This is an automated email from the ASF dual-hosted git repository.
fmariani pushed a commit to branch camel-4.14.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-4.14.x by this push:
new a9ebee94af97 chore: default authentication path to /* in
platform-http-main
a9ebee94af97 is described below
commit a9ebee94af976ac2afd7906d2e76673067d8be86
Author: Croway <[email protected]>
AuthorDate: Tue Apr 7 17:02:30 2026 +0200
chore: default authentication path to /* in platform-http-main
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
---
.../BasicAuthenticationConfigurer.java | 16 +---
.../JWTAuthenticationConfigurer.java | 16 +---
.../MainAuthenticationConfigurer.java | 12 +++
.../BasicAuthenticationNonRootPathTest.java | 88 +++++++++++++++++
.../BasicAuthenticationSelectivePathTest.java | 104 +++++++++++++++++++++
.../basic-auth-nonroot-path-selective.properties | 22 +++++
.../resources/basic-auth-nonroot-path.properties | 21 +++++
.../ROOT/pages/camel-4x-upgrade-guide-4_14.adoc | 17 ++++
8 files changed, 268 insertions(+), 28 deletions(-)
diff --git
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationConfigurer.java
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationConfigurer.java
index ae9cff89f8b7..ee977295e1fd 100644
---
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationConfigurer.java
+++
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationConfigurer.java
@@ -23,8 +23,6 @@ import
org.apache.camel.component.platform.http.vertx.auth.AuthenticationConfig.
import org.apache.camel.main.HttpManagementServerConfigurationProperties;
import org.apache.camel.main.HttpServerConfigurationProperties;
-import static org.apache.camel.util.ObjectHelper.isNotEmpty;
-
public class BasicAuthenticationConfigurer implements
MainAuthenticationConfigurer {
@Override
@@ -32,12 +30,7 @@ public class BasicAuthenticationConfigurer implements
MainAuthenticationConfigur
AuthenticationConfig authenticationConfig,
HttpServerConfigurationProperties properties) {
String authPropertiesFileName = properties.getBasicPropertiesFile();
- String path
- = isNotEmpty(properties.getAuthenticationPath()) ?
properties.getAuthenticationPath() : properties.getPath();
- // root means to authenticate everything
- if ("/".equals(path)) {
- path = "/*";
- }
+ String path =
resolveAuthenticationPath(properties.getAuthenticationPath(),
properties.getPath());
AuthenticationConfigEntry entry = new AuthenticationConfigEntry();
entry.setPath(path);
@@ -54,12 +47,7 @@ public class BasicAuthenticationConfigurer implements
MainAuthenticationConfigur
AuthenticationConfig authenticationConfig,
HttpManagementServerConfigurationProperties properties) {
String authPropertiesFileName = properties.getBasicPropertiesFile();
- String path
- = isNotEmpty(properties.getAuthenticationPath()) ?
properties.getAuthenticationPath() : properties.getPath();
- // root means to authenticate everything
- if ("/".equals(path)) {
- path = "/*";
- }
+ String path =
resolveAuthenticationPath(properties.getAuthenticationPath(),
properties.getPath());
AuthenticationConfigEntry entry = new AuthenticationConfigEntry();
entry.setPath(path);
diff --git
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java
index 6503993344c3..295be826203c 100644
---
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java
+++
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java
@@ -28,8 +28,6 @@ import
org.apache.camel.component.platform.http.vertx.auth.AuthenticationConfig.
import org.apache.camel.main.HttpManagementServerConfigurationProperties;
import org.apache.camel.main.HttpServerConfigurationProperties;
-import static org.apache.camel.util.ObjectHelper.isNotEmpty;
-
public class JWTAuthenticationConfigurer implements
MainAuthenticationConfigurer {
@Override
@@ -37,12 +35,7 @@ public class JWTAuthenticationConfigurer implements
MainAuthenticationConfigurer
AuthenticationConfig authenticationConfig,
HttpServerConfigurationProperties properties) {
- String path
- = isNotEmpty(properties.getAuthenticationPath()) ?
