Andrea Cosentino created CAMEL-23941:
----------------------------------------

             Summary: camel-platform-http-main: fail closed under prod when 
auth enabled without mechanism
                 Key: CAMEL-23941
                 URL: https://issues.apache.org/jira/browse/CAMEL-23941
             Project: Camel
          Issue Type: Improvement
          Components: camel-platform-http
            Reporter: Andrea Cosentino


Follow-up / hardening for CAMEL-23767.

CAMEL-23767 added a startup warning in 
{{DefaultMainHttpServerFactory.configureAuthentication}} for the case where 
{{camel.server.authenticationEnabled=true}} is set but no authentication 
mechanism is configured (neither {{basicPropertiesFile}} nor 
{{jwtKeystoreType}}). In that situation the embedded HTTP server — and the 
management server — still starts and serves requests without authentication; 
only a warning is logged. That behavior was intentionally kept non-breaking for 
backward compatibility.

We can make this consistent with Camel's security-policy framework 
({{camel.main.profile}}, see {{design/security.adoc}}), which already defaults 
production deployments to strict ({{fail}}) enforcement:

* Under the *prod* profile, {{authenticationEnabled=true}} with no mechanism 
configured should *fail closed* (throw at startup) instead of starting a server 
without authentication.
* Under the *dev* profile and by default (no profile), keep the current 
warn-only behavior so existing setups remain backward compatible.

This mirrors how {{ProfileConfigurer}} already switches 
{{camel.security.policy}} to {{fail}} under prod, while preserving the 
CAMEL-23767 warning for dev.

h3. Suggested implementation

* In {{DefaultMainHttpServerFactory.configureAuthentication(...)}} — both the 
{{MainHttpServer}} and {{ManagementHttpServer}} overloads — in the final 
{{else}} branch (currently {{LOG.warn}} only): read the active profile via 
{{camelContext.getCamelContextExtension().getProfile()}}. If it is 
{{prod}}/{{production}}, throw an {{IllegalStateException}} with a clear 
message; otherwise retain the existing warning.
* Both overloads currently duplicate the same {{else}} branch — extract a small 
shared helper.
* Note: simply marking {{authenticationEnabled}} with {{security = 
"insecure:*"}} is not sufficient, because that would also flag the 
correctly-configured {{authenticationEnabled=true}} case; the check must be 
conditional on "enabled and no mechanism".

h3. Affected classes

* 
{{components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java}}
 (both {{configureAuthentication}} overloads, ~lines 116-150)

h3. Tests

Extend {{AuthenticationConfigurationMainHttpServerTest}} — under prod, assert 
startup throws; under dev/default, keep the existing 
{{testAuthenticationEnabledWithoutMechanism}} behavior (starts + warns).

h3. Docs

Update the upgrade-guide note added by CAMEL-23767 to document the new 
prod-profile fail-closed behavior. Behavior change under prod → target 
main/4.22 only, not a backport.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to