You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2015/11/12 20:43:16 UTC
[01/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Repository: camel
Updated Branches:
refs/heads/camel-2.15.x ae2fde0f3 -> 23655fe0c
refs/heads/camel-2.16.x 231a462a1 -> c703479f5
refs/heads/master d1b4e0802 -> 5ea0a6f6c
CAMEL-9309: Make it easier to turn on|off java transport over http
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/349109b0
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/349109b0
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/349109b0
Branch: refs/heads/camel-2.15.x
Commit: 349109b0834764560f0be69eb74f43a16bd220b0
Parents: ae2fde0
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 11:05:30 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 18:34:36 2015 +0100
----------------------------------------------------------------------
.../camel/component/ahc/AhcComponent.java | 15 +++++
.../camel/component/ahc/DefaultAhcBinding.java | 12 +++-
.../ahc/javabody/AhcProduceJavaBodyTest.java | 70 ++++++++++++++++++++
3 files changed, 95 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/349109b0/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcComponent.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcComponent.java b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcComponent.java
index 9077b23..75b0015 100644
--- a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcComponent.java
+++ b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcComponent.java
@@ -47,6 +47,7 @@ public class AhcComponent extends HeaderFilterStrategyComponent {
private AsyncHttpClientConfig clientConfig;
private AhcBinding binding;
private SSLContextParameters sslContextParameters;
+ private boolean allowJavaSerializedObject;
public AhcComponent() {
super(AhcEndpoint.class);
@@ -164,6 +165,20 @@ public class AhcComponent extends HeaderFilterStrategyComponent {
this.sslContextParameters = sslContextParameters;
}
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
+ }
+
+ /**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ */
+ public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
+ this.allowJavaSerializedObject = allowJavaSerializedObject;
+ }
+
protected String createAddressUri(String uri, String remaining) {
return remaining;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/349109b0/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/DefaultAhcBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/DefaultAhcBinding.java b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/DefaultAhcBinding.java
index 8c57cd9..7f46983 100644
--- a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/DefaultAhcBinding.java
+++ b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/DefaultAhcBinding.java
@@ -126,6 +126,11 @@ public class DefaultAhcBinding implements AhcBinding {
Object data = in.getBody();
if (data != null) {
if (contentType != null && AhcConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)) {
+
+ if (!endpoint.getComponent().isAllowJavaSerializedObject()) {
+ throw new CamelExchangeException("Content-type " + AhcConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT + " is not allowed", exchange);
+ }
+
// serialized java object
Serializable obj = in.getMandatoryBody(Serializable.class);
// write object to output stream
@@ -227,9 +232,12 @@ public class DefaultAhcBinding implements AhcBinding {
}
Object body = is;
- // if content type is a serialized java object then de-serialize it back to a Java object
+ // if content type is a serialized java object then de-serialize it back to a Java object but only if its allowed
+ // an exception can also be transffered as java object
if (contentType != null && contentType.equals(AhcConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT)) {
- body = AhcHelper.deserializeJavaObjectFromStream(is);
+ if (endpoint.getComponent().isAllowJavaSerializedObject() || endpoint.isTransferException()) {
+ body = AhcHelper.deserializeJavaObjectFromStream(is);
+ }
}
if (!endpoint.isThrowExceptionOnFailure()) {
http://git-wip-us.apache.org/repos/asf/camel/blob/349109b0/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
index 87a2d22..8b3f395 100644
--- a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
+++ b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
@@ -19,6 +19,7 @@ package org.apache.camel.component.ahc.javabody;
import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.ahc.AhcComponent;
import org.apache.camel.component.ahc.AhcConstants;
import org.apache.camel.component.ahc.BaseAhcTest;
import org.junit.Test;
@@ -35,6 +36,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
+ ahc.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -66,6 +70,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
+ ahc.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -98,6 +105,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
+ ahc.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -123,4 +133,64 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
assertEquals("Camel rocks", reply.getName());
}
+ @Test
+ public void testNotAllowedReceive() throws Exception {
+ AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
+ ahc.setAllowJavaSerializedObject(false);
+
+ context.addRoutes(new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ from(getTestServerEndpointUri())
+ .process(new Processor() {
+ public void process(Exchange exchange) throws Exception {
+ String body = exchange.getIn().getBody(String.class);
+ assertNotNull(body);
+ assertEquals("Hello World", body);
+
+ MyCoolBean reply = new MyCoolBean(456, "Camel rocks");
+ exchange.getOut().setBody(reply);
+ exchange.getOut().setHeader(Exchange.CONTENT_TYPE, AhcConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT);
+ }
+ });
+ }
+ });
+ context.start();
+
+ MyCoolBean reply = template.requestBody(getAhcEndpointUri(), "Hello World", MyCoolBean.class);
+ assertNull(reply);
+ }
+
+ @Test
+ public void testNotAllowed() throws Exception {
+ context.addRoutes(new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ from(getTestServerEndpointUri())
+ .process(new Processor() {
+ public void process(Exchange exchange) throws Exception {
+ String body = exchange.getIn().getBody(String.class);
+ assertNotNull(body);
+ assertEquals("Hello World", body);
+
+ MyCoolBean reply = new MyCoolBean(456, "Camel rocks");
+ exchange.getOut().setBody(reply);
+ exchange.getOut().setHeader(Exchange.CONTENT_TYPE, AhcConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT);
+ }
+ });
+ }
+ });
+ context.start();
+
+ MyCoolBean cool = new MyCoolBean(123, "Camel");
+
+ try {
+ template.requestBodyAndHeader(getAhcEndpointUri(), cool,
+ Exchange.CONTENT_TYPE, AhcConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT, MyCoolBean.class);
+ fail("Should fail");
+ } catch (Exception e) {
+ assertTrue(e.getCause().getMessage().startsWith("Content-type application/x-java-serialized-object is not allowed"));
+ }
+ }
+
}
[08/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/0afcf721
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/0afcf721
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/0afcf721
Branch: refs/heads/master
Commit: 0afcf721ff209eb10a24c5e4b48ca9d6727ea99a
Parents: d1b4e08
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 20:36:03 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 20:36:03 2015 +0100
----------------------------------------------------------------------
.../apache/camel/component/jetty/CamelContinuationServlet.java | 1 -
