Este contenido no está disponible en el idioma seleccionado.
Chapter 243. Netty4 HTTP Component
Available as of Camel version 2.14
The netty4-http component is an extension to Netty4 component to facilitiate HTTP transport with Netty4.
This camel component supports both producer and consumer endpoints.
INFO: Stream. Netty is stream based, which means the input it receives is submitted to Camel as a stream. That means you will only be able to read the content of the stream once. If you find a situation where the message body appears to be empty or you need to access the data multiple times (eg: doing multicasting, or redelivery error handling) you should use Stream caching or convert the message body to a String
which is safe to be re-read multiple times. Notice Netty4 HTTP reads the entire stream into memory using io.netty.handler.codec.http.HttpObjectAggregator
to build the entire full http message. But the resulting message is still a stream based message which is readable once.
Maven users will need to add the following dependency to their pom.xml
for this component:
<dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-netty4-http</artifactId> <version>x.x.x</version> <!-- use the same version as your Camel core version --> </dependency>
243.1. URI format
The URI scheme for a netty component is as follows
netty4-http:http://localhost:8080[?options]
You can append query options to the URI in the following format, ?option=value&option=value&…
INFO: Query parameters vs endpoint options. You may be wondering how Camel recognizes URI query parameters and endpoint options. For example you might create endpoint URI as follows - netty4-http:http//example.com?myParam=myValue&compression=true
. In this example myParam
is the HTTP parameter, while compression
is the Camel endpoint option. The strategy used by Camel in such situations is to resolve available endpoint options and remove them from the URI. It means that for the discussed example, the HTTP request sent by Netty HTTP producer to the endpoint will look as follows - http//example.com?myParam=myValue
, because compression
endpoint option will be resolved and removed from the target URL. Keep also in mind that you cannot specify endpoint options using dynamic headers (like CamelHttpQuery
). Endpoint options can be specified only at the endpoint URI definition level (like to
or from
DSL elements).
243.2. HTTP Options
INFO: A lot more options. Important: This component inherits all the options from Netty4. So make sure to look at the Netty4 documentation as well.
Notice that some options from Netty4 is not applicable when using this Netty4 HTTP component, such as options related to UDP transport.
The Netty4 HTTP component supports 8 options which are listed below.
Name | Description | Default | Type |
---|---|---|---|
nettyHttpBinding (advanced) | To use a custom org.apache.camel.component.netty4.http.NettyHttpBinding for binding to/from Netty and Camel Message API. | NettyHttpBinding | |
configuration (common) | To use the NettyConfiguration as configuration when creating endpoints. | NettyHttpConfiguration | |
headerFilterStrategy (advanced) | To use a custom org.apache.camel.spi.HeaderFilterStrategy to filter headers. | HeaderFilterStrategy | |
securityConfiguration (security) | Refers to a org.apache.camel.component.netty4.http.NettyHttpSecurityConfiguration for configuring secure web resources. | NettyHttpSecurity Configuration | |
useGlobalSslContext Parameters (security) | Enable usage of global SSL context parameters. | false | boolean |
maximumPoolSize (advanced) | The thread pool size for the EventExecutorGroup if its in use. The default value is 16. | 16 | int |
executorService (advanced) | To use the given EventExecutorGroup | EventExecutorGroup | |
resolveProperty Placeholders (advanced) | Whether the component should resolve property placeholders on itself when starting. Only properties which are of String type can use property placeholders. | true | boolean |
The Netty4 HTTP endpoint is configured using URI syntax:
netty4-http:protocol:host:port/path
with the following path and query parameters:
243.2.1. Path Parameters (4 parameters):
Name | Description | Default | Type |
---|---|---|---|
protocol | Required The protocol to use which is either http or https | String | |
host | Required The local hostname such as localhost, or 0.0.0.0 when being a consumer. The remote HTTP server hostname when using producer. | String | |
port | The host port number | int | |
path | Resource path | String |
243.2.2. Query Parameters (79 parameters):
Name | Description | Default | Type |
---|---|---|---|
bridgeEndpoint (common) | If the option is true, the producer will ignore the Exchange.HTTP_URI header, and use the endpoint’s URI for request. You may also set the throwExceptionOnFailure to be false to let the producer send all the fault response back. The consumer working in the bridge mode will skip the gzip compression and WWW URL form encoding (by adding the Exchange.SKIP_GZIP_ENCODING and Exchange.SKIP_WWW_FORM_URLENCODED headers to the consumed exchange). | false | boolean |
disconnect (common) | Whether or not to disconnect(close) from Netty Channel right after use. Can be used for both consumer and producer. | false | boolean |
keepAlive (common) | Setting to ensure socket is not closed due to inactivity | true | boolean |
