104 lines
4.6 KiB
Text
104 lines
4.6 KiB
Text
|
|
||
|
[[_fuse7_adapter_camel]]
|
||
|
===== Securing an Apache Camel Application
|
||
|
|
||
|
You can secure Apache Camel endpoints implemented with the http://camel.apache.org/undertow.html[camel-undertow] component by injecting the proper security constraints via blueprint and updating the used component to `undertow-keycloak`. You have to add the `OSGI-INF/blueprint/blueprint.xml` file to your Camel application with a similar configuration as below. The roles and security constraint mappings, and adapter configuration might differ slightly depending on your environment and needs.
|
||
|
|
||
|
Compared to the standard `undertow` component, `undertow-keycloak` component adds two new properties:
|
||
|
|
||
|
- `configResolver` is a bean that supplies {project_name} configuration file to:
|
||
|
- `org.keycloak.adapters.osgi.BundleBasedKeycloakConfigResolver`: the {project_name} adapter configuration will be looked up inside the bundle and should be stored in `WEB-INF/keycloak.json` file.
|
||
|
- `org.keycloak.adapters.osgi.PathBasedKeycloakConfigResolver`: the {project_name} adapter configuration will be looked up as described in <<_fuse7_config_external_adapter,External adapter configuration>>.
|
||
|
- `allowedRoles` is a comma-separated list of roles. User accessing the service has to have at least one role to be permitted the access.
|
||
|
|
||
|
For example:
|
||
|
|
||
|
[source,xml]
|
||
|
----
|
||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
|
||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
|
xmlns:camel="http://camel.apache.org/schema/blueprint"
|
||
|
xsi:schemaLocation="
|
||
|
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
|
||
|
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint-2.17.1.xsd">
|
||
|
|
||
|
<bean id="keycloakConfigResolver" class="org.keycloak.adapters.osgi.BundleBasedKeycloakConfigResolver" >
|
||
|
<property name="bundleContext" ref="blueprintBundleContext" />
|
||
|
</bean>
|
||
|
|
||
|
<bean id="helloProcessor" class="org.keycloak.example.CamelHelloProcessor" />
|
||
|
|
||
|
<camelContext id="blueprintContext"
|
||
|
trace="false"
|
||
|
xmlns="http://camel.apache.org/schema/blueprint">
|
||
|
|
||
|
<route id="httpBridge">
|
||
|
<from uri="undertow-keycloak:http://0.0.0.0:8383/admin-camel-endpoint?matchOnUriPrefix=true&configResolver=#keycloakConfigResolver&allowedRoles=admin" />
|
||
|
<process ref="helloProcessor" />
|
||
|
<log message="The message from camel endpoint contains ${body}"/>
|
||
|
</route>
|
||
|
|
||
|
</camelContext>
|
||
|
|
||
|
</blueprint>
|
||
|
----
|
||
|
|
||
|
|
||
|
* The `Import-Package` in `META-INF/MANIFEST.MF` needs to contain these imports:
|
||
|
|
||
|
[source, subs="attributes"]
|
||
|
----
|
||
|
javax.servlet;version="[3,4)",
|
||
|
javax.servlet.http;version="[3,4)",
|
||
|
javax.net.ssl,
|
||
|
org.apache.camel.*,
|
||
|
org.apache.camel;version="[2.13,3)",
|
||
|
io.undertow.*,
|
||
|
org.keycloak.*;version="{project_versionMvn}",
|
||
|
org.osgi.service.blueprint,
|
||
|
org.osgi.service.blueprint.container
|
||
|
----
|
||
|
|
||
|
===== Camel RestDSL
|
||
|
|
||
|
Camel RestDSL is a Camel feature used to define your REST endpoints in a fluent way. But you must still use specific implementation classes and provide instructions on how to integrate with {project_name}.
|
||
|
|
||
|
The way to configure the integration mechanism depends on the Camel component for which you configure your RestDSL-defined routes.
|
||
|
|
||
|
The following example shows how to configure integration using the `undertow-keycloak` component, with references to some of the beans defined in previous Blueprint example.
|
||
|
|
||
|
[source,xml]
|
||
|
----
|
||
|
<camelContext id="blueprintContext"
|
||
|
trace="false"
|
||
|
xmlns="http://camel.apache.org/schema/blueprint">
|
||
|
|
||
|
<!--the link with Keycloak security handlers happens by using undertow-keycloak component -->
|
||
|
<restConfiguration apiComponent="undertow-keycloak" contextPath="/restdsl" port="8484">
|
||
|
<endpointProperty key="configResolver" value="#keycloakConfigResolver" />
|
||
|
<endpointProperty key="allowedRoles" value="admin,superadmin" />
|
||
|
</restConfiguration>
|
||
|
|
||
|
<rest path="/hello" >
|
||
|
<description>Hello rest service</description>
|
||
|
<get uri="/{id}" outType="java.lang.String">
|
||
|
<description>Just a hello</description>
|
||
|
<to uri="direct:justDirect" />
|
||
|
</get>
|
||
|
|
||
|
</rest>
|
||
|
|
||
|
<route id="justDirect">
|
||
|
<from uri="direct:justDirect"/>
|
||
|
<process ref="helloProcessor" />
|
||
|
<log message="RestDSL correctly invoked ${body}"/>
|
||
|
<setBody>
|
||
|
<constant>(__This second sentence is returned from a Camel RestDSL endpoint__)</constant>
|
||
|
</setBody>
|
||
|
</route>
|
||
|
|
||
|
</camelContext>
|
||
|
|
||
|
----
|