CAMEL-23250: Security policy enforcement with profile-aware defaults#22269
Open
CAMEL-23250: Security policy enforcement with profile-aware defaults#22269
Conversation
…ation - Add security policy enforcement with configurable policies (allow/warn/fail) under the camel.security.* namespace - Add `security` and `insecureValue` attributes to @metadata, @UriParam, @UriPath annotations to categorize security-sensitive options - Deprecate `secret` attribute in favor of `security="secret"` - Introduce security categories: secret, insecure:ssl, insecure:serialization, insecure:dev - Create SecurityUtils utility for detecting insecure configuration values and plain-text secrets - Create SecurityConfigurationProperties for per-category policy configuration with property-level allowlist overrides - Annotate insecure properties across 50+ components (AWS trustAllCertificates, JMS transferException, Netty hostnameVerification, etc.) - Fix DevConsole JSON output to mask sensitive values (was only masked in text) - Extend build tooling (EndpointSchemaGeneratorMojo, SchemaGeneratorMojo, PackageLanguageMojo, GeneratePojoBeanMojo) to process new annotations - Extend UpdateSensitizeHelper to generate SecurityUtils from catalog metadata - Add comprehensive tests for security policy enforcement Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
|
🌟 Thank you for your contribution to the Apache Camel project! 🌟 🐫 Apache Camel Committers, please review the following items:
|
github-actions
bot
added
components
core
docs
tooling
tooling-maven
components-aws
components-jms
labels
Regenerated all component JSON catalogs, endpoint DSL, component DSL, and SecurityUtils after full build. The generated files now include the new `security` field in component option metadata. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
github-actions
bot
added
components-kafka
catalog
components-azure
components-ai
labels
…nd docs - Fix camel.security.* property prefix mapping and group registration - Add policy value validation (allow/warn/fail only) - Annotate camel-mina and camel-hazelcast transferExchange as insecure:serialization - Add insecure:dev annotation to devConsoleEnabled in DefaultConfigurationProperties - Fix insecure:dev options generation via EXTRA_SECURITY_OPTIONS in UpdateSensitizeHelper - Improve warning message to suggest vault/env/placeholder instead of RAW() - Add comprehensive tests for insecure:ssl, insecure:dev, and policy validation - Add Security Policy Enforcement documentation section - Regenerate all downstream artifacts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add SecurityViolation record in camel-util for shared violation representation - Add SecurityUtils.detectViolations() shared utility method - Refactor BaseMainSupport.enforceSecurityPolicies() to use shared utility - Add SecurityPolicyResult context plugin for runtime access to violations - Add SecurityPolicyHealthCheck in camel-health (readiness check) - Add getAllowedPropertySet() to SecurityConfigurationProperties - Add tests for detectViolations(), SecurityPolicyResult context plugin - Spring Boot: verified SecurityConfigurationPropertiesConfigurer generation, service loader registration, and camel.security.* metadata prefix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add @UriParam(security="insecure:ssl") to ignoreSslVerification properties across all 7 Huawei cloud components (OBS, SMN, DMS, FRS, FunctionGraph, IAM, ImageRecognition). Regenerate catalog and SecurityUtils. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When camel.main.profile=prod, the global security policy defaults to "fail" so production applications refuse to start with insecure configurations. Users can override via camel.security.policy=warn. Dev and test profiles keep the default "warn" behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
gnodet
changed the title
5 tasks
oscerd
approved these changes
Mar 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a security policy enforcement system that detects insecure configuration at startup and warns or prevents the application from starting.
Key Files to Review
Core implementation (new files):
SecurityViolation.java— shared violation recordSecurityUtils.java— detection logic + auto-generated security options map (13 entries)SecurityConfigurationProperties.java— policy configuration (allow/warn/fail, per-category overrides, allowlist)SecurityPolicyResult.java— context plugin for runtime accessSecurityPolicyHealthCheck.java— readiness health check (uses reflection to avoid camel-health → camel-main dependency)Integration points (modified files):
BaseMainSupport.java—enforceSecurityPolicies()method (~line 2843)ProfileConfigurer.java— prod profile defaults policy tofailMainConfigurationProperties.java—securityConfig()wiringAnnotation definitions (3 attributes added:
security(),insecureValue()):UriParam.java,Metadata.java,UriPath.javaBuild tooling (reads annotations, generates SecurityUtils map):
EndpointSchemaGeneratorMojo.javaUpdateSensitizeHelper.javaPrepareCamelMainMojo.javaTests:
MainSecurityPolicyTest.java— 25 tests covering policies, overrides, profiles, placeholdersSecurityUtilsTest.javaDocumentation:
security.adoc— "Security Policy Enforcement" section (near end of file)What can be skipped during review
catalog/camel-catalog/src/generated/— regenerated component JSON metadata (bulk of the diff)dsl/camel-endpointdsl/src/generated/— regenerated endpoint DSL factoriescore/camel-main/src/generated/— regenerated configurer and metadata JSONcomponents/*/src/generated/— regenerated per-component JSONsecurity = "insecure:ssl"etc.) — mechanical, can be spot-checkedFeatures
allow/warn/fail) undercamel.security.*namespacesecret,insecure:ssl,insecure:serialization,insecure:devcamel.main.profile=proddefaults tofail;dev/testkeepwarn(overridable)camel.security.allowedPropertiesto exclude specific propertiesRAW(),{{vault:...}},${env:...}, or{{...}}SecurityPolicyHealthCheckreadiness check reports violations at runtimeSecurityPolicyResultfor programmatic access to violationssecurityandinsecureValueattributes on@UriParam/@Metadata/@UriPath— build tools auto-generate the tracking mapAnnotated Components (57+)
trustAllCertificates,hostnameVerification,validateCertificates,ignoreSslVerification— AWS (37), Netty, Splunk, Paho MQTT, Huawei Cloud (7), core SSLallowJavaSerializedObject,transferException,transferExchange,allowSerializedHeaders— JMS, Netty, Mina, HTTPdevConsoleEnabled,uploadEnabled,downloadEnabled,sendEnabled— management serverTest plan
MainSecurityPolicyTestcovering all policy levels, categories, overrides, allowlist, placeholders, context plugin, profile-aware defaults