Skip to content

CAMEL-23250: Add security policy enforcement framework#22269

Merged
gnodet merged 4 commits into
mainfrom
CAMEL-23250-security-policy-enforcement
Apr 25, 2026
Merged

CAMEL-23250: Add security policy enforcement framework#22269
gnodet merged 4 commits into
mainfrom
CAMEL-23250-security-policy-enforcement

Conversation

@gnodet
Copy link
Copy Markdown
Contributor

@gnodet gnodet commented Mar 26, 2026
edited
Loading

CAMEL-23250

Summary

Adds a security policy enforcement framework that enables runtime detection and enforcement of security-sensitive configuration options in Apache Camel.

Key changes

  • New security attribute on @Metadata, @UriParam, @UriPath with categories: "secret", "insecure:ssl", "insecure:serialization", "insecure:dev"
  • New insecureValue attribute to flag the specific value that triggers a security concern
  • SecurityConfigurationProperties for policy configuration (camel.security.insecureSslPolicy, etc.)
  • SecurityUtils / SecurityViolation in camel-util for violation scanning
  • SecurityPolicyResult in camel-main for startup enforcement (fail/warn/allow)
  • SecurityPolicyHealthCheck for runtime monitoring via health API
  • Profile-aware defaults: dev/test profiles default to warn, prod defaults to fail
  • Bidirectional derivation: secret=true implies security="secret" and vice versa
  • All metadata generators updated to emit the security field in JSON schemas
  • Build-time validation: BaseOptionModel.setSecurity() validates categories at build time — typos cause an immediate IllegalArgumentException
  • Design proposal: proposals/security.adoc
  • 73 component files annotated with insecure:ssl, insecure:serialization, insecure:dev categories

Follow-up work

  1. Camel core — Add security = "secret" to all remaining secret = true parameters (~144 files not yet annotated)
  2. Camel Spring Boot — Auto-configuration for camel.security.* properties
  3. Camel Quarkus — Integration for camel.security.* properties

Test plan

  • MainSecurityPolicyTest — parameterized tests for policy enforcement (fail/warn/allow) across profiles
  • MainSecurityPolicyHealthCheckTest — health check reports violations
  • SecurityUtilsTest — violation scanning logic
  • Verify generated metadata includes security field
  • CI build passes

@gnodet gnodet requested review from davsclaus and oscerd March 26, 2026 00:46
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 26, 2026

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using build-all, build-dependents, skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

@gnodet gnodet marked this pull request as draft March 26, 2026 06:24
@gnodet gnodet changed the title CAMEL-23250: Warn or prevent plain-text secrets and insecure configuration CAMEL-23250: Security policy enforcement with profile-aware defaults Mar 26, 2026
@gnodet gnodet mentioned this pull request Mar 26, 2026
Merged
5 tasks
@gnodet gnodet marked this pull request as ready for review March 27, 2026 07:43
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch 3 times, most recently from 7d1ca40 to d186bfb Compare April 2, 2026 15:34
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 7, 2026

Quality Gate Passed Quality Gate passed

Issues
11 New issues
0 Accepted issues

Measures
0 Security Hotspots
88.6% Coverage on New Code
2.7% Duplication on New Code

See analysis details on SonarQube Cloud

@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch 6 times, most recently from acc9a34 to 7ce2eb7 Compare April 8, 2026 16:32
@gnodet gnodet closed this Apr 8, 2026
@gnodet gnodet reopened this Apr 8, 2026
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch from b6ed4ab to 7ce2eb7 Compare April 8, 2026 16:40
@gnodet gnodet closed this Apr 8, 2026
@gnodet gnodet reopened this Apr 8, 2026
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch 4 times, most recently from 5fe8a95 to 6c604f4 Compare April 8, 2026 17:10
@gnodet gnodet marked this pull request as draft April 8, 2026 17:12
@gnodet gnodet marked this pull request as ready for review April 8, 2026 17:12
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch from 6c604f4 to 8fbeb08 Compare April 8, 2026 17:18
gnodet and others added 3 commits April 8, 2026 20:50
@gnodet @claude
CAMEL-23250: Add security policy enforcement framework
ce60148 
Introduce a security policy framework that enables runtime enforcement
of security-sensitive configuration options. This adds:

