This is an automated email from the ASF dual-hosted git repository. davsclaus pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push: new 0dabf041a52 [CAMEL-20747] Migrate SpringSecurityAuthorizationPolicy to Spring 5 (#14082) 0dabf041a52 is described below commit 0dabf041a528448fb4138e87974ebb72db130acc Author: Marco Santarelli <santa...@users.noreply.github.com> AuthorDate: Wed May 8 16:04:17 2024 +0200 [CAMEL-20747] Migrate SpringSecurityAuthorizationPolicy to Spring 5 (#14082) * Changed the SpringSecurityAuthorizationPolicy to remove deprecated methods and classes, using the new Authorization manager. * Missed an xml resource, fixed tests * Updated failing integration tests as a result of the component change. * Added notes to the upgrade guide. --------- Co-authored-by: Claus Ibsen <claus.ib...@gmail.com> --- .../src/main/docs/spring-security.adoc | 28 +++++-------- .../security/SpringSecurityAccessPolicy.java | 38 ----------------- .../SpringSecurityAuthorizationPolicy.java | 47 ++++++++-------------- .../SpringSecurityAuthorizationPolicyParser.java | 10 +---- .../resources/schema/camel-spring-security.xsd | 6 +-- ...pringSecurityAuthorizationPolicyConfigTest.java | 10 ++--- .../spring/security/SpringSecurityCamelContext.xml | 4 +- .../component/spring/security/commonSecurity.xml | 7 +--- .../config/SpringSecurityAuthorizationPolicy.xml | 2 +- .../ROOT/pages/camel-4x-upgrade-guide-4_7.adoc | 21 ++++++++++ .../camel/itest/security/GreeterClientTest.java | 2 +- .../itest/security/CxfMessageCamelContext.xml | 2 +- .../apache/camel/itest/security/camel-context.xml | 4 +- .../apache/camel/itest/security/commonSecurity.xml | 7 +--- 14 files changed, 68 insertions(+), 120 deletions(-) diff --git a/components/camel-spring-security/src/main/docs/spring-security.adoc b/components/camel-spring-security/src/main/docs/spring-security.adoc index edb83739f3a..35f58d12da5 100644 --- a/components/camel-spring-security/src/main/docs/spring-security.adoc +++ b/components/camel-spring-security/src/main/docs/spring-security.adoc @@ -30,8 +30,8 @@ Access to a route is controlled by an instance of a `SpringSecurityAuthorizationPolicy` object. A policy object contains the name of the Spring Security authority (role) required to run a set of endpoints and references to Spring Security `AuthenticationManager` and -`AccessDecisionManager` objects used to determine whether the current -principal has been assigned that role. Policy objects may be configured +`AuthorizationManager` objects used to determine whether the current +principal is authorized. Policy objects may be configured as Spring beans or by using an `<authorizationPolicy>` element in Spring XML. @@ -45,13 +45,10 @@ attributes: |`id` |`null` |The unique Spring bean identifier which is used to reference the policy in routes (required) -|`access` |`null` |The Spring Security authority name that is passed to the access decision -manager (required) - |`authenticationManager` |`authenticationManager` |The name of the Spring Security `AuthenticationManager` object in the context -|`accessDecisionManager` |`accessDecisionManager` |The name of the Spring Security `AccessDecisionManager` object in the +|`authorizationManager` |`authorizationManager` |The name of the Spring Security `AuthorizationManager` object in the context |`authenticationAdapter` |DefaultAuthenticationAdapter |The name of a *camel-spring-security* @@ -70,7 +67,7 @@ header under `Exchange.AUTHENTICATION`, check the Spring Security [[SpringSecurity-ControllingaccesstoCamelroutes]] == Controlling access to Camel routes -A Spring Security `AuthenticationManager` and `AccessDecisionManager` +A Spring Security `AuthenticationManager` and `AuthorizationManager` are required to use this component. Here is an example of how to configure these objects in Spring XML using the Spring Security namespace: @@ -83,14 +80,9 @@ namespace: xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> - <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> - <property name="allowIfAllAbstainDecisions" value="true"/> - <property name="decisionVoters"> - <list> - <bean class="org.springframework.security.access.vote.RoleVoter"/> - </list> - </property> - </bean> + <bean id="authorizationManager" class=" org.springframework.security.authorization.AuthorityAuthorizationManager"> + <constructor-arg name="authorities" value="ROLE_ADMIN"/> + </bean> <spring-security:authentication-manager alias="authenticationManager"> <spring-security:authentication-provider user-service-ref="userDetailsService"/> @@ -121,10 +113,10 @@ to a route: <!