127.3. 控制对 Camel 路由的访问
需要 Spring Security AuthenticationManager 和 AccessDecisionManager 来使用此组件。以下是如何使用 Spring Security 命名空间在 Spring XML 中配置这些对象的示例:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:spring-security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="true"/>
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter"/>
</list>
</property>
</bean>
<spring-security:authentication-manager alias="authenticationManager">
<spring-security:authentication-provider user-service-ref="userDetailsService"/>
</spring-security:authentication-manager>
<spring-security:user-service id="userDetailsService">
<spring-security:user name="jim" password="jimspassword" authorities="ROLE_USER, ROLE_ADMIN"/>
<spring-security:user name="bob" password="bobspassword" authorities="ROLE_USER"/>
</spring-security:user-service>
</beans>现在设置了底层的安全对象,我们可以使用它们配置授权策略,并使用该策略控制对路由的访问:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:spring-security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
http://camel.apache.org/schema/spring-security http://camel.apache.org/schema/spring-security/camel-spring-security.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- import the Spring security configuration -->
<import resource= "classpath:org/apache/camel/component/spring/security/commonSecurity.xml"/>
<authorizationPolicy id="admin" access="ROLE_ADMIN"
authenticationManager="authenticationManager"
accessDecisionManager="accessDecisionManager"
xmlns="http://camel.apache.org/schema/spring-security"/>
<camelContext id="myCamelContext" xmlns="http://camel.apache.org/schema/spring">
<route>
<from uri="direct:start"/>
<!-- The exchange should be authenticated with the role -->
<!-- of ADMIN before it is send to mock:endpoint -->
<policy ref="admin">
<to uri="mock:end"/>
</policy>
</route>
</camelContext>
</beans>
在本例中,仅在以下情况下执行端点 mock:end :
admin
SpringSecurityAuthorizationPolicy可以找到 Spring SecurityAuthentication对象,如下所示:- 可以被验证或可以进行身份验证
-
包含
ROLE_ADMIN授权
