Este contenido no está disponible en el idioma seleccionado.
Chapter 241. Netty HTTP Component (deprecated)
Available as of Camel version 2.12
The netty-http component is an extension to Netty component to facilitiate HTTP transport with Netty.
This camel component supports both producer and consumer endpoints.
This component is deprecated. You should use Netty4 HTTP.
INFO: Stream. Netty is stream based, which means the input it receives is submitted to Camel as a stream. That means you will only be able to read the content of the stream once. If you find a situation where the message body appears to be empty or you need to access the data multiple times (eg: doing multicasting, or redelivery error handling) you should use Stream caching or convert the message body to a String
which is safe to be re-read multiple times. Notice Netty4 HTTP reads the entire stream into memory using io.netty.handler.codec.http.HttpObjectAggregator
to build the entire full http message. But the resulting message is still a stream based message which is readable once.
Maven users will need to add the following dependency to their pom.xml
for this component:
<dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-netty-http</artifactId> <version>x.x.x</version> <!-- use the same version as your Camel core version --> </dependency>
241.1. URI format
The URI scheme for a netty component is as follows
netty-http:http://localhost:8080[?options]
You can append query options to the URI in the following format, ?option=value&option=value&…
INFO: Query parameters vs endpoint options. You may be wondering how Camel recognizes URI query parameters and endpoint options. For example you might create endpoint URI as follows - netty-http:http//example.com?myParam=myValue&compression=true
. In this example myParam
is the HTTP parameter, while compression
is the Camel endpoint option. The strategy used by Camel in such situations is to resolve available endpoint options and remove them from the URI. It means that for the discussed example, the HTTP request sent by Netty HTTP producer to the endpoint will look as follows - http//example.com?myParam=myValue
, because compression
endpoint option will be resolved and removed from the target URL. Keep also in mind that you cannot specify endpoint options using dynamic headers (like CamelHttpQuery
). Endpoint options can be specified only at the endpoint URI definition level (like to
or from
DSL elements).
241.2. HTTP Options
INFO: A lot more options. Important: This component inherits all the options from Netty. So make sure to look at the Netty documentation as well.
Notice that some options from Netty is not applicable when using this Netty HTTP component, such as options related to UDP transport.
The Netty HTTP component supports 7 options which are listed below.
Name | Description | Default | Type |
---|---|---|---|
nettyHttpBinding (advanced) | To use a custom org.apache.camel.component.netty.http.NettyHttpBinding for binding to/from Netty and Camel Message API. | NettyHttpBinding | |
configuration (common) | To use the NettyConfiguration as configuration when creating endpoints. | NettyHttpConfiguration | |
headerFilterStrategy (advanced) | To use a custom org.apache.camel.spi.HeaderFilterStrategy to filter headers. | HeaderFilterStrategy | |
securityConfiguration (security) | Refers to a org.apache.camel.component.netty.http.NettyHttpSecurityConfiguration for configuring secure web resources. | NettyHttpSecurity Configuration | |
useGlobalSslContext Parameters (security) | Enable usage of global SSL context parameters. | false | boolean |
maximumPoolSize (advanced) | The core pool size for the ordered thread pool, if its in use. The default value is 16. | 16 | int |
resolveProperty Placeholders (advanced) | Whether the component should resolve property placeholders on itself when starting. Only properties which are of String type can use property placeholders. | true | boolean |
The Netty HTTP endpoint is configured using URI syntax:
netty-http:protocol:host:port/path
with the following path and query parameters:
241.2.1. Path Parameters (4 parameters):
Name | Description | Default | Type |
---|---|---|---|
protocol | Required The protocol to use which is either http or https | String | |
host | Required The local hostname such as localhost, or 0.0.0.0 when being a consumer. The remote HTTP server hostname when using producer. | String | |
port | The host port number | int | |
path | Resource path | String |
241.2.2. Query Parameters (78 parameters):
Name | Description | Default | Type |
---|---|---|---|
bridgeEndpoint (common) | If the option is true, the producer will ignore the Exchange.HTTP_URI header, and use the endpoint’s URI for request. You may also set the throwExceptionOnFailure to be false to let the producer send all the fault response back. The consumer working in the bridge mode will skip the gzip compression and WWW URL form encoding (by adding the Exchange.SKIP_GZIP_ENCODING and Exchange.SKIP_WWW_FORM_URLENCODED headers to the consumed exchange). | false | boolean |
