Chapter 6. Configuring Transport Security for Camel Components
Abstract
Camel provides the Java Secure Socket Extension (JSSE) Utility API as a common way to configure Camel components to use Transport Layer Security (TLS). The main JSSE utility class is
org.apache.util.jsse.SSLContextParameters
. To configure TLS settings, you pass an instance of this class to a Camel component. You can configure an SSLContextParameters
object by using pure Java or by using Spring or Blueprint XML.
The following code is an example of using Spring XML to configure an
SSLContextParameters
object:
<sslContextParameters id="sslContextParameters" xmlns="http://camel.apache.org/schema/spring"> <keyManagers keyPassword="secret1"> <keyStore resource="./my_keystore.jks" password="secret2" /> </keyManagers> <trustManagers> <keyStore resource="./my_truststore.jks" password="secret2" /> </trustManagers> </sslContextParameters>
This shows the toplevel
sslContextParameters
element with keyManagers
and trustManagers
child elements. The keyManagers
element configures the key store while the trustManagers
element configures the trust store. For details about key stores and trust stores, see the Apache Camel documentation for the JSSE utility.
With this in place, you can reference the
sslContextParameters
bean in your endpoint URI. The following route runs a netty4
HTTPS endpoint. The ssl
option is required. For example:
<route> <from uri="netty4:https://localhost:8080/early?sslContextParametersRef=#sslContextParameters&ssl=true"/> <transform> <constant>Hi</constant> </transform> </route>
The following code provides an example of how to configure transport security in Java:
@Override protected JndiRegistry createRegistry() throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource("./my_keystore.jks"); ksp.setPassword("secret1"); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword("secret2"); kmp.setKeyStore(ksp); KeyStoreParameters tsp = new KeyStoreParameters(); tsp.setResource("./my_truststore.jks"); tsp.setPassword("secret2"); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(tsp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); JndiRegistry registry = super.createRegistry(); registry.bind("sslContextParameters", sslContextParameters); return registry; }
The Java route for a
netty4
HTTPS endpoint looks like the following. The ssl
option is required.
from("netty4:https://localhost:8080/early?sslContextParametersRef= #sslContextParameters&ssl=true").transform().constant("Hi");
In Camel, to call these HTTPS endpoints, also provide the
sslContextParameters
object that contains a trusted certificate. The following example reuses the server sslContextParameters
object. In this example, the URI syntax is the same for the producer. For example:
String reply = template.requestBody( "netty4:https://localhost:8080/early?ssl=true&sslContextParametersRef= sslContextParameters", "Hi Camel!", String.class);
If you do not provide an
sslContextParameters
object that contains a valid trust store then the server does not allow a connection and Camel throws an execution exception - CamelExecutionException
.