This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch camel-2.25.x
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 165e7041b6e86d9e9c1503f6632862a43dd812d1
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Tue May 5 15:31:25 2020 +0200
CAMEL-15013: Template components - Add option to turn on|off allow using
header with override template
---
.../component/freemarker/FreemarkerComponent.java | 3 +-
.../component/freemarker/FreemarkerEndpoint.java | 3 +-
.../component/velocity/VelocityComponent.java | 21 +++++++-
.../camel/component/velocity/VelocityEndpoint.java | 56 +++++++++++++++-------
.../component/velocity/VelocityEndpointTest.java | 1 +
.../velocity/VelocitySetTemplateViaHeaderTest.java | 2 +-
.../velocity/VelocitySupplementalContextTest.java | 2 +-
.../velocity/VelocityTemplateInHeaderTest.java | 3 ++
.../camel/component/velocity/VelocityTest.java | 2 +-
.../velocity/VelocityValuesInPropertiesTest.java | 2 +-
10 files changed, 70 insertions(+), 25 deletions(-)
diff --git
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
index b911b89..2ef2749 100644
---
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
+++
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
@@ -67,12 +67,13 @@ public class FreemarkerComponent extends
UriEndpointComponent {
endpoint.setConfiguration(config);
endpoint.setTemplateUpdateDelay(templateUpdateDelay);
+ setProperties(endpoint, parameters);
+
// if its a http resource then append any remaining parameters and
update the resource uri
if (ResourceHelper.isHttpUri(remaining)) {
remaining = ResourceHelper.appendParameters(remaining, parameters);
endpoint.setResourceUri(remaining);
}
- setProperties(endpoint, parameters);
return endpoint;
}
diff --git
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
index 85f02b4..ddbd271 100644
---
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
+++
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
@@ -28,7 +28,6 @@ import org.apache.camel.Exchange;
import org.apache.camel.ExchangePattern;
import org.apache.camel.Message;
import org.apache.camel.component.ResourceEndpoint;
-import org.apache.camel.spi.Metadata;
import org.apache.camel.spi.UriEndpoint;
import org.apache.camel.spi.UriParam;
import org.apache.camel.util.ExchangeHelper;
@@ -40,7 +39,7 @@ import org.apache.camel.util.ObjectHelper;
@UriEndpoint(firstVersion = "2.10.0", scheme = "freemarker", title =
"Freemarker", syntax = "freemarker:resourceUri", producerOnly = true, label =
"transformation")
public class FreemarkerEndpoint extends ResourceEndpoint {
- @Metadata(defaultValue = "false")
+ @UriParam(defaultValue = "false")
private boolean allowTemplateFromHeader;
@UriParam
private String encoding;
diff --git
a/components/camel-velocity/src/main/java/org/apache/camel/component/velocity/VelocityComponent.java
b/components/camel-velocity/src/main/java/org/apache/camel/component/velocity/VelocityComponent.java
index da02a84..a10e750 100644
---
a/components/camel-velocity/src/main/java/org/apache/camel/component/velocity/VelocityComponent.java
+++
b/components/camel-velocity/src/main/java/org/apache/camel/component/velocity/VelocityComponent.java
@@ -29,6 +29,8 @@ import org.apache.velocity.app.VelocityEngine;
*/
public class VelocityComponent extends UriEndpointComponent {
+ @Metadata(defaultValue = "false")
+ private boolean allowTemplateFromHeader;
@Metadata(label = "advanced")
private VelocityEngine velocityEngine;
@@ -47,13 +49,30 @@ public class VelocityComponent extends UriEndpointComponent
{
this.velocityEngine = velocityEngine;
}
+ public boolean isAllowTemplateFromHeader() {
+ return allowTemplateFromHeader;
+ }
+
+ /**
+ * Whether to allow to use resource template from header or not (default
false).
+ *
+ * Enabling this allows to specify dynamic templates via message header.
However this can
+ * be seen as a potential security vulnerability if the header is coming
from a malicious user, so use this with care.
+ */
+ public void setAllowTemplateFromHeader(boolean allowTemplateFromHeader) {
+ this.allowTemplateFromHeader = allowTemplateFromHeader;
+ }
+
+ @Override
protected Endpoint createEndpoint(String uri, String remaining,
Map<String, Object> parameters) throws Exception {
boolean cache = getAndRemoveParameter(parameters, "contentCache",
Boolean.class, Boolean.TRUE);
VelocityEndpoint answer = new VelocityEndpoint(uri, this, remaining);
- setProperties(answer, parameters);
answer.setContentCache(cache);
answer.setVelocityEngine(velocityEngine);
+ answer.setAllowTemplateFromHeader(allowTemplateFromHeader);
+
+ setProperties(answer, parameters);
// if its a http resource then append any remaining parameters and
update the resource uri
if (ResourceHelper.isHttpUri(remaining)) {
diff --git
a/components/camel-velocity/src/main/java/org/apache/camel/component/velocity/VelocityEndpoint.java
b/components/camel-velocity/src/main/java/org/apache/camel/component/velocity/VelocityEndpoint.java
index 5594e49..ead3a19 100644
---
a/components/camel-velocity/src/main/java/org/apache/camel/component/velocity/VelocityEndpoint.java
+++
b/components/camel-velocity/src/main/java/org/apache/camel/component/velocity/VelocityEndpoint.java
@@ -50,6 +50,8 @@ public class VelocityEndpoint extends ResourceEndpoint {
private VelocityEngine velocityEngine;
+ @UriParam(defaultValue = "false")
+ private boolean allowTemplateFromHeader;
@UriParam(defaultValue = "true")
private boolean loaderCache = true;
@UriParam
@@ -94,8 +96,6 @@ public class VelocityEndpoint extends ResourceEndpoint {
properties.setProperty("class.resource.loader.class",
CamelVelocityClasspathResourceLoader.class.getName());
final Logger velocityLogger =
LoggerFactory.getLogger("org.apache.camel.maven.Velocity");
properties.setProperty(RuntimeConstants.RUNTIME_LOG_NAME,
velocityLogger.getName());
-
-
// load the velocity properties from property file which may
overrides the default ones
if (ObjectHelper.isNotEmpty(getPropertiesFile())) {
@@ -126,6 +126,20 @@ public class VelocityEndpoint extends ResourceEndpoint {
this.velocityEngine = velocityEngine;
}
+ public boolean isAllowTemplateFromHeader() {
+ return allowTemplateFromHeader;
+ }
+
+ /**
+ * Whether to allow to use resource template from header or not (default
false).