.../apache/camel/component/jetty/javabody/HttpJavaBodyTest.java | 5 -----
2 files changed, 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/0afcf721/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
index 59660ab..68e7b48 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
@@ -90,7 +90,6 @@ public class CamelContinuationServlet extends CamelServlet {
// we do not support java serialized objects unless explicit enabled
String contentType = request.getContentType();
if (HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType) && !consumer.getEndpoint().getComponent().isAllowJavaSerializedObject()) {
- System.out.println("415 miser !!!");
response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
return;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/0afcf721/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
index 5eb566f..97a4d5f 100644
--- a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
+++ b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
@@ -25,7 +25,6 @@ import org.apache.camel.component.jetty.BaseJettyTest;
import org.apache.camel.http.common.HttpCommonComponent;
import org.apache.camel.http.common.HttpConstants;
import org.apache.camel.http.common.HttpOperationFailedException;
-import org.junit.Ignore;
import org.junit.Test;
/**
@@ -39,7 +38,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
jetty.setAllowJavaSerializedObject(true);
@@ -77,7 +75,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
jetty.setAllowJavaSerializedObject(true);
@@ -116,7 +113,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
jetty.setAllowJavaSerializedObject(true);
@@ -187,7 +183,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testNotAllowed() throws Exception {
HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
jetty.setAllowJavaSerializedObject(false);
[07/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/ec4a48d3
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/ec4a48d3
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/ec4a48d3
Branch: refs/heads/camel-2.15.x
Commit: ec4a48d38e7335b40efcb14979fad8144eb00acf
Parents: 9cbd586
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 20:24:40 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 20:24:40 2015 +0100
----------------------------------------------------------------------
.../org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/ec4a48d3/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
index 3ab9899..01428f7 100644
--- a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
+++ b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
@@ -21,6 +21,7 @@ import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http.HttpConstants;
+import org.apache.camel.component.http.HttpOperationFailedException;
import org.apache.camel.component.jetty.BaseJettyTest;
import org.apache.camel.component.http.HttpComponent;
import org.apache.camel.component.jetty.BaseJettyTest;
[02/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Conflicts:
components/camel-http-common/src/main/java/org/apache/camel/http/common/DefaultHttpBinding.java
components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpCommonComponent.java
components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpCommonEndpoint.java
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/e7fd5f04
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/e7fd5f04
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/e7fd5f04
Branch: refs/heads/camel-2.15.x
Commit: e7fd5f049c2fd51a528f8062da91a1c75e33b0e8
Parents: 349109b
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 11:18:36 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 18:41:44 2015 +0100
----------------------------------------------------------------------
.../component/http/DefaultHttpBinding.java | 38 ++++++++++++--------
.../camel/component/http/HttpComponent.java | 8 +++++
.../camel/component/http/HttpEndpoint.java | 6 ++++
3 files changed, 38 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/e7fd5f04/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java b/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
index f080021..d0ea5f1 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
@@ -59,6 +59,7 @@ public class DefaultHttpBinding implements HttpBinding {
private static final Logger LOG = LoggerFactory.getLogger(DefaultHttpBinding.class);
private boolean useReaderForPayload;
private boolean eagerCheckContentAvailable;
+ private boolean allowJavaSerializedObject;
private HeaderFilterStrategy headerFilterStrategy = new HttpHeaderFilterStrategy();
private HttpEndpoint endpoint;
@@ -74,6 +75,7 @@ public class DefaultHttpBinding implements HttpBinding {
public DefaultHttpBinding(HttpEndpoint endpoint) {
this.endpoint = endpoint;
this.headerFilterStrategy = endpoint.getHeaderFilterStrategy();
+ this.allowJavaSerializedObject = endpoint.getComponent().isAllowJavaSerializedObject();
}
public void readRequest(HttpServletRequest request, HttpMessage message) {
@@ -137,14 +139,18 @@ public class DefaultHttpBinding implements HttpBinding {
// if content type is serialized java object, then de-serialize it to a Java object
if (request.getContentType() != null && HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(request.getContentType())) {
- try {
- InputStream is = endpoint.getCamelContext().getTypeConverter().mandatoryConvertTo(InputStream.class, body);
- Object object = HttpHelper.deserializeJavaObjectFromStream(is);
- if (object != null) {
- message.setBody(object);
+ if (allowJavaSerializedObject || endpoint.isTransferException()) {
+ try {
+ InputStream is = endpoint.getCamelContext().getTypeConverter().mandatoryConvertTo(InputStream.class, body);
+ Object object = HttpHelper.deserializeJavaObjectFromStream(is);
+ if (object != null) {
+ message.setBody(object);
+ }
+ } catch (Exception e) {
+ throw new RuntimeCamelException("Cannot deserialize body to Java object", e);
}
- } catch (Exception e) {
- throw new RuntimeCamelException("Cannot deserialize body to Java object", e);
+ } else {
+ throw new RuntimeCamelException("Content-type " + HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT + " is not allowed");
}
}
@@ -326,13 +332,17 @@ public class DefaultHttpBinding implements HttpBinding {
// if content type is serialized Java object, then serialize and write it to the response
String contentType = message.getHeader(Exchange.CONTENT_TYPE, String.class);
if (contentType != null && HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)) {
- try {
- Object object = message.getMandatoryBody(Serializable.class);
- HttpHelper.writeObjectToServletResponse(response, object);
- // object is written so return
- return;
- } catch (InvalidPayloadException e) {
- throw new IOException(e);
+ if (allowJavaSerializedObject || endpoint.isTransferException()) {
+ try {
+ Object object = message.getMandatoryBody(Serializable.class);
+ HttpHelper.writeObjectToServletResponse(response, object);
+ // object is written so return
+ return;
+ } catch (InvalidPayloadException e) {
+ throw new IOException(e);
+ }
+ } else {
+ throw new RuntimeCamelException("Content-type " + HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT + " is not allowed");
}
}
http://git-wip-us.apache.org/repos/asf/camel/blob/e7fd5f04/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
index 9256c9b..1ef9c9d 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
@@ -47,6 +47,7 @@ public class HttpComponent extends HeaderFilterStrategyComponent {
