keycloak-scim/securing_apps/topics/oidc/java/fuse/camel.adoc

[[_fuse_adapter_camel]]

===== Apache Camel Application

* You can secure your Apache camel endpoint using http://camel.apache.org/jetty.html[camel-jetty] component by adding securityHandler with `KeycloakJettyAuthenticator` and
proper security constraints injected. You can add file `OSGI-INF/blueprint/blueprint.xml` into your camel application with the configuration similar to below.
The roles, security constraint mappings and {{book.project.name}} adapter configuration may be a bit different according to your environment and needs:

[source,xml]
----
<?xml version="1.0" encoding="UTF-8"?>

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:camel="http://camel.apache.org/schema/blueprint"
           xsi:schemaLocation="
       http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
       http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">

    <bean id="kcAdapterConfig" class="org.keycloak.representations.adapters.config.AdapterConfig">
        <property name="realm" value="demo"/>
        <property name="resource" value="admin-camel-endpoint"/>
        <property name="bearerOnly" value="true"/>
        <property name="authServerUrl" value="http://localhost:8080/auth" />
        <property name="sslRequired" value="EXTERNAL"/>
    </bean>

    <bean id="keycloakAuthenticator" class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
        <property name="adapterConfig" ref="kcAdapterConfig"/>
    </bean>

    <bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">
        <property name="name" value="Customers"/>
        <property name="roles">
            <list>
                <value>admin</value>
            </list>
        </property>
        <property name="authenticate" value="true"/>
        <property name="dataConstraint" value="0"/>
    </bean>

    <bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
        <property name="constraint" ref="constraint"/>
        <property name="pathSpec" value="/*"/>
    </bean>

    <bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
        <property name="authenticator" ref="keycloakAuthenticator" />
        <property name="constraintMappings">
            <list>
                <ref component-id="constraintMapping" />
            </list>
        </property>
        <property name="authMethod" value="BASIC"/>
        <property name="realmName" value="does-not-matter"/>
    </bean>

    <bean id="sessionHandler" class="org.keycloak.adapters.jetty.spi.WrappingSessionHandler">
        <property name="handler" ref="securityHandler" />
    </bean>

    <bean id="helloProcessor" class="org.keycloak.example.CamelHelloProcessor" />

    <camelContext id="blueprintContext"
                  trace="false"
                  xmlns="http://camel.apache.org/schema/blueprint">
        <route id="httpBridge">
            <from uri="jetty:http://0.0.0.0:8383/admin-camel-endpoint?handlers=sessionHandler&amp;matchOnUriPrefix=true" />
            <process ref="helloProcessor" />
            <log message="The message from camel endpoint contains ${body}"/>
        </route>
    </camelContext>

</blueprint>
----


* The `Import-Package` in `META-INF/MANIFEST.MF` needs to contain those imports:

[source, subs="attributes"]
----
javax.servlet;version="[3,4)",
javax.servlet.http;version="[3,4)",
org.apache.camel.*,
org.apache.camel;version="[2.13,3)",
org.eclipse.jetty.security;version="[8,10)",
org.eclipse.jetty.server.nio;version="[8,10)",
org.eclipse.jetty.util.security;version="[8,10)",
org.keycloak.*;version="{{book.project.versionMvn}}",
org.osgi.service.blueprint,
org.osgi.service.blueprint.container,
org.osgi.service.event,
----

===== Camel RestDSL

Camel RestDSL is a Camel feature to define your REST endpoints in a fluent way.
But under the hood, the capability to provide all this magic, is still demanded to specific implementation classes and
you have to instruct them on how to integrate with {{book.project.name}}.

The way to configure the integration mechanism depends on the Camel component that you configure your RestDSL defined routes to work with.

This is an example that show how to do it while using Jetty engine, with reference to some beans defined in the example above.

