This is an automated email from the ASF dual-hosted git repository.
oscerd pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 956c3903a101 CAMEL-23527: Link API-based component docs to the
security model (#23638)
956c3903a101 is described below
commit 956c3903a10130627f1d72764dff7a3564348bdf
Author: Karol Krawczyk <[email protected]>
AuthorDate: Fri May 29 15:22:50 2026 +0200
CAMEL-23527: Link API-based component docs to the security model (#23638)
The API-based components let routes override per-call parameters via
Camel-prefixed exchange headers, so a route consuming from untrusted
producers
should strip those internal headers at the trust boundary. Add a note to
each
API-based component's documentation (as2, box, braintree, dhis2, fhir,
google-calendar, google-drive, google-mail, google-sheets, olingo2, olingo4,
twilio, zendesk) cross-referencing the security model guidance.
---
.../camel-as2-component/src/main/docs/as2-component.adoc | 9 +++++++++
.../camel-box-component/src/main/docs/box-component.adoc | 9 +++++++++
.../camel-braintree/src/main/docs/braintree-component.adoc | 9 +++++++++
.../camel-dhis2-component/src/main/docs/dhis2-component.adoc | 9 +++++++++
.../camel-fhir-component/src/main/docs/fhir-component.adoc | 9 +++++++++
.../src/main/docs/google-calendar-component.adoc | 9 +++++++++
.../camel-google-drive/src/main/docs/google-drive-component.adoc | 9 +++++++++
.../camel-google-mail/src/main/docs/google-mail-component.adoc | 9 +++++++++
.../src/main/docs/google-sheets-component.adoc | 9 +++++++++
.../camel-olingo2-component/src/main/docs/olingo2-component.adoc | 9 +++++++++
.../camel-olingo4-component/src/main/docs/olingo4-component.adoc | 9 +++++++++
components/camel-twilio/src/main/docs/twilio-component.adoc | 9 +++++++++
components/camel-zendesk/src/main/docs/zendesk-component.adoc | 9 +++++++++
13 files changed, 117 insertions(+)
diff --git
a/components/camel-as2/camel-as2-component/src/main/docs/as2-component.adoc
b/components/camel-as2/camel-as2-component/src/main/docs/as2-component.adoc
index 59fb7a7510bc..0e633c12bee1 100644
--- a/components/camel-as2/camel-as2-component/src/main/docs/as2-component.adoc
+++ b/components/camel-as2/camel-as2-component/src/main/docs/as2-component.adoc
@@ -48,5 +48,14 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
include::spring-boot:partial$starter.adoc[]
diff --git
a/components/camel-box/camel-box-component/src/main/docs/box-component.adoc
b/components/camel-box/camel-box-component/src/main/docs/box-component.adoc
index 7e697cdecd82..95a2d01d143e 100644
--- a/components/camel-box/camel-box-component/src/main/docs/box-component.adoc
+++ b/components/camel-box/camel-box-component/src/main/docs/box-component.adoc
@@ -46,6 +46,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
== Usage
=== Connection Authentication Types
diff --git a/components/camel-braintree/src/main/docs/braintree-component.adoc
b/components/camel-braintree/src/main/docs/braintree-component.adoc
index be833684fd0d..a95dbeb1df69 100644
--- a/components/camel-braintree/src/main/docs/braintree-component.adoc
+++ b/components/camel-braintree/src/main/docs/braintree-component.adoc
@@ -41,6 +41,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
== Examples
[source,java]
diff --git
a/components/camel-dhis2/camel-dhis2-component/src/main/docs/dhis2-component.adoc
b/components/camel-dhis2/camel-dhis2-component/src/main/docs/dhis2-component.adoc
index f417b09a383a..632b670cd3c2 100644
---
a/components/camel-dhis2/camel-dhis2-component/src/main/docs/dhis2-component.adoc
+++
b/components/camel-dhis2/camel-dhis2-component/src/main/docs/dhis2-component.adoc
@@ -40,6 +40,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
== Examples
* Fetch an organisation unit by ID:
diff --git
a/components/camel-fhir/camel-fhir-component/src/main/docs/fhir-component.adoc
b/components/camel-fhir/camel-fhir-component/src/main/docs/fhir-component.adoc
index 012ab1f7af66..c3cbf680e58a 100644
---
a/components/camel-fhir/camel-fhir-component/src/main/docs/fhir-component.adoc
+++
b/components/camel-fhir/camel-fhir-component/src/main/docs/fhir-component.adoc
@@ -62,5 +62,14 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
include::spring-boot:partial$starter.adoc[]
diff --git
a/components/camel-google/camel-google-calendar/src/main/docs/google-calendar-component.adoc
b/components/camel-google/camel-google-calendar/src/main/docs/google-calendar-component.adoc