reuseAddress (common) | Setting to facilitate socket multiplexing | true | boolean |
reuseChannel (common) | This option allows producers and consumers (in client mode) to reuse the same Netty Channel for the lifecycle of processing the Exchange. This is useful if you need to call a server multiple times in a Camel route and want to use the same network connection. When using this the channel is not returned to the connection pool until the Exchange is done; or disconnected if the disconnect option is set to true. The reused Channel is stored on the Exchange as an exchange property with the key link NettyConstantsNETTY_CHANNEL which allows you to obtain the channel during routing and use it as well. | false | boolean |
sync (common) | Setting to set endpoint as one-way or request-response | true | boolean |
tcpNoDelay (common) | Setting to improve TCP protocol performance | true | boolean |
bridgeErrorHandler (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean |
matchOnUriPrefix (consumer) | Whether or not Camel should try to find a target consumer by matching the URI prefix if no exact match is found. | false | boolean |
send503whenSuspended (consumer) | Whether to send back HTTP status code 503 when the consumer has been suspended. If the option is false then the Netty Acceptor is unbound when the consumer is suspended, so clients cannot connect anymore. | true | boolean |
backlog (consumer) | Allows to configure a backlog for netty consumer (server). Note the backlog is just a best effort depending on the OS. Setting this option to a value such as 200, 500 or 1000, tells the TCP stack how long the accept queue can be If this option is not configured, then the backlog depends on OS setting. | int | |
bossCount (consumer) | When netty works on nio mode, it uses default bossCount parameter from Netty, which is 1. User can use this operation to override the default bossCount from Netty | 1 | int |
bossGroup (consumer) | Set the BossGroup which could be used for handling the new connection of the server side across the NettyEndpoint | EventLoopGroup | |
chunkedMaxContentLength (consumer) | Value in bytes the max content length per chunked frame received on the Netty HTTP server. | 1048576 | int |
compression (consumer) | Allow using gzip/deflate for compression on the Netty HTTP server if the client supports it from the HTTP headers. | false | boolean |
disconnectOnNoReply (consumer) | If sync is enabled then this option dictates NettyConsumer if it should disconnect where there is no reply to send back. | true | boolean |
exceptionHandler (consumer) | To let the consumer use a custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this options is not in use. By default the consumer will deal with exceptions, that will be logged at WARN or ERROR level and ignored. | ExceptionHandler | |
exchangePattern (consumer) | Sets the exchange pattern when the consumer creates an exchange. | ExchangePattern | |
httpMethodRestrict (consumer) | To disable HTTP methods on the Netty HTTP consumer. You can specify multiple separated by comma. | String | |
mapHeaders (consumer) | If this option is enabled, then during binding from Netty to Camel Message then the headers will be mapped as well (eg added as header to the Camel Message as well). You can turn off this option to disable this. The headers can still be accessed from the org.apache.camel.component.netty.http.NettyHttpMessage message with the method getHttpRequest() that returns the Netty HTTP request io.netty.handler.codec.http.HttpRequest instance. | true | boolean |
maxHeaderSize (consumer) | The maximum length of all headers. If the sum of the length of each header exceeds this value, a io.netty.handler.codec.TooLongFrameException will be raised. | 8192 | int |
nettyServerBootstrapFactory (consumer) | To use a custom NettyServerBootstrapFactory | NettyServerBootstrap Factory | |
nettySharedHttpServer (consumer) | To use a shared Netty HTTP server. See Netty HTTP Server Example for more details. | NettySharedHttpServer | |
noReplyLogLevel (consumer) | If sync is enabled this option dictates NettyConsumer which logging level to use when logging a there is no reply to send back. | WARN | LoggingLevel |
serverClosedChannel ExceptionCaughtLogLevel (consumer) | If the server (NettyConsumer) catches an java.nio.channels.ClosedChannelException then its logged using this logging level. This is used to avoid logging the closed channel exceptions, as clients can disconnect abruptly and then cause a flood of closed exceptions in the Netty server. | DEBUG | LoggingLevel |
serverExceptionCaughtLog Level (consumer) | If the server (NettyConsumer) catches an exception then its logged using this logging level. | WARN | LoggingLevel |
serverInitializerFactory (consumer) | To use a custom ServerInitializerFactory | ServerInitializer Factory | |
traceEnabled (consumer) | Specifies whether to enable HTTP TRACE for this Netty HTTP consumer. By default TRACE is turned off. | false | boolean |
urlDecodeHeaders (consumer) | If this option is enabled, then during binding from Netty to Camel Message then the header values will be URL decoded (eg %20 will be a space character. Notice this option is used by the default org.apache.camel.component.netty.http.NettyHttpBinding and therefore if you implement a custom org.apache.camel.component.netty4.http.NettyHttpBinding then you would need to decode the headers accordingly to this option. | false | boolean |
