96 lines
3.9 KiB
Text
96 lines
3.9 KiB
Text
|
|
[[_fuse_adapter_camel]]
|
|
===== Apache Camel Application
|
|
|
|
* You can secure your Apache camel endpoint using http://camel.apache.org/jetty.html[camel-jetty] component by adding securityHandler with `KeycloakJettyAuthenticator` and
|
|
proper security constraints injected. You can add file `OSGI-INF/blueprint/blueprint.xml` into your camel application with the configuration similar to below.
|
|
The roles, security constraint mappings and {{book.project.name}} adapter configuration may be a bit different according to your environment and needs:
|
|
|
|
[source,xml]
|
|
----
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xmlns:camel="http://camel.apache.org/schema/blueprint"
|
|
xsi:schemaLocation="
|
|
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
|
|
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
|
|
|
|
<bean id="kcAdapterConfig" class="org.keycloak.representations.adapters.config.AdapterConfig">
|
|
<property name="realm" value="demo"/>
|
|
<property name="resource" value="admin-camel-endpoint"/>
|
|
<property name="realmKey" value="MIGfMA0G..."/>
|
|
<property name="bearerOnly" value="true"/>
|
|
<property name="authServerUrl" value="http://localhost:8080/auth" />
|
|
<property name="sslRequired" value="EXTERNAL"/>
|
|
</bean>
|
|
|
|
<bean id="keycloakAuthenticator" class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
|
<property name="adapterConfig" ref="kcAdapterConfig"/>
|
|
</bean>
|
|
|
|
<bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">
|
|
<property name="name" value="Customers"/>
|
|
<property name="roles">
|
|
<list>
|
|
<value>admin</value>
|
|
</list>
|
|
</property>
|
|
<property name="authenticate" value="true"/>
|
|
<property name="dataConstraint" value="0"/>
|
|
</bean>
|
|
|
|
<bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
|
|
<property name="constraint" ref="constraint"/>
|
|
<property name="pathSpec" value="/*"/>
|
|
</bean>
|
|
|
|
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
|
|
<property name="authenticator" ref="keycloakAuthenticator" />
|
|
<property name="constraintMappings">
|
|
<list>
|
|
<ref component-id="constraintMapping" />
|
|
</list>
|
|
</property>
|
|
<property name="authMethod" value="BASIC"/>
|
|
<property name="realmName" value="does-not-matter"/>
|
|
</bean>
|
|
|
|
<bean id="sessionHandler" class="org.keycloak.adapters.jetty.spi.WrappingSessionHandler">
|
|
<property name="handler" ref="securityHandler" />
|
|
</bean>
|
|
|
|
<bean id="helloProcessor" class="org.keycloak.example.CamelHelloProcessor" />
|
|
|
|
<camelContext id="blueprintContext"
|
|
trace="false"
|
|
xmlns="http://camel.apache.org/schema/blueprint">
|
|
<route id="httpBridge">
|
|
<from uri="jetty:http://0.0.0.0:8383/admin-camel-endpoint?handlers=sessionHandler&matchOnUriPrefix=true" />
|
|
<process ref="helloProcessor" />
|
|
<log message="The message from camel endpoint contains ${body}"/>
|
|
</route>
|
|
</camelContext>
|
|
|
|
</blueprint>
|
|
----
|
|
|
|
|
|
* The `Import-Package` in `META-INF/MANIFEST.MF` needs to contain those imports:
|
|
|
|
[source, subs="attributes"]
|
|
----
|
|
javax.servlet;version="[3,4)",
|
|
javax.servlet.http;version="[3,4)",
|
|
org.apache.camel.*,
|
|
org.apache.camel;version="[2.13,3)",
|
|
org.eclipse.jetty.security;version="[8,10)",
|
|
org.eclipse.jetty.server.nio;version="[8,10)",
|
|
org.eclipse.jetty.util.security;version="[8,10)",
|
|
org.keycloak.*;version="{{book.project.versionMvn}}",
|
|
org.osgi.service.blueprint,
|
|
org.osgi.service.blueprint.container,
|
|
org.osgi.service.event,
|
|
----
|
|
|