Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.3.0
-
None
-
None
Description
While it is possible to set up different policies to enforce authorization rules on Camel routes with the new camel-spring-security plugin, there is currently no way to tell which policy was being enforced when a org.springframework.security.SpringSecurityException is thrown. It would be very helpful to have a reference to the policy ID in the CamelAuthorizationException or in the headers so we can use it in the onException handlers.
For example, let's say you have two policies:
<authorizationPolicy id="user" access="ROLE_USER" authenticationManager="authenticationManager" accessDecisionManager="accessDecisionManager" xmlns="http://camel.apache.org/schema/spring-security" /> <authorizationPolicy id="admin" access="ROLE_ADMIN" authenticationManager="authenticationManager" accessDecisionManager="accessDecisionManager" xmlns="http://camel.apache.org/schema/spring-security" />
You also have two routes which use these policies:
<camelContext id="myCamelContext" xmlns="http://camel.apache.org/schema/spring"> <onException useOriginalMessage="true"> <exception>org.springframework.security.BadCredentialsException</exception> <handled><constant>true</constant></handled> <to uri="log:auth_error" /> </onException> <route> <from uri="direct:adminStart"/> <policy ref="admin"> <to uri="mock:end"/> </policy> </route> <route> <from uri="direct:userStart"/> <policy ref="admin"> <to uri="mock:end"/> </policy> </route> </camelContext>
Both of these routes will fail with an AccessDeniedException if the user doesn't have the proper role, but it would be desirable to handle exceptions for the ROLE_ADMIN failure differently than the ROLE_USER failure, maybe by using a <choice> element in the <onException> element.
I know we have the CamelFailureEndpoint header, but this isn't very useful when more than one route uses the same authorization policy.