You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2015/11/12 14:50:11 UTC
[05/10] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
CAMEL-9309: Make it easier to turn on|off java transport over http
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/f7f0b18f
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/f7f0b18f
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/f7f0b18f
Branch: refs/heads/master
Commit: f7f0b18f6924fe0b01f32a25ed1e38e29b1bf8e5
Parents: c47cffc
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 14:52:36 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 14:52:46 2015 +0100
----------------------------------------------------------------------
.../apache/camel/component/ahc/AhcEndpoint.java | 3 +
.../camel/http/common/DefaultHttpBinding.java | 8 ++
.../apache/camel/http/common/HttpBinding.java | 24 +++++
.../camel/http/common/HttpCommonEndpoint.java | 4 +-
.../jetty/CamelContinuationServlet.java | 9 ++
.../jetty/DefaultJettyHttpBinding.java | 25 ++++-
.../camel/component/jetty/JettyHttpBinding.java | 24 +++++
.../component/jetty/JettyHttpEndpoint.java | 3 +
.../component/jetty/JettyHttpProducer.java | 25 +++--
.../component/jetty9/JettyHttpEndpoint9.java | 3 +
.../jetty/javabody/HttpJavaBodyTest.java | 103 +++++++++++++++++++
.../JettyHttpProducerJavaBodyTest.java | 12 ++-
.../component/sparkrest/SparkConfiguration.java | 3 +
13 files changed, 228 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
index 9790a73..eb42d0a 100644
--- a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
+++ b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
@@ -179,6 +179,9 @@ public class AhcEndpoint extends DefaultEndpoint implements HeaderFilterStrategy
* in the response as a application/x-java-serialized-object content type (for example using Jetty or Servlet Camel components).
* On the producer side the exception will be deserialized and thrown as is, instead of the AhcOperationFailedException.
* The caused exception is required to be serialized.
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*/
public void setTransferException(boolean transferException) {
this.transferException = transferException;
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-http-common/src/main/java/org/apache/camel/http/common/DefaultHttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-http-common/src/main/java/org/apache/camel/http/common/DefaultHttpBinding.java b/components/camel-http-common/src/main/java/org/apache/camel/http/common/DefaultHttpBinding.java
index 9e22665..04f5851 100644
--- a/components/camel-http-common/src/main/java/org/apache/camel/http/common/DefaultHttpBinding.java
+++ b/components/camel-http-common/src/main/java/org/apache/camel/http/common/DefaultHttpBinding.java
@@ -531,6 +531,14 @@ public class DefaultHttpBinding implements HttpBinding {
this.transferException = transferException;
}
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
+ }
+
+ public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
+ this.allowJavaSerializedObject = allowJavaSerializedObject;
+ }
+
public HeaderFilterStrategy getHeaderFilterStrategy() {
return headerFilterStrategy;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpBinding.java b/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpBinding.java
index d76ba10..9402301 100644
--- a/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpBinding.java
+++ b/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpBinding.java
@@ -118,10 +118,21 @@ public interface HttpBinding {
* serialized in the response as a application/x-java-serialized-object content type (for example using Jetty or
* Servlet Camel components). On the producer side the exception will be deserialized and thrown as is,
* instead of the HttpOperationFailedException. The caused exception is required to be serialized.
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*/
boolean isTransferException();
/**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ */
+ boolean isAllowJavaSerializedObject();
+
+ /**
* Whether to eager check whether the HTTP requests has content if the content-length header is 0 or not present.
* This can be turned on in case HTTP clients do not send streamed data.
*/
@@ -138,10 +149,23 @@ public interface HttpBinding {
* serialized in the response as a application/x-java-serialized-object content type (for example using Jetty or
* Servlet Camel components). On the producer side the exception will be deserialized and thrown as is,
* instead of the HttpOperationFailedException. The caused exception is required to be serialized.
