This is an automated email from the ASF dual-hosted git repository.
oscerd pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new aeb5fd9dacb8 CAMEL-23592: camel-shiro - align Exchange header constant
names with Camel naming convention (#23506)
aeb5fd9dacb8 is described below
commit aeb5fd9dacb82bab6963b146ed9c41b228472889
Author: Andrea Cosentino <[email protected]>
AuthorDate: Wed May 27 10:08:11 2026 +0200
CAMEL-23592: camel-shiro - align Exchange header constant names with Camel
naming convention (#23506)
Renames the three Exchange header string values in ShiroSecurityConstants
that drive Shiro authentication (SHIRO_SECURITY_TOKEN,
SHIRO_SECURITY_USERNAME, SHIRO_SECURITY_PASSWORD) to
CamelShiroSecurity<Name>,
following the convention used across the rest of the Camel component catalog
and matching the pattern established in CAMEL-23526 (camel-cxf), CAMEL-23522
(camel-mail), CAMEL-23461 (camel-aws-bedrock), CAMEL-23532
(camel-vertx-websocket / camel-atmosphere-websocket / camel-iggy), and
CAMEL-23576 (camel-jira).
- SHIRO_SECURITY_TOKEN: "SHIRO_SECURITY_TOKEN" -> "CamelShiroSecurityToken"
- SHIRO_SECURITY_USERNAME: "SHIRO_SECURITY_USERNAME" ->
"CamelShiroSecurityUsername"
- SHIRO_SECURITY_PASSWORD: "SHIRO_SECURITY_PASSWORD" ->
"CamelShiroSecurityPassword"
These headers carry credentials and a serialized authentication token, so
filtering them at transport boundaries by default is particularly important.
The Java field names are unchanged so routes referencing the constants
symbolically continue to work; routes using the literal string values must
be
updated (documented in the 4.21 upgrade guide). No tests reference the
literal values, and the shiro adoc documentation references the constants
symbolically.
Tracker: CAMEL-23577
Reported by Claude Code on behalf of Andrea Cosentino
Signed-off-by: Andrea Cosentino <[email protected]>
---
.../shiro/security/ShiroSecurityConstants.java | 6 ++---
.../ROOT/pages/camel-4x-upgrade-guide-4_21.adoc | 27 ++++++++++++++++++++++
2 files changed, 30 insertions(+), 3 deletions(-)
diff --git
a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityConstants.java
b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityConstants.java
index b3b30e800efa..4f8e7d21e5ad 100644
---
a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityConstants.java
+++
b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityConstants.java
@@ -21,9 +21,9 @@ package org.apache.camel.component.shiro.security;
*/
public final class ShiroSecurityConstants {
- public static final String SHIRO_SECURITY_TOKEN = "SHIRO_SECURITY_TOKEN";
- public static final String SHIRO_SECURITY_USERNAME =
"SHIRO_SECURITY_USERNAME";
- public static final String SHIRO_SECURITY_PASSWORD =
"SHIRO_SECURITY_PASSWORD";
+ public static final String SHIRO_SECURITY_TOKEN =
"CamelShiroSecurityToken";
+ public static final String SHIRO_SECURITY_USERNAME =
"CamelShiroSecurityUsername";
+ public static final String SHIRO_SECURITY_PASSWORD =
"CamelShiroSecurityPassword";
private ShiroSecurityConstants() {
}
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
index cfe3891e93c4..8c0a5e1bfc26 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
@@ -855,6 +855,33 @@ directions, aligning the component with the rest of the
Camel component catalog.
`Camel`-prefixed user-header names from Iggy messages can supply a custom
`headerFilterStrategy`
to restore the previous behaviour.
+=== camel-shiro - potential breaking change
+
+The three Exchange header constants in `ShiroSecurityConstants` that drive
+Shiro authentication used header values outside the `Camel` namespace
+(`SHIRO_SECURITY_TOKEN`, `SHIRO_SECURITY_USERNAME`, `SHIRO_SECURITY_PASSWORD`)
+and were therefore not filtered by the default `HeaderFilterStrategy`. They
+have been renamed to follow the Camel naming convention. The Java field names
+are unchanged; only the header string values have changed:
+
+[options="header"]
+|===
+| Constant | Previous value | New value
+| `ShiroSecurityConstants.SHIRO_SECURITY_TOKEN` | `SHIRO_SECURITY_TOKEN` |
`CamelShiroSecurityToken`
+| `ShiroSecurityConstants.SHIRO_SECURITY_USERNAME` | `SHIRO_SECURITY_USERNAME`
| `CamelShiroSecurityUsername`
+| `ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD` | `SHIRO_SECURITY_PASSWORD`
| `CamelShiroSecurityPassword`
+|===
+
+These headers carry credentials and a serialized authentication token, so
+filtering them at transport boundaries by default is particularly important.
+
+Routes that reference the constants symbolically (for example
+`setHeader(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME, ...)`) continue to
+work without changes. Routes that set the header by its literal string value
+(for example `setHeader("SHIRO_SECURITY_USERNAME", ...)`) must be updated to
+use the new value (`setHeader("CamelShiroSecurityUsername", ...)`).
+
+
=== camel-web3j - potential breaking change
The Exchange header constants in `Web3jConstants` have been renamed to follow
the