index 7e495611b130..1d88dc80ff1a 100644
---
a/components/camel-google/camel-google-calendar/src/main/docs/google-calendar-component.adoc
+++
b/components/camel-google/camel-google-calendar/src/main/docs/google-calendar-component.adoc
@@ -55,6 +55,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
include::spring-boot:partial$starter.adoc[]
diff --git
a/components/camel-google/camel-google-drive/src/main/docs/google-drive-component.adoc
b/components/camel-google/camel-google-drive/src/main/docs/google-drive-component.adoc
index 596a4d1d9f8a..0ad419312ed4 100644
---
a/components/camel-google/camel-google-drive/src/main/docs/google-drive-component.adoc
+++
b/components/camel-google/camel-google-drive/src/main/docs/google-drive-component.adoc
@@ -63,6 +63,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
== More Information
diff --git
a/components/camel-google/camel-google-mail/src/main/docs/google-mail-component.adoc
b/components/camel-google/camel-google-mail/src/main/docs/google-mail-component.adoc
index ed782de1e1b6..62031931680f 100644
---
a/components/camel-google/camel-google-mail/src/main/docs/google-mail-component.adoc
+++
b/components/camel-google/camel-google-mail/src/main/docs/google-mail-component.adoc
@@ -63,6 +63,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
== Data Type Transformer: update-message-labels
The `google-mail:update-message-labels` data type transformer builds a
`ModifyMessageRequest` from exchange variables, resolving label names to Gmail
label IDs automatically.
diff --git
a/components/camel-google/camel-google-sheets/src/main/docs/google-sheets-component.adoc
b/components/camel-google/camel-google-sheets/src/main/docs/google-sheets-component.adoc
index b91323157c65..c0c478c36213 100644
---
a/components/camel-google/camel-google-sheets/src/main/docs/google-sheets-component.adoc
+++
b/components/camel-google/camel-google-sheets/src/main/docs/google-sheets-component.adoc
@@ -69,6 +69,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
== ValueInputOption
diff --git
a/components/camel-olingo2/camel-olingo2-component/src/main/docs/olingo2-component.adoc
b/components/camel-olingo2/camel-olingo2-component/src/main/docs/olingo2-component.adoc
index de9ffb7870ed..7f4405010c6d 100644
---
a/components/camel-olingo2/camel-olingo2-component/src/main/docs/olingo2-component.adoc
+++
b/components/camel-olingo2/camel-olingo2-component/src/main/docs/olingo2-component.adoc
@@ -67,6 +67,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
== Usage
=== Endpoint HTTP Headers
diff --git
a/components/camel-olingo4/camel-olingo4-component/src/main/docs/olingo4-component.adoc
b/components/camel-olingo4/camel-olingo4-component/src/main/docs/olingo4-component.adoc
index a7dac228bf0a..ef7409d3576d 100644
---
a/components/camel-olingo4/camel-olingo4-component/src/main/docs/olingo4-component.adoc
+++
b/components/camel-olingo4/camel-olingo4-component/src/main/docs/olingo4-component.adoc
@@ -62,6 +62,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
== Usage
diff --git a/components/camel-twilio/src/main/docs/twilio-component.adoc
b/components/camel-twilio/src/main/docs/twilio-component.adoc
index b8302ed45878..6a7c0a00bd3d 100644
--- a/components/camel-twilio/src/main/docs/twilio-component.adoc
+++ b/components/camel-twilio/src/main/docs/twilio-component.adoc
@@ -36,6 +36,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
== Usage
=== Producer Endpoints:
diff --git a/components/camel-zendesk/src/main/docs/zendesk-component.adoc
b/components/camel-zendesk/src/main/docs/zendesk-component.adoc
index 6da4b5776750..41c18e5e3ae0 100644
--- a/components/camel-zendesk/src/main/docs/zendesk-component.adoc
+++ b/components/camel-zendesk/src/main/docs/zendesk-component.adoc
@@ -37,6 +37,15 @@ include::partial$component-endpoint-options.adoc[]
include::partial$component-endpoint-headers.adoc[]
// component options: END
+[NOTE]
+====
+This is an API-based component, so per-call parameters can be supplied through
`Camel`-prefixed
+exchange headers in addition to the endpoint options. If the route consumes
messages from untrusted
+producers, strip these internal headers at the trust boundary -- for example
with
+`removeHeaders("Camel*")` -- before the message reaches this component, so
that a sender cannot
+override the API call. See xref:manual::security-model.adoc[the Camel security
model] for details.
+====
+
include::spring-boot:partial$starter.adoc[]