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*/
void setTransferException(boolean transferException);
/**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ *
+ * @param allowJavaSerializedObject <tt>true</tt> to allow serializing java objects
+ */
+ void setAllowJavaSerializedObject(boolean allowJavaSerializedObject);
+
+ /**
* Gets the header filter strategy
*
* @return the strategy
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpCommonEndpoint.java
----------------------------------------------------------------------
diff --git a/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpCommonEndpoint.java b/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpCommonEndpoint.java
index e3ad200..19cfcc1 100644
--- a/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpCommonEndpoint.java
+++ b/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpCommonEndpoint.java
@@ -19,7 +19,6 @@ package org.apache.camel.http.common;
import java.net.URI;
import java.net.URISyntaxException;
-import org.apache.camel.Component;
import org.apache.camel.impl.DefaultEndpoint;
import org.apache.camel.spi.HeaderFilterStrategy;
import org.apache.camel.spi.HeaderFilterStrategyAware;
@@ -142,6 +141,9 @@ public abstract class HttpCommonEndpoint extends DefaultEndpoint implements Head
binding = new DefaultHttpBinding();
binding.setHeaderFilterStrategy(getHeaderFilterStrategy());
binding.setTransferException(isTransferException());
+ if (getComponent() != null) {
+ binding.setAllowJavaSerializedObject(getComponent().isAllowJavaSerializedObject());
+ }
binding.setEagerCheckContentAvailable(isEagerCheckContentAvailable());
}
return binding;
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
index e8a35c1..59660ab 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
@@ -28,6 +28,7 @@ import org.apache.camel.AsyncCallback;
import org.apache.camel.Exchange;
import org.apache.camel.ExchangePattern;
import org.apache.camel.http.common.CamelServlet;
+import org.apache.camel.http.common.HttpConstants;
import org.apache.camel.http.common.HttpConsumer;
import org.apache.camel.http.common.HttpHelper;
import org.apache.camel.http.common.HttpMessage;
@@ -85,6 +86,14 @@ public class CamelContinuationServlet extends CamelServlet {
response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
}
+
+ // we do not support java serialized objects unless explicit enabled
+ String contentType = request.getContentType();
+ if (HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType) && !consumer.getEndpoint().getComponent().isAllowJavaSerializedObject()) {
+ System.out.println("415 miser !!!");
+ response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
+ return;
+ }
final Exchange result = (Exchange) request.getAttribute(EXCHANGE_ATTRIBUTE_NAME);
if (result == null) {
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
index 8e8cb2c..9bbb9aa 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
@@ -46,6 +46,7 @@ public class DefaultJettyHttpBinding implements JettyHttpBinding {
private HeaderFilterStrategy httpProtocolHeaderFilterStrategy = new HttpProtocolHeaderFilterStrategy();
private boolean throwExceptionOnFailure;
private boolean transferException;
+ private boolean allowJavaSerializedObject;
private String okStatusCodeRange;
public DefaultJettyHttpBinding() {
@@ -101,6 +102,14 @@ public class DefaultJettyHttpBinding implements JettyHttpBinding {
this.transferException = transferException;
}
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
+ }
+
+ public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
+ this.allowJavaSerializedObject = allowJavaSerializedObject;
+ }
+
public String getOkStatusCodeRange() {
return okStatusCodeRange;
}
@@ -183,11 +192,17 @@ public class DefaultJettyHttpBinding implements JettyHttpBinding {
// if content type is serialized java object, then de-serialize it to a Java object
if (contentType != null && HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)) {
- try {
- InputStream is = exchange.getContext().getTypeConverter().mandatoryConvertTo(InputStream.class, httpExchange.getResponseContentBytes());
- return HttpHelper.deserializeJavaObjectFromStream(is, exchange.getContext());
- } catch (Exception e) {
- throw new RuntimeCamelException("Cannot deserialize body to Java object", e);
+ // only deserialize java if allowed
+ if (isAllowJavaSerializedObject() || isTransferException()) {
+ try {
+ InputStream is = exchange.getContext().getTypeConverter().mandatoryConvertTo(InputStream.class, httpExchange.getResponseContentBytes());
+ return HttpHelper.deserializeJavaObjectFromStream(is, exchange.getContext());
+ } catch (Exception e) {
+ throw new RuntimeCamelException("Cannot deserialize body to Java object", e);
+ }
+ } else {
+ // empty body
+ return null;
}
} else {
// just grab the raw content body
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
index ec3d006..a5deb80 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
@@ -70,6 +70,9 @@ public interface JettyHttpBinding {
/**
* Whether to transfer exception back as a serialized java object
* if processing failed due to an exception
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*
* @param transferException <tt>true</tt> to transfer exception
*/
@@ -78,12 +81,33 @@ public interface JettyHttpBinding {
/**
* Whether to transfer exception back as a serialized java object
* if processing failed due to an exception
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*
* @return <tt>true</tt> to transfer exception
*/
boolean isTransferException();
/**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ *
+ * @param allowJavaSerializedObject <tt>true</tt> to allow serializing java objects
+ */
+ void setAllowJavaSerializedObject(boolean allowJavaSerializedObject);
+
+ /**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ */
+ boolean isAllowJavaSerializedObject();
+
+ /**
* The status codes which is considered a success response. The values are inclusive. The range must be defined as from-to with the dash included.