properties.getAuthenticationPath() : properties.getPath();
- // root means to authenticate everything
- if ("/".equals(path)) {
- path = "/*";
- }
+ String path =
resolveAuthenticationPath(properties.getAuthenticationPath(),
properties.getPath());
AuthenticationConfigEntry entry = new AuthenticationConfigEntry();
entry.setPath(path);
@@ -71,12 +64,7 @@ public class JWTAuthenticationConfigurer implements
MainAuthenticationConfigurer
AuthenticationConfig authenticationConfig,
HttpManagementServerConfigurationProperties properties) {
- String path
- = isNotEmpty(properties.getAuthenticationPath()) ?
properties.getAuthenticationPath() : properties.getPath();
- // root means to authenticate everything
- if ("/".equals(path)) {
- path = "/*";
- }
+ String path =
resolveAuthenticationPath(properties.getAuthenticationPath(),
properties.getPath());
AuthenticationConfigEntry entry = new AuthenticationConfigEntry();
entry.setPath(path);
diff --git
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/MainAuthenticationConfigurer.java
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/MainAuthenticationConfigurer.java
index 72011adc3791..2d7c26428cc2 100644
---
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/MainAuthenticationConfigurer.java
+++
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/MainAuthenticationConfigurer.java
@@ -19,6 +19,7 @@ package
org.apache.camel.component.platform.http.main.authentication;
import
org.apache.camel.component.platform.http.vertx.auth.AuthenticationConfig;
import org.apache.camel.main.HttpManagementServerConfigurationProperties;
import org.apache.camel.main.HttpServerConfigurationProperties;
+import org.apache.camel.util.ObjectHelper;
/**
* Configure authentication on the embedded HTTP server.
@@ -30,4 +31,15 @@ public interface MainAuthenticationConfigurer {
void configureAuthentication(
AuthenticationConfig authenticationConfig,
HttpManagementServerConfigurationProperties properties);
+ /**
+ * Resolves the effective authentication path. When no explicit
authentication path is configured, defaults to
+ * {@code /*} so that all subpaths under the context path are protected.
+ */
+ default String resolveAuthenticationPath(String authenticationPath, String
contextPath) {
+ if (ObjectHelper.isNotEmpty(authenticationPath)) {
+ return authenticationPath;
+ }
+ return "/*";
+ }
+
}
diff --git
a/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationNonRootPathTest.java
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationNonRootPathTest.java
new file mode 100644
index 000000000000..b997da33ec9a
--- /dev/null
+++
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationNonRootPathTest.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.platform.http.main.authentication;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.main.Main;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.equalTo;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+/**
+ * Tests that authentication is enforced on all subpaths when a non-root
context path is configured and
+ * authenticationPath is not explicitly set.
+ */
+public class BasicAuthenticationNonRootPathTest {
+
+ private static Main main;
+
+ @BeforeAll
+ static void init() {
+ main = new Main();
+
main.setPropertyPlaceholderLocations("basic-auth-nonroot-path.properties");
+ main.configure().addRoutesBuilder(new PlatformHttpRouteBuilder());
+ main.start();
+ }
+
+ @AfterAll
+ static void tearDown() {
+ main.stop();
+ }
+
+ @Test
+ public void testUnauthenticatedRequestToSubpathShouldReturn401() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ // Unauthenticated request to a subpath must be rejected
+ given()
+ .when()
+ .get("/api/hello")
+ .then()
+ .statusCode(401)
+ .body(equalTo("Unauthorized"));
+ }
+
+ @Test
+ public void testAuthenticatedRequestToSubpathShouldReturn200() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ // With valid credentials, the request should succeed
+ given()
+ .auth().basic("camel", "propertiesPass")
+ .when()
+ .get("/api/hello")
+ .then()
+ .statusCode(200)
+ .body(equalTo("hello-response"));
+ }
+
+ private static class PlatformHttpRouteBuilder extends RouteBuilder {
+
+ @Override
+ public void configure() throws Exception {
+ from("platform-http:/hello?httpMethodRestrict=GET")
+ .setBody(constant("hello-response"));
+ }
+ }
+}
diff --git
a/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationSelectivePathTest.java
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationSelectivePathTest.java
new file mode 100644
index 000000000000..5ab9d92d60f0
--- /dev/null
+++
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationSelectivePathTest.java
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.platform.http.main.authentication;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.main.Main;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.equalTo;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+/**
+ * Tests that when an explicit authenticationPath is configured (e.g.