disconnect (common) | Whether or not to disconnect(close) from Netty Channel right after use. Can be used for both consumer and producer. | false | boolean |
keepAlive (common) | Setting to ensure socket is not closed due to inactivity | true | boolean |
reuseAddress (common) | Setting to facilitate socket multiplexing | true | boolean |
sync (common) | Setting to set endpoint as one-way or request-response | true | boolean |
tcpNoDelay (common) | Setting to improve TCP protocol performance | true | boolean |
bridgeErrorHandler (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean |
matchOnUriPrefix (consumer) | Whether or not Camel should try to find a target consumer by matching the URI prefix if no exact match is found. | false | boolean |
send503whenSuspended (consumer) | Whether to send back HTTP status code 503 when the consumer has been suspended. If the option is false then the Netty Acceptor is unbound when the consumer is suspended, so clients cannot connect anymore. | true | boolean |
backlog (consumer) | Allows to configure a backlog for netty consumer (server). Note the backlog is just a best effort depending on the OS. Setting this option to a value such as 200, 500 or 1000, tells the TCP stack how long the accept queue can be If this option is not configured, then the backlog depends on OS setting. | int | |
bossCount (consumer) | When netty works on nio mode, it uses default bossCount parameter from Netty, which is 1. User can use this operation to override the default bossCount from Netty | 1 | int |
bossPool (consumer) | To use a explicit org.jboss.netty.channel.socket.nio.BossPool as the boss thread pool. For example to share a thread pool with multiple consumers. By default each consumer has their own boss pool with 1 core thread. | BossPool | |
channelGroup (consumer) | To use a explicit ChannelGroup. | ChannelGroup | |
chunkedMaxContentLength (consumer) | Value in bytes the max content length per chunked frame received on the Netty HTTP server. | 1048576 | int |
compression (consumer) | Allow using gzip/deflate for compression on the Netty HTTP server if the client supports it from the HTTP headers. | false | boolean |
disableStreamCache (consumer) | Determines whether or not the raw input stream from Netty HttpRequestgetContent() is cached or not (Camel will read the stream into a in light-weight memory based Stream caching) cache. By default Camel will cache the Netty input stream to support reading it multiple times to ensure it Camel can retrieve all data from the stream. However you can set this option to true when you for example need to access the raw stream, such as streaming it directly to a file or other persistent store. Mind that if you enable this option, then you cannot read the Netty stream multiple times out of the box, and you would need manually to reset the reader index on the Netty raw stream. | false | boolean |
disconnectOnNoReply (consumer) | If sync is enabled then this option dictates NettyConsumer if it should disconnect where there is no reply to send back. | true | boolean |
exceptionHandler (consumer) | To let the consumer use a custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this options is not in use. By default the consumer will deal with exceptions, that will be logged at WARN or ERROR level and ignored. | ExceptionHandler | |
exchangePattern (consumer) | Sets the exchange pattern when the consumer creates an exchange. | ExchangePattern | |
httpMethodRestrict (consumer) | To disable HTTP methods on the Netty HTTP consumer. You can specify multiple separated by comma. | String | |
mapHeaders (consumer) | If this option is enabled, then during binding from Netty to Camel Message then the headers will be mapped as well (eg added as header to the Camel Message as well). You can turn off this option to disable this. The headers can still be accessed from the org.apache.camel.component.netty.http.NettyHttpMessage message with the method getHttpRequest() that returns the Netty HTTP request org.jboss.netty.handler.codec.http.HttpRequest instance. | true | boolean |
maxChannelMemorySize (consumer) | The maximum total size of the queued events per channel when using orderedThreadPoolExecutor. Specify 0 to disable. | 10485760 | long |
maxHeaderSize (consumer) | The maximum length of all headers. If the sum of the length of each header exceeds this value, a TooLongFrameException will be raised. | 8192 | int |
maxTotalMemorySize (consumer) | The maximum total size of the queued events for this pool when using orderedThreadPoolExecutor. Specify 0 to disable. | 209715200 | long |
nettyServerBootstrapFactory (consumer) | To use a custom NettyServerBootstrapFactory | NettyServerBootstrap Factory | |
nettySharedHttpServer (consumer) | To use a shared Netty HTTP server. See Netty HTTP Server Example for more details. | NettySharedHttpServer | |
