14 Securing Camel
This chapter covers
- Securing your Camel configuration
- Web service security
- Transport security
- Encryption and decryption
- Signing messages
- Authentication and authorization
Security in enterprise applications seems to become more and more important every year. As mobile and web access endpoints are the preferred method of access for customers, applications are becoming more open to the greater internet and consequently more open to attack. Unauthorized access to these exposed endpoints can become a costly thing to deal with. For example, having private customer data leaked on the internet has plagued retailers in recent years. These events definitely have an impact on the current and future bottom line of a company’s finances.
With that said, it’s important to note that Camel is by default not secured! There’s a good reason for this: application security has many angles, and not all may be applicable to every use case. For instance, you probably don’t need to encrypt your payload if the communication link is within your company’s VPN. But authentication and authorization may be needed. Camel can help you implement as much or as little security as you require, with relative ease. We say relative because security configuration can become quite complex just by its nature.