CAMEL-9309: Make it easier to turn on|off java transport over http
Conflicts:
components/camel-http-common/src/main/java/org/apache/camel/http/common/DefaultHttpBinding.java
components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpBinding.java
components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpCommonEndpoint.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/13e43c14
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/13e43c14
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/13e43c14
Branch: refs/heads/camel-2.15.x
Commit: 13e43c1412ad72d99030b4eb4cb72c84fa57d5ff
Parents: 190d7c8
Author: Claus Ibsen <[email protected]>
Authored: Thu Nov 12 14:52:36 2015 +0100
Committer: Claus Ibsen <[email protected]>
Committed: Thu Nov 12 18:52:15 2015 +0100
----------------------------------------------------------------------
.../apache/camel/component/ahc/AhcEndpoint.java | 3 +
.../component/http/DefaultHttpBinding.java | 8 ++
.../camel/component/http/HttpBinding.java | 19 ++++
.../camel/component/http/HttpEndpoint.java | 4 +-
.../jetty/CamelContinuationServlet.java | 9 ++
.../jetty/DefaultJettyHttpBinding.java | 26 ++++-
.../camel/component/jetty/JettyHttpBinding.java | 24 +++++
.../component/jetty/JettyHttpEndpoint.java | 3 +
.../component/jetty/JettyHttpProducer.java | 24 +++--
.../component/jetty9/JettyHttpEndpoint9.java | 3 +
.../jetty/javabody/HttpJavaBodyTest.java | 103 +++++++++++++++++++
.../JettyHttpProducerJavaBodyTest.java | 12 ++-
.../component/sparkrest/SparkConfiguration.java | 3 +
13 files changed, 224 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
----------------------------------------------------------------------
diff --git
a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
index 9790a73..eb42d0a 100644
---
a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
+++
b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
@@ -179,6 +179,9 @@ public class AhcEndpoint extends DefaultEndpoint implements
HeaderFilterStrategy
* in the response as a application/x-java-serialized-object content type
(for example using Jetty or Servlet Camel components).
* On the producer side the exception will be deserialized and thrown as
is, instead of the AhcOperationFailedException.
* The caused exception is required to be serialized.
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that
Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*/
public void setTransferException(boolean transferException) {
this.transferException = transferException;
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
----------------------------------------------------------------------
diff --git
a/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
b/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
index 84c79ef..2771bf7 100644
---
a/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
+++
b/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
@@ -499,4 +499,12 @@ public class DefaultHttpBinding implements HttpBinding {
this.headerFilterStrategy = headerFilterStrategy;
}
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
+ }
+
+ public void setAllowJavaSerializedObject(boolean
allowJavaSerializedObject) {
+ this.allowJavaSerializedObject = allowJavaSerializedObject;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java
----------------------------------------------------------------------
diff --git
a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java
b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java
index 35f1f4a..18c6a6d 100644
---
a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java
+++
b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java
@@ -143,4 +143,23 @@ public interface HttpBinding {
*/
void setHeaderFilterStrategy(HeaderFilterStrategy headerFilterStrategy);
+ /**
+ * Whether to allow java serialization when a request uses
context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that
Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ */
+ boolean isAllowJavaSerializedObject();
+
+ /**
+ * Whether to allow java serialization when a request uses
context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that
Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ *
+ * @param allowJavaSerializedObject <tt>true</tt> to allow serializing
java objects
+ */
+ void setAllowJavaSerializedObject(boolean allowJavaSerializedObject);
+
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
----------------------------------------------------------------------
diff --git
a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
index cad38b1..df31742 100644
---
a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
+++
b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
@@ -22,7 +22,6 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import org.apache.camel.Component;
import org.apache.camel.Consumer;
import org.apache.camel.PollingConsumer;
import org.apache.camel.Processor;
@@ -238,6 +237,9 @@ public class HttpEndpoint extends DefaultEndpoint
implements HeaderFilterStrateg
binding = new DefaultHttpBinding(this);
// create a new binding and use the options from this endpoint
