How do I secure my Apache Camel REST API?

0
votes

I'm using Apache Camel to host a REST API for another camel application. How do I secure this REST API it's only accessible through HTTPS?

I'm using Camel 3.0.0-M1. For the REST API I'm using the REST DSL and the camel-jetty component. From other questions on SO and the camel mailing list I gathered that I just need to configure the jetty component in order to enable SSL.

This is what I've come up with:

<bean id="securejetty" class="org.apache.camel.component.jetty9.JettyHttpComponent9">
    <property name="sslContextParameters" ref="sslContextParameters" />
</bean>

<camel:sslContextParameters id="sslContextParameters">
    <camel:keyManagers keyPassword="Linux01!">
        <camel:keyStore resource="/etc/certs/KeyStore.jks" password="Linux01!"/>
    </camel:keyManagers>
</camel:sslContextParameters>

<restConfiguration component="securejetty" contextPath="api/v0" port="9091" apiContextPath="api-doc" apiContextListing="false" enableCORS="true" host="0.0.0.0">
        <dataFormatProperty key="prettyPrint" value="true"/>
        <apiProperty key="base.path" value="/opcua"/>
        <apiProperty key="api.version" value="0.0.1"/>
        <apiProperty key="api.title" value="Blackbox REST API"/>
        <apiProperty key="api.description" value="The REST API for the Blackbox Project"/>
        <apiProperty key="api.contact.name" value="Blackbox"/>
        <corsHeaders key="Access-Control-Allow-*" value="0.0.0.0"/>
        <corsHeaders key="Access-Control-Max-Age" value="300"/>
</restConfiguration>

I expected that my API would be only accessible via https. But actually it continues to be available via http and not at all via https. I've partially figured out why: The "sslContextParameters" gets ignored completely, so camel doesn't know that the jetty component is supposed to do https. I tested this with assigning the keyStore variable a bogus path. That doesn't even throw an error, even though it's declared as a resource, that leads me to believe the "sslContextParameters" is ignored entirely. I need to know how I can secure my camel-jetty REST API so it's in line with my companies security standards.

1
javasslapache-camel
Possible duplicate of Apache Camel 2.14 Rest DSL SecuritySBylemans
I want to secure my application via SSL, not via basic auth or spring security.Necrophades
where are you defining the port the and the schema? see Configuring Rest DSL camel.apache.org/rest-dsl.htmlPaizo
Looks like I didn't define the schema and the default is HTTP. I set the schema to HTTPS and now it uses https. I now get a different error which I might address in another question. Thank you!Necrophades

1 Answers

0
votes

There were two errors that hindered my success:

  1. I didn't specify the scheme as http (credit to @Paizo)
  2. Configuring "securejetty" was wrong, I needed to specifically configure "jetty"

Here's the corrected config:

<bean id="jetty" class="org.apache.camel.component.jetty9.JettyHttpComponent9">
    <property name="sslContextParameters" ref="sslContextParameters" />
</bean>

<camel:sslContextParameters id="sslContextParameters">
    <camel:keyManagers keyPassword="Linux01!">
        <camel:keyStore resource="/etc/certs/KeyStore.jks" password="Linux01!"/>
    </camel:keyManagers>
</camel:sslContextParameters>

<restConfiguration component="jetty" contextPath="api/v0" port="9091" apiContextPath="api-doc" apiContextListing="false" enableCORS="true" host="0.0.0.0">
        <dataFormatProperty key="prettyPrint" value="true"/>
        <apiProperty key="base.path" value="/opcua"/>
        <apiProperty key="api.version" value="0.0.1"/>
        <apiProperty key="api.title" value="Blackbox REST API"/>
        <apiProperty key="api.description" value="The REST API for the Blackbox Project"/>
        <apiProperty key="api.contact.name" value="Blackbox"/>
        <corsHeaders key="Access-Control-Allow-*" value="0.0.0.0"/>
        <corsHeaders key="Access-Control-Max-Age" value="300"/>
</restConfiguration>