Skip to content

Commit 5c89a07

Browse files
gnodetclaude
gnodet
and
claude
committed
CAMEL-23250: Security policy enforcement framework
Add a built-in security policy enforcement mechanism that detects insecure configuration at startup and either warns or prevents the application from starting, depending on the configured policy. Framework components: - SecurityUtils and SecurityViolation in camel-util for detection logic - SecurityConfigurationProperties for camel.security.* configuration - SecurityPolicyResult as a CamelContext plugin for runtime access - SecurityPolicyHealthCheck for health monitoring - Profile-aware defaults: prod profile auto-sets policy=fail - security attribute on @UriParam/@UriPath/@metadata annotations - Tooling support to generate security options map from annotations Security categories: secret, insecure:ssl, insecure:serialization, insecure:dev. Policy levels: allow, warn (default), fail. Annotated 60+ component options across AWS, Huawei, JMS, Netty, HTTP, Splunk, Paho, and other components with security categories. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent b0834ac commit 5c89a07

File tree

90 files changed

+1798
-167
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

90 files changed

+1798
-167
lines changed

components/camel-aws/camel-aws-bedrock/src/main/java/org/apache/camel/component/aws2/bedrock/agent/BedrockAgentConfiguration.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ public class BedrockAgentConfiguration implements Cloneable, AwsCommonConfigurat
6565
private String region;
6666
@UriParam
6767
private boolean pojoRequest;
68-
@UriParam(label = "security")
68+
@UriParam(label = "security", security = "insecure:ssl")
6969
private boolean trustAllCertificates;
7070
@UriParam
7171
private boolean overrideEndpoint;

components/camel-aws/camel-aws-bedrock/src/main/java/org/apache/camel/component/aws2/bedrock/agentruntime/BedrockAgentRuntimeConfiguration.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ public class BedrockAgentRuntimeConfiguration implements Cloneable, AwsCommonCon
5959
private String region;
6060
@UriParam
6161
private boolean pojoRequest;
62-
@UriParam(label = "security")
62+
@UriParam(label = "security", security = "insecure:ssl")
6363
private boolean trustAllCertificates;
6464
@UriParam
6565
private boolean overrideEndpoint;

components/camel-aws/camel-aws-bedrock/src/main/java/org/apache/camel/component/aws2/bedrock/runtime/BedrockConfiguration.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ public class BedrockConfiguration implements Cloneable, AwsCommonConfiguration {
5959
private String region;
6060
@UriParam
6161
private boolean pojoRequest;
62-
@UriParam(label = "security")
62+
@UriParam(label = "security", security = "insecure:ssl")
6363
private boolean trustAllCertificates;
6464
@UriParam
6565
private boolean overrideEndpoint;

components/camel-aws/camel-aws-cloudtrail/src/main/java/org/apache/camel/component/aws/cloudtrail/CloudtrailConfiguration.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,8 @@ public class CloudtrailConfiguration implements Cloneable, AwsCommonConfiguratio
5959
private String proxyHost;
6060
@UriParam(label = "proxy", description = "To define a proxy port when instantiating the Cloudtrail client")
6161
private Integer proxyPort;
62-
@UriParam(label = "security", description = "If we want to trust all certificates in case of overriding the endpoint")
62+
@UriParam(security = "insecure:ssl", label = "security",
63+
description = "If we want to trust all certificates in case of overriding the endpoint")
6364
private boolean trustAllCertificates;
6465
@UriParam(defaultValue = "false",
6566
description = "Set the need for overriding the endpoint. This option needs to be used in combination with uriEndpointOverride option")

components/camel-aws/camel-aws-config/src/main/java/org/apache/camel/component/aws/config/AWSConfigConfiguration.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ public class AWSConfigConfiguration implements Cloneable, AwsCommonConfiguration
5353
private String region;
5454
@UriParam
5555
private boolean pojoRequest;
56-
@UriParam(label = "security")
56+
@UriParam(label = "security", security = "insecure:ssl")
5757
private boolean trustAllCertificates;
5858
@UriParam
5959
private boolean overrideEndpoint;

components/camel-aws/camel-aws-parameter-store/src/main/java/org/apache/camel/component/aws/parameterstore/ParameterStoreConfiguration.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ public class ParameterStoreConfiguration implements Cloneable, AwsCommonConfigur
5454
private String region;
5555
@UriParam
5656
private boolean pojoRequest;
57-
@UriParam(label = "security")
57+
@UriParam(label = "security", security = "insecure:ssl")
5858
private boolean trustAllCertificates;
5959
@UriParam
6060
private boolean overrideEndpoint;

components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/SecretsManagerConfiguration.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ public class SecretsManagerConfiguration implements Cloneable, AwsCommonConfigur
5454
private String region;
5555
@UriParam
5656
private boolean pojoRequest;
57-
@UriParam(label = "security")
57+
@UriParam(label = "security", security = "insecure:ssl")
5858
private boolean trustAllCertificates;
5959
@UriParam
6060
private boolean overrideEndpoint;

components/camel-aws/camel-aws-security-hub/src/main/java/org/apache/camel/component/aws/securityhub/SecurityHubConfiguration.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ public class SecurityHubConfiguration implements Cloneable, AwsCommonConfigurati
4949
private String region;
5050
@UriParam
5151
private boolean pojoRequest;
52-
@UriParam(label = "security")
52+
@UriParam(label = "security", security = "insecure:ssl")
5353
private boolean trustAllCertificates;
5454
@UriParam
5555
private boolean overrideEndpoint;

components/camel-aws/camel-aws2-athena/src/main/java/org/apache/camel/component/aws2/athena/Athena2Configuration.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,7 @@ public class Athena2Configuration implements Cloneable, AwsCommonConfiguration {
136136
@UriParam(label = "security")
137137
private String profileCredentialsName;
138138

139-
@UriParam(label = "security")
139+
@UriParam(label = "security", security = "insecure:ssl")
140140
private boolean trustAllCertificates;
141141
@UriParam
142142
private boolean overrideEndpoint;

components/camel-aws/camel-aws2-comprehend/src/main/java/org/apache/camel/component/aws2/comprehend/Comprehend2Configuration.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ public class Comprehend2Configuration implements Cloneable, AwsCommonConfigurati
5757
private String endpointArn;
5858
@UriParam
5959
private boolean pojoRequest;
60-
@UriParam(label = "security")
60+
@UriParam(label = "security", security = "insecure:ssl")
6161
private boolean trustAllCertificates;
6262
@UriParam
6363
private boolean overrideEndpoint;

0 commit comments

Comments
 (0)