[source,xml]
----
<bean id="securityHandlerRest" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
    <property name="authenticator" ref="keycloakAuthenticator" />
    <property name="constraintMappings">
        <list>
            <ref component-id="constraintMapping" />
        </list>
    </property>
    <property name="authMethod" value="BASIC"/>
    <property name="realmName" value="does-not-matter"/>
</bean>

<bean id="sessionHandlerRest" class="org.keycloak.adapters.jetty.spi.WrappingSessionHandler">
    <property name="handler" ref="securityHandlerRest" />
</bean>


<camelContext id="blueprintContext"
              trace="false"
              xmlns="http://camel.apache.org/schema/blueprint">

    <restConfiguration component="jetty" contextPath="/restdsl"
                       port="8484">
        <!--the link with Keycloak security handlers happens here-->
        <endpointProperty key="handlers" value="sessionHandlerRest"></endpointProperty>
        <endpointProperty key="matchOnUriPrefix" value="true"></endpointProperty>
    </restConfiguration>

    <rest path="/hello" >
        <description>Hello rest service</description>
        <get uri="/{id}" outType="java.lang.String">
            <description>Just an helllo</description>
            <to uri="direct:justDirect" />
        </get>

    </rest>

    <route id="justDirect">
        <from uri="direct:justDirect"/>
        <process ref="helloProcessor" />
        <log message="RestDSL correctly invoked ${body}"/>
        <setBody>
            <constant>(__This second sentence is returned from a Camel RestDSL endpoint__)</constant>
        </setBody>
    </route>

</camelContext>

----
More Fuse adapter documentation. Remove references to Apache Karaf 2016-06-03 13:09:26 +00:00			`[[_fuse_adapter_camel]]`
added extra - to last XML example 2016-11-30 12:56:49 +00:00
Fix headers in oidc chapter 2016-06-09 13:12:10 +00:00			`===== Apache Camel Application`
More Fuse adapter documentation. Remove references to Apache Karaf 2016-06-03 13:09:26 +00:00
			* You can secure your Apache camel endpoint using http://camel.apache.org/jetty.html[camel-jetty] component by adding securityHandler with `KeycloakJettyAuthenticator` and
			proper security constraints injected. You can add file `OSGI-INF/blueprint/blueprint.xml` into your camel application with the configuration similar to below.
			`The roles, security constraint mappings and {{book.project.name}} adapter configuration may be a bit different according to your environment and needs:`

			`[source,xml]`
			`----`
			`<?xml version="1.0" encoding="UTF-8"?>`

			`<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"`
			`xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"`
			`xmlns:camel="http://camel.apache.org/schema/blueprint"`
			`xsi:schemaLocation="`
			`http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd`
			`http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">`

			`<bean id="kcAdapterConfig" class="org.keycloak.representations.adapters.config.AdapterConfig">`
			`<property name="realm" value="demo"/>`
			`<property name="resource" value="admin-camel-endpoint"/>`
			`<property name="bearerOnly" value="true"/>`
			`<property name="authServerUrl" value="http://localhost:8080/auth" />`
			`<property name="sslRequired" value="EXTERNAL"/>`
			`</bean>`

			`<bean id="keycloakAuthenticator" class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">`
			`<property name="adapterConfig" ref="kcAdapterConfig"/>`
			`</bean>`

			`<bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">`
			`<property name="name" value="Customers"/>`
			`<property name="roles">`
			`<list>`
			`<value>admin</value>`
			`</list>`
			`</property>`
			`<property name="authenticate" value="true"/>`
			`<property name="dataConstraint" value="0"/>`
			`</bean>`

			`<bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">`
			`<property name="constraint" ref="constraint"/>`
			`<property name="pathSpec" value="/*"/>`
			`</bean>`

			`<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">`
			`<property name="authenticator" ref="keycloakAuthenticator" />`
			`<property name="constraintMappings">`
			`<list>`
			`<ref component-id="constraintMapping" />`
			`</list>`
			`</property>`
			`<property name="authMethod" value="BASIC"/>`
			`<property name="realmName" value="does-not-matter"/>`
			`</bean>`

			`<bean id="sessionHandler" class="org.keycloak.adapters.jetty.spi.WrappingSessionHandler">`
			`<property name="handler" ref="securityHandler" />`
			`</bean>`

