From a70cb315842ec01243fd0fd0fcf223fbb1e3939d Mon Sep 17 00:00:00 2001
From: Thomas Diesler <thomas.diesler@jboss.com>
Date: Fri, 3 Jul 2015 11:54:23 +0200
Subject: [PATCH] [resolves #723] Add support for Exchange.AUTHENTICATION
 header

---
 .../test/policy/EJBSecurityTestCase.java      |   4 +-
 .../policy/PolicyIntegrationTestCase.java     |  20 +++-
 .../test/policy/SecuredRouteTestCase.java     | 109 ++++++++++++++++++
 modules/etc/baseline/exported-paths.txt       |  72 ++++++++++++
 modules/etc/baseline/module-list.txt          |   3 +
 .../component/spring/security/main/module.xml |  15 +++
 .../springframework/security/main/module.xml  |  16 +++
 .../springframework/spring/main/module.xml    |  54 ---------
 .../apache/camel/component/main/module.xml    |   1 +
 .../springframework/spring/main/module.xml    |   6 +-
 .../wildfly/extension/camel/main/module.xml   |   1 +
 modules/etc/smartics/camel-modules.xml        |  13 +++
 modules/etc/smartics/spring-modules.xml       |  27 +++--
 modules/pom.xml                               |   5 +
 pom.xml                                       |   7 ++
 subsystem/pom.xml                             |   4 +
 .../camel/security/Authentication.java        |  33 ++++++
 .../camel/security/AuthorizationPolicy.java   |  66 -----------
 .../ClientLoginAuthorizationPolicy.java       |  87 ++++++++++++++
 .../camel/security/ClientLoginContext.java    |   4 +-
 .../UsernamePasswordAuthentication.java       |  54 +++++++++
 21 files changed, 462 insertions(+), 139 deletions(-)
 create mode 100644 itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/SecuredRouteTestCase.java
 create mode 100644 modules/etc/generated/wildfly/modules/system/layers/fuse/org/apache/camel/component/spring/security/main/module.xml
 create mode 100644 modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/security/main/module.xml
 delete mode 100644 modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml
 create mode 100644 subsystem/src/main/java/org/wildfly/extension/camel/security/Authentication.java
 delete mode 100644 subsystem/src/main/java/org/wildfly/extension/camel/security/AuthorizationPolicy.java
 create mode 100644 subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginAuthorizationPolicy.java
 create mode 100644 subsystem/src/main/java/org/wildfly/extension/camel/security/UsernamePasswordAuthentication.java

diff --git a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/EJBSecurityTestCase.java b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/EJBSecurityTestCase.java
index b1750e7b28..4709dca474 100644
--- a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/EJBSecurityTestCase.java
+++ b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/EJBSecurityTestCase.java
@@ -63,7 +63,7 @@ public void testAccessAllowed() throws Exception {
     public void testAuthorizedAccess() throws Exception {
 
         AnnotatedSLSB bean = lookup(new InitialContext(), AnnotatedSLSB.class, AnnotatedSLSB.class);
-        LoginContext lc = ClientLoginContext.newLoginContext(USERNAME, PASSWORD);
+        LoginContext lc = ClientLoginContext.newLoginContext(USERNAME, PASSWORD.toCharArray());
         lc.login();
         try {
             Assert.assertEquals("Hello Kermit", bean.doSelected("Kermit"));
@@ -83,7 +83,7 @@ public void testUnauthorizedAccess() throws Exception {
             //expected
         }
 
-        LoginContext lc = ClientLoginContext.newLoginContext("user1", "wrongpass");
+        LoginContext lc = ClientLoginContext.newLoginContext("user1", "wrongpass".toCharArray());
         lc.login();
         try {
             bean.doSelected("Kermit");
diff --git a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/PolicyIntegrationTestCase.java b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/PolicyIntegrationTestCase.java
index da1c5fdedb..78483f689c 100644
--- a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/PolicyIntegrationTestCase.java
+++ b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/PolicyIntegrationTestCase.java
@@ -22,8 +22,13 @@
 
 package org.wildfly.camel.test.policy;
 