noReplyLogLevel (consumer) | If sync is enabled this option dictates NettyConsumer which logging level to use when logging a there is no reply to send back. | WARN | LoggingLevel |
orderedThreadPoolExecutor (consumer) | Whether to use ordered thread pool, to ensure events are processed orderly on the same channel. See details at the netty javadoc of org.jboss.netty.handler.execution.OrderedMemoryAwareThreadPoolExecutor for more details. | true | boolean |
serverClosedChannel ExceptionCaughtLogLevel (consumer) | If the server (NettyConsumer) catches an java.nio.channels.ClosedChannelException then its logged using this logging level. This is used to avoid logging the closed channel exceptions, as clients can disconnect abruptly and then cause a flood of closed exceptions in the Netty server. | DEBUG | LoggingLevel |
serverExceptionCaughtLog Level (consumer) | If the server (NettyConsumer) catches an exception then its logged using this logging level. | WARN | LoggingLevel |
serverPipelineFactory (consumer) | To use a custom ServerPipelineFactory | ServerPipelineFactory | |
traceEnabled (consumer) | Specifies whether to enable HTTP TRACE for this Netty HTTP consumer. By default TRACE is turned off. | false | boolean |
urlDecodeHeaders (consumer) | If this option is enabled, then during binding from Netty to Camel Message then the header values will be URL decoded (eg %20 will be a space character. Notice this option is used by the default org.apache.camel.component.netty.http.NettyHttpBinding and therefore if you implement a custom org.apache.camel.component.netty.http.NettyHttpBinding then you would need to decode the headers accordingly to this option. | false | boolean |
workerCount (consumer) | When netty works on nio mode, it uses default workerCount parameter from Netty, which is cpu_core_threads2. User can use this operation to override the default workerCount from Netty | int | |
workerPool (consumer) | To use a explicit org.jboss.netty.channel.socket.nio.WorkerPool as the worker thread pool. For example to share a thread pool with multiple consumers. By default each consumer has their own worker pool with 2 x cpu count core threads. | WorkerPool | |
connectTimeout (producer) | Time to wait for a socket connection to be available. Value is in millis. | 10000 | long |
requestTimeout (producer) | Allows to use a timeout for the Netty producer when calling a remote server. By default no timeout is in use. The value is in milli seconds, so eg 30000 is 30 seconds. The requestTimeout is using Netty’s ReadTimeoutHandler to trigger the timeout. | long | |
throwExceptionOnFailure (producer) | Option to disable throwing the HttpOperationFailedException in case of failed responses from the remote server. This allows you to get all responses regardless of the HTTP status code. | true | boolean |
clientPipelineFactory (producer) | To use a custom ClientPipelineFactory | ClientPipelineFactory | |
lazyChannelCreation (producer) | Channels can be lazily created to avoid exceptions, if the remote server is not up and running when the Camel producer is started. | true | boolean |
okStatusCodeRange (producer) | The status codes which are considered a success response. The values are inclusive. Multiple ranges can be defined, separated by comma, e.g. 200-204,209,301-304. Each range must be a single number or from-to with the dash included. The default range is 200-299 | 200-299 | String |
producerPoolEnabled (producer) | Whether producer pool is enabled or not. Important: Do not turn this off, as the pooling is needed for handling concurrency and reliable request/reply. | true | boolean |
producerPoolMaxActive (producer) | Sets the cap on the number of objects that can be allocated by the pool (checked out to clients, or idle awaiting checkout) at a given time. Use a negative value for no limit. | -1 | int |
producerPoolMaxIdle (producer) | Sets the cap on the number of idle instances in the pool. | 100 | int |
producerPoolMinEvictable Idle (producer) | Sets the minimum amount of time (value in millis) an object may sit idle in the pool before it is eligible for eviction by the idle object evictor. | 300000 | long |
producerPoolMinIdle (producer) | Sets the minimum number of instances allowed in the producer pool before the evictor thread (if active) spawns new objects. | int | |
useChannelBuffer (producer) | If the useChannelBuffer is true, netty producer will turn the message body into ChannelBuffer before sending it out. | false | boolean |
useRelativePath (producer) | Sets whether to use a relative path in HTTP requests. Some third party backend systems such as IBM Datapower do not support absolute URIs in HTTP POSTs, and setting this option to true can work around this problem. | false | boolean |
bootstrapConfiguration (advanced) | To use a custom configured NettyServerBootstrapConfiguration for configuring this endpoint. | NettyServerBootstrap Configuration | |
configuration (advanced) | To use a custom configured NettyHttpConfiguration for configuring this endpoint. | NettyHttpConfiguration | |