usingExecutorService (consumer) | Whether to use ordered thread pool, to ensure events are processed orderly on the same channel. | true | boolean |
connectTimeout (producer) | Time to wait for a socket connection to be available. Value is in millis. | 10000 | int |
cookieHandler (producer) | Configure a cookie handler to maintain a HTTP session | CookieHandler | |
requestTimeout (producer) | Allows to use a timeout for the Netty producer when calling a remote server. By default no timeout is in use. The value is in milli seconds, so eg 30000 is 30 seconds. The requestTimeout is using Netty’s ReadTimeoutHandler to trigger the timeout. | long | |
throwExceptionOnFailure (producer) | Option to disable throwing the HttpOperationFailedException in case of failed responses from the remote server. This allows you to get all responses regardless of the HTTP status code. | true | boolean |
clientInitializerFactory (producer) | To use a custom ClientInitializerFactory | ClientInitializer Factory | |
lazyChannelCreation (producer) | Channels can be lazily created to avoid exceptions, if the remote server is not up and running when the Camel producer is started. | true | boolean |
okStatusCodeRange (producer) | The status codes which are considered a success response. The values are inclusive. Multiple ranges can be defined, separated by comma, e.g. 200-204,209,301-304. Each range must be a single number or from-to with the dash included. The default range is 200-299 | 200-299 | String |
producerPoolEnabled (producer) | Whether producer pool is enabled or not. Important: If you turn this off then a single shared connection is used for the producer, also if you are doing request/reply. That means there is a potential issue with interleaved responses if replies comes back out-of-order. Therefore you need to have a correlation id in both the request and reply messages so you can properly correlate the replies to the Camel callback that is responsible for continue processing the message in Camel. To do this you need to implement NettyCamelStateCorrelationManager as correlation manager and configure it via the correlationManager option. See also the correlationManager option for more details. | true | boolean |
producerPoolMaxActive (producer) | Sets the cap on the number of objects that can be allocated by the pool (checked out to clients, or idle awaiting checkout) at a given time. Use a negative value for no limit. | -1 | int |
producerPoolMaxIdle (producer) | Sets the cap on the number of idle instances in the pool. | 100 | int |
producerPoolMinEvictable Idle (producer) | Sets the minimum amount of time (value in millis) an object may sit idle in the pool before it is eligible for eviction by the idle object evictor. | 300000 | long |
producerPoolMinIdle (producer) | Sets the minimum number of instances allowed in the producer pool before the evictor thread (if active) spawns new objects. | int | |
useRelativePath (producer) | Sets whether to use a relative path in HTTP requests. | false | boolean |
allowSerializedHeaders (advanced) | Only used for TCP when transferExchange is true. When set to true, serializable objects in headers and properties will be added to the exchange. Otherwise Camel will exclude any non-serializable objects and log it at WARN level. | false | boolean |
bootstrapConfiguration (advanced) | To use a custom configured NettyServerBootstrapConfiguration for configuring this endpoint. | NettyServerBootstrap Configuration | |
channelGroup (advanced) | To use a explicit ChannelGroup. | ChannelGroup | |
configuration (advanced) | To use a custom configured NettyHttpConfiguration for configuring this endpoint. | NettyHttpConfiguration | |
disableStreamCache (advanced) | Determines whether or not the raw input stream from Netty HttpRequestgetContent() or HttpResponsetgetContent() is cached or not (Camel will read the stream into a in light-weight memory based Stream caching) cache. By default Camel will cache the Netty input stream to support reading it multiple times to ensure it Camel can retrieve all data from the stream. However you can set this option to true when you for example need to access the raw stream, such as streaming it directly to a file or other persistent store. Mind that if you enable this option, then you cannot read the Netty stream multiple times out of the box, and you would need manually to reset the reader index on the Netty raw stream. Also Netty will auto-close the Netty stream when the Netty HTTP server/HTTP client is done processing, which means that if the asynchronous routing engine is in use then any asynchronous thread that may continue routing the org.apache.camel.Exchange may not be able to read the Netty stream, because Netty has closed it. | false | boolean |
headerFilterStrategy (advanced) | To use a custom org.apache.camel.spi.HeaderFilterStrategy to filter headers. | HeaderFilterStrategy | |
nativeTransport (advanced) | Whether to use native transport instead of NIO. Native transport takes advantage of the host operating system and is only supported on some platforms. You need to add the netty JAR for the host operating system you are using. See more details at: http://netty.io/wiki/native-transports.html | false | boolean |