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
 import org.apache.camel.CamelContext;
 import org.apache.camel.CamelExecutionException;
+import org.apache.camel.Exchange;
 import org.apache.camel.ProducerTemplate;
 import org.apache.camel.builder.RouteBuilder;
 import org.apache.camel.impl.DefaultCamelContext;
@@ -35,7 +40,8 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.wildfly.camel.test.policy.subA.AnnotatedSLSB;
-import org.wildfly.extension.camel.security.AuthorizationPolicy;
+import org.wildfly.extension.camel.security.ClientLoginAuthorizationPolicy;
+import org.wildfly.extension.camel.security.UsernamePasswordAuthentication;
 
 @RunWith(Arquillian.class)
 public class PolicyIntegrationTestCase {
@@ -101,7 +107,7 @@ public void testRoleBasedAccessAllowed() throws Exception {
             @Override
             public void configure() throws Exception {
                 from("direct:start")
-                .policy(new AuthorizationPolicy(EJBSecurityTestCase.USERNAME, EJBSecurityTestCase.PASSWORD))
+                .policy(new ClientLoginAuthorizationPolicy())
                 .to("ejb:java:module/AnnotatedSLSB?method=doSelected");
             }
         });
@@ -109,10 +115,18 @@ public void configure() throws Exception {
         camelctx.start();
         try {
             ProducerTemplate producer = camelctx.createProducerTemplate();
-            String result = producer.requestBody("direct:start", "Kermit", String.class);
+            Subject subject = getAuthenticationToken(EJBSecurityTestCase.USERNAME, EJBSecurityTestCase.PASSWORD);
+            String result = producer.requestBodyAndHeader("direct:start", "Kermit", Exchange.AUTHENTICATION, subject, String.class);
             Assert.assertEquals("Hello Kermit", result);
         } finally {
             camelctx.stop();
         }
     }
+
+    private Subject getAuthenticationToken(String username, String password) {
+        Subject subject = new Subject();
+        Principal principal = new UsernamePasswordAuthentication(username, password.toCharArray());
+        subject.getPrincipals().add(principal);
+        return subject;
+    }
 }
diff --git a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/SecuredRouteTestCase.java b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/SecuredRouteTestCase.java
new file mode 100644
index 0000000000..fb0653d2c8
--- /dev/null
+++ b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/SecuredRouteTestCase.java
@@ -0,0 +1,109 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.wildfly.camel.test.policy;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.CamelExecutionException;
+import org.apache.camel.Exchange;
+import org.apache.camel.ProducerTemplate;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.impl.DefaultCamelContext;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.wildfly.extension.camel.security.ClientLoginAuthorizationPolicy;
+
+@RunWith(Arquillian.class)
+public class SecuredRouteTestCase {
+
+    @Deployment
+    public static JavaArchive createDeployment() {
+        JavaArchive archive = ShrinkWrap.create(JavaArchive.class, "secured-route-test");
+        return archive;
+    }
+
+    @Test
+    public void testRoleBasedAccessDenied() throws Exception {
+        CamelContext camelctx = new DefaultCamelContext();
+        camelctx.addRoutes(new RouteBuilder() {
+            @Override
+            public void configure() throws Exception {
+                from("direct:start")
+                .policy(new ClientLoginAuthorizationPolicy())
+                .transform(body().prepend("Hello "));
+            }
+        });
+
+        camelctx.start();
+        try {
+            ProducerTemplate producer = camelctx.createProducerTemplate();
+            try {
+                producer.requestBody("direct:start", "Kermit", String.class);
+                Assert.fail("CamelExecutionException expected");
+            } catch (CamelExecutionException e) {
+                // expected
+            }
+        } finally {
+            camelctx.stop();
+        }
+    }
+
+    @Test
+    public void testRoleBasedAccessAllowed() throws Exception {
+        CamelContext camelctx = new DefaultCamelContext();
+        camelctx.addRoutes(new RouteBuilder() {
+            @Override
+            public void configure() throws Exception {
+                from("direct:start")
+                .policy(new ClientLoginAuthorizationPolicy())
+                .transform(body().prepend("Hello "));
+            }
+        });
+
+        camelctx.start();
+        try {
+            ProducerTemplate producer = camelctx.createProducerTemplate();
+            Subject subject = getAuthenticationToken(EJBSecurityTestCase.USERNAME, EJBSecurityTestCase.PASSWORD);
+            String result = producer.requestBodyAndHeader("direct:start", "Kermit", Exchange.AUTHENTICATION, subject, String.class);
+            Assert.assertEquals("Hello Kermit", result);
+        } finally {
+            camelctx.stop();
+        }
+    }
+
+    private Subject getAuthenticationToken(String username, String password) {
+        Subject subject = new Subject();
+        Principal principal = new UsernamePasswordAuthenticationToken(username, password);
