keycloak-scim/securing_apps/topics/oidc/java/fuse7/camel.adoc


[[_fuse7_adapter_camel]]
===== Securing an Apache Camel Application

You can secure Apache Camel endpoints implemented with the https://camel.apache.org/components/next/undertow-component.html[camel-undertow] component by injecting the proper security constraints via blueprint and updating the used component to `undertow-keycloak`. You have to add the `OSGI-INF/blueprint/blueprint.xml` file to your Camel application with a similar configuration as below. The roles, security constraint mappings, and adapter configuration might differ slightly depending on your environment and needs.

Compared to the standard `undertow` component, `undertow-keycloak` component adds two new properties:

- `configResolver` is a resolver bean that supplies {project_name} adapter
  configuration. Available resolvers are listed in <<_fuse7_config_external_adapter,Configuration Resolvers>> section.
- `allowedRoles` is a comma-separated list of roles. User accessing the service has to have at least one role to be permitted the access.

For example:

[source,xml]
----
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:camel="http://camel.apache.org/schema/blueprint"
           xsi:schemaLocation="
       http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
       http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint-2.17.1.xsd">

    <bean id="keycloakConfigResolver" class="org.keycloak.adapters.osgi.BundleBasedKeycloakConfigResolver" >
        <property name="bundleContext" ref="blueprintBundleContext" />
    </bean>

    <bean id="helloProcessor" class="org.keycloak.example.CamelHelloProcessor" />

    <camelContext id="blueprintContext"
                  trace="false"
                  xmlns="http://camel.apache.org/schema/blueprint">

        <route id="httpBridge">
            <from uri="undertow-keycloak:http://0.0.0.0:8383/admin-camel-endpoint?matchOnUriPrefix=true&amp;configResolver=#keycloakConfigResolver&amp;allowedRoles=admin" />
            <process ref="helloProcessor" />
            <log message="The message from camel endpoint contains ${body}"/>
        </route>

    </camelContext>

</blueprint>
----


* The `Import-Package` in `META-INF/MANIFEST.MF` needs to contain these imports:

[source, subs="attributes"]
----
javax.servlet;version="[3,4)",
javax.servlet.http;version="[3,4)",
javax.net.ssl,
org.apache.camel.*,
org.apache.camel;version="[2.13,3)",
io.undertow.*,
org.keycloak.*;version="{project_versionMvn}",
org.osgi.service.blueprint,
org.osgi.service.blueprint.container
----

===== Camel RestDSL

Camel RestDSL is a Camel feature used to define your REST endpoints in a fluent way. But you must still use specific implementation classes and provide instructions on how to integrate with {project_name}.

The way to configure the integration mechanism depends on the Camel component for which you configure your RestDSL-defined routes.

The following example shows how to configure integration using the `undertow-keycloak` component, with references to some of the beans defined in previous Blueprint example.

[source,xml]
----
<camelContext id="blueprintContext"
              trace="false"
              xmlns="http://camel.apache.org/schema/blueprint">

    <!--the link with Keycloak security handlers happens by using undertow-keycloak component -->
    <restConfiguration apiComponent="undertow-keycloak" contextPath="/restdsl" port="8484">
        <endpointProperty key="configResolver" value="#keycloakConfigResolver" />
        <endpointProperty key="allowedRoles" value="admin,superadmin" />
    </restConfiguration>

    <rest path="/hello" >
        <description>Hello rest service</description>
        <get uri="/{id}" outType="java.lang.String">
            <description>Just a hello</description>
            <to uri="direct:justDirect" />
        </get>

    </rest>

    <route id="justDirect">
        <from uri="direct:justDirect"/>
        <process ref="helloProcessor" />
        <log message="RestDSL correctly invoked ${body}"/>
        <setBody>
            <constant>(__This second sentence is returned from a Camel RestDSL endpoint__)</constant>
        </setBody>
    </route>

</camelContext>

----
KEYCLOAK-7413 Fuse 7 documentation (#401) 2018-06-12 07:49:39 +00:00
Revert "fixed Wildfly mentions and faulty links with underscores" This reverts commit 1ecbc1ba14075203af437295927699adf84cc428. 2019-01-21 17:01:40 +00:00			`[[_fuse7_adapter_camel]]`
KEYCLOAK-7413 Fuse 7 documentation (#401) 2018-06-12 07:49:39 +00:00			`===== Securing an Apache Camel Application`

