This is an automated email from the ASF dual-hosted git repository.

Croway pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/main by this push:
     new a8f3423ffc5a CAMEL-23941: Fail startup in prod when authentication is 
enabled without a mechanism
a8f3423ffc5a is described below

commit a8f3423ffc5ae416143977aaf08a092ca11e1a56
Author: gbhavya07 <[email protected]>
AuthorDate: Sun Jul 12 18:13:46 2026 +0530

    CAMEL-23941: Fail startup in prod when authentication is enabled without a 
mechanism
---
 .../http/main/DefaultMainHttpServerFactory.java    | 30 +++++++++++++++-------
 ...henticationConfigurationMainHttpServerTest.java | 10 ++++++++
 .../ROOT/pages/camel-4x-upgrade-guide-4_22.adoc    | 12 +++++++++
 3 files changed, 43 insertions(+), 9 deletions(-)

diff --git 
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java
 
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java
index 054862843883..40446c3c39e8 100644
--- 
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java
+++ 
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java
@@ -123,10 +123,7 @@ public class DefaultMainHttpServerFactory implements 
CamelContextAware, MainHttp
             JWTAuthenticationConfigurer auth = new 
JWTAuthenticationConfigurer();
             
auth.configureAuthentication(server.getConfiguration().getAuthenticationConfig(),
 configuration);
         } else {
-            LOG.warn("Authentication is enabled (authenticationEnabled=true) 
but no authentication mechanism is"
-                     + " configured: neither a basic-auth properties file 
(basicPropertiesFile) nor a JWT keystore"
-                     + " (jwtKeystoreType) is set. The HTTP server will start 
WITHOUT authentication. Configure an"
-                     + " authentication mechanism, or set 
authenticationEnabled=false to disable authentication.");
+            handleMissingAuthenticationMechanism(server.getCamelContext(), 
"HTTP server");
         }
     }
 
@@ -141,12 +138,27 @@ public class DefaultMainHttpServerFactory implements 
CamelContextAware, MainHttp
             JWTAuthenticationConfigurer auth = new 
JWTAuthenticationConfigurer();
             
auth.configureAuthentication(server.getConfiguration().getAuthenticationConfig(),
 configuration);
         } else {
-            LOG.warn("Authentication is enabled (authenticationEnabled=true) 
but no authentication mechanism is"
-                     + " configured: neither a basic-auth properties file 
(basicPropertiesFile) nor a JWT keystore"
-                     + " (jwtKeystoreType) is set. The HTTP management server 
will start WITHOUT authentication."
-                     + " Configure an authentication mechanism, or set 
authenticationEnabled=false to disable"
-                     + " authentication.");
+            handleMissingAuthenticationMechanism(server.getCamelContext(), 
"HTTP management server");
         }
     }
 
+    private void handleMissingAuthenticationMechanism(CamelContext 
camelContext, String serverName) {
+        if 
("prod".equals(camelContext.getCamelContextExtension().getProfile())) {
+            throw new IllegalStateException(
+                    "Authentication is enabled (authenticationEnabled=true) 
but no authentication mechanism is "
+                                            + "configured: neither a 
basic-auth properties file (basicPropertiesFile) nor a JWT keystore "
+                                            + "(jwtKeystoreType) is set. 
Refusing to start the " + serverName
+                                            + " in the prod profile without 
authentication. Configure an authentication mechanism, "
+                                            + "or set 
authenticationEnabled=false to disable authentication.");
+        }
+
+        LOG.warn(
+                "Authentication is enabled (authenticationEnabled=true) but no 
authentication mechanism is "
+                 + "configured: neither a basic-auth properties file 
(basicPropertiesFile) nor a JWT keystore "
+                 + "(jwtKeystoreType) is set. The {} will start WITHOUT 
authentication. "
+                 + "Configure an authentication mechanism, or set 
authenticationEnabled=false to disable "
+                 + "authentication.",
+                serverName);
+    }
+
 }
diff --git 
a/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/AuthenticationConfigurationMainHttpServerTest.java
 
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/AuthenticationConfigurationMainHttpServerTest.java
index 417f2e4d6be6..182d6da3473d 100644
--- 
a/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/AuthenticationConfigurationMainHttpServerTest.java
+++ 
b/components/camel-platform-http-main/src/test/java/org/apache/camel/component/platform/http/main/authentication/AuthenticationConfigurationMainHttpServerTest.java
@@ -84,6 +84,16 @@ public class AuthenticationConfigurationMainHttpServerTest {
         }
     }
 
+    @Test
+    public void testAuthenticationEnabledWithoutMechanismProdProfile() {
+        Main main = MainHttpServerAuthenticationTestSupport.createMain(
+                "auth-no-mechanism.properties", port, new 
PlatformHttpRouteBuilder());
+
+        main.configure().withProfile("prod");
+
+        assertThrows(IllegalStateException.class, main::start);
+    }
+
     private static class PlatformHttpRouteBuilder extends RouteBuilder {
         @Override
         public void configure() throws Exception {
diff --git 
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_22.adoc 
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_22.adoc
index e85d56f14334..c74ef56633b7 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_22.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_22.adoc
@@ -182,6 +182,18 @@ the message, consistent with the inbound header filtering 
already performed by t
 Ordinary application headers are unaffected. If a route relied on `Camel*` 
headers being propagated from the MIME
 content, set them explicitly after unmarshalling.
 
+=== camel-platform-http-main
+
+When `authenticationEnabled=true` but neither a basic-auth properties file
+(`basicPropertiesFile`) nor a JWT keystore (`jwtKeystoreType`) is configured,
+Camel now behaves differently under the `prod` profile
+(`camel.main.profile=prod`).
+
+Under the `prod` profile, startup now fails instead of starting the embedded
+HTTP server without authentication. Under the `dev` profile and with no profile
+configured, the existing warning-only behavior is retained for backward
+compatibility.
+
 === camel-kafka - metadataMaxAgeMs option moved from producer to common
 
 The `metadataMaxAgeMs` (`metadata.max.age.ms`) option was incorrectly labeled 
as producer-only,

Reply via email to