Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 6.  Configuring Transport Security for Camel Components


Abstract

Camel provides the Java Secure Socket Extension (JSSE) Utility API as a common way to configure Camel components to use Transport Layer Security (TLS). The main JSSE utility class is org.apache.util.jsse.SSLContextParameters. To configure TLS settings, you pass an instance of this class to a Camel component. You can configure an SSLContextParameters object by using pure Java or by using Spring or Blueprint XML.
The following code is an example of using Spring XML to configure an SSLContextParameters object:
<sslContextParameters id="sslContextParameters" xmlns="http://camel.apache.org/schema/spring">
   <keyManagers keyPassword="secret1">
      <keyStore resource="./my_keystore.jks" password="secret2" />
   </keyManagers>
   <trustManagers>
      <keyStore resource="./my_truststore.jks" password="secret2" />
   </trustManagers>
</sslContextParameters>
This shows the toplevel sslContextParameters element with keyManagers and trustManagers child elements. The keyManagers element configures the key store while the trustManagers element configures the trust store. For details about key stores and trust stores, see the Apache Camel documentation for the JSSE utility.
With this in place, you can reference the sslContextParameters bean in your endpoint URI. The following route runs a netty4 HTTPS endpoint. The ssl option is required. For example:
<route>
   <from uri="netty4:https://localhost:8080/early?sslContextParametersRef=#sslContextParameters&ssl=true"/>
   <transform>
      <constant>Hi</constant>
   </transform>
</route>
The following code provides an example of how to configure transport security in Java:
@Override
protected JndiRegistry createRegistry() throws Exception {
   KeyStoreParameters ksp = new KeyStoreParameters();
      ksp.setResource("./my_keystore.jks");
      ksp.setPassword("secret1");
   KeyManagersParameters kmp = new KeyManagersParameters();
      kmp.setKeyPassword("secret2");
      kmp.setKeyStore(ksp);
   KeyStoreParameters tsp = new KeyStoreParameters();
      tsp.setResource("./my_truststore.jks");
      tsp.setPassword("secret2");
   TrustManagersParameters tmp = new TrustManagersParameters();
      tmp.setKeyStore(tsp);
   SSLContextParameters sslContextParameters = new SSLContextParameters();
   sslContextParameters.setKeyManagers(kmp);
   sslContextParameters.setTrustManagers(tmp);
   JndiRegistry registry = super.createRegistry();
   registry.bind("sslContextParameters", sslContextParameters);

   return registry;
}
The Java route for a netty4 HTTPS endpoint looks like the following. The ssl option is required.
from("netty4:https://localhost:8080/early?sslContextParametersRef=
   #sslContextParameters&ssl=true").transform().constant("Hi");
In Camel, to call these HTTPS endpoints, also provide the sslContextParameters object that contains a trusted certificate. The following example reuses the server sslContextParameters object. In this example, the URI syntax is the same for the producer. For example:
String reply =       
      template.requestBody(
         "netty4:https://localhost:8080/early?ssl=true&sslContextParametersRef=
            sslContextParameters", "Hi Camel!", String.class);
If you do not provide an sslContextParameters object that contains a valid trust store then the server does not allow a connection and Camel throws an execution exception - CamelExecutionException.
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.