-- import the Spring security configuration --> <import resource= "classpath:org/apache/camel/component/spring/security/commonSecurity.xml"/> - <authorizationPolicy id="admin" access="ROLE_ADMIN" + <authorizationPolicy id="admin" + authorizationManager="authorizationManager" authenticationManager="authenticationManager" - accessDecisionManager="accessDecisionManager" - xmlns="http://camel.apache.org/schema/spring-security"/> + xmlns="http://camel.apache.org/schema/spring-security "/> <camelContext id="myCamelContext" xmlns="http://camel.apache.org/schema/spring"> <route> diff --git a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAccessPolicy.java b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAccessPolicy.java deleted file mode 100644 index a3dad559c77..00000000000 --- a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAccessPolicy.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.camel.component.spring.security; - -import java.util.List; - -import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.SecurityConfig; -import org.springframework.util.Assert; - -public class SpringSecurityAccessPolicy { - - private final List<ConfigAttribute> configAttributes; - - public SpringSecurityAccessPolicy(String access) { - Assert.isTrue(access != null, "The access attribute must not be null."); - configAttributes = SecurityConfig.createListFromCommaDelimitedString(access); - } - - public List<ConfigAttribute> getConfigAttributes() { - return configAttributes; - } - -} diff --git a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy.java b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy.java index fa961fc9575..52a53292e00 100644 --- a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy.java +++ b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy.java @@ -16,8 +16,6 @@ */ package org.apache.camel.component.spring.security; -import java.util.List; - import javax.security.auth.Subject; import org.apache.camel.CamelAuthorizationException; @@ -35,12 +33,12 @@ import org.springframework.beans.factory.InitializingBean; import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisherAware; -import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.AccessDeniedException; -import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.event.AuthorizationFailureEvent; -import org.springframework.security.access.event.AuthorizedEvent; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.event.AuthorizationDeniedEvent; +import org.springframework.security.authorization.event.AuthorizationGrantedEvent; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.util.Assert; @@ -48,11 +46,10 @@ import org.springframework.util.Assert; public class SpringSecurityAuthorizationPolicy extends IdentifiedType implements AuthorizationPolicy, InitializingBean, ApplicationEventPublisherAware { private static final Logger LOG = LoggerFactory.getLogger(SpringSecurityAuthorizationPolicy.class); - private AccessDecisionManager accessDecisionManager; + private AuthorizationManager<Exchange> authorizationManager; private AuthenticationManager authenticationManager; private AuthenticationAdapter authenticationAdapter; private ApplicationEventPublisher eventPublisher; - private SpringSecurityAccessPolicy accessPolicy; private boolean alwaysReauthenticate; private boolean useThreadSecurityContext = true; @@ -67,28 +64,27 @@ public class SpringSecurityAuthorizationPolicy extends IdentifiedType } protected void beforeProcess(Exchange exchange) throws Exception { - List<ConfigAttribute> attributes = accessPolicy.getConfigAttributes(); - try { Authentication authToken = getAuthentication(exchange.getIn()); if (authToken == null) { throw new CamelAuthorizationException("Cannot find the Authentication instance.", exchange); } - Authentication