headerFilterStrategy (advanced) | To use a custom org.apache.camel.spi.HeaderFilterStrategy to filter headers. | HeaderFilterStrategy | |
nettyHttpBinding (advanced) | To use a custom org.apache.camel.component.netty.http.NettyHttpBinding for binding to/from Netty and Camel Message API. | NettyHttpBinding | |
options (advanced) | Allows to configure additional netty options using option. as prefix. For example option.child.keepAlive=false to set the netty option child.keepAlive=false. See the Netty documentation for possible options that can be used. | Map | |
receiveBufferSize (advanced) | The TCP/UDP buffer sizes to be used during inbound communication. Size is bytes. | 65536 | long |
receiveBufferSizePredictor (advanced) | Configures the buffer size predictor. See details at Jetty documentation and this mail thread. | int | |
sendBufferSize (advanced) | The TCP/UDP buffer sizes to be used during outbound communication. Size is bytes. | 65536 | long |
synchronous (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean |
transferException (advanced) | If enabled and an Exchange failed processing on the consumer side, and if the caused Exception was send back serialized in the response as a application/x-java-serialized-object content type. On the producer side the exception will be deserialized and thrown as is, instead of the HttpOperationFailedException. The caused exception is required to be serialized. This is by default turned off. If you enable this then be aware that Java will deserialize the incoming data from the request to Java and that can be a potential security risk. | false | boolean |
transferExchange (advanced) | Only used for TCP. You can transfer the exchange over the wire instead of just the body. The following fields are transferred: In body, Out body, fault body, In headers, Out headers, fault headers, exchange properties, exchange exception. This requires that the objects are serializable. Camel will exclude any non-serializable objects and log it at WARN level. | false | boolean |
decoder (codec) | Deprecated To use a single decoder. This options is deprecated use encoders instead. | ChannelHandler | |
decoders (codec) | A list of decoders to be used. You can use a String which have values separated by comma, and have the values be looked up in the Registry. Just remember to prefix the value with so Camel knows it should lookup. | String | |
encoder (codec) | Deprecated To use a single encoder. This options is deprecated use encoders instead. | ChannelHandler | |
encoders (codec) | A list of encoders to be used. You can use a String which have values separated by comma, and have the values be looked up in the Registry. Just remember to prefix the value with so Camel knows it should lookup. | String | |
enabledProtocols (security) | Which protocols to enable when using SSL | TLSv1,TLSv1.1,TLSv1.2 | String |
keyStoreFile (security) | Client side certificate keystore to be used for encryption | File | |
keyStoreFormat (security) | Keystore format to be used for payload encryption. Defaults to JKS if not set | JKS | String |
keyStoreResource (security) | Client side certificate keystore to be used for encryption. Is loaded by default from classpath, but you can prefix with classpath:, file:, or http: to load the resource from different systems. | String | |
needClientAuth (security) | Configures whether the server needs client authentication when using SSL. | false | boolean |
passphrase (security) | Password setting to use in order to encrypt/decrypt payloads sent using SSH | String | |
securityConfiguration (security) | Refers to a org.apache.camel.component.netty.http.NettyHttpSecurityConfiguration for configuring secure web resources. | NettyHttpSecurity Configuration | |
securityOptions (security) | To configure NettyHttpSecurityConfiguration using key/value pairs from the map | Map | |
securityProvider (security) | Security provider to be used for payload encryption. Defaults to SunX509 if not set. | SunX509 | String |
ssl (security) | Setting to specify whether SSL encryption is applied to this endpoint | false | boolean |
sslClientCertHeaders (security) | When enabled and in SSL mode, then the Netty consumer will enrich the Camel Message with headers having information about the client certificate such as subject name, issuer name, serial number, and the valid date range. | false | boolean |
sslContextParameters (security) | To configure security using SSLContextParameters | SSLContextParameters | |
sslHandler (security) | Reference to a class that could be used to return an SSL Handler | SslHandler | |
trustStoreFile (security) | Server side certificate keystore to be used for encryption | File | |
trustStoreResource (security) | Server side certificate keystore to be used for encryption. Is loaded by default from classpath, but you can prefix with classpath:, file:, or http: to load the resource from different systems. | String |
241.3. Message Headers
The following headers can be used on the producer to control the HTTP request.
