This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • Spring Security Example
Skip to end of metadata
Go to start of metadata

Spring Security Example

The camel-spring-security module provides authentication and authorization capabilities via Spring Security. This example shows you how to use this functionality to implement a role based authorization application.

This example consumes messages from a servlet endpoint which is secured by Spring Security with http basic authentication, there are two services:

 "http://localhost:8080/camel/user" is for the authenticated user whose role is ROLE_USER
 "http://localhost:8080/camel/admin" is for the authenticated user whose role is ROLE_ADMIN

You will need to compile this example first:

  cd $CAMEL_HOME/examples/camel-example-spring-security
  mvn clean install

To run the example, you need to start up the server by typing

  mvn jetty:run

To stop the server hit ctrl + c

Then you can use the script in the client directory to send the request and check the response, or use browser to access upper service with the user/password ("jim/jimspassword" with the admin and user role or "rob/robspassword" with user role).

Here is the camel route configuration:

Error rendering macro 'code': Invalid value specified for parameter 'java.lang.NullPointerException'
<beans xmlns=""

  <spring-security:http realm="User Restrict Realm">
    <spring-security:intercept-url pattern="/camel/**"
                                   access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')"/>

    <!--  set up the user configuration here -->
  <spring-security:authentication-manager alias="authenticationManager">
    <spring-security:authentication-provider user-service-ref="userDetailsService"/>

  <spring-security:user-service id="userDetailsService">
    <spring-security:user name="jim" password="{noop}jimspassword" authorities="ROLE_USER, ROLE_ADMIN"/>
    <spring-security:user name="bob" password="{noop}bobspassword" authorities="ROLE_USER"/>

  <bean id="accessDecisionManager" class="">
      <bean class=""/>
    <property name="allowIfAllAbstainDecisions" value="true"/>

  <!-- The Policy for checking the authentication role of ADMIN -->
  <authorizationPolicy id="admin" access="ROLE_ADMIN"

  <!-- The Policy for checking the authentication role of USER -->
  <authorizationPolicy id="user" access="ROLE_USER"

  <camelContext id="myCamelContext" xmlns="">
    <!-- Catch the authorization exception and set the Access Denied message back -->
        <simple>Access Denied with the Policy of ${exception.policyId} !</simple>

      <from uri="servlet:user"/>
      <!-- wrap the route in the policy which enforces security check -->
      <policy ref="user">
          <simple>Normal user can access this service</simple>

      <from uri="servlet:admin"/>
      <!-- wrap the route in the policy which enforces security check -->
      <policy ref="admin">
          <simple>Call the admin operation OK</simple>



You can find how to configure the camel-servlet with http basic authentication by check the files in WEB-INF

  • No labels