authenticated = authenticateIfRequired(authToken); + Authentication authentication = authenticateIfRequired(authToken); + AuthorizationDecision decision = this.authorizationManager.check(() -> authentication, exchange); // Attempt authorization with exchange try { - this.accessDecisionManager.decide(authenticated, exchange, attributes); + this.authorizationManager.verify(() -> authentication, exchange); } catch (AccessDeniedException accessDeniedException) { exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId()); - AuthorizationFailureEvent event = new AuthorizationFailureEvent( - exchange, attributes, authenticated, - accessDeniedException); + AuthorizationDeniedEvent<Exchange> event = new AuthorizationDeniedEvent<>( + () -> authentication, exchange, decision); publishEvent(event); throw accessDeniedException; } - publishEvent(new AuthorizedEvent(exchange, attributes, authenticated)); + + publishEvent(new AuthorizationGrantedEvent<Exchange>(() -> authentication, exchange, decision)); } catch (RuntimeException exception) { exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId()); @@ -128,8 +124,7 @@ public class SpringSecurityAuthorizationPolicy extends IdentifiedType @Override public void afterPropertiesSet() throws Exception { Assert.notNull(this.authenticationManager, "An AuthenticationManager is required"); - Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required"); - Assert.notNull(this.accessPolicy, "The accessPolicy is required"); + Assert.notNull(this.authorizationManager, "An AuthorizationManager is required"); } private Authentication authenticateIfRequired(Authentication authentication) { @@ -166,8 +161,8 @@ public class SpringSecurityAuthorizationPolicy extends IdentifiedType this.authenticationAdapter = adapter; } - public AccessDecisionManager getAccessDecisionManager() { - return accessDecisionManager; + public AuthorizationManager<Exchange> getAuthorizationManager() { + return authorizationManager; } public AuthenticationManager getAuthenticationManager() { @@ -179,14 +174,6 @@ public class SpringSecurityAuthorizationPolicy extends IdentifiedType this.eventPublisher = applicationEventPublisher; } - public void setSpringSecurityAccessPolicy(SpringSecurityAccessPolicy policy) { - this.accessPolicy = policy; - } - - public SpringSecurityAccessPolicy getSpringSecurityAccessPolicy() { - return accessPolicy; - } - public boolean isAlwaysReauthenticate() { return alwaysReauthenticate; } @@ -207,7 +194,7 @@ public class SpringSecurityAuthorizationPolicy extends IdentifiedType this.authenticationManager = newManager; } - public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) { - this.accessDecisionManager = accessDecisionManager; + public void setAuthorizationManager(AuthorizationManager<Exchange> authorizationManager) { + this.authorizationManager = authorizationManager; } } diff --git a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyParser.java b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyParser.java index 236c2ef4fb2..b68c04c643b 100644 --- a/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyParser.java +++ b/components/camel-spring-security/src/main/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyParser.java @@ -18,7 +18,6 @@ package org.apache.camel.component.spring.security.config; import org.w3c.dom.Element; -import org.apache.camel.component.spring.security.SpringSecurityAccessPolicy; import org.apache.camel.component.spring.security.SpringSecurityAuthorizationPolicy; import org.apache.camel.util.ObjectHelper; import org.springframework.beans.factory.support.BeanDefinitionBuilder; @@ -32,7 +31,7 @@ public class SpringSecurityAuthorizationPolicyParser extends BeanDefinitionParse @Override protected boolean isEligibleAttribute(String attributeName) { - if ("access".equals(attributeName) || "accessDecisionManager".equals(attributeName) + if ("access".equals(attributeName) || "authorizationManager".equals(attributeName) || "authenticationManager".equals(attributeName)) { return false; } else { @@ -42,16 +41,11 @@ public class SpringSecurityAuthorizationPolicyParser extends BeanDefinitionParse @Override protected void