CAMEL-23373: camel-jms - Disable ObjectMessage by default

[oscerd]

Summary

Resolves CAMEL-23373. Disables creation and reading of jakarta.jms.ObjectMessage by default in camel-jms and adds a new objectMessageEnabled option (default false) to opt back in at the component or endpoint level.

Java object serialization over JMS is rarely used in practice and is a recurring source of security advisories — the goal is to reduce the default attack surface and keep the feature available for users who explicitly need it.

Behavior

When objectMessageEnabled=false (the new default), JmsBinding refuses to:

• create an ObjectMessage from a Serializable body (auto-detected jmsMessageType=Object or explicitly set)
• create an ObjectMessage for transferExchange or transferException replies
• extract the body of a received ObjectMessage

In each case, IllegalStateException is thrown with a message pointing the user at how to enable the option:

JMS ObjectMessage is disabled by default for security reasons (...). Set objectMessageEnabled=true on the JMS endpoint or component to enable it.

To restore the previous behavior:

camel.component.jms.objectMessageEnabled=true

or per endpoint: jms:queue:foo?objectMessageEnabled=true.

Migration

Existing camel-jms tests that rely on ObjectMessage have been updated to opt in via setObjectMessageEnabled(true) on the component (or ?objectMessageEnabled=true on URLs). This matches the migration story end users will follow.

The downstream JMS-derived components (camel-activemq, camel-activemq6, camel-amqp) have had their generated catalogs / URI factories regenerated to expose the new option.

What this PR contains

• JmsConfiguration / JmsComponent: new objectMessageEnabled option (default false), with security = "insecure:serialization" annotation
• JmsBinding: checks the flag in extractBodyFromJms, createJmsMessage(Exception, Session), the transferExchange branch of createJmsMessage, and the Object case of createJmsMessageForType
• JmsBindingTest: unit tests for the consumer-side default and opt-in
• JmsObjectMessageEnabledTest: new integration test verifying both producer and consumer refusal under the default
• 14 existing tests updated to opt in to objectMessageEnabled=true
• core/camel-util/src/main/java/org/apache/camel/util/SecurityUtils.java: regenerated security options map
• docs/user-manual/.../camel-4x-upgrade-guide-4_21.adoc: new "camel-jms" section documenting the change

Test plan

• mvn test in components/camel-jms — 451 tests, 0 failures
• mvn install -DskipTests from root for the affected modules (camel-jms, camel-catalog, camel-util) — green
• New JmsObjectMessageEnabledTest covers default-disabled producer and consumer behavior
• New JmsBindingTest cases cover the unit-level disabled-by-default and enabled paths
• Full integration test run (mvn verify -Pit) — has not been run locally; CI will exercise it

🤖 Claude Code on behalf of Andrea Cosentino

[github-actions]

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

• First-time contributors require MANUAL approval for the GitHub Actions to run
• You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
• You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
• Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

[davsclaus]

modified:   dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/Activemq6ComponentBuilderFactory.java
modified:   dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ActivemqComponentBuilderFactory.java
modified:   dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/AmqpComponentBuilderFactory.java
modified:   dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/JmsComponentBuilderFactory.java
modified:   dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/AMQPEndpointBuilderFactory.java
modified:   dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ActiveMQ6EndpointBuilderFactory.java
modified:   dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ActiveMQEndpointBuilderFactory.java
modified:   dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/JmsEndpointBuilderFactory.java

[github-actions]

🧪 CI tested the following changed modules:

• catalog/camel-catalog
• components/camel-activemq
• components/camel-activemq6
• components/camel-amqp
• components/camel-jms
• core/camel-util
• docs
• dsl/camel-componentdsl
• dsl/camel-endpointdsl

ℹ️ Dependent modules were not tested because the total number of affected modules exceeded the threshold (50). Use the test-dependents label to force testing all dependents.

⚠️ Some tests are disabled on GitHub Actions (@DisabledIfSystemProperty(named = "ci.env.name")) and require manual verification:

• components/camel-jms: 8 test(s) disabled on GitHub Actions

Build reactor — dependencies compiled but only changed modules were tested (9 modules)

• Camel :: AMQP
• Camel :: ActiveMQ 5.x
• Camel :: ActiveMQ 6.x
• Camel :: Catalog :: Camel Catalog
• Camel :: Component DSL
• Camel :: Docs
• Camel :: Endpoint DSL
• Camel :: JMS
• Camel :: Util

---

⚙️ View full build and test results