I’ve pushed a sample test application onto github (https://github.com/RovoMe/camel-rest-dsl-with-spring-security <https://github.com/RovoMe/camel-rest-dsl-with-spring-security>) where I want to integrate AWS XRay servlet filter for any inbound or outbound traffic. Spring Security offers the WebSecurityConfigurerAdapter as web.xml replacement where you can define security policies on certain endpoints using the configure(HttpSecurity) method. This also allows to add custom servlet filters via addFilterBefore or addFilterAfter.
However, the current approach Camel uses ist to declare security on routes via SpringSecurityAuthrizationPolicy, which also requires a bean prior to the declared policy which actually sets the Authentication object in the headers (i.e. https://github.com/RovoMe/camel-rest-dsl-with-spring-security/blob/master/src/main/java/at/rovo/awsxray/routes/api/SampleFileRoute.java#L42-L43 <https://github.com/RovoMe/camel-rest-dsl-with-spring-security/blob/master/src/main/java/at/rovo/awsxray/routes/api/SampleFileRoute.java#L42-L43>). This approach does not use a web.xml (or its Java based configuration) and thus does not invoke any of the filters defined in the web.xml/WebSecurityConfigurerAdapter if a Jetty endpoint exposed via the REST DSL is invoked, even though the beans and filters are initialised at startup. Is there a way to add a custom servlet filters to Camel routes exposed via REST DSL/Jetty or define the security policies via the Spring Security approach similar to https://github.com/RovoMe/camel-rest-dsl-with-spring-security/blob/master/src/main/java/at/rovo/awsxray/config/SpringSecurityConfig.java#L67-L72 <https://github.com/RovoMe/camel-rest-dsl-with-spring-security/blob/master/src/main/java/at/rovo/awsxray/config/SpringSecurityConfig.java#L67-L72> directly?