postProcess(BeanDefinitionBuilder builder, Element element) { - setReferenceIfAttributeDefine(builder, element, "accessDecisionManager"); + setReferenceIfAttributeDefine(builder, element, "authorizationManager"); setReferenceIfAttributeDefine(builder, element, "authenticationManager"); if (ObjectHelper.isNotEmpty(element.getAttribute("authenticationAdapter"))) { builder.addPropertyReference("authenticationAdapter", element.getAttribute("authenticationAdapter")); } - - BeanDefinitionBuilder accessPolicyBuilder = BeanDefinitionBuilder.genericBeanDefinition( - SpringSecurityAccessPolicy.class.getCanonicalName()); - accessPolicyBuilder.addConstructorArgValue(element.getAttribute("access")); - builder.addPropertyValue("springSecurityAccessPolicy", accessPolicyBuilder.getBeanDefinition()); } protected void setReferenceIfAttributeDefine(BeanDefinitionBuilder builder, Element element, String attribute) { diff --git a/components/camel-spring-security/src/main/resources/schema/camel-spring-security.xsd b/components/camel-spring-security/src/main/resources/schema/camel-spring-security.xsd index 1af02c46d59..f5725057bf1 100644 --- a/components/camel-spring-security/src/main/resources/schema/camel-spring-security.xsd +++ b/components/camel-spring-security/src/main/resources/schema/camel-spring-security.xsd @@ -33,10 +33,10 @@ <xsd:complexType> <xsd:attribute name="id" type="xsd:ID" use="required" /> <xsd:attribute name="access" type="xsd:string" /> - <xsd:attribute name="accessDecisionManager" type="xsd:string" /> <xsd:attribute name="authenticationAdapter" type="xsd:string" /> - <xsd:attribute name="authenticationManager" type="xsd:string" /> - <xsd:attribute name="useThreadSecurityContext" type="xsd:boolean" default="true"/> + <xsd:attribute name="authenticationManager" type="xsd:string" /> + <xsd:attribute name="authorizationManager" type="xsd:string" /> + <xsd:attribute name="useThreadSecurityContext" type="xsd:boolean" default="true"/> <xsd:attribute name="alwaysReauthenticate" type="xsd:boolean" default="false"/> </xsd:complexType> </xsd:element> diff --git a/components/camel-spring-security/src/test/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyConfigTest.java b/components/camel-spring-security/src/test/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyConfigTest.java index 4c2ca3bb7e1..06a56e171b6 100644 --- a/components/camel-spring-security/src/test/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyConfigTest.java +++ b/components/camel-spring-security/src/test/java/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicyConfigTest.java @@ -47,18 +47,16 @@ public class SpringSecurityAuthorizationPolicyConfigTest { SpringSecurityAuthorizationPolicy adminPolicy = context.getBean("admin", SpringSecurityAuthorizationPolicy.class); assertNotNull(adminPolicy, "We should get admin policy"); - assertNotNull(adminPolicy.getAccessDecisionManager(), "The accessDecisionManager should not be null"); + assertNotNull(adminPolicy.getAuthorizationManager(), "The authorizationManager should not be null"); assertNotNull(adminPolicy.getAuthenticationManager(), "The authenticationManager should not be null"); - assertNotNull(adminPolicy.getSpringSecurityAccessPolicy(), "The springSecurityAccessPolicy should not be null"); SpringSecurityAuthorizationPolicy userPolicy = context.getBean("user", SpringSecurityAuthorizationPolicy.class); assertNotNull(userPolicy, "We should get user policy"); - assertNotNull(userPolicy.getAccessDecisionManager(), "The accessDecisionManager should not be null"); + assertNotNull(adminPolicy.getAuthorizationManager(), "The authorizationManager should not be null"); assertNotNull(userPolicy.getAuthenticationManager(), "The authenticationManager should not be null"); - assertNotNull(userPolicy.getSpringSecurityAccessPolicy(), "The springSecurityAccessPolicy should not be null"); - assertEquals(adminPolicy.getAccessDecisionManager(), userPolicy.getAccessDecisionManager(), - "user policy and admin policy should have same accessDecisionManager"); + assertEquals(adminPolicy.getAuthorizationManager(), userPolicy.getAuthorizationManager(), + "user policy and admin policy should have same authorizationManager"); assertEquals(adminPolicy.getAuthenticationManager(), userPolicy.getAuthenticationManager(), "user policy and admin policy should have same authenticationManager"); } diff --git a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/SpringSecurityCamelContext.xml b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/SpringSecurityCamelContext.xml index 9248509ab45..701c2a4ca7b 100644 --- a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/SpringSecurityCamelContext.xml +++ b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/SpringSecurityCamelContext.xml @@ -30,9 +30,9 @@ <!