How do I secure my Apache Camel REST API?
Question
I'm using Apache Camel to host a REST API for another camel application. How do I secure this REST API it's only accessible through HTTPS?
I'm using Camel 3.0.0-M1. For the REST API I'm using the REST DSL and the camel-jetty component. From other questions on SO and the camel mailing list I gathered that I just need to configure the jetty component in order to enable SSL.
This is what I've come up with:
<bean id="securejetty" class="org.apache.camel.component.jetty9.JettyHttpComponent9">
<property name="sslContextParameters" ref="sslContextParameters" />
</bean>
<camel:sslContextParameters id="sslContextParameters">
<camel:keyManagers keyPassword="Linux01!">
<camel:keyStore resource="/etc/certs/KeyStore.jks" password="Linux01!"/>
</camel:keyManagers>
</camel:sslContextParameters>
<restConfiguration component="securejetty" contextPath="api/v0" port="9091" apiContextPath="api-doc" apiContextListing="false" enableCORS="true" host="0.0.0.0">
<dataFormatProperty key="prettyPrint" value="true"/>
<apiProperty key="base.path" value="/opcua"/>
<apiProperty key="api.version" value="0.0.1"/>
<apiProperty key="api.title" value="Blackbox REST API"/>
<apiProperty key="api.description" value="The REST API for the Blackbox Project"/>
<apiProperty key="api.contact.name" value="Blackbox"/>
<corsHeaders key="Access-Control-Allow-*" value="0.0.0.0"/>
<corsHeaders key="Access-Control-Max-Age" value="300"/>
</restConfiguration>
I expected that my API would be only accessible via https. But actually it continues to be available via http and not at all via https. I've partially figured out why: The "sslContextParameters" gets ignored completely, so camel doesn't know that the jetty component is supposed to do https. I tested this with assigning the keyStore variable a bogus path. That doesn't even throw an error, even though it's declared as a resource, that leads me to believe the "sslContextParameters" is ignored entirely. I need to know how I can secure my camel-jetty REST API so it's in line with my companies security standards.
1 answers
solution1
0 ACCPTED 2019-06-05 13:10:10
There were two errors that hindered my success:
- I didn't specify the scheme as http (credit to @Paizo)
- Configuring "securejetty" was wrong, I needed to specifically configure "jetty"
Here's the corrected config:
<bean id="jetty" class="org.apache.camel.component.jetty9.JettyHttpComponent9">
<property name="sslContextParameters" ref="sslContextParameters" />
</bean>
<camel:sslContextParameters id="sslContextParameters">
<camel:keyManagers keyPassword="Linux01!">
<camel:keyStore resource="/etc/certs/KeyStore.jks" password="Linux01!"/>
</camel:keyManagers>
</camel:sslContextParameters>
<restConfiguration component="jetty" contextPath="api/v0" port="9091" apiContextPath="api-doc" apiContextListing="false" enableCORS="true" host="0.0.0.0">
<dataFormatProperty key="prettyPrint" value="true"/>
<apiProperty key="base.path" value="/opcua"/>
<apiProperty key="api.version" value="0.0.1"/>
<apiProperty key="api.title" value="Blackbox REST API"/>
<apiProperty key="api.description" value="The REST API for the Blackbox Project"/>
<apiProperty key="api.contact.name" value="Blackbox"/>
<corsHeaders key="Access-Control-Allow-*" value="0.0.0.0"/>
<corsHeaders key="Access-Control-Max-Age" value="300"/>
</restConfiguration>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.