+        subject.getPrincipals().add(principal);
+        return subject;
+    }
+}
diff --git a/modules/etc/baseline/exported-paths.txt b/modules/etc/baseline/exported-paths.txt
index 097d3ccbe4..17b5b9f3dc 100644
--- a/modules/etc/baseline/exported-paths.txt
+++ b/modules/etc/baseline/exported-paths.txt
@@ -367,6 +367,9 @@ org/apache/camel/component/salesforce/api/dto
 org/apache/camel/component/salesforce/api/dto/bulk
 org/apache/camel/component/servlet
 org/apache/camel/component/servlet/osgi
+org/apache/camel/component/spring
+org/apache/camel/component/spring/security
+org/apache/camel/component/spring/security/config
 org/apache/camel/component/sql
 org/apache/camel/component/swagger
 org/apache/camel/component/velocity
@@ -513,6 +516,75 @@ org/dozer/osgi
 org/dozer/propertydescriptor
 org/dozer/stats
 org/dozer/util
+org/springframework
+org/springframework/security
+org/springframework/security/access
+org/springframework/security/access/annotation
+org/springframework/security/access/event
+org/springframework/security/access/expression
+org/springframework/security/access/expression/method
+org/springframework/security/access/hierarchicalroles
+org/springframework/security/access/intercept
+org/springframework/security/access/intercept/aopalliance
+org/springframework/security/access/intercept/aspectj
+org/springframework/security/access/method
+org/springframework/security/access/prepost
+org/springframework/security/access/vote
+org/springframework/security/authentication
+org/springframework/security/authentication/dao
+org/springframework/security/authentication/encoding
+org/springframework/security/authentication/event
+org/springframework/security/authentication/jaas
+org/springframework/security/authentication/jaas/event
+org/springframework/security/authentication/jaas/memory
+org/springframework/security/authentication/rcp
+org/springframework/security/concurrent
+org/springframework/security/config
+org/springframework/security/config/annotation
+org/springframework/security/config/annotation/authentication
+org/springframework/security/config/annotation/authentication/builders
+org/springframework/security/config/annotation/authentication/configuration
+org/springframework/security/config/annotation/authentication/configurers
+org/springframework/security/config/annotation/authentication/configurers/ldap
+org/springframework/security/config/annotation/authentication/configurers/provisioning
+org/springframework/security/config/annotation/authentication/configurers/userdetails
+org/springframework/security/config/annotation/configuration
+org/springframework/security/config/annotation/method
+org/springframework/security/config/annotation/method/configuration
+org/springframework/security/config/annotation/web
+org/springframework/security/config/annotation/web/builders
+org/springframework/security/config/annotation/web/configuration
+org/springframework/security/config/annotation/web/configurers
+org/springframework/security/config/annotation/web/configurers/openid
+org/springframework/security/config/annotation/web/servlet
+org/springframework/security/config/annotation/web/servlet/configuration
+org/springframework/security/config/authentication
+org/springframework/security/config/debug
+org/springframework/security/config/http
+org/springframework/security/config/ldap
+org/springframework/security/config/method
+org/springframework/security/core
+org/springframework/security/core/authority
+org/springframework/security/core/authority/mapping
+org/springframework/security/core/context
+org/springframework/security/core/parameters
+org/springframework/security/core/session
+org/springframework/security/core/token
+org/springframework/security/core/userdetails
+org/springframework/security/core/userdetails/cache
+org/springframework/security/core/userdetails/jdbc
+org/springframework/security/core/userdetails/memory
+org/springframework/security/crypto
+org/springframework/security/crypto/bcrypt
+org/springframework/security/crypto/codec
+org/springframework/security/crypto/encrypt
+org/springframework/security/crypto/keygen
+org/springframework/security/crypto/password
+org/springframework/security/crypto/util
+org/springframework/security/provisioning
+org/springframework/security/scheduling
+org/springframework/security/task
+org/springframework/security/util
 org/xmlsoap
 org/xmlsoap/schemas
 org/xmlsoap/schemas/soap
diff --git a/modules/etc/baseline/module-list.txt b/modules/etc/baseline/module-list.txt
index 46819c424f..290598930c 100644
--- a/modules/etc/baseline/module-list.txt
+++ b/modules/etc/baseline/module-list.txt
@@ -79,6 +79,7 @@
 /org/apache/camel/component/script/main/camel-script-2.15.2.jar
 /org/apache/camel/component/servlet/main/camel-servlet-2.15.2.jar
 /org/apache/camel/component/soap/main/camel-soap-2.15.2.jar
+/org/apache/camel/component/spring/security/main/camel-spring-security-2.15.2.jar
 /org/apache/camel/component/sql/main/camel-sql-2.15.2.jar
 /org/apache/camel/component/swagger/main/camel-swagger-2.15.2.jar
 /org/apache/camel/component/swagger/main/swagger-annotations-1.3.12.jar
@@ -156,5 +157,7 @@
