[jira] [Assigned] (CAMEL-23525) camel-platform-http-main: add optional JWT issuer and audience claim validation

Fri, 15 May 2026 05:15:15 -0700 


     [ 
https://issues.apache.org/jira/browse/CAMEL-23525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrea Cosentino reassigned CAMEL-23525:
----------------------------------------

    Assignee: Andrea Cosentino

> camel-platform-http-main: add optional JWT issuer and audience claim 
> validation
> -------------------------------------------------------------------------------
>
>                 Key: CAMEL-23525
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23525
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-platform-http
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>
> The embedded HTTP server JWT authentication in camel-platform-http-main 
> ({{JWTAuthenticationConfigurer}}) currently configures the Vert.x {{JWTAuth}} 
> provider with keystore parameters only ({{jwtKeystoreType}}, 
> {{jwtKeystorePath}}, {{jwtKeystorePassword}}). Tokens are verified for 
> signature (and the Vert.x default exp/nbf checks), but the RFC 7519 
> registered claims {{iss}} (issuer) and {{aud}} (audience) are not validated, 
> and there is currently no configuration option to enable that validation.
> Vert.x already supports this via {{JWTAuthOptions.setJWTOptions(new 
> JWTOptions().setIssuer(...).addAudience(...))}}. Exposing it would let 
> operators opt into stricter token scoping, aligning with RFC 8725 (JSON Web 
> Token Best Current Practices).
> h3. Proposed change (backwards compatible -- behaviour unchanged when unset)
> * Add optional {{jwtIssuer}} and {{jwtAudience}} properties to 
> {{HttpServerConfigurationProperties}} and 
> {{HttpManagementServerConfigurationProperties}}.
> * In both {{configureAuthentication}} overloads of 
> {{JWTAuthenticationConfigurer}}, when these are set, attach a {{JWTOptions}} 
> configured with the issuer/audience to the {{JWTAuthOptions}}.
> * Regenerate config metadata; document the new options in the 
> platform-http-main docs.
> * Extend the existing auth tests ({{*MainHttpServerTest}}) with 
> issuer/audience positive and negative cases.
> h3. Affected classes
> * 
> {{components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java}}
> * 
> {{core/camel-main/src/main/java/org/apache/camel/main/HttpServerConfigurationProperties.java}}
> * 
> {{core/camel-main/src/main/java/org/apache/camel/main/HttpManagementServerConfigurationProperties.java}}
> ----
> _Filed by Claude Code on behalf of Andrea Cosentino._



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to