protected HttpConnectionManager httpConnectionManager;
protected HttpBinding httpBinding;
protected HttpConfiguration httpConfiguration;
+ protected boolean allowJavaSerializedObject;
public HttpComponent() {
super(HttpEndpoint.class);
@@ -348,4 +349,11 @@ public class HttpComponent extends HeaderFilterStrategyComponent {
this.httpConfiguration = httpConfiguration;
}
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
+ }
+
+ public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
+ this.allowJavaSerializedObject = allowJavaSerializedObject;
+ }
}
http://git-wip-us.apache.org/repos/asf/camel/blob/e7fd5f04/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
index 97f01ee..cad38b1 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
@@ -22,6 +22,7 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
+import org.apache.camel.Component;
import org.apache.camel.Consumer;
import org.apache.camel.PollingConsumer;
import org.apache.camel.Processor;
@@ -112,6 +113,11 @@ public class HttpEndpoint extends DefaultEndpoint implements HeaderFilterStrateg
this.httpConnectionManager = httpConnectionManager;
}
+ @Override
+ public HttpComponent getComponent() {
+ return (HttpComponent) super.getComponent();
+ }
+
public Producer createProducer() throws Exception {
return new HttpProducer(this);
}
[12/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Conflicts:
components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/1b1ccbcd
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/1b1ccbcd
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/1b1ccbcd
Branch: refs/heads/camel-2.15.x
Commit: 1b1ccbcd94860f6f1d8caf98fb59e6ab7b3940b4
Parents: ec4a48d
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 20:36:03 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 20:43:45 2015 +0100
----------------------------------------------------------------------
.../apache/camel/component/jetty/CamelContinuationServlet.java | 1 -
.../apache/camel/component/jetty/javabody/HttpJavaBodyTest.java | 5 -----
2 files changed, 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/1b1ccbcd/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
index 2bc44da..d0266c7 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
@@ -90,7 +90,6 @@ public class CamelContinuationServlet extends CamelServlet {
// we do not support java serialized objects unless explicit enabled
String contentType = request.getContentType();
if (HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType) && !consumer.getEndpoint().getComponent().isAllowJavaSerializedObject()) {
- System.out.println("415 miser !!!");
response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
return;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/1b1ccbcd/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
index 01428f7..8c0be57 100644
--- a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
+++ b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
@@ -26,7 +26,6 @@ import org.apache.camel.component.jetty.BaseJettyTest;
import org.apache.camel.component.http.HttpComponent;
import org.apache.camel.component.jetty.BaseJettyTest;
import org.apache.camel.component.jetty.JettyHttpComponent;
-import org.junit.Ignore;
import org.junit.Test;
/**
@@ -40,7 +39,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
jetty.setAllowJavaSerializedObject(true);
@@ -78,7 +76,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
jetty.setAllowJavaSerializedObject(true);
@@ -117,7 +114,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
jetty.setAllowJavaSerializedObject(true);
@@ -188,7 +184,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testNotAllowed() throws Exception {
JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
jetty.setAllowJavaSerializedObject(false);
[10/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/d8538534
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/d8538534
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/d8538534
Branch: refs/heads/camel-2.16.x
Commit: d853853469292cd54fd9662c3605030ab5a9566b
Parents: 231a462
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 20:36:03 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 20:42:02 2015 +0100
----------------------------------------------------------------------
.../apache/camel/component/jetty/CamelContinuationServlet.java | 1 -
.../apache/camel/component/jetty/javabody/HttpJavaBodyTest.java | 5 -----
2 files changed, 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/d8538534/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
index 59660ab..68e7b48 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
@@ -90,7 +90,6 @@ public class CamelContinuationServlet extends CamelServlet {
// we do not support java serialized objects unless explicit enabled
String contentType = request.getContentType();
if (HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType) && !consumer.getEndpoint().getComponent().isAllowJavaSerializedObject()) {
- System.out.println("415 miser !!!");
response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
return;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/d8538534/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
index 5eb566f..97a4d5f 100644
--- a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
+++ b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
@@ -25,7 +25,6 @@ import org.apache.camel.component.jetty.BaseJettyTest;
import org.apache.camel.http.common.HttpCommonComponent;
import org.apache.camel.http.common.HttpConstants;
import org.apache.camel.http.common.HttpOperationFailedException;
-import org.junit.Ignore;
import org.junit.Test;
/**
@@ -39,7 +38,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
jetty.setAllowJavaSerializedObject(true);
@@ -77,7 +75,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
jetty.setAllowJavaSerializedObject(true);
@@ -116,7 +113,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
jetty.setAllowJavaSerializedObject(true);
@@ -187,7 +183,6 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
- @Ignore
public void testNotAllowed() throws Exception {
HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
jetty.setAllowJavaSerializedObject(false);
[06/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/9cbd5867
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/9cbd5867
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/9cbd5867
Branch: refs/heads/camel-2.15.x
Commit: 9cbd5867fe73ef07ecba6f16d64689632e3f2a16
Parents: 4f065fe
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 19:02:38 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 19:02:38 2015 +0100
----------------------------------------------------------------------
.../apache/camel/component/http/HttpComponent.java | 17 +++--------------
1 file changed, 3 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/9cbd5867/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
index a2ccd51..851b42b 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
@@ -349,23 +349,12 @@ public class HttpComponent extends HeaderFilterStrategyComponent {
this.httpConfiguration = httpConfiguration;
}
- public boolean isAllowJavaSerializedObject() {
- return allowJavaSerializedObject;
- }
-
public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
this.allowJavaSerializedObject = allowJavaSerializedObject;
}
- /**
- * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
- * <p/>
- * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
- * data from the request to Java and that can be a potential security risk.