* <p/>
* The default range is <tt>200-299</tt>
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
index 9ba1c6b..bacaa7d 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
@@ -192,6 +192,9 @@ public abstract class JettyHttpEndpoint extends HttpCommonEndpoint {
jettyBinding.setHeaderFilterStrategy(getHeaderFilterStrategy());
jettyBinding.setThrowExceptionOnFailure(isThrowExceptionOnFailure());
jettyBinding.setTransferException(isTransferException());
+ if (getComponent() != null) {
+ jettyBinding.setAllowJavaSerializedObject(getComponent().isAllowJavaSerializedObject());
+ }
jettyBinding.setOkStatusCodeRange(getOkStatusCodeRange());
}
return jettyBinding;
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
index e3089c3..10f7186 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
@@ -30,9 +30,9 @@ import org.apache.camel.AsyncProcessor;
import org.apache.camel.Endpoint;
import org.apache.camel.Exchange;
import org.apache.camel.Message;
+import org.apache.camel.RuntimeCamelException;
import org.apache.camel.http.common.HttpConstants;
import org.apache.camel.http.common.HttpHelper;
-import org.apache.camel.http.common.HttpMethods;
import org.apache.camel.impl.DefaultAsyncProducer;
import org.apache.camel.spi.HeaderFilterStrategy;
import org.apache.camel.util.ExchangeHelper;
@@ -138,17 +138,20 @@ public class JettyHttpProducer extends DefaultAsyncProducer implements AsyncProc
if (contentType != null) {
httpExchange.setRequestContentType(contentType);
}
-
if (contentType != null && HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)) {
- // serialized java object
- Serializable obj = exchange.getIn().getMandatoryBody(Serializable.class);
- // write object to output stream
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- try {
- HttpHelper.writeObjectToStream(bos, obj);
- httpExchange.setRequestContent(bos.toByteArray());
- } finally {
- IOHelper.close(bos, "body", LOG);
+ if (getEndpoint().getComponent().isAllowJavaSerializedObject() || getEndpoint().isTransferException()) {
+ // serialized java object
+ Serializable obj = exchange.getIn().getMandatoryBody(Serializable.class);
+ // write object to output stream
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ try {
+ HttpHelper.writeObjectToStream(bos, obj);
+ httpExchange.setRequestContent(bos.toByteArray());
+ } finally {
+ IOHelper.close(bos, "body", LOG);
+ }
+ } else {
+ throw new RuntimeCamelException("Content-type " + HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT + " is not allowed");
}
} else {
Object body = exchange.getIn().getBody();
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java b/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
index 724a736..b6f46dd 100644
--- a/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
+++ b/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
@@ -40,6 +40,9 @@ public class JettyHttpEndpoint9 extends JettyHttpEndpoint {
if (this.binding == null) {
this.binding = new AttachmentHttpBinding();
this.binding.setTransferException(isTransferException());
+ if (getComponent() != null) {
+ this.binding.setAllowJavaSerializedObject(getComponent().isAllowJavaSerializedObject());
+ }
this.binding.setHeaderFilterStrategy(getHeaderFilterStrategy());
}
return this.binding;
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
index 9d9ca1b..5eb566f 100644
--- a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
+++ b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
@@ -16,11 +16,16 @@
*/
package org.apache.camel.component.jetty.javabody;
+import org.apache.camel.CamelExecutionException;
import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.http.HttpComponent;
import org.apache.camel.component.jetty.BaseJettyTest;
+import org.apache.camel.http.common.HttpCommonComponent;
import org.apache.camel.http.common.HttpConstants;
+import org.apache.camel.http.common.HttpOperationFailedException;
+import org.junit.Ignore;
import org.junit.Test;
/**
@@ -34,7 +39,14 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
+ @Ignore
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -65,7 +77,14 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
+ @Ignore
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -97,7 +116,14 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
+ @Ignore
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -123,4 +149,81 @@ public class HttpJavaBodyTest extends BaseJettyTest {