Name | Type | Description |
---|---|---|
|
|
Allow to control what HTTP method to use such as GET, POST, TRACE etc. The type can also be a |
|
|
Allows to provide URI query parameters as a |
|
|
Camel 2.13.1/2.12.4: Allows to provide URI context-path and query parameters as a |
|
|
To set the content-type of the HTTP body. For example: |
|
| Allows to set the HTTP Status code to use. By default 200 is used for success, and 500 for failure. |
The following headers is provided as meta-data when a route starts from an Netty HTTP endpoint:
The description in the table takes offset in a route having: from("netty-http:http:0.0.0.0:8080/myapp")…
Name | Type | Description |
---|---|---|
|
| The HTTP method used, such as GET, POST, TRACE etc. |
|
| The URL including protocol, host and port, etc |
|
| The URI without protocol, host and port, etc |
|
|
Any query parameters, such as |
|
|
Camel 2.13.0: Any query parameters, such as |
|
|
Additional context-path. This value is empty if the client called the context-path |
|
| The charset from the content-type header. |
|
|
If the user was authenticated using HTTP Basic then this header is added with the value |
|
|
The content type if provided. For example: |
241.4. Access to Netty types
This component uses the org.apache.camel.component.netty.http.NettyHttpMessage
as the message implementation on the Exchange. This allows end users to get access to the original Netty request/response instances if needed, as shown below. Mind that the original response may not be accessible at all times.
org.jboss.netty.handler.codec.http.HttpRequest request = exchange.getIn(NettyHttpMessage.class).getHttpRequest();
241.5. Examples
In the route below we use Netty HTTP as a HTTP server, which returns back a hardcoded "Bye World" message.
from("netty-http:http://0.0.0.0:8080/foo") .transform().constant("Bye World");
And we can call this HTTP server using Camel also, with the ProducerTemplate as shown below:
String out = template.requestBody("netty-http:http://localhost:8080/foo", "Hello World", String.class); System.out.println(out);
And we get back "Bye World" as the output.
241.6. How do I let Netty match wildcards
By default Netty HTTP will only match on exact uri’s. But you can instruct Netty to match prefixes. For example
from("netty-http:http://0.0.0.0:8123/foo").to("mock:foo");
In the route above Netty HTTP will only match if the uri is an exact match, so it will match if you enter
http://0.0.0.0:8123/foo
but not match if you do http://0.0.0.0:8123/foo/bar
.
So if you want to enable wildcard matching you do as follows:
from("netty-http:http://0.0.0.0:8123/foo?matchOnUriPrefix=true").to("mock:foo");
So now Netty matches any endpoints with starts with foo
.
To match any endpoint you can do:
from("netty-http:http://0.0.0.0:8123?matchOnUriPrefix=true").to("mock:foo");
241.7. Using multiple routes with same port
In the same CamelContext you can have multiple routes from Netty HTTP that shares the same port (eg a org.jboss.netty.bootstrap.ServerBootstrap
instance). Doing this requires a number of bootstrap options to be identical in the routes, as the routes will share the same org.jboss.netty.bootstrap.ServerBootstrap
instance. The instance will be configured with the options from the first route created.
The options the routes must be identical configured is all the options defined in the org.apache.camel.component.netty.NettyServerBootstrapConfiguration
configuration class. If you have configured another route with different options, Camel will throw an exception on startup, indicating the options is not identical. To mitigate this ensure all options is identical.
Here is an example with two routes that share the same port.
