Hello, We have an issue with Camel JMS component when after receiving a timeout (org.apache.camel.ExchangeTimedOutException) the exception's getMessage() always contains the whole Exchange.toString() method's content, which means it always exposes all sensitive headers that were set before sending the message to the queue. Also, the exception's stacktrace also has Exchange.toString() content and exposes those headers.
How can we solve this? Is there a fix planned for Camel? There should be some boolean property which would specify that the exchange content not to be included when constructing exceptions. Constructor in CamelExchangeException.java uses super(ExchangeHelper.createExceptionMessage(message, exchange, null)); where the exception message is produced. ReplyManagerSupport.java: if (timeout) { // no response, so lets set a timed out exception exchange.setException(new ExchangeTimedOutException(exchange, holder.getRequestTimeout())); } else {...} ============= <endpoint id="queue_esb" uri="ibmmq:ESB.REQ?replyTo=ESB.RPL&requestTimeout=30000&useMessageIDAsCorrelationID=true"/> <setHeader headerName="ServiceUser"> <simple>${properties:esb.user}</simple> </setHeader> <setHeader headerName="ServiceUserCredentials"> <simple>${properties:esb.user.credentials}</simple> </setHeader> <to ref="queue_esb" pattern="InOut" /> Exception originalException = exchange.getProperty(Exchange.EXCEPTION_CAUGHT, Exception.class); LOGGER.info("Original Exception stacktrace: " + getStackTrace(originalException)); public static String getStackTrace(Throwable aThrowable) { final Writer result = new StringWriter(); final PrintWriter printWriter = new PrintWriter(result); aThrowable.printStackTrace(printWriter); return result.toString(); } ========== 2011-11-07 17:07:52,833 | INFO | accountreportingrequestv02.UtilitiesBean | *Original Exception stacktrace:* org.apache.camel.ExchangeTimedOutException: The OUT message was not received within: 30000 millis. Exchange[JmsMessage: JMS Message class: jms_bytes JMSType: null JMSDeliveryMode: 2 JMSExpiration: 0 JMSPriority: 4 JMSMessageID: ID:414d512056494c3130375544202020204e9d7a71203f731c JMSTimestamp: 1320678442590 JMSCorrelationID:test JMSDestination: queue:///... JMSReplyTo: queue:///... JMSRedelivered: false JMS_IBM_Character_Set:UTF8 JMSXAppID:WebSphere MQ Client for Java JMS_IBM_Format: Content_HYPHEN_Length:1340 JMS_IBM_PutApplType:28 JMS_IBM_PutDate:20111107 CamelHttpCharacterEncoding:UTF-8 MQReplyTo:queue *ServiceUser: user* *ServiceUserCredentials: pass* SOAPAction:"" CamelHttpPath:/mq_path MQ:queue JMS_IBM_MsgType:1 CamelHttpMethod:POST JMS_IBM_Encoding:273 JMSXDeliveryCount:1 JMS_IBM_PutTime:15051041 Host:10.180.235.212 JMSXUserID:mqm User_HYPHEN_Agent:Jakarta Commons-HttpClient/3.1 Content_HYPHEN_Type:text/xml;charset=UTF-8 CamelHttpUrl:http://10.180.235.212/mq_path CamelHttpUri:/mq_path SOAPJMS_soapAction:urn:aaa Integer encoding: 1, Floating point encoding 256 3c736f6170656e763a456e76656c6f706520786d6c6e733a736f6170656e763d22687474703a2f2f 736368656d61732e786d6c736f61702e6f72672f736f61702f656e76656c6f70652f2220786d6c6e 733a75726e3d2275726e3a69736f3a7374643a69736f3a32303032323a746563683a7873643a6361 6d742e3036302e3030312e30325f74657374223e0a2020203c736f6170656e763a426f64793e0a20 20202020203c75726e3a446f63756d656e743e0a2020202020202020203c75726e3a416363745270 74675265713e0a2020202020202020202020203c75726e3a4772704864723e0a2020202020202020 202020202020203c75726e3a4d736749643e746573745f65655f736f61705f3132303c2f75726e3a 4d736749643e0a2020202020202020202020202020203c75726e3a4372654474546d3e323031312d 31302d32305431323a35303a30392e3235343c2f75726e3a4372654474546d3e0a20202020202020 20202020203c2f75726e3a4772704864723e0a2020202020202020202020203c212d2d31206f7220 ... ] at org.apache.camel.component.jms.reply.ReplyManagerSupport.processReply(ReplyManagerSupport.java:121) at org.apache.camel.component.jms.reply.TemporaryQueueReplyHandler.onTimeout(TemporaryQueueReplyHandler.java:59) at org.apache.camel.component.jms.reply.PersistentQueueReplyHandler.onTimeout(PersistentQueueReplyHandler.java:54) at org.apache.camel.component.jms.reply.CorrelationMap.onEviction(CorrelationMap.java:34) at org.apache.camel.component.jms.reply.CorrelationMap.onEviction(CorrelationMap.java:26) at org.apache.camel.util.DefaultTimeoutMap.purge(DefaultTimeoutMap.java:206) at org.apache.camel.util.DefaultTimeoutMap.run(DefaultTimeoutMap.java:158) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:204) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Igor -- View this message in context: http://camel.465427.n5.nabble.com/ExchangeTimedOutException-not-properly-constructed-by-Camel-2-7-1-exposing-exchange-data-tp4971556p4971556.html Sent from the Camel - Users mailing list archive at Nabble.com.