assertEquals("Camel rocks", reply.getName());
}
+ @Test
+ public void testNotAllowedReceive() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(false);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
+ context.addRoutes(new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ onException(Exception.class).to("mock:error");
+
+ from("jetty:http://localhost:{{port}}/myapp/myservice")
+ .process(new Processor() {
+ public void process(Exchange exchange) throws Exception {
+ String body = exchange.getIn().getBody(String.class);
+ assertNotNull(body);
+ assertEquals("Hello World", body);
+
+ MyCoolBean reply = new MyCoolBean(456, "Camel rocks");
+ exchange.getOut().setBody(reply);
+ exchange.getOut().setHeader(Exchange.CONTENT_TYPE, HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT);
+ }
+ });
+ }
+ });
+ context.start();
+
+ try {
+ template.requestBody("http://localhost:{{port}}/myapp/myservice", "Hello World", MyCoolBean.class);
+ fail("Should fail");
+ } catch (Exception e) {
+ // expected
+ }
+ }
+
+ @Test
+ @Ignore
+ public void testNotAllowed() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(false);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
+ context.addRoutes(new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ from("jetty:http://localhost:{{port}}/myapp/myservice")
+ .process(new Processor() {
+ public void process(Exchange exchange) throws Exception {
+ String body = exchange.getIn().getBody(String.class);
+ assertNotNull(body);
+ assertEquals("Hello World", body);
+
+ MyCoolBean reply = new MyCoolBean(456, "Camel rocks");
+ exchange.getOut().setBody(reply);
+ exchange.getOut().setHeader(Exchange.CONTENT_TYPE, HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT);
+ }
+ });
+ }
+ });
+ context.start();
+
+ MyCoolBean cool = new MyCoolBean(123, "Camel");
+
+ try {
+ template.requestBodyAndHeader("http://localhost:{{port}}/myapp/myservice", cool,
+ Exchange.CONTENT_TYPE, HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT, MyCoolBean.class);
+ fail("Should fail");
+ } catch (CamelExecutionException e) {
+ HttpOperationFailedException cause = assertIsInstanceOf(HttpOperationFailedException.class, e.getCause());
+ assertEquals(415, cause.getStatusCode());
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
index 6fa1c39..a98f465 100644
--- a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
+++ b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
@@ -20,6 +20,7 @@ import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.jetty.BaseJettyTest;
+import org.apache.camel.http.common.HttpCommonComponent;
import org.apache.camel.http.common.HttpConstants;
import org.junit.Test;
@@ -35,6 +36,9 @@ public class JettyHttpProducerJavaBodyTest extends BaseJettyTest {
@Test
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -66,6 +70,9 @@ public class JettyHttpProducerJavaBodyTest extends BaseJettyTest {
@Test
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -98,6 +105,9 @@ public class JettyHttpProducerJavaBodyTest extends BaseJettyTest {
@Test
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -117,7 +127,7 @@ public class JettyHttpProducerJavaBodyTest extends BaseJettyTest {
});
context.start();
- MyCoolBean reply = template.requestBody("http://localhost:{{port}}/myapp/myservice", "Hello World", MyCoolBean.class);
+ MyCoolBean reply = template.requestBody("jetty:http://localhost:{{port}}/myapp/myservice", "Hello World", MyCoolBean.class);
assertEquals(456, reply.getId());
assertEquals("Camel rocks", reply.getName());
http://git-wip-us.apache.org/repos/asf/camel/blob/f7f0b18f/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
----------------------------------------------------------------------
diff --git a/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java b/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
index ac1e040..ef795bc 100644
--- a/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
+++ b/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
@@ -80,6 +80,9 @@ public class SparkConfiguration {
/**
* If enabled and an Exchange failed processing on the consumer side, and if the caused Exception was send back serialized
* in the response as a application/x-java-serialized-object content type.
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*/
public void setTransferException(boolean transferException) {
this.transferException = transferException;