- */
- @Override
- public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
- // need to override and call super for component docs
- super.setAllowJavaSerializedObject(allowJavaSerializedObject);
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
}
+
}
[11/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/c703479f
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/c703479f
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/c703479f
Branch: refs/heads/camel-2.16.x
Commit: c703479f5880a099c38f2fd5e63c7d9f0567e5ff
Parents: d853853
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 20:41:31 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 20:42:08 2015 +0100
----------------------------------------------------------------------
components/camel-ahc/pom.xml | 2 +-
.../apache/camel/component/ahc/BaseAhcTest.java | 1 -
.../ahc/javabody/AhcProduceJavaBodyTest.java | 20 ++++++++++++++++++++
3 files changed, 21 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/c703479f/components/camel-ahc/pom.xml
----------------------------------------------------------------------
diff --git a/components/camel-ahc/pom.xml b/components/camel-ahc/pom.xml
index be04e3a..efc23b4 100644
--- a/components/camel-ahc/pom.xml
+++ b/components/camel-ahc/pom.xml
@@ -70,7 +70,7 @@
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
- <artifactId>camel-jetty</artifactId>
+ <artifactId>camel-jetty9</artifactId>
<scope>test</scope>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/camel/blob/c703479f/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
index 5a68715..6481b05 100644
--- a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
+++ b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
@@ -131,7 +131,6 @@ public abstract class BaseAhcTest extends CamelTestSupport {
}
protected String getTestServerEndpointTwoUri() {
-
return "jetty:" + getTestServerEndpointTwoUrl();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/c703479f/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
index 8b3f395..033976e 100644
--- a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
+++ b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
@@ -22,6 +22,8 @@ import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.ahc.AhcComponent;
import org.apache.camel.component.ahc.AhcConstants;
import org.apache.camel.component.ahc.BaseAhcTest;
+import org.apache.camel.component.jetty.JettyHttpComponent;
+import org.apache.camel.http.common.HttpCommonComponent;
import org.junit.Test;
/**
@@ -36,6 +38,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(true);
@@ -70,6 +75,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(true);
@@ -105,6 +113,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(true);
@@ -135,6 +146,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testNotAllowedReceive() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(false);
@@ -163,6 +177,12 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testNotAllowed() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(false);
+
+ AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
+ ahc.setAllowJavaSerializedObject(false);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
[03/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Conflicts:
components/camel-http-common/src/main/java/org/apache/camel/http/common/DefaultHttpBinding.java
components/camel-http/src/main/java/org/apache/camel/component/http/HttpProducer.java
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/190d7c81
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/190d7c81
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/190d7c81
Branch: refs/heads/camel-2.15.x
Commit: 190d7c81b7e3ce767514e319630b1bbaf27e6817
Parents: e7fd5f0
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 11:28:17 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 18:44:37 2015 +0100
----------------------------------------------------------------------
.../camel/component/http/DefaultHttpBinding.java | 8 ++++++--
.../apache/camel/component/http/HttpComponent.java | 12 ++++++++++++
.../org/apache/camel/component/http/HttpProducer.java | 14 ++++++++++++--
3 files changed, 30 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/190d7c81/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java b/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
index d0ea5f1..84c79ef 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
@@ -75,7 +75,9 @@ public class DefaultHttpBinding implements HttpBinding {
public DefaultHttpBinding(HttpEndpoint endpoint) {
this.endpoint = endpoint;
this.headerFilterStrategy = endpoint.getHeaderFilterStrategy();
- this.allowJavaSerializedObject = endpoint.getComponent().isAllowJavaSerializedObject();
+ if (endpoint.getComponent() != null) {
+ this.allowJavaSerializedObject = endpoint.getComponent().isAllowJavaSerializedObject();
+ }
}
public void readRequest(HttpServletRequest request, HttpMessage message) {
@@ -139,6 +141,7 @@ public class DefaultHttpBinding implements HttpBinding {
// if content type is serialized java object, then de-serialize it to a Java object
if (request.getContentType() != null && HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(request.getContentType())) {
+ // only deserialize java if allowed
if (allowJavaSerializedObject || endpoint.isTransferException()) {
try {
InputStream is = endpoint.getCamelContext().getTypeConverter().mandatoryConvertTo(InputStream.class, body);
@@ -150,7 +153,8 @@ public class DefaultHttpBinding implements HttpBinding {
throw new RuntimeCamelException("Cannot deserialize body to Java object", e);
}
} else {
- throw new RuntimeCamelException("Content-type " + HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT + " is not allowed");
+ // set empty body
+ message.setBody(null);
}
}
http://git-wip-us.apache.org/repos/asf/camel/blob/190d7c81/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
index 1ef9c9d..a2ccd51 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
@@ -356,4 +356,16 @@ public class HttpComponent extends HeaderFilterStrategyComponent {
public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
this.allowJavaSerializedObject = allowJavaSerializedObject;
}
+
+ /**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ */
+ @Override
+ public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
+ // need to override and call super for component docs
+ super.setAllowJavaSerializedObject(allowJavaSerializedObject);
+ }
}
http://git-wip-us.apache.org/repos/asf/camel/blob/190d7c81/components/camel-http/src/main/java/org/apache/camel/component/http/HttpProducer.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpProducer.java b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpProducer.java
index f2bdc2d..4ef437d 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpProducer.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpProducer.java
@@ -32,6 +32,7 @@ import java.util.Map;
import org.apache.camel.CamelExchangeException;
import org.apache.camel.Exchange;
import org.apache.camel.Message;
+import org.apache.camel.RuntimeCamelException;
import org.apache.camel.component.file.GenericFile;
import org.apache.camel.component.http.helper.HttpHelper;
import org.apache.camel.converter.stream.CachedOutputStream;
@@ -272,7 +273,7 @@ public class HttpProducer extends DefaultProducer {
* @return the response either as a stream, or as a deserialized java object
* @throws IOException can be thrown
*/
- protected static Object extractResponseBody(HttpMethod method, Exchange exchange) throws IOException, ClassNotFoundException {
+ protected Object extractResponseBody(HttpMethod method, Exchange exchange) throws IOException, ClassNotFoundException {
InputStream is = method.getResponseBodyAsStream();
if (is == null) {
return null;
@@ -296,7 +297,13 @@ public class HttpProducer extends DefaultProducer {
InputStream response = doExtractResponseBodyAsStream(is, exchange);
// if content type is a serialized java object then de-serialize it back to a Java object
if (contentType != null && contentType.equals(HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT)) {
- return HttpHelper.deserializeJavaObjectFromStream(response);
+ // only deserialize java if allowed
+ if (getEndpoint().getComponent().isAllowJavaSerializedObject() || getEndpoint().isTransferException()) {
+ return HttpHelper.deserializeJavaObjectFromStream(response);
+ } else {
+ // empty response
+ return null;
+ }
} else {
return response;
}
@@ -405,6 +412,9 @@ public class HttpProducer extends DefaultProducer {
String contentType = ExchangeHelper.getContentType(exchange);
if (contentType != null && HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)) {
+ if (!getEndpoint().getComponent().isAllowJavaSerializedObject()) {
+ throw new CamelExchangeException("Content-type " + HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT + " is not allowed", exchange);
+ }
// serialized java object
Serializable obj = in.getMandatoryBody(Serializable.class);
// write object to output stream
[04/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Conflicts:
components/camel-http-common/src/main/java/org/apache/camel/http/common/DefaultHttpBinding.java
components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpBinding.java
components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpCommonEndpoint.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/13e43c14
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/13e43c14
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/13e43c14
Branch: refs/heads/camel-2.15.x
Commit: 13e43c1412ad72d99030b4eb4cb72c84fa57d5ff
Parents: 190d7c8
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 14:52:36 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 18:52:15 2015 +0100
----------------------------------------------------------------------
.../apache/camel/component/ahc/AhcEndpoint.java | 3 +
.../component/http/DefaultHttpBinding.java | 8 ++
.../camel/component/http/HttpBinding.java | 19 ++++
.../camel/component/http/HttpEndpoint.java | 4 +-
.../jetty/CamelContinuationServlet.java | 9 ++
.../jetty/DefaultJettyHttpBinding.java | 26 ++++-
.../camel/component/jetty/JettyHttpBinding.java | 24 +++++
.../component/jetty/JettyHttpEndpoint.java | 3 +
.../component/jetty/JettyHttpProducer.java | 24 +++--
.../component/jetty9/JettyHttpEndpoint9.java | 3 +
.../jetty/javabody/HttpJavaBodyTest.java | 103 +++++++++++++++++++
.../JettyHttpProducerJavaBodyTest.java | 12 ++-
.../component/sparkrest/SparkConfiguration.java | 3 +
13 files changed, 224 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
index 9790a73..eb42d0a 100644
--- a/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
+++ b/components/camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcEndpoint.java
@@ -179,6 +179,9 @@ public class AhcEndpoint extends DefaultEndpoint implements HeaderFilterStrategy
* in the response as a application/x-java-serialized-object content type (for example using Jetty or Servlet Camel components).