KEYCLOAK-19144 [PR] fixing broken links 2021-11-04 15:51:59 +00:00			You can secure Apache Camel endpoints implemented with the https://camel.apache.org/components/next/undertow-component.html[camel-undertow] component by injecting the proper security constraints via blueprint and updating the used component to `undertow-keycloak`. You have to add the `OSGI-INF/blueprint/blueprint.xml` file to your Camel application with a similar configuration as below. The roles, security constraint mappings, and adapter configuration might differ slightly depending on your environment and needs.
KEYCLOAK-7413 Fuse 7 documentation (#401) 2018-06-12 07:49:39 +00:00
			Compared to the standard `undertow` component, `undertow-keycloak` component adds two new properties:

KEYCLOAK-7703 Documentation for HierarchicalPathBasedKeycloakConfigResolver 2018-07-18 15:19:09 +00:00			- `configResolver` is a resolver bean that supplies {project_name} adapter
			`configuration. Available resolvers are listed in <<_fuse7_config_external_adapter,Configuration Resolvers>> section.`
KEYCLOAK-7413 Fuse 7 documentation (#401) 2018-06-12 07:49:39 +00:00			- `allowedRoles` is a comma-separated list of roles. User accessing the service has to have at least one role to be permitted the access.

			`For example:`

			`[source,xml]`
			`----`
			`<?xml version="1.0" encoding="UTF-8"?>`
			`<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"`
			`xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"`
			`xmlns:camel="http://camel.apache.org/schema/blueprint"`
			`xsi:schemaLocation="`
			`http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd`
			`http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint-2.17.1.xsd">`

			`<bean id="keycloakConfigResolver" class="org.keycloak.adapters.osgi.BundleBasedKeycloakConfigResolver" >`
			`<property name="bundleContext" ref="blueprintBundleContext" />`
			`</bean>`

			`<bean id="helloProcessor" class="org.keycloak.example.CamelHelloProcessor" />`

			`<camelContext id="blueprintContext"`
			`trace="false"`
			`xmlns="http://camel.apache.org/schema/blueprint">`

			`<route id="httpBridge">`
			`<from uri="undertow-keycloak:http://0.0.0.0:8383/admin-camel-endpoint?matchOnUriPrefix=true&configResolver=#keycloakConfigResolver&allowedRoles=admin" />`
			`<process ref="helloProcessor" />`
			`<log message="The message from camel endpoint contains ${body}"/>`
			`</route>`

			`</camelContext>`

			`</blueprint>`
			`----`


			* The `Import-Package` in `META-INF/MANIFEST.MF` needs to contain these imports:

			`[source, subs="attributes"]`
			`----`
			`javax.servlet;version="[3,4)",`
			`javax.servlet.http;version="[3,4)",`
			`javax.net.ssl,`
			`org.apache.camel.*,`
			`org.apache.camel;version="[2.13,3)",`
			`io.undertow.*,`
			`org.keycloak.*;version="{project_versionMvn}",`
			`org.osgi.service.blueprint,`
			`org.osgi.service.blueprint.container`
			`----`

			`===== Camel RestDSL`

			`Camel RestDSL is a Camel feature used to define your REST endpoints in a fluent way. But you must still use specific implementation classes and provide instructions on how to integrate with {project_name}.`

			`The way to configure the integration mechanism depends on the Camel component for which you configure your RestDSL-defined routes.`

			The following example shows how to configure integration using the `undertow-keycloak` component, with references to some of the beans defined in previous Blueprint example.

			`[source,xml]`
			`----`
			`<camelContext id="blueprintContext"`
			`trace="false"`
			`xmlns="http://camel.apache.org/schema/blueprint">`

			`<!--the link with Keycloak security handlers happens by using undertow-keycloak component -->`
			`<restConfiguration apiComponent="undertow-keycloak" contextPath="/restdsl" port="8484">`
			`<endpointProperty key="configResolver" value="#keycloakConfigResolver" />`
			`<endpointProperty key="allowedRoles" value="admin,superadmin" />`
			`</restConfiguration>`

			`<rest path="/hello" >`
			`<description>Hello rest service</description>`
			`<get uri="/{id}" outType="java.lang.String">`
			`<description>Just a hello</description>`
			`<to uri="direct:justDirect" />`
			`</get>`

			`</rest>`

			`<route id="justDirect">`
			`<from uri="direct:justDirect"/>`
			`<process ref="helloProcessor" />`
			`<log message="RestDSL correctly invoked ${body}"/>`
			`<setBody>`
			`<constant>(__This second sentence is returned from a Camel RestDSL endpoint__)</constant>`
			`</setBody>`
			`</route>`

			`</camelContext>`

			`----`