nettyHttpBinding (advanced) | To use a custom org.apache.camel.component.netty4.http.NettyHttpBinding for binding to/from Netty and Camel Message API. | NettyHttpBinding | |
options (advanced) | Allows to configure additional netty options using option. as prefix. For example option.child.keepAlive=false to set the netty option child.keepAlive=false. See the Netty documentation for possible options that can be used. | Map | |
receiveBufferSize (advanced) | The TCP/UDP buffer sizes to be used during inbound communication. Size is bytes. | 65536 | int |
receiveBufferSizePredictor (advanced) | Configures the buffer size predictor. See details at Jetty documentation and this mail thread. | int | |
sendBufferSize (advanced) | The TCP/UDP buffer sizes to be used during outbound communication. Size is bytes. | 65536 | int |
synchronous (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean |
transferException (advanced) | If enabled and an Exchange failed processing on the consumer side, and if the caused Exception was send back serialized in the response as a application/x-java-serialized-object content type. On the producer side the exception will be deserialized and thrown as is, instead of the HttpOperationFailedException. The caused exception is required to be serialized. This is by default turned off. If you enable this then be aware that Java will deserialize the incoming data from the request to Java and that can be a potential security risk. | false | boolean |
transferExchange (advanced) | Only used for TCP. You can transfer the exchange over the wire instead of just the body. The following fields are transferred: In body, Out body, fault body, In headers, Out headers, fault headers, exchange properties, exchange exception. This requires that the objects are serializable. Camel will exclude any non-serializable objects and log it at WARN level. | false | boolean |
workerCount (advanced) | When netty works on nio mode, it uses default workerCount parameter from Netty, which is cpu_core_threads2. User can use this operation to override the default workerCount from Netty | int | |
workerGroup (advanced) | To use a explicit EventLoopGroup as the boss thread pool. For example to share a thread pool with multiple consumers or producers. By default each consumer or producer has their own worker pool with 2 x cpu count core threads. | EventLoopGroup | |
decoder (codec) | Deprecated To use a single decoder. This options is deprecated use encoders instead. | ChannelHandler | |
decoders (codec) | A list of decoders to be used. You can use a String which have values separated by comma, and have the values be looked up in the Registry. Just remember to prefix the value with so Camel knows it should lookup. | String | |
encoder (codec) | Deprecated To use a single encoder. This options is deprecated use encoders instead. | ChannelHandler | |
encoders (codec) | A list of encoders to be used. You can use a String which have values separated by comma, and have the values be looked up in the Registry. Just remember to prefix the value with so Camel knows it should lookup. | String | |
enabledProtocols (security) | Which protocols to enable when using SSL | TLSv1,TLSv1.1,TLSv1.2 | String |
keyStoreFile (security) | Client side certificate keystore to be used for encryption | File | |
keyStoreFormat (security) | Keystore format to be used for payload encryption. Defaults to JKS if not set | String | |
keyStoreResource (security) | Client side certificate keystore to be used for encryption. Is loaded by default from classpath, but you can prefix with classpath:, file:, or http: to load the resource from different systems. | String | |
needClientAuth (security) | Configures whether the server needs client authentication when using SSL. | false | boolean |
passphrase (security) | Password setting to use in order to encrypt/decrypt payloads sent using SSH | String | |
securityConfiguration (security) | Refers to a org.apache.camel.component.netty4.http.NettyHttpSecurityConfiguration for configuring secure web resources. | NettyHttpSecurity Configuration | |
securityOptions (security) | To configure NettyHttpSecurityConfiguration using key/value pairs from the map | Map | |
securityProvider (security) | Security provider to be used for payload encryption. Defaults to SunX509 if not set. | String | |
ssl (security) | Setting to specify whether SSL encryption is applied to this endpoint | false | boolean |
sslClientCertHeaders (security) | When enabled and in SSL mode, then the Netty consumer will enrich the Camel Message with headers having information about the client certificate such as subject name, issuer name, serial number, and the valid date range. | false | boolean |
sslContextParameters (security) | To configure security using SSLContextParameters | SSLContextParameters | |
sslHandler (security) | Reference to a class that could be used to return an SSL Handler | SslHandler | |
trustStoreFile (security) | Server side certificate keystore to be used for encryption | File | |
trustStoreResource (security) | Server side certificate keystore to be used for encryption. Is loaded by default from classpath, but you can prefix with classpath:, file:, or http: to load the resource from different systems. | String |
243.3. Message Headers
The following headers can be used on the producer to control the HTTP request.
