Hi,
You can make the above route control even more fine-grained as following
Instead of zone1 and zone2 you can add company:zone1 and company:zone2...
In this case the above example could also authorize that the overall route
itself & also fine grain access to approved company employees.
Note that admin and poweruser will have access to both routes...
Cheers,
Ashwin...
-----------------------------------------------------------------------
List<Permission> permissionsList = new ArrayList<Permission>();
Permission permission = new WildcardPermission("company:*");
permissionsList.add(permission);
final ShiroSecurityPolicy companyPolicy = new
ShiroSecurityPolicy("./src/test/resources/securityconfig.ini", passPhrase,
true, permissionsList);
List<Permission> permissionsList = new ArrayList<Permission>();
Permission permission = new WildcardPermission("company:zone1:*");
permissionsList.add(permission);
final ShiroSecurityPolicy routeXPolicy = new
ShiroSecurityPolicy("./src/test/resources/securityconfig.ini", passPhrase,
true, permissionsList);
permissionsList = new ArrayList<Permission>();
permission = new WildcardPermission("company:zone2:*");
permissionsList.add(permission);
final ShiroSecurityPolicy routeYPolicy = new
ShiroSecurityPolicy("./src/test/resources/securityconfig.ini", passPhrase,
true, permissionsList);
RouteBuilder builder = new RouteBuilder() {
public void configure() {
onException(CamelAuthorizationException.class)
.to("mock:authorizationException");
from("seda:a")
.policy(companyPolicy)
.choice()
.when(header("foo").isEqualTo("bar"))
.policy(routeXPolicy)
.to("seda:b")
.when(header("foo").isEqualTo("cheese"))
.policy(routeYpolicy)
.to("seda:c")
.otherwise()
.to("mock:error");
}
};
-------- securityConfig.ini ------------
[users]
# user 'ringo' with password 'starr' and the 'rte-X-access' role
ringo = starr, rte-X-access
# user 'george' with password 'harrison' and the 'rte-X-access' role
george = harrison, rte-X-access
# user 'john' with password 'lennon' and the 'rte-Y-access' role
john = lennon, rte-Y-access
# user 'paul' with password 'mccartney' and the 'rte-Y-access' role
paul = mccartney, rte-Y-access
# user 'root' with password 'secret' and the 'admin' role
root = secret, admin
# user 'poweruser' with password 'secret' and the 'poweruser' role
poweruser = secret, admin
[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
admin = *
# 'poweruser' role has all permissions, indicated by the wildcard '*'
poweruser = company:*
# 'rte-X-access' role has all permissions, indicated by the wildcard '*'
rte-X-access = company:zone1:*
# 'rte-Y-access' role has all permissions, indicated by the wildcard '*'
rte-Y-access = company:zone2:*
----------------------------------------
-----
---------------------------------------------------------
Ashwin Karpe
Apache Camel Committer & Sr Principal Consultant
FUSESource (a Progress Software Corporation subsidiary)
http://fusesource.com
Blog: http://opensourceknowledge.blogspot.com
---------------------------------------------------------
--
View this message in context:
http://camel.465427.n5.nabble.com/Is-anyone-really-using-shiro-framework-with-camel-tp5573583p5578489.html
Sent from the Camel - Users mailing list archive at Nabble.com.