-- import the spring security configuration --> <import resource="classpath:org/apache/camel/component/spring/security/commonSecurity.xml"/> - <authorizationPolicy id="admin" access="ROLE_ADMIN" + <authorizationPolicy id="admin" authenticationManager="authenticationManager" - accessDecisionManager="accessDecisionManager" + authorizationManager="authorizationManager" xmlns="http://camel.apache.org/schema/spring-security"/> <camelContext id="myCamelContext" xmlns="http://camel.apache.org/schema/spring"> diff --git a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/commonSecurity.xml b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/commonSecurity.xml index 74286a08f3a..c08bbfa0d0d 100644 --- a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/commonSecurity.xml +++ b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/commonSecurity.xml @@ -26,11 +26,8 @@ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> - <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> - <constructor-arg index="0"> - <bean class="org.springframework.security.access.vote.RoleVoter"/> - </constructor-arg> - <property name="allowIfAllAbstainDecisions" value="true"/> + <bean id="authorizationManager" class=" org.springframework.security.authorization.AuthorityAuthorizationManager"> + <constructor-arg name="authorities" value="ROLE_ADMIN"/> </bean> <spring-security:authentication-manager alias="authenticationManager"> diff --git a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicy.xml b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicy.xml index b854129d1e4..eee09626c05 100644 --- a/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicy.xml +++ b/components/camel-spring-security/src/test/resources/org/apache/camel/component/spring/security/config/SpringSecurityAuthorizationPolicy.xml @@ -30,7 +30,7 @@ <authorizationPolicy id="admin" access="ROLE_ADMIN" authenticationManager="authenticationManager" - accessDecisionManager="accessDecisionManager" + authorizationManager="authorizationManager" xmlns="http://camel.apache.org/schema/spring-security"/> <authorizationPolicy id="user" access="ROLE_USER" diff --git a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_7.adoc b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_7.adoc index 35a0a3ffdea..17db7a4f4da 100644 --- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_7.adoc +++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_7.adoc @@ -10,3 +10,24 @@ from both 4.0 to 4.1 and 4.1 to 4.2. Add default values to `ThrottlingExceptionRoutePolicy` route policy. +=== camel-spring-security + +The `camel-spring-security` component has been updated to improve readiness for Spring Security 7.x. Since Spring Security 5.8 the `AccessDecisionManager` interface and the related cooperating classes have been deprecated in favor of `AuthorizationManager` based patterns. +If you are creating Spring Security route policies in your code, you must now refactor them to be based on an `AuthorizationManager`. + +For example, you might have a route policy defined as follows: +```java +SpringSecurityAuthorizationPolicy authorizationPolicy = new SpringSecurityAuthorizationPolicy(); +authorizationPolicy.setAuthenticationManager(authenticationManager); +authorizationPolicy.setSpringSecurityAccessPolicy(new SpringSecurityAccessPolicy("ROLE_ADMIN")); +authorizationPolicy.setAccessDecisionManager(new AffirmativeBased(Collections.singletonList(new RoleVoter()))); +``` +With the changes implemented in this release, that must be refactored to: +```java +SpringSecurityAuthorizationPolicy authorizationPolicy = new SpringSecurityAuthorizationPolicy(); +authorizationPolicy.setAuthenticationManager(authenticationManager); +authorizationPolicy.setAuthorizationManager(AuthorityAuthorizationManager.hasRole("ADMIN")); +``` +This new pattern supports a more expressive language to define your own authorization rules, exposing the full power of the Spring Security framework to Camel route policies. +See the https://docs.spring.io/spring-security/reference/5.8/migration/servlet/authorization.html#servlet-replace-permissionevaluator-bean-with-methodsecurityexpression-handler[spring documentation] for further details on how to migrate your custom code from `AccessDecisionManager` to `AuthorizationManager`. + diff --git a/tests/camel-itest/src/test/java/org/apache/camel/itest/security/GreeterClientTest.java b/tests/camel-itest/src/test/java/org/apache/camel/itest/security/GreeterClientTest.java index 38bf6f2e553..906199e3035 100644 --- a/tests/camel-itest/src/test/java/org/apache/camel/itest/security/GreeterClientTest.java +++ b/tests/camel-itest/src/test/java/org/apache/camel/itest/security/GreeterClientTest.java @@ -122,7 +122,7 @@ public class GreeterClientTest { "Get a wrong exception message"); assertTrue( ex.getMessage().endsWith( - "Caused by: [org.springframework.security.access.AccessDeniedException - Access is denied]"), + "Caused by: [org.springframework.security.access.AccessDeniedException - Access Denied]"), "Get a wrong exception message"); } } diff --git a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/CxfMessageCamelContext.xml b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/CxfMessageCamelContext.xml index 9b47c2cfb56..740c549d7c4 100644 --- a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/CxfMessageCamelContext.xml +++ b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/CxfMessageCamelContext.xml @@ -34,7 +34,7 @@ <authorizationPolicy id="admin" access="ROLE_ADMIN" authenticationAdapter="myAuthenticationAdapter" authenticationManager="authenticationManager" - accessDecisionManager="accessDecisionManager" + authorizationManager="authorizationManager" xmlns="http://camel.apache.org/schema/spring-security"/> <bean id="myAuthenticationAdapter" class="org.apache.camel.itest.security.MyAuthenticationAdapter"/> diff --git a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/camel-context.xml b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/camel-context.xml index ce00be31c5f..0b843eb4f6f 100644 --- a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/camel-context.xml +++ b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/camel-context.xml @@ -31,10 +31,10 @@ <!-- import the spring security configuration --> <import resource="classpath:org/apache/camel/itest/security/commonSecurity.xml"/> - <authorizationPolicy id="admin" access="ROLE_ADMIN" + <authorizationPolicy id="admin" authenticationAdapter="myAuthenticationAdapter" authenticationManager="authenticationManager" - accessDecisionManager="accessDecisionManager" + authorizationManager="authorizationManager" xmlns="http://camel.apache.org/schema/spring-security"/> <bean id="myAuthenticationAdapter" class="org.apache.camel.itest.security.MyAuthenticationAdapter"/> diff --git a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/commonSecurity.xml b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/commonSecurity.xml index d75cc2ef0ba..54cf44943a1 100644 --- a/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/commonSecurity.xml +++ b/tests/camel-itest/src/test/resources/org/apache/camel/itest/security/commonSecurity.xml @@ -32,11 +32,8 @@ </spring-security:authentication-provider> </spring-security:authentication-manager> - <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> - <constructor-arg index="0"> - <bean class="org.springframework.security.access.vote.RoleVoter"/> - </constructor-arg> - <property name="allowIfAllAbstainDecisions" value="true"/> + <bean id="authorizationManager" class=" org.springframework.security.authorization.AuthorityAuthorizationManager"> + <constructor-arg name="authorities" value="ROLE_ADMIN"/> </bean> <bean id="passwordEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder"/>