Integration with Apache Camel

[Tommaso Anzidei]

Hi there!

Has anyone succeeded in integrating PAC4J with Apache Camel?

I would like to use PAC4J to protect Camel Rest Routes.

Thanks!

[Tudor Jescu]

Interesting think. I am also interested if somebody succeeded.

[Jérôme LELEU]

Hi,

I don't know Camel, but I just did a small test using Camel Spring Boot + javaee-pac4j to secure a REST endpoint.

@Component
public class RestApi extends RouteBuilder {

    @Override
    public void configure() {
        rest("/rest").get("/hello").to("direct:hello");

        from("direct:hello").transform().constant("Hello World");
    }
}

@Configuration
public class WebConfig {

    @Bean
    public FilterRegistrationBean securityFilter() {
        final DirectBasicAuthClient basicAuth = new DirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
        final Config config = new Config(basicAuth);
        FilterRegistrationBean filter = new FilterRegistrationBean(new SecurityFilter(config, basicAuth.getName()));
        filter.setName("SecurityFilter");
        return filter;
    }

    @Bean
    public ServletRegistrationBean camelServlet() {
        ServletRegistrationBean servlet = new ServletRegistrationBean
                (new CamelHttpTransportServlet(), "/*");
        servlet.setName("CamelServlet");
        return servlet;
    }
}

The security works: if I don't pass a good basic auth, it fails: nothing is returned; but if I pass a good basic auth, it works, I get the "Hello World" contant.

Is this the way you use Camel?

What response do you expect from the REST endpoint in case of a 401 unauthorized?

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/f0a50510-ce66-4e2f-8d39-0bfb585f1467n%40googlegroups.com.

[Tommaso Anzidei]

Thank you very much Jérôme for your kind response. I will try your hint. PAC4J is so good as its community! Have a nice weekend!

[Tudor Jescu]

Hello  Jérôme ,

  Yes,the case is like you described. But it seems that I have an error, I think because of my pac4j-core version, which is 4.0.3  (pac4j-core-4.0.3.jar) which does not contain ConfidSingleton class. So I have the error:

o.s.b.web.embedded.tomcat.TomcatStarter  : Error starting Tomcat context. Exception: org.springframework.beans.factory.BeanCreationException. Message: Error creating bean with name 'securityFilter' defined in class path resource [sample/camel/WebConfig.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.FilterRegistrationBean]: Factory method 'securityFilter' threw exception; nested exception is java.lang.NoClassDefFoundError: org/pac4j/core/config/ConfigSingleton 

 

  Can you please tell me which version of pac4j-core do you have? Or maybe...to not have other conflicts, maybe is possible to share the content of pom.xml?

Thank you for your support,

   Tudor

   

[Jérôme LELEU]

Hi,

pac4j v4.0.3 is old, you should use at least v4.5.6. This is JDK 8 based. You should use jee-pac4j v5.0.0 with it.

But you should upgrade to pac4j v5.5.0 (JDK11) and javaee-pac4j v7.0.0.

Thanks.

Best regards,

Jérôme

To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/9c248663-d25d-4c65-8dae-a9154c94773en%40googlegroups.com.

[Jérôme LELEU]

Hi,

Did you make a test?

I have seen that you can integrate Camel with Shiro and Spring Security using Policy like org.apache.camel.spi.AuthorizationPolicy.

Though, I haven't been able to set any policy in my rest configuration:

rest("/rest").get("/hello").to("direct:hello");

Do you know how to do that?

Thanks.

Best regards,

Jérôme

[Tudor Jescu]

Hello  Jérôme,

   Yes I did some tests and is working with pac4j , I mean with your solution. So this is the reason why I did not try with Shiro and Spring Security.

Thank you very much for your support!

[Jérôme LELEU]

OK. Good. Thanks for letting me know

To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/bf70a313-ecf2-4cf4-9bf2-6cbcdd677428n%40googlegroups.com.