Two routes sharing the same port
from("netty-http:http://0.0.0.0:{{port}}/foo") .to("mock:foo") .transform().constant("Bye World"); from("netty-http:http://0.0.0.0:{{port}}/bar") .to("mock:bar") .transform().constant("Bye Camel");
And here is an example of a mis configured 2nd route that do not have identical org.apache.camel.component.netty.NettyServerBootstrapConfiguration
option as the 1st route. This will cause Camel to fail on startup.
Two routes sharing the same port, but the 2nd route is misconfigured and will fail on starting
from("netty-http:http://0.0.0.0:{{port}}/foo") .to("mock:foo") .transform().constant("Bye World"); // we cannot have a 2nd route on same port with SSL enabled, when the 1st route is NOT from("netty-http:http://0.0.0.0:{{port}}/bar?ssl=true") .to("mock:bar") .transform().constant("Bye Camel");
241.7.1. Reusing same server bootstrap configuration with multiple routes
By configuring the common server bootstrap option in an single instance of a org.apache.camel.component.netty.NettyServerBootstrapConfiguration
type, we can use the bootstrapConfiguration
option on the Netty HTTP consumers to refer and reuse the same options across all consumers.
<bean id="nettyHttpBootstrapOptions" class="org.apache.camel.component.netty.NettyServerBootstrapConfiguration"> <property name="backlog" value="200"/> <property name="connectTimeout" value="20000"/> <property name="workerCount" value="16"/> </bean>
And in the routes you refer to this option as shown below
<route> <from uri="netty-http:http://0.0.0.0:{{port}}/foo?bootstrapConfiguration=#nettyHttpBootstrapOptions"/> ... </route> <route> <from uri="netty-http:http://0.0.0.0:{{port}}/bar?bootstrapConfiguration=#nettyHttpBootstrapOptions"/> ... </route> <route> <from uri="netty-http:http://0.0.0.0:{{port}}/beer?bootstrapConfiguration=#nettyHttpBootstrapOptions"/> ... </route>
241.7.2. Reusing same server bootstrap configuration with multiple routes across multiple bundles in OSGi container
See the Netty HTTP Server Example for more details and example how to do that.
241.8. Using HTTP Basic Authentication
The Netty HTTP consumer supports HTTP basic authentication by specifying the security realm name to use, as shown below
<route> <from uri="netty-http:http://0.0.0.0:{{port}}/foo?securityConfiguration.realm=karaf"/> ... </route>
The realm name is mandatory to enable basic authentication. By default the JAAS based authenticator is used, which will use the realm name specified (karaf in the example above) and use the JAAS realm and the JAAS \{{LoginModule}}s of this realm for authentication.
End user of Apache Karaf / ServiceMix has a karaf realm out of the box, and hence why the example above would work out of the box in these containers.
241.8.1. Specifying ACL on web resources
The org.apache.camel.component.netty.http.SecurityConstraint
allows to define constrains on web resources. And the org.apache.camel.component.netty.http.SecurityConstraintMapping
is provided out of the box, allowing to easily define inclusions and exclusions with roles.
For example as shown below in the XML DSL, we define the constraint bean:
<bean id="constraint" class="org.apache.camel.component.netty.http.SecurityConstraintMapping"> <!-- inclusions defines url -> roles restrictions --> <!-- a * should be used for any role accepted (or even no roles) --> <property name="inclusions"> <map> <entry key="/*" value="*"/> <entry key="/admin/*" value="admin"/> <entry key="/guest/*" value="admin,guest"/> </map> </property> <!-- exclusions is used to define public urls, which requires no authentication --> <property name="exclusions"> <set> <value>/public/*</value> </set> </property> </bean>
The constraint above is define so that
- access to /* is restricted and any roles is accepted (also if user has no roles)
- access to /admin/* requires the admin role
- access to /guest/* requires the admin or guest role
- access to /public/* is an exclusion which means no authentication is needed, and is therefore public for everyone without logging in
To use this constraint we just need to refer to the bean id as shown below:
<route> <from uri="netty-http:http://0.0.0.0:{{port}}/foo?matchOnUriPrefix=true&securityConfiguration.realm=karaf&securityConfiguration.securityConstraint=#constraint"/> ... </route>