This is an automated email from the ASF dual-hosted git repository.
fmariani pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 7b5b8c0283c0 chore: default authentication path to /* in
platform-http-main
7b5b8c0283c0 is described below
commit 7b5b8c0283c0ab8d703d868ded7614018762a553
Author: Croway <[email protected]>
AuthorDate: Tue Apr 7 16:54:16 2026 +0200
chore: default authentication path to /* in platform-http-main
---
.../BasicAuthenticationConfigurer.java | 15 +--
.../JWTAuthenticationConfigurer.java | 16 +---
.../MainAuthenticationConfigurer.java | 12 +++
.../BasicAuthenticationNonRootPathTest.java | 88 +++++++++++++++++
.../BasicAuthenticationSelectivePathTest.java | 104 +++++++++++++++++++++
.../basic-auth-nonroot-path-selective.properties | 22 +++++
.../resources/basic-auth-nonroot-path.properties | 21 +++++
.../ROOT/pages/camel-4x-upgrade-guide-4_19.adoc | 15 +++
8 files changed, 266 insertions(+), 27 deletions(-)
diff --git
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationConfigurer.java
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationConfigurer.java
index bef37925b863..b36e294e4464 100644
---
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationConfigurer.java
+++
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationConfigurer.java
@@ -26,7 +26,6 @@ import
org.apache.camel.main.HttpManagementServerConfigurationProperties;
import org.apache.camel.main.HttpServerConfigurationProperties;
import static io.vertx.ext.web.handler.BasicAuthHandler.DEFAULT_REALM;
-import static org.apache.camel.util.ObjectHelper.isNotEmpty;
public class BasicAuthenticationConfigurer implements
MainAuthenticationConfigurer {
@@ -35,12 +34,7 @@ public class BasicAuthenticationConfigurer implements
MainAuthenticationConfigur
AuthenticationConfig authenticationConfig,
HttpServerConfigurationProperties properties) {
String authPropertiesFileName = properties.getBasicPropertiesFile();
- String path
- = isNotEmpty(properties.getAuthenticationPath()) ?
properties.getAuthenticationPath() : properties.getPath();
- // root means to authenticate everything
- if ("/".equals(path)) {
- path = "/*";
- }
+ String path =
resolveAuthenticationPath(properties.getAuthenticationPath(),
properties.getPath());
String realm = properties.getAuthenticationRealm() != null ?
properties.getAuthenticationRealm() : DEFAULT_REALM;
AuthenticationConfigEntry entry = new AuthenticationConfigEntry();
@@ -64,12 +58,7 @@ public class BasicAuthenticationConfigurer implements
MainAuthenticationConfigur
AuthenticationConfig authenticationConfig,
HttpManagementServerConfigurationProperties properties) {
String authPropertiesFileName = properties.getBasicPropertiesFile();
- String path
- = isNotEmpty(properties.getAuthenticationPath()) ?
properties.getAuthenticationPath() : properties.getPath();
- // root means to authenticate everything
- if ("/".equals(path)) {
- path = "/*";
- }
+ String path =
resolveAuthenticationPath(properties.getAuthenticationPath(),
properties.getPath());
String realm = properties.getAuthenticationRealm() != null ?
properties.getAuthenticationRealm() : DEFAULT_REALM;
AuthenticationConfigEntry entry = new AuthenticationConfigEntry();
diff --git
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java
index 616161074347..03380ba21611 100644
---
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java
+++
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java
@@ -28,8 +28,6 @@ import
org.apache.camel.component.platform.http.vertx.auth.AuthenticationConfig.
import org.apache.camel.main.HttpManagementServerConfigurationProperties;
import org.apache.camel.main.HttpServerConfigurationProperties;
-import static org.apache.camel.util.ObjectHelper.isNotEmpty;
-
public class JWTAuthenticationConfigurer implements
MainAuthenticationConfigurer {
@Override
@@ -37,12 +35,7 @@ public class JWTAuthenticationConfigurer implements
MainAuthenticationConfigurer
AuthenticationConfig authenticationConfig,
HttpServerConfigurationProperties properties) {
- String path
- = isNotEmpty(properties.getAuthenticationPath()) ?
