Since we're on a major migration process of this website, some component documents here are out of sync right now. In the meantime you may want to look at the early version of the new website
https://camel.apache.org/staging/
We would very much like to receive any feedback on the new site, please join the discussion on the Camel user mailing list.
Security for Camel GAE ApplicationsSecuring GAE applications from unauthorized access is described in the Security and Authentication section of the Google App Engine documentation. Authorization constraints are declared in the web.xml. This applies to Camel applications as well. In the following example, the application is configured to only allow authenticated users (in any role) to access the application. Additionally, access to web.xml with authorization constraint <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <servlet> <servlet-name>CamelServlet</servlet-name> <servlet-class>org.apache.camel.component.servlet.CamelHttpTransportServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>appctx.xml</param-value> </init-param> </servlet> <!-- Mapping used for external requests --> <servlet-mapping> <servlet-name>CamelServlet</servlet-name> <url-pattern>/camel/*</url-pattern> </servlet-mapping> <!-- Mapping used for web hooks accessed by task queueing service. --> <servlet-mapping> <servlet-name>CamelServlet</servlet-name> <url-pattern>/worker/*</url-pattern> </servlet-mapping> <!-- By default allow any user who is logged in to access the whole application. --> <security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> <!-- Allow only admin users to access /worker/* URLs e.g. to prevent normal user to access gtask web hooks. --> <security-constraint> <web-resource-collection> <url-pattern>/worker/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> </web-app> |