camel-xmlsecurity-sign-kafka-connector sink configuration
Connector Description: Sign XML payloads using the XML signature specification.
When using camel-xmlsecurity-sign-kafka-connector as sink make sure to use the following Maven dependency to have support for the connector:
<dependency>
<groupId>org.apache.camel.kafkaconnector</groupId>
<artifactId>camel-xmlsecurity-sign-kafka-connector</artifactId>
<version>x.x.x</version>
<!-- use the same version as your Camel Kafka connector version -->
</dependency>
To use this Sink connector in Kafka connect you’ll need to set the following connector.class
connector.class=org.apache.camel.kafkaconnector.xmlsecuritysign.CamelXmlsecuritysignSinkConnector
The camel-xmlsecurity-sign sink connector supports 57 options, which are listed below.
Name | Description | Default | Required | Priority |
---|---|---|---|---|
camel.sink.path.name |
The name part in the URI can be chosen by the user to distinguish between different signer endpoints within the camel context. |
null |
true |
HIGH |
camel.sink.endpoint.addKeyInfoReference |
In order to protect the KeyInfo element from tampering you can add a reference to the signed info element so that it is protected via the signature value. The default value is true. Only relevant when a KeyInfo is returned by KeyAccessor. and KeyInfo#getId() is not null. |
"true" |
false |
MEDIUM |
camel.sink.endpoint.baseUri |
You can set a base URI which is used in the URI dereferencing. Relative URIs are then concatenated with the base URI. |
null |
false |
MEDIUM |
camel.sink.endpoint.canonicalizationMethod |
Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods XmlSignatureHelper.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, List inclusiveNamespacePrefixes) to create a canonicalization method. |
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" |
false |
MEDIUM |
camel.sink.endpoint.clearHeaders |
Determines if the XML signature specific headers be cleared after signing and verification. Defaults to true. |
"true" |
false |
MEDIUM |
camel.sink.endpoint.contentObjectId |
Sets the content object Id attribute value. By default a UUID is generated. If you set the null value, then a new UUID will be generated. Only used in the enveloping case. |
null |
false |
MEDIUM |
camel.sink.endpoint.contentReferenceType |
Type of the content reference. The default value is null. This value can be overwritten by the header XmlSignatureConstants#HEADER_CONTENT_REFERENCE_TYPE. |
null |
false |
MEDIUM |
camel.sink.endpoint.contentReferenceUri |
Reference URI for the content to be signed. Only used in the enveloped case. If the reference URI contains an ID attribute value, then the resource schema URI ( setSchemaResourceUri(String)) must also be set because the schema validator will then find out which attributes are ID attributes. Will be ignored in the enveloping or detached case. |
null |
false |
MEDIUM |
camel.sink.endpoint.cryptoContextProperties |
Sets the crypto context properties. See {link XMLCryptoContext#setProperty(String, Object)}. Possible properties are defined in XMLSignContext an XMLValidateContext (see Supported Properties). The following properties are set by default to the value Boolean#TRUE for the XML validation. If you want to switch these features off you must set the property value to Boolean#FALSE. org.jcp.xml.dsig.validateManifests javax.xml.crypto.dsig.cacheReference |
null |
false |
MEDIUM |
camel.sink.endpoint.digestAlgorithm |
Digest algorithm URI. Optional parameter. This digest algorithm is used for calculating the digest of the input message. If this digest algorithm is not specified then the digest algorithm is calculated from the signature algorithm. Example: http://www.w3.org/2001/04/xmlenc#sha256 |
null |
false |
MEDIUM |
camel.sink.endpoint.disallowDoctypeDecl |
Disallows that the incoming XML document contains DTD DOCTYPE declaration. The default value is Boolean#TRUE. |
"true" |
false |
MEDIUM |
camel.sink.endpoint.keyAccessor |
For the signing process, a private key is necessary. You specify a key accessor bean which provides this private key. The key accessor bean must implement the KeyAccessor interface. The package org.apache.camel.component.xmlsecurity.api contains the default implementation class DefaultKeyAccessor which reads the private key from a Java keystore. |
null |
false |
MEDIUM |
camel.sink.endpoint.lazyStartProducer |
Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing. |
false |
false |
MEDIUM |
camel.sink.endpoint.omitXmlDeclaration |
