[camel] branch camel-3.7.x updated: CAMEL-15290: camel-cxf - RS producer should not leak over HTTP headers from org.apache.cxf when sending to REST server.

[davsclaus]

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch camel-3.7.x
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/camel-3.7.x by this push:
     new 15c5e84  CAMEL-15290: camel-cxf - RS producer should not leak over 
HTTP headers from org.apache.cxf when sending to REST server.
15c5e84 is described below

commit 15c5e847b5a198829d50cf707dc9c2ceaa5c7a33
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Fri Dec 18 08:16:10 2020 +0100

    CAMEL-15290: camel-cxf - RS producer should not leak over HTTP headers from 
org.apache.cxf when sending to REST server.
---
 .../cxf/common/header/CxfHeaderHelper.java         |  6 ++
 .../apache/camel/component/cxf/CXFTestSupport.java |  6 ++
 .../jaxrs/CxfRsProducerHttpMethodHeaderTest.java   | 80 ++++++++++++++++++++++
 3 files changed, 92 insertions(+)

diff --git 
a/components/camel-cxf-transport/src/main/java/org/apache/camel/component/cxf/common/header/CxfHeaderHelper.java
 
b/components/camel-cxf-transport/src/main/java/org/apache/camel/component/cxf/common/header/CxfHeaderHelper.java
index 1b2fd19..eb05b4f 100644
--- 
a/components/camel-cxf-transport/src/main/java/org/apache/camel/component/cxf/common/header/CxfHeaderHelper.java
+++ 
b/components/camel-cxf-transport/src/main/java/org/apache/camel/component/cxf/common/header/CxfHeaderHelper.java
@@ -89,6 +89,12 @@ public final class CxfHeaderHelper {
                 return;
             }
 
+            // drop this header as we do not want to propagate the http 
method/path into the CXF request message
+            if (Exchange.HTTP_METHOD.equalsIgnoreCase(entry.getKey())
+                    || Exchange.HTTP_PATH.equalsIgnoreCase(entry.getKey())) {
+                return;
+            }
+
             // we need to make sure the entry value is not null
             if (entry.getValue() == null) {
                 LOG.trace("Drop Camel header: {}={}", entry.getKey(), 
entry.getValue());
diff --git 
a/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/CXFTestSupport.java
 
b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/CXFTestSupport.java
index c4622b7..f5ab6fc 100644
--- 
a/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/CXFTestSupport.java
+++ 
b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/CXFTestSupport.java
@@ -30,6 +30,7 @@ public final class CXFTestSupport {
     static final int PORT4 = AvailablePortFinder.getNextAvailable();
     static final int PORT5 = AvailablePortFinder.getNextAvailable();
     static final int PORT6 = AvailablePortFinder.getNextAvailable();
+    static final int PORT7 = AvailablePortFinder.getNextAvailable();
     static final int SSL_PORT = AvailablePortFinder.getNextAvailable();
 
     static {
@@ -41,6 +42,7 @@ public final class CXFTestSupport {
         System.setProperty("CXFTestSupport.port4", Integer.toString(PORT4));
         System.setProperty("CXFTestSupport.port5", Integer.toString(PORT5));
         System.setProperty("CXFTestSupport.port6", Integer.toString(PORT6));
+        System.setProperty("CXFTestSupport.port7", Integer.toString(PORT7));
         System.setProperty("CXFTestSupport.sslPort", 
Integer.toString(SSL_PORT));
         
System.setProperty("org.apache.cxf.transports.http_jetty.DontClosePort", 
"true");
     }
@@ -78,6 +80,10 @@ public final class CXFTestSupport {
         return PORT6;
     }
 
+    public static int getPort7() {
+        return PORT7;
+    }
+
     public static int getSslPort() {
         return SSL_PORT;
     }
diff --git 
a/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/jaxrs/CxfRsProducerHttpMethodHeaderTest.java
 
b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/jaxrs/CxfRsProducerHttpMethodHeaderTest.java
new file mode 100644
index 0000000..b95279c
--- /dev/null
+++ 
b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/jaxrs/CxfRsProducerHttpMethodHeaderTest.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.cxf.jaxrs;
+
+import javax.ws.rs.core.Response;
+
+import org.apache.camel.Exchange;
+import org.apache.camel.ExchangePattern;
+import org.apache.camel.Message;
+import org.apache.camel.Processor;
+import org.apache.camel.RoutesBuilder;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.cxf.CXFTestSupport;
+import org.apache.camel.test.junit5.CamelTestSupport;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+public class CxfRsProducerHttpMethodHeaderTest extends CamelTestSupport {
+
+    @Test
+    public void testHttpMethodHeader() throws Exception {
+        getMockEndpoint("mock:result").expectedMessageCount(1);
+        // should not leak internal cxf headers
+        
getMockEndpoint("mock:result").message(0).header("org.apache.cxf.request.uri").isNull();
+        
getMockEndpoint("mock:result").message(0).header("org.apache.cxf.request.method").isNull();
+
+        Exchange exchange = context.createProducerTemplate().send(
+                "cxfrs://http://localhost:"; + CXFTestSupport.getPort7() + 
"/CxfRsProducerHttpMethodHeaderTest",
+                new Processor() {
+                    public void process(Exchange exchange) throws Exception {
+                        exchange.setPattern(ExchangePattern.InOut);
+                        Message inMessage = exchange.getIn();
+                        inMessage.setHeader(Exchange.HTTP_METHOD, "GET");
+                        inMessage.setHeader(Exchange.HTTP_PATH, 
"/CxfRsProducerHttpMethodHeaderTest/");
+                        inMessage.setHeader(Exchange.CONTENT_TYPE, 
"application/text");
+                        inMessage.setBody("Hello World");
+                    }
+
+                });
+
+        // get the response message
+        Response response = (Response) exchange.getMessage().getBody();
+
+        // check the response code on the Response object as set by the 
"HttpProcess"
+        assertEquals(200, response.getStatus());
+
+        Exchange e1 = 
getMockEndpoint("mock:result").getReceivedExchanges().get(0);
+        // should not contain CXF headers
+        assertFalse(() -> 
e1.getMessage().getHeaders().keySet().stream().anyMatch(k -> 
k.startsWith("org.apache.cxf")),
+                "Should not contain CXF headers");
+    }
+
+    @Override
+    protected RoutesBuilder createRouteBuilder() throws Exception {
+        return new RouteBuilder() {
+            @Override
+            public void configure() throws Exception {
+                
fromF("jetty://http://localhost:%s/CxfRsProducerHttpMethodHeaderTest/?matchOnUriPrefix=true";,
+                        CXFTestSupport.getPort7())
+                                .to("mock:result");
+            }
+        };
+    }
+}