/secure/*), only matching subpaths require
+ * authentication while other subpaths remain accessible without credentials.
+ */
+public class BasicAuthenticationSelectivePathTest {
+
+ private static Main main;
+
+ @BeforeAll
+ static void init() {
+ main = new Main();
+
main.setPropertyPlaceholderLocations("basic-auth-nonroot-path-selective.properties");
+ main.configure().addRoutesBuilder(new PlatformHttpRouteBuilder());
+ main.start();
+ }
+
+ @AfterAll
+ static void tearDown() {
+ main.stop();
+ }
+
+ @Test
+ public void testUnauthenticatedRequestToSecurePathShouldReturn401() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ // /secure/data is covered by authenticationPath=/secure/*, must
require credentials
+ given()
+ .when()
+ .get("/api/secure/data")
+ .then()
+ .statusCode(401)
+ .body(equalTo("Unauthorized"));
+ }
+
+ @Test
+ public void testAuthenticatedRequestToSecurePathShouldReturn200() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ given()
+ .auth().basic("camel", "propertiesPass")
+ .when()
+ .get("/api/secure/data")
+ .then()
+ .statusCode(200)
+ .body(equalTo("secure-data-response"));
+ }
+
+ @Test
+ public void testUnauthenticatedRequestToPublicPathShouldReturn200() {
+ CamelContext camelContext = main.getCamelContext();
+ assertNotNull(camelContext);
+
+ // /public is NOT covered by authenticationPath=/secure/*, so it
should be accessible
+ given()
+ .when()
+ .get("/api/public")
+ .then()
+ .statusCode(200)
+ .body(equalTo("public-response"));
+ }
+
+ private static class PlatformHttpRouteBuilder extends RouteBuilder {
+
+ @Override
+ public void configure() throws Exception {
+ from("platform-http:/secure/data?httpMethodRestrict=GET")
+ .setBody(constant("secure-data-response"));
+
+ from("platform-http:/public?httpMethodRestrict=GET")
+ .setBody(constant("public-response"));
+ }
+ }
+}
diff --git
a/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path-selective.properties
b/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path-selective.properties
new file mode 100644
index 000000000000..6b8015a074de
--- /dev/null
+++
b/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path-selective.properties
@@ -0,0 +1,22 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+camel.server.enabled=true
+camel.server.path=/api
+
+camel.server.authenticationEnabled=true
+camel.server.authenticationPath=/secure/*
+camel.server.basicPropertiesFile=camel-platform-http-vertx-auth.properties
diff --git
a/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path.properties
b/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path.properties
new file mode 100644
index 000000000000..0d0eea81fbac
--- /dev/null
+++
b/components/camel-platform-http-main/src/test/resources/basic-auth-nonroot-path.properties
@@ -0,0 +1,21 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+camel.server.enabled=true
+camel.server.path=/api
+
+camel.server.authenticationEnabled=true
+camel.server.basicPropertiesFile=camel-platform-http-vertx-auth.properties
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
index c2c1b2ae321e..f44f64ef1ae5 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
@@ -4,6 +4,23 @@ This document is for helping you upgrade your Apache Camel
application
from Camel 4.x to 4.y. For example, if you are upgrading Camel 4.0 to 4.2,
then you should follow the guides
from both 4.0 to 4.1 and 4.1 to 4.2.
+== Upgrading from 4.14.5 to 4.14.6
+
+=== camel-platform-http-main
+
+When `authenticationEnabled` is set to `true` and no explicit
`authenticationPath` is configured,
+the default authentication path is now `/*`. This means all subpaths under the
configured context path
+are protected by authentication.
+
+Previously, the authentication path defaulted to the value of `path` (e.g.
`/api`), which only covered
+that exact path. If you relied on this behavior and need selective path
protection, set
+`authenticationPath` explicitly:
+
+[source,properties]
+----
+camel.server.authenticationPath=/secure/*
+----
+
== Upgrading from 4.14.2 to 4.14.3
=== camel-tika