properties.getAuthenticationPath() : properties.getPath();
- // root means to authenticate everything
- if ("/".equals(path)) {
- path = "/*";
- }
+ String path =
resolveAuthenticationPath(properties.getAuthenticationPath(),
properties.getPath());
String realm = properties.getAuthenticationRealm() != null ?
properties.getAuthenticationRealm() : null;
AuthenticationConfigEntry entry = new AuthenticationConfigEntry();
@@ -72,12 +65,7 @@ public class JWTAuthenticationConfigurer implements
MainAuthenticationConfigurer
AuthenticationConfig authenticationConfig,
HttpManagementServerConfigurationProperties properties) {
- String path
- = isNotEmpty(properties.getAuthenticationPath()) ?
properties.getAuthenticationPath() : properties.getPath();
- // root means to authenticate everything
- if ("/".equals(path)) {
- path = "/*";
- }
+ String path =
resolveAuthenticationPath(properties.getAuthenticationPath(),
properties.getPath());
String realm = properties.getAuthenticationRealm() != null ?
properties.getAuthenticationRealm() : null;
AuthenticationConfigEntry entry = new AuthenticationConfigEntry();
diff --git
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/MainAuthenticationConfigurer.java
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/MainAuthenticationConfigurer.java
index 72011adc3791..2d7c26428cc2 100644
---
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/MainAuthenticationConfigurer.java
+++
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/MainAuthenticationConfigurer.java
@@ -19,6 +19,7 @@ package
org.apache.camel.component.platform.http.main.authentication;
import
org.apache.camel.component.platform.http.vertx.auth.AuthenticationConfig;
import org.apache.camel.main.HttpManagementServerConfigurationProperties;
import org.apache.camel.main.HttpServerConfigurationProperties;
+import org.apache.camel.util.ObjectHelper;
/**
* Configure authentication on the embedded HTTP server.
@@ -30,4 +31,15 @@ public interface MainAuthenticationConfigurer {
void configureAuthentication(
AuthenticationConfig authenticationConfig,
HttpManagementServerConfigurationProperties properties);
+ /**
+ * Resolves the effective authentication path. When no explicit
authentication path is configured, defaults to
+ * {@code /*} so that all subpaths under the context path are protected.
+ */
+ default String resolveAuthenticationPath(String authenticationPath, String
contextPath) {
+ if (ObjectHelper.isNotEmpty(authenticationPath)) {
+ return authenticationPath;
+ }
+ return "/*";
+ }
+
}
diff --git
a/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationNonRootPathTest.java
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationNonRootPathTest.java
new file mode 100644
index 000000000000..b997da33ec9a
--- /dev/null
+++
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationNonRootPathTest.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.platform.http.main.authentication;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.main.Main;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.equalTo;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+/**
+ * Tests that authentication is enforced on all subpaths when a non-root
context path is configured and
+ * authenticationPath is not explicitly set.
+ */
+public class BasicAuthenticationNonRootPathTest {
+
+ private static Main main;
+
+ @BeforeAll
+ static void init() {
+ main = new Main();
+
main.setPropertyPlaceholderLocations("basic-auth-nonroot-path.properties");
+ main.configure().addRoutesBuilder(new PlatformHttpRouteBuilder());
+ main.start();
+ }
+
+ @AfterAll
+ static void tearDown() {
+ main.stop();
+ }
+
+ @Test
+ public void testUnauthenticatedRequestToSubpathShouldReturn401() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ // Unauthenticated request to a subpath must be rejected
+ given()
+ .when()
+ .get("/api/hello")
+ .then()
+ .statusCode(401)
+ .body(equalTo("Unauthorized"));
+ }
+
+ @Test
+ public void testAuthenticatedRequestToSubpathShouldReturn200() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ // With valid credentials, the request should succeed
+ given()
+ .auth().basic("camel", "propertiesPass")
+ .when()
+ .get("/api/hello")
+ .then()
+ .statusCode(200)
+ .body(equalTo("hello-response"));
+ }
+
+ private static class PlatformHttpRouteBuilder extends RouteBuilder {
+
+ @Override
+ public void configure() throws Exception {
+ from("platform-http:/hello?httpMethodRestrict=GET")
+ .setBody(constant("hello-response"));
+ }
+ }
+}
diff --git
a/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationSelectivePathTest.java
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationSelectivePathTest.java
new file mode 100644
index 000000000000..5ab9d92d60f0
--- /dev/null
+++
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationSelectivePathTest.java
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.platform.http.main.authentication;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.main.Main;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.equalTo;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+/**
+ * Tests that when an explicit authenticationPath is configured (e.g.
