Best way to implement an ACL on an ESB

I am currently trying to implement an ACL on an ESB (Camel apps on Servicemix) which will enable each service artifact to decide if current user is a valid user and if it has required priviledge to access the service. I have decided to use the RBAC (Please, kindly recommend if there are superior models) model. My actual headache is how to implement the model, service call vs in memory. Making a network service call for each verification/authentication is definately too much for this as the ACL server (Which has the business logic) will be implement as a service to other artifacts for re-usability. The alternate is to implement locally and verify from database or memory. What are the popular ways this type of problems are being solv开发者_JAVA技巧ed?

I used spring security together with Apache Camel to secure camel apps. Spring security allows to attach to a lot of backends and has nice ways to integrate authentication and authorization into your camel routes and services.

I did an example for Talend where I used role based authorization with annotations on the methods of a service.

See https://github.com/Talend/tif/tree/master/examples/spring-security

The example runs in a web container and in an OSGi container like Karaf and is apache licensed.