* On the producer side the exception will be deserialized and thrown as is, instead of the AhcOperationFailedException.
* The caused exception is required to be serialized.
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*/
public void setTransferException(boolean transferException) {
this.transferException = transferException;
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java b/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
index 84c79ef..2771bf7 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/DefaultHttpBinding.java
@@ -499,4 +499,12 @@ public class DefaultHttpBinding implements HttpBinding {
this.headerFilterStrategy = headerFilterStrategy;
}
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
+ }
+
+ public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
+ this.allowJavaSerializedObject = allowJavaSerializedObject;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java
index 35f1f4a..18c6a6d 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpBinding.java
@@ -143,4 +143,23 @@ public interface HttpBinding {
*/
void setHeaderFilterStrategy(HeaderFilterStrategy headerFilterStrategy);
+ /**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ */
+ boolean isAllowJavaSerializedObject();
+
+ /**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ *
+ * @param allowJavaSerializedObject <tt>true</tt> to allow serializing java objects
+ */
+ void setAllowJavaSerializedObject(boolean allowJavaSerializedObject);
+
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
----------------------------------------------------------------------
diff --git a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
index cad38b1..df31742 100644
--- a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
+++ b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
@@ -22,7 +22,6 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import org.apache.camel.Component;
import org.apache.camel.Consumer;
import org.apache.camel.PollingConsumer;
import org.apache.camel.Processor;
@@ -238,6 +237,9 @@ public class HttpEndpoint extends DefaultEndpoint implements HeaderFilterStrateg
binding = new DefaultHttpBinding(this);
// create a new binding and use the options from this endpoint
binding.setEagerCheckContentAvailable(isEagerCheckContentAvailable());
+ if (getComponent() != null) {
+ binding.setAllowJavaSerializedObject(getComponent().isAllowJavaSerializedObject());
+ }
}
return binding;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
index 78ba6db..2bc44da 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
@@ -28,6 +28,7 @@ import org.apache.camel.AsyncCallback;
import org.apache.camel.Exchange;
import org.apache.camel.ExchangePattern;
import org.apache.camel.component.http.CamelServlet;
+import org.apache.camel.component.http.HttpConstants;
import org.apache.camel.component.http.HttpConsumer;
import org.apache.camel.component.http.HttpMessage;
import org.apache.camel.component.http.helper.HttpHelper;
@@ -85,6 +86,14 @@ public class CamelContinuationServlet extends CamelServlet {
response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
}
+
+ // we do not support java serialized objects unless explicit enabled
+ String contentType = request.getContentType();
+ if (HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType) && !consumer.getEndpoint().getComponent().isAllowJavaSerializedObject()) {
+ System.out.println("415 miser !!!");
+ response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
+ return;
+ }
final Exchange result = (Exchange) request.getAttribute(EXCHANGE_ATTRIBUTE_NAME);
if (result == null) {
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
index fe3195f..9bc8f1f 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/DefaultJettyHttpBinding.java
@@ -46,6 +46,8 @@ public class DefaultJettyHttpBinding implements JettyHttpBinding {
private HeaderFilterStrategy httpProtocolHeaderFilterStrategy = new HttpProtocolHeaderFilterStrategy();
private boolean throwExceptionOnFailure;
private boolean transferException;
+ private boolean allowJavaSerializedObject;
+
public DefaultJettyHttpBinding() {
}
@@ -99,6 +101,14 @@ public class DefaultJettyHttpBinding implements JettyHttpBinding {
this.transferException = transferException;
}
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
+ }
+
+ public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
+ this.allowJavaSerializedObject = allowJavaSerializedObject;
+ }
+
protected void populateResponse(Exchange exchange, JettyContentExchange httpExchange,
Message in, HeaderFilterStrategy strategy, int responseCode) throws IOException {
Message answer = exchange.getOut();
@@ -173,11 +183,17 @@ public class DefaultJettyHttpBinding implements JettyHttpBinding {
// if content type is serialized java object, then de-serialize it to a Java object
if (contentType != null && HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)) {
- try {
- InputStream is = exchange.getContext().getTypeConverter().mandatoryConvertTo(InputStream.class, httpExchange.getResponseContentBytes());
- return HttpHelper.deserializeJavaObjectFromStream(is);
- } catch (Exception e) {
- throw new RuntimeCamelException("Cannot deserialize body to Java object", e);
+ // only deserialize java if allowed
+ if (isAllowJavaSerializedObject() || isTransferException()) {
+ try {
+ InputStream is = exchange.getContext().getTypeConverter().mandatoryConvertTo(InputStream.class, httpExchange.getResponseContentBytes());
+ return HttpHelper.deserializeJavaObjectFromStream(is);
+ } catch (Exception e) {
+ throw new RuntimeCamelException("Cannot deserialize body to Java object", e);
+ }
+ } else {
+ // empty body
+ return null;
}
} else {
// just grab the raw content body
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
index 75e9863..f2a127a 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpBinding.java
@@ -70,6 +70,9 @@ public interface JettyHttpBinding {
/**
* Whether to transfer exception back as a serialized java object
* if processing failed due to an exception
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*
* @param transferException <tt>true</tt> to transfer exception
*/
@@ -78,9 +81,30 @@ public interface JettyHttpBinding {
/**
* Whether to transfer exception back as a serialized java object
* if processing failed due to an exception
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*
* @return <tt>true</tt> to transfer exception
*/
boolean isTransferException();
+ /**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ *
+ * @param allowJavaSerializedObject <tt>true</tt> to allow serializing java objects
+ */
+ void setAllowJavaSerializedObject(boolean allowJavaSerializedObject);
+
+ /**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ */
+ boolean isAllowJavaSerializedObject();
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
index 4b17416..c3f61b4 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpEndpoint.java
@@ -172,6 +172,9 @@ public abstract class JettyHttpEndpoint extends HttpEndpoint {
jettyBinding.setHeaderFilterStrategy(getHeaderFilterStrategy());
jettyBinding.setThrowExceptionOnFailure(isThrowExceptionOnFailure());
jettyBinding.setTransferException(isTransferException());
+ if (getComponent() != null) {
+ jettyBinding.setAllowJavaSerializedObject(getComponent().isAllowJavaSerializedObject());
+ }
}
return jettyBinding;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
index 6eda222..978e59d 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpProducer.java
@@ -33,6 +33,7 @@ import org.apache.camel.Message;
import org.apache.camel.component.http.HttpConstants;
import org.apache.camel.component.http.HttpMethods;
import org.apache.camel.component.http.helper.HttpHelper;