 /org/springframework/jdbc/main/spring-jdbc-4.1.6.RELEASE.jar
 /org/springframework/jms/main/spring-jms-4.1.6.RELEASE.jar
 /org/springframework/orm/main/spring-orm-4.1.6.RELEASE.jar
+/org/springframework/security/main/spring-security-config-3.2.5.RELEASE.jar
+/org/springframework/security/main/spring-security-core-3.2.5.RELEASE.jar
 /org/springframework/spring-messaging/main/spring-messaging-4.1.6.RELEASE.jar
 /org/springframework/tx/main/spring-tx-4.1.6.RELEASE.jar
diff --git a/modules/etc/generated/wildfly/modules/system/layers/fuse/org/apache/camel/component/spring/security/main/module.xml b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/apache/camel/component/spring/security/main/module.xml
new file mode 100644
index 0000000000..4f8187366d
--- /dev/null
+++ b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/apache/camel/component/spring/security/main/module.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module xmlns="urn:jboss:module:1.1" name="org.apache.camel.component.spring.security">
+  <resources>
+    <resource-root path="camel-spring-security-2.15.2.jar" />
+  </resources>
+  <dependencies>
+    <module name="javax.api" />
+    <module name="org.slf4j" />
+    <module name="org.springframework.security" export="true" />
+    <module name="javax.xml.bind.api" />
+    <module name="org.apache.camel.core" />
+    <module name="org.apache.camel.spring" />
+    <module name="org.apache.commons.logging" />
+  </dependencies>
+</module>
diff --git a/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/security/main/module.xml b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/security/main/module.xml
new file mode 100644
index 0000000000..2ff50179f9
--- /dev/null
+++ b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/security/main/module.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module xmlns="urn:jboss:module:1.1" name="org.springframework.security">
+  <resources>
+    <resource-root path="spring-security-config-3.2.5.RELEASE.jar" />
+    <resource-root path="spring-security-core-3.2.5.RELEASE.jar" />
+  </resources>
+  <dependencies>
+    <module name="javax.api" />
+    <module name="org.apache.commons.logging" />
+    <module name="javax.servlet.api" />
+    <module name="org.springframework.aop" />
+    <module name="org.springframework.beans" />
+    <module name="org.springframework.context" />
+    <module name="org.springframework.core" />
+  </dependencies>
+</module>
diff --git a/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml
deleted file mode 100644
index 0f0298ddd2..0000000000
--- a/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  #%L
-  Wildfly Camel :: Patch
-  %%
-  Copyright (C) 2013 - 2014 RedHat
-  %%
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-  
-       http://www.apache.org/licenses/LICENSE-2.0
-  
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
-  #L%
-  -->
-
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.springframework.spring">
-
-    <dependencies>
-        <module name="org.springframework.beans" export="true">
-            <imports>
-                <include path="META-INF" />
-            </imports>
-            <exports>
-                <include path="META-INF" />
-            </exports>
-        </module>
-        <module name="org.springframework.context" export="true">
-            <imports>
-                <include path="META-INF" />
-            </imports>
-            <exports>
-                <include path="META-INF" />
-            </exports>
-        </module>
-        <module name="org.springframework.core" export="true">
-            <imports>
-                <include path="META-INF" />
-            </imports>
-            <exports>
-                <include path="META-INF" />
-            </exports>
-        </module>
-    </dependencies>
-
-</module>
diff --git a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/apache/camel/component/main/module.xml b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/apache/camel/component/main/module.xml
index 67f2b34f85..b3c72c6ac7 100644
--- a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/apache/camel/component/main/module.xml
+++ b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/apache/camel/component/main/module.xml
@@ -68,6 +68,7 @@
         <module name="org.apache.camel.component.script" export="true" services="export" />
         <module name="org.apache.camel.component.servlet" export="true" services="export" />
         <module name="org.apache.camel.component.soap" export="true" services="export" />
+        <module name="org.apache.camel.component.spring.security" export="true" services="export" />
         <module name="org.apache.camel.component.sql" export="true" services="export" />
         <module name="org.apache.camel.component.swagger" export="true" services="export" />
         <module name="org.apache.camel.component.tagsoup" export="true" services="export" />
diff --git a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml
index 0f0298ddd2..a9f452391b 100644
--- a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml
+++ b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml
@@ -19,9 +19,9 @@
   #L%
   -->
 
