This is an automated email from the ASF dual-hosted git repository.
jamesnetherton pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
The following commit(s) were added to refs/heads/main by this push:
new 92454f426c Prevent Jasypt from decrypting properties for non-active
profiles
92454f426c is described below
commit 92454f426c17902948d28470058739993c12d451
Author: James Netherton <[email protected]>
AuthorDate: Mon Mar 2 18:14:20 2026 +0000
Prevent Jasypt from decrypting properties for non-active profiles
---
.../CamelJasyptConfigSourceInterceptorFactory.java | 20 ++++++++++++++++++++
.../jasypt/CamelJasyptPropertiesParserHolder.java | 2 --
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git
a/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptConfigSourceInterceptorFactory.java
b/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptConfigSourceInterceptorFactory.java
index 8e04ad57ff..dda602b2bd 100644
---
a/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptConfigSourceInterceptorFactory.java
+++
b/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptConfigSourceInterceptorFactory.java
@@ -18,6 +18,7 @@ package org.apache.camel.quarkus.component.jasypt;
import java.util.OptionalInt;
+import io.quarkus.runtime.configuration.ConfigUtils;
import io.smallrye.config.ConfigSourceInterceptor;
import io.smallrye.config.ConfigSourceInterceptorContext;
import io.smallrye.config.ConfigSourceInterceptorFactory;
@@ -37,6 +38,10 @@ public class CamelJasyptConfigSourceInterceptorFactory
implements ConfigSourceIn
return new ConfigSourceInterceptor() {
@Override
public ConfigValue getValue(ConfigSourceInterceptorContext
context, String name) {
+ if (!isConfigPropertyResolvable(name)) {
+ return null;
+ }
+
ConfigValue configValue = context.proceed(name);
if (configValue != null) {
String value = configValue.getValue();
@@ -53,4 +58,19 @@ public class CamelJasyptConfigSourceInterceptorFactory
implements ConfigSourceIn
public OptionalInt getPriority() {
return OptionalInt.of(Priorities.LIBRARY);
}
+
+ protected boolean isConfigPropertyResolvable(String name) {
+ // Check if the config property name is prefixed with a profile
+ if (name.startsWith("%")) {
+ int firstDotPos = name.indexOf('.');
+ if (firstDotPos > 1) {
+ // Determine whether the config profile prefix matches an
active profile
+ return ConfigUtils.getProfiles().contains(name.substring(1,
firstDotPos));
+ }
+ // The config is invalid and cannot be resolved
+ return false;
+ }
+ // No profile prefix so assume resolvable
+ return true;
+ }
}
diff --git
a/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptPropertiesParserHolder.java
b/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptPropertiesParserHolder.java
index 5f33e37733..49f9286f60 100644
---
a/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptPropertiesParserHolder.java
+++
b/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptPropertiesParserHolder.java
@@ -21,7 +21,6 @@ import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
class CamelJasyptPropertiesParserHolder {
private static volatile JasyptPropertiesParser INSTANCE;
- private static volatile StandardPBEStringEncryptor ENCRYPTOR;
private CamelJasyptPropertiesParserHolder() {
// Utility class
@@ -41,7 +40,6 @@ class CamelJasyptPropertiesParserHolder {
static void setEncryptor(StandardPBEStringEncryptor encryptor) {
synchronized (CamelJasyptPropertiesParserHolder.class) {
getJasyptPropertiesParser().setEncryptor(encryptor);
- ENCRYPTOR = encryptor;
}
}
}