Name | Type | Description |
---|---|---|
|
|
Allow to control what HTTP method to use such as GET, POST, TRACE etc. The type can also be a |
|
|
Allows to provide URI query parameters as a |
|
|
Allows to provide URI context-path and query parameters as a |
|
|
To set the content-type of the HTTP body. For example: |
|
| Allows to set the HTTP Status code to use. By default 200 is used for success, and 500 for failure. |
The following headers is provided as meta-data when a route starts from an Netty4 HTTP endpoint:
The description in the table takes offset in a route having: from("netty4-http:http:0.0.0.0:8080/myapp")…
Name | Type | Description |
---|---|---|
|
| The HTTP method used, such as GET, POST, TRACE etc. |
|
|
The URL including protocol, host and port, etc: |
|
|
The URI without protocol, host and port, etc: |
|
|
Any query parameters, such as |
|
|
Any query parameters, such as |
|
|
Additional context-path. This value is empty if the client called the context-path |
|
| The charset from the content-type header. |
|
|
If the user was authenticated using HTTP Basic then this header is added with the value |
|
|
The content type if provided. For example: |
243.4. Access to Netty types
This component uses the org.apache.camel.component.netty4.http.NettyHttpMessage
as the message implementation on the Exchange. This allows end users to get access to the original Netty request/response instances if needed, as shown below. Mind that the original response may not be accessible at all times.
io.netty.handler.codec.http.HttpRequest request = exchange.getIn(NettyHttpMessage.class).getHttpRequest();
243.5. Examples
In the route below we use Netty4 HTTP as a HTTP server, which returns back a hardcoded "Bye World" message.
from("netty4-http:http://0.0.0.0:8080/foo") .transform().constant("Bye World");
And we can call this HTTP server using Camel also, with the ProducerTemplate as shown below:
String out = template.requestBody("netty4-http:http://localhost:8080/foo", "Hello World", String.class); System.out.println(out);
And we get back "Bye World" as the output.
243.6. How do I let Netty match wildcards
By default Netty4 HTTP will only match on exact uri’s. But you can instruct Netty to match prefixes. For example
from("netty4-http:http://0.0.0.0:8123/foo").to("mock:foo");
In the route above Netty4 HTTP will only match if the uri is an exact match, so it will match if you enter
http://0.0.0.0:8123/foo
but not match if you do http://0.0.0.0:8123/foo/bar
.
So if you want to enable wildcard matching you do as follows:
from("netty4-http:http://0.0.0.0:8123/foo?matchOnUriPrefix=true").to("mock:foo");
So now Netty matches any endpoints with starts with foo
.
To match any endpoint you can do:
from("netty4-http:http://0.0.0.0:8123?matchOnUriPrefix=true").to("mock:foo");
243.7. Using multiple routes with same port
In the same CamelContext you can have multiple routes from Netty4 HTTP that shares the same port (eg a io.netty.bootstrap.ServerBootstrap
instance). Doing this requires a number of bootstrap options to be identical in the routes, as the routes will share the same io.netty.bootstrap.ServerBootstrap
instance. The instance will be configured with the options from the first route created.
The options the routes must be identical configured is all the options defined in the org.apache.camel.component.netty4.NettyServerBootstrapConfiguration
configuration class. If you have configured another route with different options, Camel will throw an exception on startup, indicating the options is not identical. To mitigate this ensure all options is identical.