-
-
-
+<!-- 
+    This is referenced in the base layer from org.apache.cxf as an optional dependency 
+-->
 <module xmlns="urn:jboss:module:1.1" name="org.springframework.spring">
 
     <dependencies>
diff --git a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/wildfly/extension/camel/main/module.xml b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/wildfly/extension/camel/main/module.xml
index 14fee8bab8..17c1259953 100644
--- a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/wildfly/extension/camel/main/module.xml
+++ b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/wildfly/extension/camel/main/module.xml
@@ -57,6 +57,7 @@
         <module name="org.springframework.beans"/>
         <module name="org.springframework.core"/>
         <module name="org.springframework.context"/>
+        <module name="org.springframework.security"/>
         <module name="org.springframework.tx"/>
         <module name="org.slf4j"/>
     </dependencies>
diff --git a/modules/etc/smartics/camel-modules.xml b/modules/etc/smartics/camel-modules.xml
index 53ca46d61c..43fa662b27 100644
--- a/modules/etc/smartics/camel-modules.xml
+++ b/modules/etc/smartics/camel-modules.xml
@@ -612,6 +612,19 @@
         </exports>
     </module>
     
+    <module name="org.apache.camel.component.spring.security">
+        <include artifact="org.apache.camel:camel-spring-security" />
+        <apply-to-dependencies skip="true">
+            <include module="org.apache.camel.apt" />
+            <include module="org.springframework.security" />
+        </apply-to-dependencies>
+        <dependencies>
+            <module name="javax.api"/>
+            <module name="org.slf4j"/>
+            <module name="org.springframework.security" export="true"/>
+        </dependencies>
+    </module>
+    
     <module name="org.apache.camel.component.sql">
         <include artifact="org.apache.camel:camel-sql" />
         <apply-to-dependencies skip="true">
diff --git a/modules/etc/smartics/spring-modules.xml b/modules/etc/smartics/spring-modules.xml
index 74ade2981a..3a876beeca 100644
--- a/modules/etc/smartics/spring-modules.xml
+++ b/modules/etc/smartics/spring-modules.xml
@@ -21,7 +21,7 @@
 <modules xmlns="http://smartics.de/ns/jboss-modules-descriptor/2">
 