Indicator whether the XML declaration in the outgoing message body should be omitted. Default value is false. Can be overwritten by the header XmlSignatureConstants#HEADER_OMIT_XML_DECLARATION. |
"false" |
false |
MEDIUM |
camel.sink.endpoint.outputXmlEncoding |
The character encoding of the resulting signed XML document. If null then the encoding of the original XML document is used. |
null |
false |
MEDIUM |
camel.sink.endpoint.parentLocalName |
Local name of the parent element to which the XML signature element will be added. Only relevant for enveloped XML signature. Alternatively you can also use setParentXpath(XPathFilterParameterSpec). Default value is null. The value must be null for enveloping and detached XML signature. This parameter or the parameter setParentXpath(XPathFilterParameterSpec) for enveloped signature and the parameter setXpathsToIdAttributes(List) for detached signature must not be set in the same configuration. If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown. |
null |
false |
MEDIUM |
camel.sink.endpoint.parentNamespace |
Namespace of the parent element to which the XML signature element will be added. |
null |
false |
MEDIUM |
camel.sink.endpoint.parentXpath |
Sets the XPath to find the parent node in the enveloped case. Either you specify the parent node via this method or the local name and namespace of the parent with the methods setParentLocalName(String) and setParentNamespace(String). Default value is null. The value must be null for enveloping and detached XML signature. If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown. |
null |
false |
MEDIUM |
camel.sink.endpoint.plainText |
Indicator whether the message body contains plain text. The default value is false, indicating that the message body contains XML. The value can be overwritten by the header XmlSignatureConstants#HEADER_MESSAGE_IS_PLAIN_TEXT. |
"false" |
false |
MEDIUM |
camel.sink.endpoint.plainTextEncoding |
Encoding of the plain text. Only relevant if the message body is plain text (see parameter plainText. Default value is UTF-8. |
"UTF-8" |
false |
MEDIUM |
camel.sink.endpoint.prefixForXmlSignatureNamespace |
Namespace prefix for the XML signature namespace http://www.w3.org/2000/09/xmldsig#. Default value is ds. If null or an empty value is set then no prefix is used for the XML signature namespace. See best practice http://www.w3.org/TR/xmldsig-bestpractices/#signing-xml- without-namespaces |
"ds" |
false |
MEDIUM |
camel.sink.endpoint.properties |
For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface. |
null |
false |
MEDIUM |
camel.sink.endpoint.schemaResourceUri |
Classpath to the XML Schema. Must be specified in the detached XML Signature case for determining the ID attributes, might be set in the enveloped and enveloping case. If set, then the XML document is validated with the specified XML schema. The schema resource URI can be overwritten by the header XmlSignatureConstants#HEADER_SCHEMA_RESOURCE_URI. |
null |
false |
MEDIUM |
camel.sink.endpoint.signatureAlgorithm |
Signature algorithm. Default value is http://www.w3.org/2000/09/xmldsig#rsa-sha1. |
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" |
false |
MEDIUM |
camel.sink.endpoint.signatureId |
Sets the signature Id. If this parameter is not set (null value) then a unique ID is generated for the signature ID (default). If this parameter is set to (empty string) then no Id attribute is created in the signature element. |
null |
false |
MEDIUM |
camel.sink.endpoint.transformMethods |
Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods. |
null |
false |
MEDIUM |
camel.sink.endpoint.xpathsToIdAttributes |
Define the elements which are signed in the detached case via XPATH expressions to ID attributes (attributes of type ID). For each element found via the XPATH expression a detached signature is created whose reference URI contains the corresponding attribute value (preceded by '#'). The signature becomes the last sibling of the signed element. Elements with deeper hierarchy level are signed first. You can also set the XPATH list dynamically via the header XmlSignatureConstants#HEADER_XPATHS_TO_ID_ATTRIBUTES. The parameter setParentLocalName(String) or setParentXpath(XPathFilterParameterSpec) for enveloped signature and this parameter for detached signature must not be set in the same configuration. |
null |
false |
MEDIUM |
camel.sink.endpoint.uriDereferencer |