+import org.apache.camel.RuntimeCamelException;
import org.apache.camel.impl.DefaultAsyncProducer;
import org.apache.camel.spi.HeaderFilterStrategy;
import org.apache.camel.util.ExchangeHelper;
@@ -139,17 +140,20 @@ public class JettyHttpProducer extends DefaultAsyncProducer implements AsyncProc
if (contentType != null) {
httpExchange.setRequestContentType(contentType);
}
-
if (contentType != null && HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)) {
- // serialized java object
- Serializable obj = exchange.getIn().getMandatoryBody(Serializable.class);
- // write object to output stream
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- try {
- HttpHelper.writeObjectToStream(bos, obj);
- httpExchange.setRequestContent(bos.toByteArray());
- } finally {
- IOHelper.close(bos, "body", LOG);
+ if (getEndpoint().getComponent().isAllowJavaSerializedObject() || getEndpoint().isTransferException()) {
+ // serialized java object
+ Serializable obj = exchange.getIn().getMandatoryBody(Serializable.class);
+ // write object to output stream
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ try {
+ HttpHelper.writeObjectToStream(bos, obj);
+ httpExchange.setRequestContent(bos.toByteArray());
+ } finally {
+ IOHelper.close(bos, "body", LOG);
+ }
+ } else {
+ throw new RuntimeCamelException("Content-type " + HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT + " is not allowed");
}
} else {
Object body = exchange.getIn().getBody();
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java b/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
index fad0440..b9469fa 100644
--- a/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
+++ b/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpEndpoint9.java
@@ -38,6 +38,9 @@ public class JettyHttpEndpoint9 extends JettyHttpEndpoint {
public HttpBinding getBinding() {
if (this.binding == null) {
this.binding = new AttachmentHttpBinding(this);
+ if (getComponent() != null) {
+ this.binding.setAllowJavaSerializedObject(getComponent().isAllowJavaSerializedObject());
+ }
}
return this.binding;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
index b55d938..3ab9899 100644
--- a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
+++ b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/javabody/HttpJavaBodyTest.java
@@ -16,11 +16,16 @@
*/
package org.apache.camel.component.jetty.javabody;
+import org.apache.camel.CamelExecutionException;
import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http.HttpConstants;
import org.apache.camel.component.jetty.BaseJettyTest;
+import org.apache.camel.component.http.HttpComponent;
+import org.apache.camel.component.jetty.BaseJettyTest;
+import org.apache.camel.component.jetty.JettyHttpComponent;
+import org.junit.Ignore;
import org.junit.Test;
/**
@@ -34,7 +39,14 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
+ @Ignore
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -65,7 +77,14 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
+ @Ignore
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -97,7 +116,14 @@ public class HttpJavaBodyTest extends BaseJettyTest {
}
@Test
+ @Ignore
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -123,4 +149,81 @@ public class HttpJavaBodyTest extends BaseJettyTest {
assertEquals("Camel rocks", reply.getName());
}
+ @Test
+ public void testNotAllowedReceive() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(false);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
+ context.addRoutes(new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ onException(Exception.class).to("mock:error");
+
+ from("jetty:http://localhost:{{port}}/myapp/myservice")
+ .process(new Processor() {
+ public void process(Exchange exchange) throws Exception {
+ String body = exchange.getIn().getBody(String.class);
+ assertNotNull(body);
+ assertEquals("Hello World", body);
+
+ MyCoolBean reply = new MyCoolBean(456, "Camel rocks");
+ exchange.getOut().setBody(reply);
+ exchange.getOut().setHeader(Exchange.CONTENT_TYPE, HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT);
+ }
+ });
+ }
+ });
+ context.start();
+
+ try {
+ template.requestBody("http://localhost:{{port}}/myapp/myservice", "Hello World", MyCoolBean.class);
+ fail("Should fail");
+ } catch (Exception e) {
+ // expected
+ }
+ }
+
+ @Test
+ @Ignore
+ public void testNotAllowed() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(false);
+
+ HttpComponent http = context.getComponent("http", HttpComponent.class);
+ http.setAllowJavaSerializedObject(true);
+
+ context.addRoutes(new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ from("jetty:http://localhost:{{port}}/myapp/myservice")
+ .process(new Processor() {
+ public void process(Exchange exchange) throws Exception {
+ String body = exchange.getIn().getBody(String.class);
+ assertNotNull(body);
+ assertEquals("Hello World", body);
+
+ MyCoolBean reply = new MyCoolBean(456, "Camel rocks");
+ exchange.getOut().setBody(reply);
+ exchange.getOut().setHeader(Exchange.CONTENT_TYPE, HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT);
+ }
+ });
+ }
+ });
+ context.start();
+
+ MyCoolBean cool = new MyCoolBean(123, "Camel");
+
+ try {
+ template.requestBodyAndHeader("http://localhost:{{port}}/myapp/myservice", cool,
+ Exchange.CONTENT_TYPE, HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT, MyCoolBean.class);
+ fail("Should fail");
+ } catch (CamelExecutionException e) {
+ HttpOperationFailedException cause = assertIsInstanceOf(HttpOperationFailedException.class, e.getCause());
+ assertEquals(415, cause.getStatusCode());
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
index 9f17c31..40728d8 100644
--- a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
+++ b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/jettyproducer/JettyHttpProducerJavaBodyTest.java
@@ -21,6 +21,7 @@ import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http.HttpConstants;
import org.apache.camel.component.jetty.BaseJettyTest;
+import org.apache.camel.component.jetty.JettyHttpComponent;
import org.junit.Test;
/**
@@ -35,6 +36,9 @@ public class JettyHttpProducerJavaBodyTest extends BaseJettyTest {
@Test
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -66,6 +70,9 @@ public class JettyHttpProducerJavaBodyTest extends BaseJettyTest {
@Test
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -98,6 +105,9 @@ public class JettyHttpProducerJavaBodyTest extends BaseJettyTest {
@Test
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
@@ -117,7 +127,7 @@ public class JettyHttpProducerJavaBodyTest extends BaseJettyTest {
});
context.start();
- MyCoolBean reply = template.requestBody("http://localhost:{{port}}/myapp/myservice", "Hello World", MyCoolBean.class);
+ MyCoolBean reply = template.requestBody("jetty:http://localhost:{{port}}/myapp/myservice", "Hello World", MyCoolBean.class);
assertEquals(456, reply.getId());
assertEquals("Camel rocks", reply.getName());
http://git-wip-us.apache.org/repos/asf/camel/blob/13e43c14/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
----------------------------------------------------------------------
diff --git a/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java b/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
index ac1e040..ef795bc 100644
--- a/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
+++ b/components/camel-spark-rest/src/main/java/org/apache/camel/component/sparkrest/SparkConfiguration.java
@@ -80,6 +80,9 @@ public class SparkConfiguration {
/**
* If enabled and an Exchange failed processing on the consumer side, and if the caused Exception was send back serialized
* in the response as a application/x-java-serialized-object content type.
