Skip to content

[backport camel-4.14.x] CAMEL-23592: camel-shiro - align Exchange header constant names with Camel naming convention#23559

Merged
oscerd merged 2 commits into
apache:camel-4.14.xfrom
oscerd:backport/23506-to-camel-4.14.x
May 28, 2026
Merged

[backport camel-4.14.x] CAMEL-23592: camel-shiro - align Exchange header constant names with Camel naming convention#23559
oscerd merged 2 commits into
apache:camel-4.14.xfrom
oscerd:backport/23506-to-camel-4.14.x

Conversation

@oscerd
Copy link
Copy Markdown
Contributor

@oscerd oscerd commented May 27, 2026
edited
Loading

Motivation

Backport of CAMEL-23592 (main: #23506 / aeb5fd9d; 4.18.x: #23552) to camel-4.14.x.
Renames the three Exchange header values in ShiroSecurityConstants that drive
Shiro authentication into the canonical Camel* namespace, so they fall under the
default HeaderFilterStrategy like every other Camel internal header. Java field
names are unchanged; only the header string values change.

Constant Previous value New value
ShiroSecurityConstants.SHIRO_SECURITY_TOKEN SHIRO_SECURITY_TOKEN CamelShiroSecurityToken
ShiroSecurityConstants.SHIRO_SECURITY_USERNAME SHIRO_SECURITY_USERNAME CamelShiroSecurityUsername
ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD SHIRO_SECURITY_PASSWORD CamelShiroSecurityPassword

These headers carry credentials and a serialized authentication token, so filtering
them at transport boundaries by default is particularly important.

Commits in this PR

  1. CAMEL-23592: camel-shiro - align Exchange header constant names with Camel naming convention (#23506)
    • The actual constant rename + 4.14 upgrade guide entry.
  2. CAMEL-23592: camel-itest - update ShiroOverJmsTest for renamed Shiro security headers (new)

Compatibility

Backport of an already-documented breaking change (literal string value of the three
headers). Symbolic references to ShiroSecurityConstants.SHIRO_SECURITY_* continue to
work; literal-string references must be updated. The new commit is test + doc only.

Test plan

  • mvn -pl tests/camel-itest test -Dtest=ShiroOverJmsTest passes locally on this
    branch (was failing on CI before the second commit).
  • Full reactor build from root succeeds: mvn clean install -DskipTests (9m27s).
  • No regen artifacts touched (verified via git status post-build).

Related

Claude Code on behalf of Andrea Cosentino

oscerd and others added 2 commits May 28, 2026 13:43
@oscerd
CAMEL-23592: camel-shiro - align Exchange header constant names with …
7730b5e 
…Camel naming convention (apache#23506)

Renames the three Exchange header string values in ShiroSecurityConstants
that drive Shiro authentication (SHIRO_SECURITY_TOKEN,
SHIRO_SECURITY_USERNAME, SHIRO_SECURITY_PASSWORD) to CamelShiroSecurity<Name>,
following the convention used across the rest of the Camel component catalog
and matching the pattern established in CAMEL-23526 (camel-cxf), CAMEL-23522
(camel-mail), CAMEL-23461 (camel-aws-bedrock), CAMEL-23532
(camel-vertx-websocket / camel-atmosphere-websocket / camel-iggy), and
CAMEL-23576 (camel-jira).

- SHIRO_SECURITY_TOKEN: "SHIRO_SECURITY_TOKEN" -> "CamelShiroSecurityToken"
- SHIRO_SECURITY_USERNAME: "SHIRO_SECURITY_USERNAME" -> "CamelShiroSecurityUsername"
- SHIRO_SECURITY_PASSWORD: "SHIRO_SECURITY_PASSWORD" -> "CamelShiroSecurityPassword"

These headers carry credentials and a serialized authentication token, so
filtering them at transport boundaries by default is particularly important.

The Java field names are unchanged so routes referencing the constants
symbolically continue to work; routes using the literal string values must be
updated (documented in the 4.21 upgrade guide). No tests reference the
literal values, and the shiro adoc documentation references the constants
symbolically.

Tracker: CAMEL-23577

Reported by Claude Code on behalf of Andrea Cosentino

Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
@oscerd @claude
CAMEL-23592: camel-itest - update ShiroOverJmsTest for renamed Shiro …
16afc3f 
…security headers

After CAMEL-23592 the three Shiro security header values move into the
Camel* namespace (CamelShiroSecurityToken etc.). The default
JmsHeaderFilterStrategy filters every Camel* header at the transport
boundary, which is the intended behavior for untrusted producers but
strips the serialized authentication token from trusted Shiro-over-JMS
routes that previously relied on the old non-Camel-prefixed value
surviving the JMS round-trip.

ShiroOverJmsTest is exactly such a trusted Shiro-over-JMS route and
was failing on this backport branch's CI:

  mock://ShiroOverJmsTestError Received message count.
  Expected: <0> but was: <1>

(the consumer-side ShiroSecurityPolicy could no longer read the token
and the message ended up at the dead-letter mock). The same regression
exists latently on main; the matching fix is in PR apache#23592, and PR apache#23552
applies it to the 4.18.x backport.

- ShiroOverJmsTest: configure a small subclass of JmsHeaderFilterStrategy
  on the JMS component that opts the three Shiro security headers back in
  (returns false from applyFilterToCamelHeaders /
  applyFilterToExternalHeaders for those headers, delegates to super for
  everything else). This is the pattern end-users will need.
- 4.14 upgrade guide: extend the camel-shiro entry to document the new
  required HeaderFilterStrategy opt-in for trusted Shiro-over-transport
  routes, with a worked code example mirroring the one used in the test.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
@oscerd oscerd force-pushed the backport/23506-to-camel-4.14.x branch from 64c4f4a to 16afc3f Compare May 28, 2026 14:35
@oscerd oscerd merged commit a3d35e9 into apache:camel-4.14.x May 28, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davsclaus davsclaus davsclaus approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oscerd @davsclaus