Questo contenuto non è disponibile nella lingua selezionata.

Chapter 6. Configuring Transport Security for Camel Components

Abstract

Camel provides the Java Secure Socket Extension (JSSE) Utility API as a common way to configure Camel components to use Transport Layer Security (TLS). The main JSSE utility class is org.apache.util.jsse.SSLContextParameters. To configure TLS settings, you pass an instance of this class to a Camel component. You can configure an SSLContextParameters object by using pure Java or by using Spring or Blueprint XML.

The following code is an example of using Spring XML to configure an SSLContextParameters object:

<sslContextParameters id="sslContextParameters" xmlns="http://camel.apache.org/schema/spring">
   <keyManagers keyPassword="secret1">
      <keyStore resource="./my_keystore.jks" password="secret2" />
   </keyManagers>
   <trustManagers>
      <keyStore resource="./my_truststore.jks" password="secret2" />
   </trustManagers>
</sslContextParameters>

<sslContextParameters id="sslContextParameters" xmlns="http://camel.apache.org/schema/spring">
   <keyManagers keyPassword="secret1">
      <keyStore resource="./my_keystore.jks" password="secret2" />
   </keyManagers>
   <trustManagers>
      <keyStore resource="./my_truststore.jks" password="secret2" />
   </trustManagers>
</sslContextParameters>

Copy to Clipboard

Toggle word wrap

This shows the toplevel sslContextParameters element with keyManagers and trustManagers child elements. The keyManagers element configures the key store while the trustManagers element configures the trust store. For details about key stores and trust stores, see the Apache Camel documentation for the JSSE utility.

With this in place, you can reference the sslContextParameters bean in your endpoint URI. The following route runs a netty4 HTTPS endpoint. The ssl option is required. For example:

<route>
   <from uri="netty4:https://localhost:8080/early?sslContextParametersRef=#sslContextParameters&ssl=true"/>
   <transform>
      <constant>Hi</constant>
   </transform>
</route>

<route>
   <from uri="netty4:https://localhost:8080/early?sslContextParametersRef=#sslContextParameters&ssl=true"/>
   <transform>
      <constant>Hi</constant>
   </transform>
</route>

Copy to Clipboard

Toggle word wrap

The following code provides an example of how to configure transport security in Java:

@Override
protected JndiRegistry createRegistry() throws Exception {
   KeyStoreParameters ksp = new KeyStoreParameters();
      ksp.setResource("./my_keystore.jks");
      ksp.setPassword("secret1");
   KeyManagersParameters kmp = new KeyManagersParameters();
      kmp.setKeyPassword("secret2");
      kmp.setKeyStore(ksp);
   KeyStoreParameters tsp = new KeyStoreParameters();
      tsp.setResource("./my_truststore.jks");
      tsp.setPassword("secret2");
   TrustManagersParameters tmp = new TrustManagersParameters();
      tmp.setKeyStore(tsp);
   SSLContextParameters sslContextParameters = new SSLContextParameters();
   sslContextParameters.setKeyManagers(kmp);
   sslContextParameters.setTrustManagers(tmp);
   JndiRegistry registry = super.createRegistry();
   registry.bind("sslContextParameters", sslContextParameters);

   return registry;
}

@Override
protected JndiRegistry createRegistry() throws Exception {
   KeyStoreParameters ksp = new KeyStoreParameters();
      ksp.setResource("./my_keystore.jks");
      ksp.setPassword("secret1");
   KeyManagersParameters kmp = new KeyManagersParameters();
      kmp.setKeyPassword("secret2");
      kmp.setKeyStore(ksp);
   KeyStoreParameters tsp = new KeyStoreParameters();
      tsp.setResource("./my_truststore.jks");
      tsp.setPassword("secret2");
   TrustManagersParameters tmp = new TrustManagersParameters();
      tmp.setKeyStore(tsp);
   SSLContextParameters sslContextParameters = new SSLContextParameters();
   sslContextParameters.setKeyManagers(kmp);
   sslContextParameters.setTrustManagers(tmp);
   JndiRegistry registry = super.createRegistry();
   registry.bind("sslContextParameters", sslContextParameters);

   return registry;
}

Copy to Clipboard

Toggle word wrap

The Java route for a netty4 HTTPS endpoint looks like the following. The ssl option is required.

from("netty4:https://localhost:8080/early?sslContextParametersRef=
   #sslContextParameters&ssl=true").transform().constant("Hi");

from("netty4:https://localhost:8080/early?sslContextParametersRef=
   #sslContextParameters&ssl=true").transform().constant("Hi");

Copy to Clipboard

Toggle word wrap

In Camel, to call these HTTPS endpoints, also provide the sslContextParameters object that contains a trusted certificate. The following example reuses the server sslContextParameters object. In this example, the URI syntax is the same for the producer. For example:

String reply =       
      template.requestBody(
         "netty4:https://localhost:8080/early?ssl=true&sslContextParametersRef=
            sslContextParameters", "Hi Camel!", String.class);

String reply =       
      template.requestBody(
         "netty4:https://localhost:8080/early?ssl=true&sslContextParametersRef=
            sslContextParameters", "Hi Camel!", String.class);

Copy to Clipboard

Toggle word wrap

If you do not provide an sslContextParameters object that contains a valid trust store then the server does not allow a connection and Camel throws an execution exception - CamelExecutionException.

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 6. Configuring Transport Security for Camel Components

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Rendiamo l’open source più inclusivo

Informazioni su Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links