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
*/
public void setTransferException(boolean transferException) {
this.transferException = transferException;
[05/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Conflicts:
components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpProducer.java
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/4f065fe0
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/4f065fe0
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/4f065fe0
Branch: refs/heads/camel-2.15.x
Commit: 4f065fe07c1dcd7b451e6005a6dc8e96d77da43e
Parents: 13e43c1
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 15:06:32 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 18:54:52 2015 +0100
----------------------------------------------------------------------
.../apache/camel/component/http4/HttpComponent.java | 16 ++++++++++++++++
.../apache/camel/component/http4/HttpEndpoint.java | 6 ++++++
.../apache/camel/component/http4/HttpProducer.java | 13 +++++++++++--
3 files changed, 33 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/4f065fe0/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpComponent.java
----------------------------------------------------------------------
diff --git a/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpComponent.java b/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpComponent.java
index b5fc46e..176ada5 100644
--- a/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpComponent.java
+++ b/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpComponent.java
@@ -66,6 +66,7 @@ public class HttpComponent extends HeaderFilterStrategyComponent {
protected SSLContextParameters sslContextParameters;
protected X509HostnameVerifier x509HostnameVerifier = new BrowserCompatHostnameVerifier();
protected CookieStore cookieStore;
+ protected boolean allowJavaSerializedObject;
// options to the default created http connection manager
protected int maxTotalConnections = 200;
@@ -377,6 +378,21 @@ public class HttpComponent extends HeaderFilterStrategyComponent {
this.httpBinding = httpBinding;
}
+ /**
+ * Whether to allow java serialization when a request uses context-type=application/x-java-serialized-object
+ * <p/>
+ * This is by default turned off. If you enable this then be aware that Java will deserialize the incoming
+ * data from the request to Java and that can be a potential security risk.
+ */
+ public void setAllowJavaSerializedObject(boolean allowJavaSerializedObject) {
+ // need to override and call super for component docs
+ this.allowJavaSerializedObject = allowJavaSerializedObject;
+ }
+
+ public boolean isAllowJavaSerializedObject() {
+ return allowJavaSerializedObject;
+ }
+
public HttpContext getHttpContext() {
return httpContext;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/4f065fe0/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpEndpoint.java
----------------------------------------------------------------------
diff --git a/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpEndpoint.java b/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpEndpoint.java
index bcd22b5..f975698 100644
--- a/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpEndpoint.java
+++ b/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpEndpoint.java
@@ -19,6 +19,7 @@ package org.apache.camel.component.http4;
import java.net.URI;
import java.net.URISyntaxException;
+import org.apache.camel.Component;
import org.apache.camel.Consumer;
import org.apache.camel.PollingConsumer;
import org.apache.camel.Processor;
@@ -113,6 +114,11 @@ public class HttpEndpoint extends DefaultEndpoint implements HeaderFilterStrateg
this.clientConnectionManager = clientConnectionManager;
}
+ @Override
+ public HttpComponent getComponent() {
+ return (HttpComponent) super.getComponent();
+ }
+
public Producer createProducer() throws Exception {
return new HttpProducer(this);
}
http://git-wip-us.apache.org/repos/asf/camel/blob/4f065fe0/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpProducer.java
----------------------------------------------------------------------
diff --git a/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpProducer.java b/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpProducer.java
index 612c6ce..77cbd5a 100644
--- a/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpProducer.java
+++ b/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpProducer.java
@@ -287,7 +287,7 @@ public class HttpProducer extends DefaultProducer {
* @return the response either as a stream, or as a deserialized java object
* @throws IOException can be thrown
*/
- protected static Object extractResponseBody(HttpRequestBase httpRequest, HttpResponse httpResponse, Exchange exchange) throws IOException, ClassNotFoundException {
+ protected Object extractResponseBody(HttpRequestBase httpRequest, HttpResponse httpResponse, Exchange exchange) throws IOException, ClassNotFoundException {
HttpEntity entity = httpResponse.getEntity();
if (entity == null) {
return null;
@@ -315,7 +315,13 @@ public class HttpProducer extends DefaultProducer {
InputStream response = doExtractResponseBodyAsStream(is, exchange);
// if content type is a serialized java object then de-serialize it back to a Java object
if (contentType != null && contentType.equals(HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT)) {
- return HttpHelper.deserializeJavaObjectFromStream(response);
+ // only deserialize java if allowed
+ if (getEndpoint().getComponent().isAllowJavaSerializedObject() || getEndpoint().isTransferException()) {
+ return HttpHelper.deserializeJavaObjectFromStream(response);
+ } else {
+ // empty response
+ return null;
+ }
} else {
return response;
}
@@ -424,6 +430,9 @@ public class HttpProducer extends DefaultProducer {
}
if (contentTypeString != null && HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentTypeString)) {
+ if (!getEndpoint().getComponent().isAllowJavaSerializedObject()) {
+ throw new CamelExchangeException("Content-type " + HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT + " is not allowed", exchange);
+ }
// serialized java object
Serializable obj = in.getMandatoryBody(Serializable.class);
// write object to output stream
[09/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/5ea0a6f6
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/5ea0a6f6
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/5ea0a6f6
Branch: refs/heads/master
Commit: 5ea0a6f6c6a54f1cddf9691a99b0c237afc95348
Parents: 0afcf72
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 20:41:31 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 20:41:31 2015 +0100
----------------------------------------------------------------------
components/camel-ahc/pom.xml | 2 +-
