[jira] [Created] (CAMEL-23812) Add support for explicit username and password parameters in Milo client to safely handle credentials with special characters

Mon, 22 Jun 2026 05:53:09 -0700 

Robin Mattes created CAMEL-23812:
------------------------------------

             Summary: Add support for explicit username and password parameters 
in Milo client to safely handle credentials with special characters
                 Key: CAMEL-23812
                 URL: https://issues.apache.org/jira/browse/CAMEL-23812
             Project: Camel
          Issue Type: Improvement
          Components: camel-milo
            Reporter: Robin Mattes


{*}Problem{*}:

The Camel Milo client component previously embedded authentication credentials 
directly in the endpoint URI using the format user:password@host. 
To prevent Milo from receiving credentials (which it doesn't handle), the 
component used string manipulation with `discoveryUri.replaceFirst(user + "@", 
"")` to strip credentials from the URL before connection. This caused issues 
because the `replaceFirst()` function uses regex patterns that fail with regex 
special characters like "$.*", and passwords containing characters like "%" 
cause issues with `java.net.URLDecoder.decode()` due to percent-encoding in 
URLs.

This approach has limitations: it fails when credentials contain special 
characters commonly found in auto-generated passwords, such as:

@ (breaks URI parsing)
?, & (URI query parameter delimiters)
/, # (URI structure delimiters)
$, % (encoding/variable expansion) 

For example, a password like pass@$?&/#% would cause the discovery URI 
reconstruction to fail or produce incorrect results.

{*}Solution{*}:

Introduce explicit endpoint parameters for username and password that bypass 
URI embedding entirely, eliminating the string manipulation and supporting 
almost any character in credentials. (% is still invalid, except if you use the 
URL-encoding %25 )
The old way of embedding credentials in the URI still works, but using the 
explicit username and password parameters is preferred as it will checked first 
in the code.

Example: https://...&username=RAW(my?user@name)&password=RAW(p@ss/w&rd)


This is my first contribution so i'm more than happy to make required changes 
to my code if needed.

My pull request will come soon.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to