     <module name="org.springframework.aop">
-        <include artifact="org.springframework:spring-aop" />
+        <include artifact=":spring-aop" />
         <include artifact=":aopalliance" />
         <dependencies>
             <module name="javax.api" />
@@ -30,7 +30,7 @@
     </module>
     
     <module name="org.springframework.beans">
-        <include artifact="org.springframework:spring-beans" />
+        <include artifact=":spring-beans" />
         <dependencies>
             <module name="javax.api" />
             <module name="org.apache.commons.logging" />
@@ -40,7 +40,7 @@
     </module>
     
     <module name="org.springframework.context">
-        <include artifact="org.springframework:spring-context" />
+        <include artifact=":spring-context" />
         <dependencies>
             <module name="javax.api" />
             <module name="org.apache.commons.logging" />
@@ -49,7 +49,7 @@
     </module>
     
     <module name="org.springframework.core">
-        <include artifact="org.springframework:spring-core" />
+        <include artifact=":spring-core" />
         <dependencies>
             <module name="javax.api" />
             <module name="org.jboss.vfs" />
@@ -57,7 +57,7 @@
     </module>
     
     <module name="org.springframework.expression">
-        <include artifact="org.springframework:spring-expression" />
+        <include artifact=":spring-expression" />
         <dependencies>
             <module name="javax.api" />
             <module name="org.apache.commons.logging" />
@@ -65,7 +65,7 @@
     </module>
     
     <module name="org.springframework.jdbc">
-        <include artifact="org.springframework:spring-jdbc" />
+        <include artifact=":spring-jdbc" />
         <dependencies>
             <module name="javax.api" />
             <module name="org.apache.commons.logging" />
@@ -73,7 +73,7 @@
     </module>
     
     <module name="org.springframework.jms">
-        <include artifact="org.springframework:spring-jms" />
+        <include artifact=":spring-jms" />
         <dependencies>
             <module name="javax.api" />
             <module name="org.apache.commons.logging" />
@@ -81,7 +81,7 @@
     </module>
     
     <module name="org.springframework.orm">
-        <include artifact="org.springframework:spring-orm" />
+        <include artifact=":spring-orm" />
         <dependencies>
             <module name="javax.api" />
             <module name="javax.persistence.api" />
@@ -89,8 +89,17 @@
         </dependencies>
     </module>
     
+    <module name="org.springframework.security">
+        <include artifact=":spring-security-config" />
+        <include artifact=":spring-security-core" />
+        <dependencies>
+            <module name="javax.api" />
+            <module name="org.apache.commons.logging" />
+        </dependencies>
+    </module>
+    
     <module name="org.springframework.tx">
-        <include artifact="org.springframework:spring-tx" />
+        <include artifact=":spring-tx" />
         <dependencies>
             <module name="javax.api" />
             <module name="org.apache.commons.logging" />
diff --git a/modules/pom.xml b/modules/pom.xml
index c4edeeaca9..d9f72d7643 100644
--- a/modules/pom.xml
+++ b/modules/pom.xml
@@ -265,6 +265,11 @@
             <artifactId>camel-soap</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.camel</groupId>
+            <artifactId>camel-spring-security</artifactId>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.apache.camel</groupId>
             <artifactId>camel-sql</artifactId>
diff --git a/pom.xml b/pom.xml
index d947a78629..a9a1cbc91c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -47,6 +47,8 @@
         
         <!-- Camel version -->
         <version.apache.camel>2.15.2</version.apache.camel>
+        <!-- [#726] Remove explicit spring-security version -->
+        <version.spring.security>3.2.5.RELEASE</version.spring.security>
         
