gnodet opened a new pull request, #21089:
URL: https://github.com/apache/camel/pull/21089
# CAMEL-22849: Fix AS2 server wildcard pattern matching for requestUriPattern
## Summary
This PR fixes a regression in the `camel-as2` component where AS2 server
routes configured with wildcard patterns in `requestUriPattern` (e.g.,
`/receiver/*`) were not correctly resolving the appropriate
`AS2ConsumerConfiguration` for incoming requests.
## Problem
In Camel 4.14.x, when an AS2 request was sent to a concrete path like
`/receiver/test-1`, the server would fail to find the consumer configuration
for patterns like `/receiver/*`, logging:
```
No AS2 consumer configuration found for canonical path: /receiver/test-1.
Encrypted messages will likely fail.
```
The root cause was that `AS2ServerConnection.getConfigurationForPath(String
path)` performed only an exact map lookup using the resolved request path,
which would never match wildcard patterns stored as keys like `/receiver/*`.
This broke encrypted and/or signed AS2 messages because the server could not
locate the appropriate consumer configuration for decryption and signature
validation. This was a regression from Camel 3.22.x where wildcard patterns
worked correctly.
## Solution
Updated `AS2ServerConnection` to support wildcard pattern matching:
1. **Pattern Matching Logic**: Modified `getConfigurationForPath()` to:
- First attempt an exact match (for performance)
- If no exact match, iterate through all registered patterns and check
for wildcard matches
- Select the longest (most specific) matching pattern when multiple
patterns match
2. **Regex-based Wildcard Support**: Implemented `matchesPattern()` method
that:
- Uses compiled regex patterns with caching for performance
- Properly escapes all regex special characters using `Pattern.quote()`
to ensure only `*` has special meaning
- Supports wildcards in any position (e.g., `/api/*/orders`,
`/receiver/*`, `/*`)
3. **Pattern Caching**: Added a `compiledPatterns` cache to avoid
recompiling regex patterns on every request
4. **Comprehensive Tests**: Added `AS2ServerWildcardPatternIT` with
extensive test coverage for:
- Basic wildcard matching (`/consumer/*`)
- Exact match precedence over wildcards
- Multiple wildcard patterns with specificity ordering
- Nested wildcards (`/consumer/orders/*`)
- Multiple wildcards in one pattern (`/api/*/orders/*`)
- Edge cases (root wildcard `/*`, special characters in paths)
## Important Remarks
### 1. Risk of Ambiguity
**Issue**: When two patterns have the same "specificity length", the
matching order is not guaranteed. For example, `/api/*/orders` and `/api/v1/*`
both have the same number of non-wildcard characters.
**Current Behavior**: The implementation uses the length of the pattern
after removing wildcards as the specificity metric. If two patterns have the
same specificity, the iteration order of the `ConcurrentHashMap` determines
which one is selected.
**Recommendation**: Consider adding alphabetical sorting as a secondary
criterion to make the behavior 100% deterministic. This could be implemented by
modifying the pattern selection logic to compare pattern strings alphabetically
when specificity lengths are equal.
### 2. Missing Edge Case Test
**Issue**: The current tests verify wildcard `*` matching, but do not verify
what happens if the pattern contains other regex special characters (like `.`
or `+`).
**Current Protection**: The implementation uses `Pattern.quote()` to
properly escape all regex special characters in each segment between wildcards,
ensuring that only `*` is interpreted as a wildcard.
**Recommendation**: Add a test case to explicitly verify that patterns
containing regex special characters (e.g., `/receiver/test.endpoint`,
`/api/v1+2/orders`) are treated as literal characters and not as regex
operators. This would ensure `Pattern.quote()` is working correctly and prevent
future regressions.
### 3. Security Consideration (Minor)
**Issue**: There is a theoretical risk of "ReDoS" (Regular Expression Denial
of Service) if a malicious user configures an extremely complex pattern.
**Current Risk Assessment**: The risk is low in this implementation because:
- Patterns are configured by administrators, not end users
- The regex patterns are simple (only `.*` for wildcards)
- Pattern compilation happens once and is cached
**Best Practice**: This is noted as a good practice to keep in mind for
future enhancements. If pattern complexity increases or if patterns become
user-configurable, additional validation or complexity limits should be
considered.
## Testing
- All existing tests pass
- New comprehensive integration test `AS2ServerWildcardPatternIT` covers:
- Basic wildcard matching
- Exact match precedence
- Pattern specificity ordering
- Multiple wildcards
- Edge cases
## Compatibility
This change restores the behavior from Camel 3.22.x and is backward
compatible with existing exact-match configurations.
Fixes: https://issues.apache.org/jira/browse/CAMEL-22849
---
Pull Request opened by [Augment Code](https://www.augmentcode.com/) with
guidance from the PR author
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
