(camel) 06/08: CAMEL-23070: Remove strict Host header validation in async MDN server

Mon, 09 Mar 2026 03:05:27 -0700 

This is an automated email from the ASF dual-hosted git repository.

gnodet pushed a commit to branch fix/as2-issues
in repository https://gitbox.apache.org/repos/asf/camel.git

commit b0b905b60461a4236fce72936264e272a563f535
Author: Guillaume Nodet <[email protected]>
AuthorDate: Mon Mar 9 11:04:45 2026 +0100

    CAMEL-23070: Remove strict Host header validation in async MDN server
    
    Remove RequestValidateHost interceptor from AS2AsyncMDNServerConnection
    HTTP processor. AS2 async MDN requests may arrive with Host headers that
    don't match the server's hostname, causing HTTP 421 rejections. Add
    standard response interceptors (ResponseContent, ResponseDate,
    ResponseConnControl) for proper HTTP response handling.
    
    Co-Authored-By: Claude Opus 4.6 <[email protected]>
---
 .../as2/api/AS2AsyncMDNServerConnection.java       | 16 ++++-
 .../as2/api/AS2AsyncMDNServerConnectionTest.java   | 83 ++++++++++++++++++++++
 2 files changed, 96 insertions(+), 3 deletions(-)

diff --git 
a/components/camel-as2/camel-as2-api/src/main/java/org/apache/camel/component/as2/api/AS2AsyncMDNServerConnection.java
 
b/components/camel-as2/camel-as2-api/src/main/java/org/apache/camel/component/as2/api/AS2AsyncMDNServerConnection.java
index 6cad6e5da394..ac5be366f896 100644
--- 
a/components/camel-as2/camel-as2-api/src/main/java/org/apache/camel/component/as2/api/AS2AsyncMDNServerConnection.java
+++ 
b/components/camel-as2/camel-as2-api/src/main/java/org/apache/camel/component/as2/api/AS2AsyncMDNServerConnection.java
@@ -40,11 +40,13 @@ import org.apache.hc.core5.http.io.HttpRequestHandler;
 import org.apache.hc.core5.http.io.HttpServerConnection;
 import org.apache.hc.core5.http.io.HttpServerRequestHandler;
 import org.apache.hc.core5.http.io.support.BasicHttpServerRequestHandler;
-import org.apache.hc.core5.http.protocol.DefaultHttpProcessor;
 import org.apache.hc.core5.http.protocol.HttpContext;
 import org.apache.hc.core5.http.protocol.HttpCoreContext;
 import org.apache.hc.core5.http.protocol.HttpProcessor;
-import org.apache.hc.core5.http.protocol.RequestValidateHost;
+import org.apache.hc.core5.http.protocol.HttpProcessorBuilder;
+import org.apache.hc.core5.http.protocol.ResponseConnControl;
+import org.apache.hc.core5.http.protocol.ResponseContent;
+import org.apache.hc.core5.http.protocol.ResponseDate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -126,7 +128,11 @@ public class AS2AsyncMDNServerConnection {
                 SSLServerSocketFactory factory = 
sslContext.getServerSocketFactory();
                 serverSocket = factory.createServerSocket(port);
             }
-            HttpProcessor httpProcessor = new DefaultHttpProcessor(new 
RequestValidateHost());
+            HttpProcessor httpProcessor = HttpProcessorBuilder.create()
+                    .add(new ResponseContent(true))
+                    .add(new ResponseDate())
+                    .add(new ResponseConnControl())
+                    .build();
             // Create initial empty router
             currentHandler = createHandler();
             // Set up the HTTP service with delegating handler
@@ -194,6 +200,10 @@ public class AS2AsyncMDNServerConnection {
             final HttpContext context = HttpCoreContext.create();
             try {
                 while (!Thread.interrupted()) {
+                    // Make raw body bytes available in the context for 
signature verification
+                    if (this.serverConnection instanceof 
AS2BHttpServerConnection as2Conn) {
+                        
context.setAttribute(AS2BHttpServerConnection.class.getName(), as2Conn);
+                    }
                     this.httpService.handleRequest(this.serverConnection, 
context);
                 }
             } catch (final IOException ex) {
diff --git 
a/components/camel-as2/camel-as2-api/src/test/java/org/apache/camel/component/as2/api/AS2AsyncMDNServerConnectionTest.java
 
b/components/camel-as2/camel-as2-api/src/test/java/org/apache/camel/component/as2/api/AS2AsyncMDNServerConnectionTest.java
new file mode 100644
index 000000000000..1314f648f3d6
--- /dev/null
+++ 
b/components/camel-as2/camel-as2-api/src/test/java/org/apache/camel/component/as2/api/AS2AsyncMDNServerConnectionTest.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.as2.api;
+
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+import org.apache.camel.test.AvailablePortFinder;
+import org.apache.hc.core5.http.ClassicHttpRequest;
+import org.apache.hc.core5.http.ClassicHttpResponse;
+import org.apache.hc.core5.http.HttpException;
+import org.apache.hc.core5.http.io.HttpRequestHandler;
+import org.apache.hc.core5.http.protocol.HttpContext;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class AS2AsyncMDNServerConnectionTest {
+
+    private int port;
+    private AS2AsyncMDNServerConnection connection;
+
+    @BeforeEach
+    void setUp() throws Exception {
+        port = AvailablePortFinder.getNextAvailable();
+        connection = new AS2AsyncMDNServerConnection(port, null);
+    }
+
+    @AfterEach
+    void tearDown() {
+        if (connection != null) {
+            connection.close();
+        }
+    }
+
+    @Test
+    void asyncMdnServerAcceptsRequestWithAnyHostHeader() throws Exception {
+        final boolean[] handled = { false };
+
+        connection.receive("/test-mdn", new HttpRequestHandler() {
+            @Override
+            public void handle(ClassicHttpRequest request, ClassicHttpResponse 
response, HttpContext context)
+                    throws HttpException {
+                handled[0] = true;
+                response.setCode(200);
+            }
+        });
+
+        // Wait for server to be ready
+        Thread.sleep(200);
+
+        // Send a request with a Host header that doesn't match the server's 
hostname
+        // This previously caused HTTP 421 due to RequestValidateHost
+        HttpURLConnection conn = (HttpURLConnection) new 
URL("http://localhost:"; + port + "/test-mdn").openConnection();
+        conn.setRequestMethod("POST");
+        conn.setRequestProperty("Host", "different-host.example.com");
+        conn.setDoOutput(true);
+        conn.getOutputStream().write("test".getBytes());
+        conn.getOutputStream().flush();
+
+        int responseCode = conn.getResponseCode();
+        conn.disconnect();
+
+        // Should NOT get 421 (Misdirected Request) anymore
+        assertNotEquals(421, responseCode, "Should not reject requests with 
non-matching Host header");
+    }
+}

Reply via email to