         <!-- WildFly versions -->
         <version.wildfly>9.0.0.CR1</version.wildfly>
@@ -161,6 +163,11 @@
                 <scope>import</scope>
                 <type>pom</type>
             </dependency>
+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-core</artifactId>
+                <version>${version.spring.security}</version>
+            </dependency>
 
             <!-- Xmlbeans -->
             <dependency>
diff --git a/subsystem/pom.xml b/subsystem/pom.xml
index 357bd52066..b3420cb1c8 100644
--- a/subsystem/pom.xml
+++ b/subsystem/pom.xml
@@ -70,6 +70,10 @@
             <groupId>org.jboss.shrinkwrap</groupId>
             <artifactId>shrinkwrap-impl-base</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+        </dependency>
         
         <!-- Test -->
         <dependency>
diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/Authentication.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/Authentication.java
new file mode 100644
index 0000000000..a9dd76d844
--- /dev/null
+++ b/subsystem/src/main/java/org/wildfly/extension/camel/security/Authentication.java
@@ -0,0 +1,33 @@
+/*
+ * #%L
+ * Wildfly Camel :: Subsystem
+ * %%
+ * Copyright (C) 2013 - 2014 RedHat
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+
+package org.wildfly.extension.camel.security;
+
+
+
+/**
+ * An authetication marker interface
+ *
+ * @author Thomas.Diesler@jboss.com
+ * @since 03-Jul-2015
+ */
+public interface Authentication {
+
+}
diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/AuthorizationPolicy.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/AuthorizationPolicy.java
deleted file mode 100644
index 1ca668e7c9..0000000000
--- a/subsystem/src/main/java/org/wildfly/extension/camel/security/AuthorizationPolicy.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * #%L
- * Wildfly Camel :: Subsystem
- * %%
- * Copyright (C) 2013 - 2014 RedHat
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * #L%
- */
-
-package org.wildfly.extension.camel.security;
-
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.apache.camel.Exchange;
-import org.apache.camel.Processor;
-import org.apache.camel.model.ProcessorDefinition;
-import org.apache.camel.spi.Policy;
-import org.apache.camel.spi.RouteContext;
-
-
-/**
- * Provides access RunAs login policy
- *
- * @author Thomas.Diesler@jboss.com
- * @since 08-May-2015
- */
-public class AuthorizationPolicy implements Policy {
-
-    private final LoginContext loginContext;
-
-    public AuthorizationPolicy(String username, String password) throws LoginException {
-        loginContext = ClientLoginContext.newLoginContext(username, password);
-    }
-
-    @Override
-    public void beforeWrap(RouteContext routeContext, ProcessorDefinition<?> definition) {
-    }
-
-    @Override
-    public Processor wrap(final RouteContext routeContext, final Processor processor) {
-        return new Processor() {
-            @Override
-            public void process(Exchange exchange) throws Exception {
-                loginContext.login();
-                try {
-                    processor.process(exchange);
-                } finally {
-                    loginContext.logout();
-                }
-            }
-        };
-    }
-
-}
diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginAuthorizationPolicy.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginAuthorizationPolicy.java
new file mode 100644
index 0000000000..bd6764d948
--- /dev/null
+++ b/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginAuthorizationPolicy.java
@@ -0,0 +1,87 @@
+/*
+ * #%L
+ * Wildfly Camel :: Subsystem
+ * %%
+ * Copyright (C) 2013 - 2014 RedHat
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+
+package org.wildfly.extension.camel.security;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.camel.Exchange;
+import org.apache.camel.Processor;
+import org.apache.camel.model.ProcessorDefinition;
+import org.apache.camel.spi.AuthorizationPolicy;
+import org.apache.camel.spi.RouteContext;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+
+
+/**
+ * Provides access to RunAs login policy
+ *
+ * @author Thomas.Diesler@jboss.com
+ * @since 08-May-2015
+ */
+public class ClientLoginAuthorizationPolicy implements AuthorizationPolicy {
+
+    @Override
+    public void beforeWrap(RouteContext routeContext, ProcessorDefinition<?> definition) {
+    }
+
+    @Override
+    public Processor wrap(final RouteContext routeContext, final Processor processor) {
+        return new Processor() {
+            @Override
+            public void process(Exchange exchange) throws Exception {
+                Subject subject = exchange.getIn().getHeader(Exchange.AUTHENTICATION, Subject.class);
+                if (subject == null) {
+                    throw new SecurityException("Cannot obtain authentication subject from exchange: " + exchange);
+                }
+                String username = null;
+                char[] password = null;
+                for (Principal principal : subject.getPrincipals()) {
+                    if (principal instanceof UsernamePasswordAuthentication) {
+                        username = principal.getName();
+                        password = ((UsernamePasswordAuthentication) principal).getPassword();
+                    } else if (principal instanceof UsernamePasswordAuthenticationToken) {
+                        username = principal.getName();
+                        Object credentials = ((UsernamePasswordAuthenticationToken) principal).getCredentials();
+                        if (credentials instanceof String) {
+                            password = ((String) credentials).toCharArray();
+                        } else if (credentials instanceof char[]) {
+                            password = (char[]) credentials;
+                        }
+                    }
+                }
+                if (username == null || password == null) {
+                    throw new SecurityException("Cannot obtain credentials from exchange: " + exchange);
+                }
+                LoginContext loginContext = ClientLoginContext.newLoginContext(username, password);
+                loginContext.login();
+                try {
+                    processor.process(exchange);
+                } finally {
+                    loginContext.logout();
+                }
+            }
+        };
+    }
+
+}
diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginContext.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginContext.java
index a927dc718b..bf1b638fb7 100644
--- a/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginContext.java
+++ b/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginContext.java
@@ -51,7 +51,7 @@ public final class ClientLoginContext {
     private ClientLoginContext() {
     }
 