- New `security` attribute on @metadata, @UriParam, @UriPath annotations
  with categories: "secret", "insecure:ssl", "insecure:serialization",
  "insecure:dev"
- SecurityConfigurationProperties for policy configuration
  (camel.security.insecureSslPolicy, etc.)
- SecurityUtils/SecurityViolation in camel-util for violation scanning
- SecurityPolicyResult in camel-main for startup enforcement
- SecurityPolicyHealthCheck for runtime monitoring
- Updated all metadata generators (EndpointSchemaGeneratorMojo,
  PrepareCamelMainMojo, GeneratePojoBeanMojo, SchemaGeneratorMojo,
  PackageLanguageMojo) to emit the security field in JSON metadata
- Bidirectional derivation: secret=true implies security="secret"
  and security="secret" implies secret=true
- Profile-aware defaults: dev/test profiles default to "warn",
  prod defaults to "fail" for insecure options
- Design proposal document (proposals/security.adoc)
- Deprecate `secret` attribute in favor of `security = "secret"`

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet @claude
CAMEL-23250: Annotate components with security policy categories
eef402b 
Add `security = "insecure:ssl"` to trustAllCertificates and similar
SSL-bypass parameters across all affected components (HTTP, Netty,
Undertow, Vert.x HTTP, Mina, Paho, SJMS, JMS, ActiveMQ, Splunk, etc.).

Add `security = "insecure:serialization"` to allowJavaSerializedObject
and similar deserialization-bypass parameters.

Migrate `@UriParam(secret = true)` to `@UriParam(security = "secret")`
and `@Metadata(secret = true)` to `@Metadata(security = "secret")`
on all component and core configuration fields touched by this PR,
removing usage of the now-deprecated `secret` attribute.

Add `security = "insecure:dev"` to devConsoleEnabled, downloadEnabled,
sendEnabled, uploadEnabled on main configuration properties.

Add `insecureValue` attribute where applicable to flag the specific
value that triggers a security concern (e.g., insecureValue = "true"
for boolean flags).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet @claude
CAMEL-23250: Regenerate catalog and generated files
6da130a 
Regenerate all component JSON metadata, catalog files, and
camel-main configuration metadata to include the new security
field in component/bean/language JSON schemas.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet gnodet force-pushed the CAMEL-23250-security-policy-enforcement branch from 8fbeb08 to 6da130a Compare April 8, 2026 18:51
@davsclaus
Copy link
Copy Markdown
Contributor

davsclaus commented Apr 10, 2026

CSB and CEQ would need some kind of integration with this as well - CSB have its own spring boot auto configuration that needs to have these new camel.security.xxx option as well.

All the components with secret = true needs to be analyses what kind they are.

@apupier
Copy link
Copy Markdown
Contributor

apupier commented Apr 21, 2026

@gnodet there are conflicts, a rebase is required

@gnodet
Merge remote-tracking branch 'origin/main' into CAMEL-23250-security-…
2a0e9f2 
…policy-enforcement