			`<bean id="helloProcessor" class="org.keycloak.example.CamelHelloProcessor" />`

			`<camelContext id="blueprintContext"`
			`trace="false"`
			`xmlns="http://camel.apache.org/schema/blueprint">`
			`<route id="httpBridge">`
			`<from uri="jetty:http://0.0.0.0:8383/admin-camel-endpoint?handlers=sessionHandler&matchOnUriPrefix=true" />`
			`<process ref="helloProcessor" />`
			`<log message="The message from camel endpoint contains ${body}"/>`
			`</route>`
			`</camelContext>`

			`</blueprint>`
			`----`


			* The `Import-Package` in `META-INF/MANIFEST.MF` needs to contain those imports:
Fix attr substitution in source blocks 2016-06-09 12:54:13 +00:00
			`[source, subs="attributes"]`
More Fuse adapter documentation. Remove references to Apache Karaf 2016-06-03 13:09:26 +00:00			`----`
			`javax.servlet;version="[3,4)",`
			`javax.servlet.http;version="[3,4)",`
			`org.apache.camel.*,`
			`org.apache.camel;version="[2.13,3)",`
			`org.eclipse.jetty.security;version="[8,10)",`
			`org.eclipse.jetty.server.nio;version="[8,10)",`
			`org.eclipse.jetty.util.security;version="[8,10)",`
Added mvn version 2016-06-13 11:02:36 +00:00			`org.keycloak.*;version="{{book.project.versionMvn}}",`
More Fuse adapter documentation. Remove references to Apache Karaf 2016-06-03 13:09:26 +00:00			`org.osgi.service.blueprint,`
			`org.osgi.service.blueprint.container,`
			`org.osgi.service.event,`
			`----`

KEYCLOAK-3678 - Docs - Added Camel RestDSL 2016-11-22 16:43:27 +00:00			`===== Camel RestDSL`

			`Camel RestDSL is a Camel feature to define your REST endpoints in a fluent way.`
			`But under the hood, the capability to provide all this magic, is still demanded to specific implementation classes and`
KEYCLOAK-3956 Update fuse documentation. Added docs for Hawtio 2016-11-24 15:48:35 +00:00			`you have to instruct them on how to integrate with {{book.project.name}}.`
KEYCLOAK-3678 - Docs - Added Camel RestDSL 2016-11-22 16:43:27 +00:00
			`The way to configure the integration mechanism depends on the Camel component that you configure your RestDSL defined routes to work with.`

			`This is an example that show how to do it while using Jetty engine, with reference to some beans defined in the example above.`

			`[source,xml]`
			`----`
			`<bean id="securityHandlerRest" class="org.eclipse.jetty.security.ConstraintSecurityHandler">`
			`<property name="authenticator" ref="keycloakAuthenticator" />`
			`<property name="constraintMappings">`
			`<list>`
			`<ref component-id="constraintMapping" />`
			`</list>`
			`</property>`
			`<property name="authMethod" value="BASIC"/>`
			`<property name="realmName" value="does-not-matter"/>`
			`</bean>`

			`<bean id="sessionHandlerRest" class="org.keycloak.adapters.jetty.spi.WrappingSessionHandler">`
			`<property name="handler" ref="securityHandlerRest" />`
			`</bean>`


			`<camelContext id="blueprintContext"`
			`trace="false"`
			`xmlns="http://camel.apache.org/schema/blueprint">`

			`<restConfiguration component="jetty" contextPath="/restdsl"`
			`port="8484">`
			`<!--the link with Keycloak security handlers happens here-->`
			`<endpointProperty key="handlers" value="sessionHandlerRest"></endpointProperty>`
			`<endpointProperty key="matchOnUriPrefix" value="true"></endpointProperty>`
			`</restConfiguration>`

			`<rest path="/hello" >`
			`<description>Hello rest service</description>`
			`<get uri="/{id}" outType="java.lang.String">`
			`<description>Just an helllo</description>`
			`<to uri="direct:justDirect" />`
			`</get>`

			`</rest>`

			`<route id="justDirect">`
			`<from uri="direct:justDirect"/>`
			`<process ref="helloProcessor" />`
			`<log message="RestDSL correctly invoked ${body}"/>`
			`<setBody>`
			`<constant>(__This second sentence is returned from a Camel RestDSL endpoint__)</constant>`
			`</setBody>`
			`</route>`

			`</camelContext>`

added extra - to last XML example 2016-11-30 12:56:49 +00:00			`----`