binding.setEagerCheckContentAvailable(isEagerCheckContentAvailable());
+ if (getComponent() != null) {
+
binding.setAllowJavaSerializedObject(getComponent().isAllowJavaSerializedObject());
+ }
}
return binding;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
----------------------------------------------------------------------
diff --git
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
index 78ba6db..2bc44da 100644
---
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
+++
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
@@ -28,6 +28,7 @@ import org.apache.camel.AsyncCallback;
import org.apache.camel.Exchange;
import org.apache.camel.ExchangePattern;
import org.apache.camel.component.http.CamelServlet;
+import org.apache.camel.component.http.HttpConstants;
import org.apache.camel.component.http.HttpConsumer;
import org.apache.camel.component.http.HttpMessage;
import org.apache.camel.component.http.helper.HttpHelper;
@@ -85,6 +86,14 @@ public class CamelContinuationServlet extends CamelServlet {
response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
}
+
+ // we do not support java serialized objects unless explicit enabled
+ String contentType = request.getContentType();
+ if
(HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType) &&
!consumer.getEndpoint().getComponent().isAllowJavaSerializedObject()) {
+ System.out.println("415 miser !!!");
+ response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
+ return;
+ }
final Exchange result = (Exchange)
request.getAttribute(EXCHANGE_ATTRIBUTE_NAME);
if (result == null) {
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
----------------------------------------------------------------------
diff --git
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
index fe3195f..9bc8f1f 100644
---
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
+++
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
@@ -46,6 +46,8 @@ public class DefaultJettyHttpBinding implements
JettyHttpBinding {
private HeaderFilterStrategy httpProtocolHeaderFilterStrategy = new
HttpProtocolHeaderFilterStrategy();
private boolean throwExceptionOnFailure;
private boolean transferException;
+ private boolean allowJavaSerializedObject;
+
public DefaultJettyHttpBinding() {
}
@@ -99,6 +101,14 @@ public class DefaultJettyHttpBinding implements
JettyHttpBinding {
this.transferException = transferException;
}
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
+ }
+
+ public void setAllowJavaSerializedObject(boolean
allowJavaSerializedObject) {
+ this.allowJavaSerializedObject = allowJavaSerializedObject;
+ }
+
protected void populateResponse(Exchange exchange, JettyContentExchange
httpExchange,
Message in, HeaderFilterStrategy strategy,
int responseCode) throws IOException {
Message answer = exchange.getOut();
@@ -173,11 +183,17 @@ public class DefaultJettyHttpBinding implements
JettyHttpBinding {
// if content type is serialized java object, then de-serialize it to
a Java object
if (contentType != null &&
HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)) {
- try {
- InputStream is =
exchange.getContext().getTypeConverter().mandatoryConvertTo(InputStream.class,
httpExchange.getResponseContentBytes());
- return HttpHelper.deserializeJavaObjectFromStream(is);
- } catch (Exception e) {
- throw new RuntimeCamelException("Cannot deserialize body to
Java object", e);
+ // only deserialize java if allowed
+ if (isAllowJavaSerializedObject() || isTransferException()) {
+ try {
+ InputStream is =
exchange.getContext().getTypeConverter().mandatoryConvertTo(InputStream.class,
httpExchange.getResponseContentBytes());
+ return HttpHelper.deserializeJavaObjectFromStream(is);
+ } catch (Exception e) {
+ throw new RuntimeCamelException("Cannot deserialize body
to Java object", e);
+ }
+ } else {
+ // empty body
+ return null;
}
} else {
// just grab the raw content body
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
----------------------------------------------------------------------
diff --git
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
index 75e9863..f2a127a 100644
---
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
+++
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
@@ -70,6 +70,9 @@ public interface JettyHttpBinding {
/**
* Whether to transfer exception back as a serialized java object
* if processing failed due to an exception
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that
Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*
* @param transferException <tt>true</tt> to transfer exception
*/
@@ -78,9 +81,30 @@ public interface JettyHttpBinding {
/**
* Whether to transfer exception back as a serialized java object
* if processing failed due to an exception
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that
Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*
* @return <tt>true</tt> to transfer exception
*/
boolean isTransferException();
+ /**
+ * Whether to allow java serialization when a request uses
context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that
Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ *
+ * @param allowJavaSerializedObject <tt>true</tt> to allow serializing
java objects
+ */
+ void setAllowJavaSerializedObject(boolean allowJavaSerializedObject);
+
+ /**
+ * Whether to allow java serialization when a request uses
context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that
Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ */
+ boolean isAllowJavaSerializedObject();
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
----------------------------------------------------------------------
diff --git
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
index 4b17416..c3f61b4 100644
---
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
+++
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
@@ -172,6 +172,9 @@ public abstract class JettyHttpEndpoint extends
HttpEndpoint {
jettyBinding.setHeaderFilterStrategy(getHeaderFilterStrategy());
jettyBinding.setThrowExceptionOnFailure(isThrowExceptionOnFailure());
jettyBinding.setTransferException(isTransferException());
+ if (getComponent() != null) {
+
jettyBinding.setAllowJavaSerializedObject(getComponent().isAllowJavaSerializedObject());
+ }
}
return jettyBinding;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
----------------------------------------------------------------------
diff --git
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
index 6eda222..978e59d 100644
---
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
+++
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
@@ -33,6 +33,7 @@ import org.apache.camel.Message;
import org.apache.camel.component.http.HttpConstants;
import org.apache.camel.component.http.HttpMethods;
import org.apache.camel.component.http.helper.HttpHelper;
+import org.apache.camel.RuntimeCamelException;
import org.apache.camel.impl.DefaultAsyncProducer;
import org.apache.camel.spi.HeaderFilterStrategy;
import org.apache.camel.util.ExchangeHelper;
@@ -139,17 +140,20 @@ public class JettyHttpProducer extends
DefaultAsyncProducer implements AsyncProc
if (contentType != null) {
httpExchange.setRequestContentType(contentType);
}
-
if (contentType != null &&
HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)) {
- // serialized java object
- Serializable obj =
exchange.getIn().getMandatoryBody(Serializable.class);
- // write object to output stream
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- try {
- HttpHelper.writeObjectToStream(bos, obj);
- httpExchange.setRequestContent(bos.toByteArray());
- } finally {
- IOHelper.close(bos, "body", LOG);
+ if (getEndpoint().getComponent().isAllowJavaSerializedObject()
|| getEndpoint().isTransferException()) {
+ // serialized java object
+ Serializable obj =
exchange.getIn().getMandatoryBody(Serializable.class);
+ // write object to output stream
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ try {
+ HttpHelper.writeObjectToStream(bos, obj);
+ httpExchange.setRequestContent(bos.toByteArray());
+ } finally {
+ IOHelper.close(bos, "body", LOG);
+ }
+ } else {
+ throw new RuntimeCamelException("Content-type " +
HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT + " is not allowed");
}
} else {
Object body = exchange.getIn().getBody();
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
----------------------------------------------------------------------
diff --git
a/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
b/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
index fad0440..b9469fa 100644
---
a/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
+++
b/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
@@ -38,6 +38,9 @@ public class JettyHttpEndpoint9 extends JettyHttpEndpoint {
public HttpBinding getBinding() {
if (this.binding == null) {
this.binding = new AttachmentHttpBinding(this);
+ if (getComponent() != null) {
+
this.binding.setAllowJavaSerializedObject(getComponent().isAllowJavaSerializedObject());
+ }
}
return this.binding;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
----------------------------------------------------------------------
diff --git
a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
index b55d938..3ab9899 100644
---
a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
+++
b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
@@ -16,11 +16,16 @@
*/
package org.apache.camel.component.jetty.javabody;
+import org.apache.camel.CamelExecutionException;
import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http.HttpConstants;
import org.apache.camel.component.jetty.BaseJettyTest;
+import org.apache.camel.component.http.HttpComponent;
+import org.apache.camel.component.jetty.BaseJettyTest;
+import org.apache.camel.component.jetty.JettyHttpComponent;
+import org.junit.Ignore;
import org.junit.Test;
/**
@@ -34,7 +39,14 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
+ @Ignore
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty",
JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -65,7 +77,14 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
+ @Ignore
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty",
JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -97,7 +116,14 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
+ @Ignore
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty",
JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -123,4 +149,81 @@ public class HttpJavaBodyTest extends BaseJettyTest {
assertEquals("Camel rocks", reply.getName());
}
+ @Test
+ public void testNotAllowedReceive() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty",
JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(false);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
+ context.addRoutes(new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ onException(Exception.class).to("mock:error");
+
+ from("jetty:http://localhost:{{port}}/myapp/myservice";)
+ .process(new Processor() {
+ public void process(Exchange exchange) throws
Exception {
+ String body =
exchange.getIn().getBody(String.class);
+ assertNotNull(body);
+ assertEquals("Hello World", body);
+
+ MyCoolBean reply = new MyCoolBean(456, "Camel
rocks");
+ exchange.getOut().setBody(reply);
+
exchange.getOut().setHeader(Exchange.CONTENT_TYPE,
HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT);
+ }
+ });
+ }
+ });
+ context.start();
+
+ try {
+ template.requestBody("http://localhost:{{port}}/myapp/myservice";,
"Hello World", MyCoolBean.class);
+ fail("Should fail");
+ } catch (Exception e) {
+ // expected
+ }
+ }
+
+ @Test
+ @Ignore
+ public void testNotAllowed() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty",
JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(false);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
+ context.addRoutes(new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ from("jetty:http://localhost:{{port}}/myapp/myservice";)
+ .process(new Processor() {
+ public void process(Exchange exchange) throws
Exception {
+ String body =
exchange.getIn().getBody(String.class);
+ assertNotNull(body);
+ assertEquals("Hello World", body);
+
+ MyCoolBean reply = new MyCoolBean(456, "Camel
rocks");
+ exchange.getOut().setBody(reply);
+
exchange.getOut().setHeader(Exchange.CONTENT_TYPE,
HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT);
+ }
+ });
+ }
+ });
+ context.start();
+
+ MyCoolBean cool = new MyCoolBean(123, "Camel");
+
+ try {
+
template.requestBodyAndHeader("http://localhost:{{port}}/myapp/myservice";, cool,
+ Exchange.CONTENT_TYPE,
HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT, MyCoolBean.class);
+ fail("Should fail");
+ } catch (CamelExecutionException e) {
+ HttpOperationFailedException cause =
assertIsInstanceOf(HttpOperationFailedException.class, e.getCause());
+ assertEquals(415, cause.getStatusCode());
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
----------------------------------------------------------------------
diff --git
a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
index 9f17c31..40728d8 100644
---
a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
+++
b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
@@ -21,6 +21,7 @@ import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http.HttpConstants;
import org.apache.camel.component.jetty.BaseJettyTest;
+import org.apache.camel.component.jetty.JettyHttpComponent;
import org.junit.Test;
/**
@@ -35,6 +36,9 @@ public class JettyHttpProducerJavaBodyTest extends
BaseJettyTest {
@Test
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty",
JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -66,6 +70,9 @@ public class JettyHttpProducerJavaBodyTest extends
BaseJettyTest {
@Test
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty",
JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -98,6 +105,9 @@ public class JettyHttpProducerJavaBodyTest extends
BaseJettyTest {
@Test
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty",
JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -117,7 +127,7 @@ public class JettyHttpProducerJavaBodyTest extends
BaseJettyTest {
});
context.start();
- MyCoolBean reply =
template.requestBody("http://localhost:{{port}}/myapp/myservice";, "Hello
World", MyCoolBean.class);
+ MyCoolBean reply =
template.requestBody("jetty:http://localhost:{{port}}/myapp/myservice";, "Hello
World", MyCoolBean.class);
assertEquals(456, reply.getId());
assertEquals("Camel rocks", reply.getName());
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
----------------------------------------------------------------------
diff --git
a/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
b/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
index ac1e040..ef795bc 100644
---
a/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
+++
b/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
@@ -80,6 +80,9 @@ public class SparkConfiguration {
/**
* If enabled and an Exchange failed processing on the consumer side, and
if the caused Exception was send back serialized
* in the response as a application/x-java-serialized-object content type.
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that
Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*/
public void setTransferException(boolean transferException) {
this.transferException = transferException;
