[jira] [Created] (CAMEL-23525) camel-platform-http-main: add optional JWT issuer and audience claim validation

Fri, 15 May 2026 04:38:07 -0700 

Andrea Cosentino created CAMEL-23525:
----------------------------------------

             Summary: camel-platform-http-main: add optional JWT issuer and 
audience claim validation
                 Key: CAMEL-23525
                 URL: https://issues.apache.org/jira/browse/CAMEL-23525
             Project: Camel
          Issue Type: Improvement
          Components: camel-platform-http
            Reporter: Andrea Cosentino


The embedded HTTP server JWT authentication in camel-platform-http-main 
({{JWTAuthenticationConfigurer}}) currently configures the Vert.x {{JWTAuth}} 
provider with keystore parameters only ({{jwtKeystoreType}}, 
{{jwtKeystorePath}}, {{jwtKeystorePassword}}). Tokens are verified for 
signature (and the Vert.x default exp/nbf checks), but the RFC 7519 registered 
claims {{iss}} (issuer) and {{aud}} (audience) are not validated, and there is 
currently no configuration option to enable that validation.

Vert.x already supports this via {{JWTAuthOptions.setJWTOptions(new 
JWTOptions().setIssuer(...).addAudience(...))}}. Exposing it would let 
operators opt into stricter token scoping, aligning with RFC 8725 (JSON Web 
Token Best Current Practices).

h3. Proposed change (backwards compatible -- behaviour unchanged when unset)

* Add optional {{jwtIssuer}} and {{jwtAudience}} properties to 
{{HttpServerConfigurationProperties}} and 
{{HttpManagementServerConfigurationProperties}}.
* In both {{configureAuthentication}} overloads of 
{{JWTAuthenticationConfigurer}}, when these are set, attach a {{JWTOptions}} 
configured with the issuer/audience to the {{JWTAuthOptions}}.
* Regenerate config metadata; document the new options in the 
platform-http-main docs.
* Extend the existing auth tests ({{*MainHttpServerTest}}) with issuer/audience 
positive and negative cases.

h3. Affected classes

* 
{{components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java}}
* 
{{core/camel-main/src/main/java/org/apache/camel/main/HttpServerConfigurationProperties.java}}
* 
{{core/camel-main/src/main/java/org/apache/camel/main/HttpManagementServerConfigurationProperties.java}}

----
_Filed by Claude Code on behalf of Andrea Cosentino._



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to