此内容没有您所选择的语言版本。

Chapter 6.  Configuring Transport Security for Camel Components


Abstract

Camel provides the Java Secure Socket Extension (JSSE) Utility API as a common way to configure Camel components to use Transport Layer Security (TLS). The main JSSE utility class is org.apache.util.jsse.SSLContextParameters. To configure TLS settings, you pass an instance of this class to a Camel component. You can configure an SSLContextParameters object by using pure Java or by using Spring or Blueprint XML.
The following code is an example of using Spring XML to configure an SSLContextParameters object:
<sslContextParameters id="sslContextParameters" xmlns="http://camel.apache.org/schema/spring">
   <keyManagers keyPassword="secret1">
      <keyStore resource="./my_keystore.jks" password="secret2" />
   </keyManagers>
   <trustManagers>
      <keyStore resource="./my_truststore.jks" password="secret2" />
   </trustManagers>
</sslContextParameters>
This shows the toplevel sslContextParameters element with keyManagers and trustManagers child elements. The keyManagers element configures the key store while the trustManagers element configures the trust store. For details about key stores and trust stores, see the Apache Camel documentation for the JSSE utility.
With this in place, you can reference the sslContextParameters bean in your endpoint URI. The following route runs a netty4 HTTPS endpoint. The ssl option is required. For example:
<route>
   <from uri="netty4:https://localhost:8080/early?sslContextParametersRef=#sslContextParameters&ssl=true"/>
   <transform>
      <constant>Hi</constant>
   </transform>
</route>
The following code provides an example of how to configure transport security in Java:
@Override
protected JndiRegistry createRegistry() throws Exception {
   KeyStoreParameters ksp = new KeyStoreParameters();
      ksp.setResource("./my_keystore.jks");
      ksp.setPassword("secret1");
   KeyManagersParameters kmp = new KeyManagersParameters();
      kmp.setKeyPassword("secret2");
      kmp.setKeyStore(ksp);
   KeyStoreParameters tsp = new KeyStoreParameters();
      tsp.setResource("./my_truststore.jks");
      tsp.setPassword("secret2");
   TrustManagersParameters tmp = new TrustManagersParameters();
      tmp.setKeyStore(tsp);
   SSLContextParameters sslContextParameters = new SSLContextParameters();
   sslContextParameters.setKeyManagers(kmp);
   sslContextParameters.setTrustManagers(tmp);
   JndiRegistry registry = super.createRegistry();
   registry.bind("sslContextParameters", sslContextParameters);

   return registry;
}
The Java route for a netty4 HTTPS endpoint looks like the following. The ssl option is required.
from("netty4:https://localhost:8080/early?sslContextParametersRef=
   #sslContextParameters&ssl=true").transform().constant("Hi");
In Camel, to call these HTTPS endpoints, also provide the sslContextParameters object that contains a trusted certificate. The following example reuses the server sslContextParameters object. In this example, the URI syntax is the same for the producer. For example:
String reply =       
      template.requestBody(
         "netty4:https://localhost:8080/early?ssl=true&sslContextParametersRef=
            sslContextParameters", "Hi Camel!", String.class);
If you do not provide an sslContextParameters object that contains a valid trust store then the server does not allow a connection and Camel throws an execution exception - CamelExecutionException.
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.