Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-2796

camel-spring-security: provide reference to the policy when authorization fails



    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.0
    • Fix Version/s: 2.5.0
    • Component/s: None
    • Labels:


      While it is possible to set up different policies to enforce authorization rules on Camel routes with the new camel-spring-security plugin, there is currently no way to tell which policy was being enforced when a org.springframework.security.SpringSecurityException is thrown. It would be very helpful to have a reference to the policy ID in the CamelAuthorizationException or in the headers so we can use it in the onException handlers.

      For example, let's say you have two policies:

        <authorizationPolicy id="user" access="ROLE_USER" authenticationManager="authenticationManager" accessDecisionManager="accessDecisionManager"
          xmlns="http://camel.apache.org/schema/spring-security" />
        <authorizationPolicy id="admin" access="ROLE_ADMIN" authenticationManager="authenticationManager" accessDecisionManager="accessDecisionManager"
          xmlns="http://camel.apache.org/schema/spring-security" />

      You also have two routes which use these policies:

          <camelContext id="myCamelContext" xmlns="http://camel.apache.org/schema/spring">
                <onException useOriginalMessage="true">
                  <to uri="log:auth_error" />
                  <from uri="direct:adminStart"/>
                  <policy ref="admin">
                      <to uri="mock:end"/>
                  <from uri="direct:userStart"/>
                  <policy ref="admin">
                      <to uri="mock:end"/>

      Both of these routes will fail with an AccessDeniedException if the user doesn't have the proper role, but it would be desirable to handle exceptions for the ROLE_ADMIN failure differently than the ROLE_USER failure, maybe by using a <choice> element in the <onException> element.

      I know we have the CamelFailureEndpoint header, but this isn't very useful when more than one route uses the same authorization policy.


        1. CAMEL-2796.patch
          2 kB
          Paul Mietz Egli



            • Assignee:
              njiang Willem Jiang
              pegli Paul Mietz Egli
            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created: