git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

best approach to perform client certificate validation and restrict access to single IP


Hello,

I have a requirement to provide a service using Camel Jetty component and
SSL. I have the SSL working fine for server certificate validation by
clients.

The route basically looks like this:
from("jetty://https://0.0.0.0:thePort/theSecureAPI";).to(...)

The code that configures the SSL for the Jetty component looks like below
and works fine:

private void configureJettyComponentForSsl() {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(trustStorePath);
ksp.setPassword(trustStorePassword);
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword(keyPassword);
SSLContextParameters scp = new SSLContextParameters();
scp.setKeyManagers(kmp);
JettyHttpComponent jettyComponent =  getContext().getComponent("jetty",
JettyHttpComponent.class);
jettyComponent.setSslContextParameters(scp);
}

Now I need to add client certificate validation, and to restrict
connections to a particular IP. What would be the best approach?

Maybe using SslSocketConnectors like:

final HashMap<Integer, Connector> portToConnectorMap = new HashMap<>();
portToConnectorMap.put(thePort, what-here?? )
jettyComponent.setSslSocketConnectors(portToConnectorMap);

Or, maybe I could accept the call into the route and use a processor that
would reject it if it does not come from the required IP? (how can I get
the client IP from within the route?) I would still need to perfor the
client certificate validation.

Can I use a spring security filter?

Any guidance would be welcome.


( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache-camel-users/msg03161.html on line 111
Call Stack
#TimeMemoryFunctionLocation
10.0006364632{main}( ).../msg03161.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache-camel-users/msg03161.html on line 111
Call Stack
#TimeMemoryFunctionLocation
10.0006364632{main}( ).../msg03161.html:0