If you want to restrict the remote access via reference URIs, you can set an own dereferencer. Optional parameter. If not set the provider default dereferencer is used which can resolve URI fragments, HTTP, file and XPpointer URIs. Attention: The implementation is provider dependent! |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.addKeyInfo Reference |
In order to protect the KeyInfo element from tampering you can add a reference to the signed info element so that it is protected via the signature value. The default value is true. Only relevant when a KeyInfo is returned by KeyAccessor. and KeyInfo#getId() is not null. |
"true" |
false |
MEDIUM |
camel.component.xmlsecurity-sign.baseUri |
You can set a base URI which is used in the URI dereferencing. Relative URIs are then concatenated with the base URI. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.canonicalization Method |
Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods XmlSignatureHelper.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, List inclusiveNamespacePrefixes) to create a canonicalization method. |
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" |
false |
MEDIUM |
camel.component.xmlsecurity-sign.clearHeaders |
Determines if the XML signature specific headers be cleared after signing and verification. Defaults to true. |
"true" |
false |
MEDIUM |
camel.component.xmlsecurity-sign.contentObjectId |
Sets the content object Id attribute value. By default a UUID is generated. If you set the null value, then a new UUID will be generated. Only used in the enveloping case. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.contentReference Type |
Type of the content reference. The default value is null. This value can be overwritten by the header XmlSignatureConstants#HEADER_CONTENT_REFERENCE_TYPE. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.contentReference Uri |
Reference URI for the content to be signed. Only used in the enveloped case. If the reference URI contains an ID attribute value, then the resource schema URI ( setSchemaResourceUri(String)) must also be set because the schema validator will then find out which attributes are ID attributes. Will be ignored in the enveloping or detached case. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.cryptoContext Properties |
Sets the crypto context properties. See {link XMLCryptoContext#setProperty(String, Object)}. Possible properties are defined in XMLSignContext an XMLValidateContext (see Supported Properties). The following properties are set by default to the value Boolean#TRUE for the XML validation. If you want to switch these features off you must set the property value to Boolean#FALSE. org.jcp.xml.dsig.validateManifests javax.xml.crypto.dsig.cacheReference |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.digestAlgorithm |
Digest algorithm URI. Optional parameter. This digest algorithm is used for calculating the digest of the input message. If this digest algorithm is not specified then the digest algorithm is calculated from the signature algorithm. Example: http://www.w3.org/2001/04/xmlenc#sha256 |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.disallowDoctype Decl |
Disallows that the incoming XML document contains DTD DOCTYPE declaration. The default value is Boolean#TRUE. |
"true" |
false |
MEDIUM |
camel.component.xmlsecurity-sign.keyAccessor |
For the signing process, a private key is necessary. You specify a key accessor bean which provides this private key. The key accessor bean must implement the KeyAccessor interface. The package org.apache.camel.component.xmlsecurity.api contains the default implementation class DefaultKeyAccessor which reads the private key from a Java keystore. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.lazyStartProducer |
Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing. |
false |
false |
MEDIUM |
camel.component.xmlsecurity-sign.omitXml Declaration |
Indicator whether the XML declaration in the outgoing message body should be omitted. Default value is false. Can be overwritten by the header XmlSignatureConstants#HEADER_OMIT_XML_DECLARATION. |
"false" |
false |
MEDIUM |
camel.component.xmlsecurity-sign.outputXmlEncoding |
The character encoding of the resulting signed XML document. If null then the encoding of the original XML document is used. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.parentLocalName |
Local name of the parent element to which the XML signature element will be added. Only relevant for enveloped XML signature. Alternatively you can also use setParentXpath(XPathFilterParameterSpec). Default value is null. The value must be null for enveloping and detached XML signature. This parameter or the parameter setParentXpath(XPathFilterParameterSpec) for enveloped signature and the parameter setXpathsToIdAttributes(List) for detached signature must not be set in the same configuration. If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.parentNamespace |