/secure/*), only matching subpaths require
+ * authentication while other subpaths remain accessible without credentials.
+ */
+public class BasicAuthenticationSelectivePathTest {
+
+ private static Main main;
+
+ @BeforeAll
+ static void init() {
+ main = new Main();
+
main.setPropertyPlaceholderLocations("basic-auth-nonroot-path-selective.properties");
+ main.configure().addRoutesBuilder(new PlatformHttpRouteBuilder());
+ main.start();
+ }
+
+ @AfterAll
+ static void tearDown() {
+ main.stop();
+ }
+
+ @Test
+ public void testUnauthenticatedRequestToSecurePathShouldReturn401() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ // /secure/data is covered by authenticationPath=/secure/*, must
require credentials
+ given()
+ .when()
+ .get("/api/secure/data")
+ .then()
+ .statusCode(401)
+ .body(equalTo("Unauthorized"));
+ }
+
+ @Test
+ public void testAuthenticatedRequestToSecurePathShouldReturn200() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ given()
+ .auth().basic("camel", "propertiesPass")
+ .when()
+ .get("/api/secure/data")
+ .then()
+ .statusCode(200)
+ .body(equalTo("secure-data-response"));
+ }
+
+ @Test
+ public void testUnauthenticatedRequestToPublicPathShouldReturn200() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ // /public is NOT covered by authenticationPath=/secure/*, so it
should be accessible
+ given()
+ .when()
+ .get("/api/public")
+ .then()
+ .statusCode(200)
+ .body(equalTo("public-response"));
+ }
+
+ private static class PlatformHttpRouteBuilder extends RouteBuilder {
+
+ @Override
+ public void configure() throws Exception {
+ from("platform-http:/secure/data?httpMethodRestrict=GET")
+ .setBody(constant("secure-data-response"));
+
+ from("platform-http:/public?httpMethodRestrict=GET")
+ .setBody(constant("public-response"));
+ }
+ }
+}
diff --git
a/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path-selective.properties
b/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path-selective.properties
new file mode 100644
index 000000000000..6b8015a074de
--- /dev/null
+++
b/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path-selective.properties
@@ -0,0 +1,22 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+camel.server.enabled=true
+camel.server.path=/api
+
+camel.server.authenticationEnabled=true
+camel.server.authenticationPath=/secure/*
+camel.server.basicPropertiesFile=camel-platform-http-vertx-auth.properties
diff --git
a/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path.properties
b/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path.properties
new file mode 100644
index 000000000000..0d0eea81fbac
--- /dev/null
+++
b/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path.properties
@@ -0,0 +1,21 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+camel.server.enabled=true
+camel.server.path=/api
+
+camel.server.authenticationEnabled=true
+camel.server.basicPropertiesFile=camel-platform-http-vertx-auth.properties
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_19.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_19.adoc
index 1086662bbcee..6b38eb74b9b4 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_19.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_19.adoc
@@ -160,6 +160,21 @@ After:
uri: mock:end
----
+=== camel-platform-http-main
+
+When `authenticationEnabled` is set to `true` and no explicit
`authenticationPath` is configured,
+the default authentication path is now `/*`. This means all subpaths under the
configured context path
+are protected by authentication.
+
+Previously, the authentication path defaulted to the value of `path` (e.g.
`/api`), which only covered
+that exact path. If you relied on this behavior and need selective path
protection, set
+`authenticationPath` explicitly:
+
+[source,properties]
+----
+camel.server.authenticationPath=/secure/*
+----
+
=== camel-csimple (Deprecation)
The `csimple` (compiled simple) language has been deprecated. Use the `simple`
language instead.