Here is an example with two routes that share the same port.
Two routes sharing the same port
from("netty4-http:http://0.0.0.0:{{port}}/foo") .to("mock:foo") .transform().constant("Bye World"); from("netty4-http:http://0.0.0.0:{{port}}/bar") .to("mock:bar") .transform().constant("Bye Camel");
And here is an example of a mis configured 2nd route that do not have identical org.apache.camel.component.netty4.NettyServerBootstrapConfiguration
option as the 1st route. This will cause Camel to fail on startup.
Two routes sharing the same port, but the 2nd route is misconfigured and will fail on starting
from("netty4-http:http://0.0.0.0:{{port}}/foo") .to("mock:foo") .transform().constant("Bye World"); // we cannot have a 2nd route on same port with SSL enabled, when the 1st route is NOT from("netty4-http:http://0.0.0.0:{{port}}/bar?ssl=true") .to("mock:bar") .transform().constant("Bye Camel");
243.7.1. Reusing same server bootstrap configuration with multiple routes
By configuring the common server bootstrap option in an single instance of a org.apache.camel.component.netty4.NettyServerBootstrapConfiguration
type, we can use the bootstrapConfiguration
option on the Netty4 HTTP consumers to refer and reuse the same options across all consumers.
<bean id="nettyHttpBootstrapOptions" class="org.apache.camel.component.netty4.NettyServerBootstrapConfiguration"> <property name="backlog" value="200"/> <property name="connectionTimeout" value="20000"/> <property name="workerCount" value="16"/> </bean>
And in the routes you refer to this option as shown below
<route> <from uri="netty4-http:http://0.0.0.0:{{port}}/foo?bootstrapConfiguration=#nettyHttpBootstrapOptions"/> ... </route> <route> <from uri="netty4-http:http://0.0.0.0:{{port}}/bar?bootstrapConfiguration=#nettyHttpBootstrapOptions"/> ... </route> <route> <from uri="netty4-http:http://0.0.0.0:{{port}}/beer?bootstrapConfiguration=#nettyHttpBootstrapOptions"/> ... </route>
243.7.2. Reusing same server bootstrap configuration with multiple routes across multiple bundles in OSGi container
See the Netty HTTP Server Example for more details and example how to do that.
243.8. Using HTTP Basic Authentication
The Netty HTTP consumer supports HTTP basic authentication by specifying the security realm name to use, as shown below
<route> <from uri="netty4-http:http://0.0.0.0:{{port}}/foo?securityConfiguration.realm=karaf"/> ... </route>
The realm name is mandatory to enable basic authentication. By default the JAAS based authenticator is used, which will use the realm name specified (karaf in the example above) and use the JAAS realm and the JAAS \{{LoginModule}}s of this realm for authentication.
End user of Apache Karaf / ServiceMix has a karaf realm out of the box, and hence why the example above would work out of the box in these containers.
243.8.1. Specifying ACL on web resources
The org.apache.camel.component.netty4.http.SecurityConstraint
allows to define constrains on web resources. And the org.apache.camel.component.netty.http.SecurityConstraintMapping
is provided out of the box, allowing to easily define inclusions and exclusions with roles.
For example as shown below in the XML DSL, we define the constraint bean:
<bean id="constraint" class="org.apache.camel.component.netty4.http.SecurityConstraintMapping"> <!-- inclusions defines url -> roles restrictions --> <!-- a * should be used for any role accepted (or even no roles) --> <property name="inclusions"> <map> <entry key="/*" value="*"/> <entry key="/admin/*" value="admin"/> <entry key="/guest/*" value="admin,guest"/> </map> </property> <!-- exclusions is used to define public urls, which requires no authentication --> <property name="exclusions"> <set> <value>/public/*</value> </set> </property> </bean>
The constraint above is define so that
- access to /* is restricted and any roles is accepted (also if user has no roles)
- access to /admin/* requires the admin role
- access to /guest/* requires the admin or guest role
- access to /public/* is an exclusion which means no authentication is needed, and is therefore public for everyone without logging in
To use this constraint we just need to refer to the bean id as shown below:
<route> <from uri="netty4-http:http://0.0.0.0:{{port}}/foo?matchOnUriPrefix=true&securityConfiguration.realm=karaf&securityConfiguration.securityConstraint=#constraint"/> ... </route>