.../apache/camel/component/ahc/BaseAhcTest.java | 1 -
.../ahc/javabody/AhcProduceJavaBodyTest.java | 20 ++++++++++++++++++++
3 files changed, 21 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/5ea0a6f6/components/camel-ahc/pom.xml
----------------------------------------------------------------------
diff --git a/components/camel-ahc/pom.xml b/components/camel-ahc/pom.xml
index ad1e446..59fd2f1 100644
--- a/components/camel-ahc/pom.xml
+++ b/components/camel-ahc/pom.xml
@@ -70,7 +70,7 @@
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
- <artifactId>camel-jetty</artifactId>
+ <artifactId>camel-jetty9</artifactId>
<scope>test</scope>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/camel/blob/5ea0a6f6/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
index 5a68715..6481b05 100644
--- a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
+++ b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
@@ -131,7 +131,6 @@ public abstract class BaseAhcTest extends CamelTestSupport {
}
protected String getTestServerEndpointTwoUri() {
-
return "jetty:" + getTestServerEndpointTwoUrl();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/5ea0a6f6/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
index 8b3f395..033976e 100644
--- a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
+++ b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
@@ -22,6 +22,8 @@ import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.ahc.AhcComponent;
import org.apache.camel.component.ahc.AhcConstants;
import org.apache.camel.component.ahc.BaseAhcTest;
+import org.apache.camel.component.jetty.JettyHttpComponent;
+import org.apache.camel.http.common.HttpCommonComponent;
import org.junit.Test;
/**
@@ -36,6 +38,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(true);
@@ -70,6 +75,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(true);
@@ -105,6 +113,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(true);
@@ -135,6 +146,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testNotAllowedReceive() throws Exception {
+ HttpCommonComponent jetty = context.getComponent("jetty", HttpCommonComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(false);
@@ -163,6 +177,12 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testNotAllowed() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(false);
+
+ AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
+ ahc.setAllowJavaSerializedObject(false);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {
[13/13] camel git commit: CAMEL-9309: Make it easier to turn on|off
java transport over http
Posted by da...@apache.org.
CAMEL-9309: Make it easier to turn on|off java transport over http
Conflicts:
components/camel-ahc/pom.xml
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/23655fe0
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/23655fe0
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/23655fe0
Branch: refs/heads/camel-2.15.x
Commit: 23655fe0c15189ca41a6e99c31a3c38001a7cdb0
Parents: 1b1ccbc
Author: Claus Ibsen <da...@apache.org>
Authored: Thu Nov 12 20:41:31 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Thu Nov 12 20:46:38 2015 +0100
----------------------------------------------------------------------
components/camel-ahc/pom.xml | 5 +++++
.../apache/camel/component/ahc/BaseAhcTest.java | 1 -
.../ahc/javabody/AhcProduceJavaBodyTest.java | 20 ++++++++++++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/23655fe0/components/camel-ahc/pom.xml
----------------------------------------------------------------------
diff --git a/components/camel-ahc/pom.xml b/components/camel-ahc/pom.xml
index b5146e0..c91bac0 100644
--- a/components/camel-ahc/pom.xml
+++ b/components/camel-ahc/pom.xml
@@ -65,6 +65,11 @@
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
+ <artifactId>camel-http</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.camel</groupId>
<artifactId>camel-jetty8</artifactId>
<scope>test</scope>
</dependency>
http://git-wip-us.apache.org/repos/asf/camel/blob/23655fe0/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
index 5a68715..6481b05 100644
--- a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
+++ b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/BaseAhcTest.java
@@ -131,7 +131,6 @@ public abstract class BaseAhcTest extends CamelTestSupport {
}
protected String getTestServerEndpointTwoUri() {
-
return "jetty:" + getTestServerEndpointTwoUrl();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/23655fe0/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
----------------------------------------------------------------------
diff --git a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
index 8b3f395..99976c2 100644
--- a/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
+++ b/components/camel-ahc/src/test/java/org/apache/camel/component/ahc/javabody/AhcProduceJavaBodyTest.java
@@ -22,6 +22,8 @@ import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.ahc.AhcComponent;
import org.apache.camel.component.ahc.AhcConstants;
import org.apache.camel.component.ahc.BaseAhcTest;
+import org.apache.camel.component.http.HttpComponent;
+import org.apache.camel.component.jetty.JettyHttpComponent;
import org.junit.Test;
/**
@@ -36,6 +38,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendJavaBodyAndReceiveString() throws Exception {
+ HttpComponent jetty = context.getComponent("jetty", HttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(true);
@@ -70,6 +75,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendJavaBodyAndReceiveJavaBody() throws Exception {
+ HttpComponent jetty = context.getComponent("jetty", HttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(true);
@@ -105,6 +113,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testHttpSendStringAndReceiveJavaBody() throws Exception {
+ HttpComponent jetty = context.getComponent("jetty", HttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(true);
@@ -135,6 +146,9 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testNotAllowedReceive() throws Exception {
+ HttpComponent jetty = context.getComponent("jetty", HttpComponent.class);
+ jetty.setAllowJavaSerializedObject(true);
+
AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
ahc.setAllowJavaSerializedObject(false);
@@ -163,6 +177,12 @@ public class AhcProduceJavaBodyTest extends BaseAhcTest {
@Test
public void testNotAllowed() throws Exception {
+ JettyHttpComponent jetty = context.getComponent("jetty", JettyHttpComponent.class);
+ jetty.setAllowJavaSerializedObject(false);
+
+ AhcComponent ahc = context.getComponent("ahc", AhcComponent.class);
+ ahc.setAllowJavaSerializedObject(false);
+
context.addRoutes(new RouteBuilder() {
@Override
public void configure() throws Exception {