# Conflicts:
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/CaffeineAggregationRepository.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/CassandraAggregationRepository.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/ConsulClusterService.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/EhcacheAggregationRepository.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/HazelcastAggregationRepository.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/InfinispanEmbeddedAggregationRepository.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/InfinispanRemoteAggregationRepository.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/InfinispanRemoteClusterService.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/JCacheAggregationRepository.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/JdbcAggregationRepository.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/beans/LevelDBAggregationRepository.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/activemq.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/activemq6.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/amqp.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-storage-blob.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/jms.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/netty-http.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms2.json
#	catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/releases/camel-releases.json
#	components/camel-activemq/src/generated/resources/META-INF/org/apache/camel/component/activemq/activemq.json
#	components/camel-activemq6/src/generated/resources/META-INF/org/apache/camel/component/activemq6/activemq6.json
#	components/camel-amqp/src/generated/resources/META-INF/org/apache/camel/component/amqp/amqp.json
#	components/camel-azure/camel-azure-storage-blob/src/generated/resources/META-INF/org/apache/camel/component/azure/storage/blob/azure-storage-blob.json
#	components/camel-caffeine/src/generated/resources/META-INF/services/org/apache/camel/bean/CaffeineAggregationRepository.json
#	components/camel-cassandraql/src/generated/resources/META-INF/services/org/apache/camel/bean/CassandraAggregationRepository.json
#	components/camel-consul/src/generated/resources/META-INF/services/org/apache/camel/bean/ConsulClusterService.json
#	components/camel-ehcache/src/generated/resources/META-INF/services/org/apache/camel/bean/EhcacheAggregationRepository.json
#	components/camel-hazelcast/src/generated/resources/META-INF/services/org/apache/camel/bean/HazelcastAggregationRepository.json
#	components/camel-infinispan/camel-infinispan-embedded/src/generated/resources/META-INF/services/org/apache/camel/bean/InfinispanEmbeddedAggregationRepository.json
#	components/camel-infinispan/camel-infinispan/src/generated/resources/META-INF/services/org/apache/camel/bean/InfinispanRemoteAggregationRepository.json
#	components/camel-infinispan/camel-infinispan/src/generated/resources/META-INF/services/org/apache/camel/bean/InfinispanRemoteClusterService.json
#	components/camel-jcache/src/generated/resources/META-INF/services/org/apache/camel/bean/JCacheAggregationRepository.json
#	components/camel-jms/src/generated/resources/META-INF/org/apache/camel/component/jms/jms.json
#	components/camel-jms/src/main/java/org/apache/camel/component/jms/JmsConfiguration.java
#	components/camel-leveldb/src/generated/resources/META-INF/services/org/apache/camel/bean/LevelDBAggregationRepository.json
#	components/camel-netty-http/src/generated/resources/META-INF/org/apache/camel/component/netty/http/netty-http.json
#	components/camel-sjms/src/generated/resources/META-INF/org/apache/camel/component/sjms/sjms.json
#	components/camel-sjms2/src/generated/resources/META-INF/org/apache/camel/component/sjms2/sjms2.json
#	components/camel-sql/src/generated/resources/META-INF/services/org/apache/camel/bean/JdbcAggregationRepository.json
#	core/camel-main/src/main/java/org/apache/camel/main/BaseMainSupport.java
@gnodet
Copy link
Copy Markdown
Contributor Author

gnodet commented Apr 25, 2026

Agreed on both points:

  1. Components with secret = true: All 144 files with secret = true need to be analyzed and annotated with security = "secret". This PR focused on insecure:ssl, insecure:serialization, and insecure:dev categories — the secret migration will be done in a follow-up PR.

  2. CSB and CEQ integration: The new camel.security.xxx configuration namespace needs Spring Boot auto-configuration in CSB and Quarkus integration in CEQ.

Follow-up plan (3 PRs):

  • Camel core: Add security = "secret" to all remaining secret = true parameters (~144 files)
  • Camel Spring Boot: Auto-configuration for camel.security.* properties
  • Camel Quarkus: Integration for camel.security.* properties

Claude Code on behalf of Guillaume Nodet

@gnodet gnodet changed the title CAMEL-23250: Security policy enforcement with profile-aware defaults CAMEL-23250: Add security policy enforcement framework Apr 25, 2026
@gnodet gnodet merged commit ce998f3 into main Apr 25, 2026
3 of 6 checks passed
@gnodet gnodet deleted the CAMEL-23250-security-policy-enforcement branch April 25, 2026 09:59
@gnodet gnodet mentioned this pull request Apr 25, 2026
Merged
4 tasks
gnodet added a commit that referenced this pull request Apr 25, 2026
@gnodet
CAMEL-23250: Migrate remaining secret=true to security="secret"
c9c34a1 
Migrate all remaining `secret = true` annotations to the new `security = "secret"` 
attribute across the entire codebase:

- 142 source files migrated (135 components + 7 core/tooling)
- ~345 annotation occurrences updated (@UriParam and @metadata)
- Regenerated catalog metadata, endpoint DSL, and component DSL
- Fixed annotation line length formatting for 4 components

Follow-up to PR #22269 which introduced the security policy enforcement framework.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davsclaus davsclaus davsclaus approved these changes

@oscerd oscerd oscerd approved these changes

Assignees

No one assigned

Labels

catalog components components-ai components-aws components-azure components-jms components-kafka core docs dsl tooling tooling-maven

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@gnodet @davsclaus @apupier @oscerd @mcg