gbhavya07 opened a new pull request, #24623:
URL: https://github.com/apache/camel/pull/24623
# Description
This PR follows up on CAMEL-23767 by enforcing fail-closed behavior when
HTTP authentication is enabled without a configured authentication mechanism
under the `prod` profile.
Previously, when `authenticationEnabled=true` was configured without either
a basic authentication properties file (`basicPropertiesFile`) or a JWT
keystore (`jwtKeystoreType`), Camel logged a warning and still started the
embedded HTTP server (and management HTTP server) without authentication. This
behavior was intentionally retained by CAMEL-23767 for backward compatibility.
This change aligns the embedded HTTP server behavior with Camel's
profile-based security policy:
- Under the `prod` profile (`camel.main.profile=prod`), startup now fails
with an `IllegalStateException` instead of starting an unauthenticated server.
- Under the `dev` profile and when no profile is configured, the existing
warning-only behavior is preserved to maintain backward compatibility.
Implementation changes:
- Extracted the duplicated "missing authentication mechanism" handling into
a shared helper method.
- Applied the shared logic to both the embedded HTTP server and the
management HTTP server authentication configuration.
- Added a test verifying that startup fails under the `prod` profile when
authentication is enabled but no mechanism is configured.
- Updated the Camel 4.22 upgrade guide to document the new production
profile behavior.
# Target
- [x] I checked that the commit is targeting the correct branch (Camel 4
uses the `main` branch)
# Tracking
- [x] If this is a large change, bug fix, or code improvement, I checked
there is a JIRA issue filed for the change (CAMEL-23941).
# Apache Camel coding standards and style
- [x] I checked that each commit in the pull request has a meaningful
subject line and body.
- [ ] I have run `mvn clean install -DskipTests` locally from root folder
and I have committed all auto-generated changes.
Attempted the full root build, but it failed in the unrelated
`camel-kserve` module during protobuf generation. The affected
`camel-platform-http-main` module builds successfully and all its tests pass.
# AI-assisted contributions
- [ ] If this PR includes AI-generated code, commits have proper
co-authorship attribution (e.g., `Co-authored-by` trailers) and the PR
description identifies the AI tool used.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]