[ https://issues.apache.org/jira/browse/CAMEL-7067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gregor Zurowski updated CAMEL-7067: ----------------------------------- Attachment: CAMEL-7067.patch The attached patch contains a quick fix for the described problem and filters out all Camel exchange properties before persisting properties in JCR. A better, long-term solution would be to require a specific prefix for properties that should be persisted, but it would break backward compatibility with current implementations. The patch also contains a new JUnit test "JcrProducerPropertiesTest" class to support this request. > JcrProducer should not store all exchange properties in the target JCR node > --------------------------------------------------------------------------- > > Key: CAMEL-7067 > URL: https://issues.apache.org/jira/browse/CAMEL-7067 > Project: Camel > Issue Type: Bug > Components: camel-jcr > Affects Versions: 2.12.2 > Reporter: Gregor Zurowski > Attachments: CAMEL-7067.patch > > > The CamelJcrInsert operation in JcrProducer stores all exchange properties in > the target JCR node including all Camel properties that are found in the > incoming exchange. This means that non-relevant data is persisted in JCR > nodes including sensitive information such as username and password that is > part of the URI in the CamelToEndpoint exchange property. Other examples of > such properties include CamelJcrNodeName and CamelExternalRedelivered. -- This message was sent by Atlassian JIRA (v6.1.4#6159)