This is an automated email from the ASF dual-hosted git repository.
Croway pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new a8f3423ffc5a CAMEL-23941: Fail startup in prod when authentication is
enabled without a mechanism
a8f3423ffc5a is described below
commit a8f3423ffc5ae416143977aaf08a092ca11e1a56
Author: gbhavya07 <[email protected]>
AuthorDate: Sun Jul 12 18:13:46 2026 +0530
CAMEL-23941: Fail startup in prod when authentication is enabled without a
mechanism
---
.../http/main/DefaultMainHttpServerFactory.java | 30 +++++++++++++++-------
...henticationConfigurationMainHttpServerTest.java | 10 ++++++++
.../ROOT/pages/camel-4x-upgrade-guide-4_22.adoc | 12 +++++++++
3 files changed, 43 insertions(+), 9 deletions(-)
diff --git
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java
index 054862843883..40446c3c39e8 100644
---
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java
+++
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java
@@ -123,10 +123,7 @@ public class DefaultMainHttpServerFactory implements
CamelContextAware, MainHttp
JWTAuthenticationConfigurer auth = new
JWTAuthenticationConfigurer();
auth.configureAuthentication(server.getConfiguration().getAuthenticationConfig(),
configuration);
} else {
- LOG.warn("Authentication is enabled (authenticationEnabled=true)
but no authentication mechanism is"
- + " configured: neither a basic-auth properties file
(basicPropertiesFile) nor a JWT keystore"
- + " (jwtKeystoreType) is set. The HTTP server will start
WITHOUT authentication. Configure an"
- + " authentication mechanism, or set
authenticationEnabled=false to disable authentication.");
+ handleMissingAuthenticationMechanism(server.getCamelContext(),
"HTTP server");
}
}
@@ -141,12 +138,27 @@ public class DefaultMainHttpServerFactory implements
CamelContextAware, MainHttp
JWTAuthenticationConfigurer auth = new
JWTAuthenticationConfigurer();
auth.configureAuthentication(server.getConfiguration().getAuthenticationConfig(),
configuration);
} else {
- LOG.warn("Authentication is enabled (authenticationEnabled=true)
but no authentication mechanism is"
- + " configured: neither a basic-auth properties file
(basicPropertiesFile) nor a JWT keystore"
- + " (jwtKeystoreType) is set. The HTTP management server
will start WITHOUT authentication."
- + " Configure an authentication mechanism, or set
authenticationEnabled=false to disable"
- + " authentication.");
+ handleMissingAuthenticationMechanism(server.getCamelContext(),
"HTTP management server");
}
}
+ private void handleMissingAuthenticationMechanism(CamelContext
camelContext, String serverName) {
+ if
("prod".equals(camelContext.getCamelContextExtension().getProfile())) {
+ throw new IllegalStateException(
+ "Authentication is enabled (authenticationEnabled=true)
but no authentication mechanism is "
+ + "configured: neither a
basic-auth properties file (basicPropertiesFile) nor a JWT keystore "
+ + "(jwtKeystoreType) is set.
Refusing to start the " + serverName
+ + " in the prod profile without
authentication. Configure an authentication mechanism, "
+ + "or set
authenticationEnabled=false to disable authentication.");
+ }
+
+ LOG.warn(
+ "Authentication is enabled (authenticationEnabled=true) but no
authentication mechanism is "
+ + "configured: neither a basic-auth properties file
(basicPropertiesFile) nor a JWT keystore "
+ + "(jwtKeystoreType) is set. The {} will start WITHOUT
authentication. "
+ + "Configure an authentication mechanism, or set
authenticationEnabled=false to disable "
+ + "authentication.",
+ serverName);
+ }
+
}
diff --git
a/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/AuthenticationConfigurationMainHttpServerTest.java
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/AuthenticationConfigurationMainHttpServerTest.java
index 417f2e4d6be6..182d6da3473d 100644
---
a/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/AuthenticationConfigurationMainHttpServerTest.java
+++
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/AuthenticationConfigurationMainHttpServerTest.java
@@ -84,6 +84,16 @@ public class AuthenticationConfigurationMainHttpServerTest {
}
}
+ @Test
+ public void testAuthenticationEnabledWithoutMechanismProdProfile() {
+ Main main = MainHttpServerAuthenticationTestSupport.createMain(
+ "auth-no-mechanism.properties", port, new
PlatformHttpRouteBuilder());
+
+ main.configure().withProfile("prod");
+
+ assertThrows(IllegalStateException.class, main::start);
+ }
+
private static class PlatformHttpRouteBuilder extends RouteBuilder {
@Override
public void configure() throws Exception {
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_22.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_22.adoc
index e85d56f14334..c74ef56633b7 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_22.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_22.adoc
@@ -182,6 +182,18 @@ the message, consistent with the inbound header filtering
already performed by t
Ordinary application headers are unaffected. If a route relied on `Camel*`
headers being propagated from the MIME
content, set them explicitly after unmarshalling.
+=== camel-platform-http-main
+
+When `authenticationEnabled=true` but neither a basic-auth properties file
+(`basicPropertiesFile`) nor a JWT keystore (`jwtKeystoreType`) is configured,
+Camel now behaves differently under the `prod` profile
+(`camel.main.profile=prod`).
+
+Under the `prod` profile, startup now fails instead of starting the embedded
+HTTP server without authentication. Under the `dev` profile and with no profile
+configured, the existing warning-only behavior is retained for backward
+compatibility.
+
=== camel-kafka - metadataMaxAgeMs option moved from producer to common
The `metadataMaxAgeMs` (`metadata.max.age.ms`) option was incorrectly labeled
as producer-only,