[ 
https://issues.apache.org/jira/browse/CAMEL-23941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrea Cosentino reassigned CAMEL-23941:
----------------------------------------

    Assignee: Andrea Cosentino

> camel-platform-http-main: fail closed under prod when auth enabled without 
> mechanism
> ------------------------------------------------------------------------------------
>
>                 Key: CAMEL-23941
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23941
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-platform-http
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>
> Follow-up / hardening for CAMEL-23767.
> CAMEL-23767 added a startup warning in 
> {{DefaultMainHttpServerFactory.configureAuthentication}} for the case where 
> {{camel.server.authenticationEnabled=true}} is set but no authentication 
> mechanism is configured (neither {{basicPropertiesFile}} nor 
> {{jwtKeystoreType}}). In that situation the embedded HTTP server — and the 
> management server — still starts and serves requests without authentication; 
> only a warning is logged. That behavior was intentionally kept non-breaking 
> for backward compatibility.
> We can make this consistent with Camel's security-policy framework 
> ({{camel.main.profile}}, see {{design/security.adoc}}), which already 
> defaults production deployments to strict ({{fail}}) enforcement:
> * Under the *prod* profile, {{authenticationEnabled=true}} with no mechanism 
> configured should *fail closed* (throw at startup) instead of starting a 
> server without authentication.
> * Under the *dev* profile and by default (no profile), keep the current 
> warn-only behavior so existing setups remain backward compatible.
> This mirrors how {{ProfileConfigurer}} already switches 
> {{camel.security.policy}} to {{fail}} under prod, while preserving the 
> CAMEL-23767 warning for dev.
> h3. Suggested implementation
> * In {{DefaultMainHttpServerFactory.configureAuthentication(...)}} — both the 
> {{MainHttpServer}} and {{ManagementHttpServer}} overloads — in the final 
> {{else}} branch (currently {{LOG.warn}} only): read the active profile via 
> {{camelContext.getCamelContextExtension().getProfile()}}. If it is 
> {{prod}}/{{production}}, throw an {{IllegalStateException}} with a clear 
> message; otherwise retain the existing warning.
> * Both overloads currently duplicate the same {{else}} branch — extract a 
> small shared helper.
> * Note: simply marking {{authenticationEnabled}} with {{security = 
> "insecure:*"}} is not sufficient, because that would also flag the 
> correctly-configured {{authenticationEnabled=true}} case; the check must be 
> conditional on "enabled and no mechanism".
> h3. Affected classes
> * 
> {{components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/DefaultMainHttpServerFactory.java}}
>  (both {{configureAuthentication}} overloads, ~lines 116-150)
> h3. Tests
> Extend {{AuthenticationConfigurationMainHttpServerTest}} — under prod, assert 
> startup throws; under dev/default, keep the existing 
> {{testAuthenticationEnabledWithoutMechanism}} behavior (starts + warns).
> h3. Docs
> Update the upgrade-guide note added by CAMEL-23767 to document the new 
> prod-profile fail-closed behavior. Behavior change under prod → target 
> main/4.22 only, not a backport.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to