.20and.20Spring.20Security.206
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