Namespace of the parent element to which the XML signature element will be added. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.parentXpath |
Sets the XPath to find the parent node in the enveloped case. Either you specify the parent node via this method or the local name and namespace of the parent with the methods setParentLocalName(String) and setParentNamespace(String). Default value is null. The value must be null for enveloping and detached XML signature. If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.plainText |
Indicator whether the message body contains plain text. The default value is false, indicating that the message body contains XML. The value can be overwritten by the header XmlSignatureConstants#HEADER_MESSAGE_IS_PLAIN_TEXT. |
"false" |
false |
MEDIUM |
camel.component.xmlsecurity-sign.plainTextEncoding |
Encoding of the plain text. Only relevant if the message body is plain text (see parameter plainText. Default value is UTF-8. |
"UTF-8" |
false |
MEDIUM |
camel.component.xmlsecurity-sign.prefixForXml SignatureNamespace |
Namespace prefix for the XML signature namespace http://www.w3.org/2000/09/xmldsig#. Default value is ds. If null or an empty value is set then no prefix is used for the XML signature namespace. See best practice http://www.w3.org/TR/xmldsig-bestpractices/#signing-xml- without-namespaces |
"ds" |
false |
MEDIUM |
camel.component.xmlsecurity-sign.properties |
For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.schemaResourceUri |
Classpath to the XML Schema. Must be specified in the detached XML Signature case for determining the ID attributes, might be set in the enveloped and enveloping case. If set, then the XML document is validated with the specified XML schema. The schema resource URI can be overwritten by the header XmlSignatureConstants#HEADER_SCHEMA_RESOURCE_URI. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.signature Algorithm |
Signature algorithm. Default value is http://www.w3.org/2000/09/xmldsig#rsa-sha1. |
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" |
false |
MEDIUM |
camel.component.xmlsecurity-sign.signatureId |
Sets the signature Id. If this parameter is not set (null value) then a unique ID is generated for the signature ID (default). If this parameter is set to (empty string) then no Id attribute is created in the signature element. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.transformMethods |
Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.xpathsToId Attributes |
Define the elements which are signed in the detached case via XPATH expressions to ID attributes (attributes of type ID). For each element found via the XPATH expression a detached signature is created whose reference URI contains the corresponding attribute value (preceded by '#'). The signature becomes the last sibling of the signed element. Elements with deeper hierarchy level are signed first. You can also set the XPATH list dynamically via the header XmlSignatureConstants#HEADER_XPATHS_TO_ID_ATTRIBUTES. The parameter setParentLocalName(String) or setParentXpath(XPathFilterParameterSpec) for enveloped signature and this parameter for detached signature must not be set in the same configuration. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.autowiredEnabled |
Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which then gets configured on the component. This can be used for automatic configuring JDBC data sources, JMS connection factories, AWS Clients, etc. |
true |
false |
MEDIUM |
camel.component.xmlsecurity-sign.signer Configuration |
To use a shared XmlSignerConfiguration configuration to use as base for configuring endpoints. |
null |
false |
MEDIUM |
camel.component.xmlsecurity-sign.uriDereferencer |
If you want to restrict the remote access via reference URIs, you can set an own dereferencer. Optional parameter. If not set the provider default dereferencer is used which can resolve URI fragments, HTTP, file and XPpointer URIs. Attention: The implementation is provider dependent! |
null |
false |
MEDIUM |
The camel-xmlsecurity-sign sink connector has no converters out of the box.
The camel-xmlsecurity-sign sink connector has no transforms out of the box.
The camel-xmlsecurity-sign sink connector has no aggregation strategies out of the box.