-    public static LoginContext newLoginContext(final String username, final String password) throws LoginException {
+    public static LoginContext newLoginContext(final String username, final char[] password) throws LoginException {
         final String configurationName = "WildFly-Camel";
         CallbackHandler cbh = new CallbackHandler() {
             public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
@@ -59,7 +59,7 @@ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallback
                     if (current instanceof NameCallback) {
                         ((NameCallback) current).setName(username);
                     } else if (current instanceof PasswordCallback) {
-                        ((PasswordCallback) current).setPassword(password.toCharArray());
+                        ((PasswordCallback) current).setPassword(password);
                     } else {
                         throw new UnsupportedCallbackException(current);
                     }
diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/UsernamePasswordAuthentication.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/UsernamePasswordAuthentication.java
new file mode 100644
index 0000000000..34f4cc049c
--- /dev/null
+++ b/subsystem/src/main/java/org/wildfly/extension/camel/security/UsernamePasswordAuthentication.java
@@ -0,0 +1,54 @@
+/*
+ * #%L
+ * Wildfly Camel :: Subsystem
+ * %%
+ * Copyright (C) 2013 - 2014 RedHat
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+
+package org.wildfly.extension.camel.security;
+
+import java.security.Principal;
+
+import org.jboss.gravia.utils.IllegalArgumentAssertion;
+
+
+/**
+ * A username password authentication token
+ *
+ * @author Thomas.Diesler@jboss.com
+ * @since 03-Jul-2015
+ */
+public class UsernamePasswordAuthentication implements Authentication, Principal {
+
+    private final String username;
+    private final char[] password;
+
+    public UsernamePasswordAuthentication(String username, char[] password) {
+        IllegalArgumentAssertion.assertNotNull(username, "username");
+        IllegalArgumentAssertion.assertNotNull(password, "password");
+        this.username = username;
+        this.password = password;
+    }
+
+    @Override
+    public String getName() {
+        return username;
+    }
+
+    public char[] getPassword() {
+        return password;
+    }
+}