+ *
+ * Enabling this allows to specify dynamic templates via message header.
However this can
+ * be seen as a potential security vulnerability if the header is coming
from a malicious user, so use this with care.
+ */
+ public void setAllowTemplateFromHeader(boolean allowTemplateFromHeader) {
+ this.allowTemplateFromHeader = allowTemplateFromHeader;
+ }
+
public boolean isLoaderCache() {
return loaderCache;
}
@@ -170,18 +184,23 @@ public class VelocityEndpoint extends ResourceEndpoint {
String path = getResourceUri();
ObjectHelper.notNull(path, "resourceUri");
- String newResourceUri =
exchange.getIn().getHeader(VelocityConstants.VELOCITY_RESOURCE_URI,
String.class);
- if (newResourceUri != null) {
-
exchange.getIn().removeHeader(VelocityConstants.VELOCITY_RESOURCE_URI);
+ if (allowTemplateFromHeader) {
+ String newResourceUri =
exchange.getIn().getHeader(VelocityConstants.VELOCITY_RESOURCE_URI,
String.class);
+ if (newResourceUri != null) {
+
exchange.getIn().removeHeader(VelocityConstants.VELOCITY_RESOURCE_URI);
- log.debug("{} set to {} creating new endpoint to handle exchange",
VelocityConstants.VELOCITY_RESOURCE_URI, newResourceUri);
- VelocityEndpoint newEndpoint =
findOrCreateEndpoint(getEndpointUri(), newResourceUri);
- newEndpoint.onExchange(exchange);
- return;
+ log.debug("{} set to {} creating new endpoint to handle
exchange", VelocityConstants.VELOCITY_RESOURCE_URI, newResourceUri);
+ VelocityEndpoint newEndpoint =
findOrCreateEndpoint(getEndpointUri(), newResourceUri);
+ newEndpoint.onExchange(exchange);
+ return;
+ }
}
Reader reader;
- String content =
exchange.getIn().getHeader(VelocityConstants.VELOCITY_TEMPLATE, String.class);
+ String content = null;
+ if (allowTemplateFromHeader) {
+ content =
exchange.getIn().getHeader(VelocityConstants.VELOCITY_TEMPLATE, String.class);
+ }
if (content != null) {
// use content from header
reader = new StringReader(content);
@@ -200,16 +219,19 @@ public class VelocityEndpoint extends ResourceEndpoint {
// getResourceAsInputStream also considers the content cache
StringWriter buffer = new StringWriter();
String logTag = getClass().getName();
- Context velocityContext =
exchange.getIn().getHeader(VelocityConstants.VELOCITY_CONTEXT, Context.class);
+ Context velocityContext = null;
+ if (allowTemplateFromHeader) {
+ velocityContext =
exchange.getIn().getHeader(VelocityConstants.VELOCITY_CONTEXT, Context.class);
+ }
if (velocityContext == null) {
Map<String, Object> variableMap =
ExchangeHelper.createVariableMap(exchange);
-
- @SuppressWarnings("unchecked")
- Map<String, Object> supplementalMap =
exchange.getIn().getHeader(VelocityConstants.VELOCITY_SUPPLEMENTAL_CONTEXT,
Map.class);
- if (supplementalMap != null) {
- variableMap.putAll(supplementalMap);
+ if (allowTemplateFromHeader) {
+ @SuppressWarnings("unchecked")
+ Map<String, Object> supplementalMap =
exchange.getIn().getHeader(VelocityConstants.VELOCITY_SUPPLEMENTAL_CONTEXT,
Map.class);
+ if (supplementalMap != null) {
+ variableMap.putAll(supplementalMap);
+ }
}
-
velocityContext = new VelocityContext(variableMap);
}
diff --git
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityEndpointTest.java
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityEndpointTest.java
index 096475e..5a38969 100644
---
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityEndpointTest.java
+++
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityEndpointTest.java
@@ -29,6 +29,7 @@ public class VelocityEndpointTest extends VelocityTest {
VelocityEndpoint endpoint = new VelocityEndpoint();
endpoint.setCamelContext(context);
endpoint.setResourceUri("org/apache/camel/component/velocity/example.vm");
+ endpoint.setAllowTemplateFromHeader(true);
context.addEndpoint("velo", endpoint);
diff --git
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocitySetTemplateViaHeaderTest.java
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocitySetTemplateViaHeaderTest.java
index faa22ba..29c3daa 100644
---
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocitySetTemplateViaHeaderTest.java
+++
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocitySetTemplateViaHeaderTest.java
@@ -59,7 +59,7 @@ public class VelocitySetTemplateViaHeaderTest extends
CamelTestSupport {
protected RouteBuilder createRouteBuilder() throws Exception {
return new RouteBuilder() {
public void configure() throws Exception {
- from("direct:a").to("velocity:dummy").to("mock:result");
+
from("direct:a").to("velocity:dummy?allowTemplateFromHeader=true").to("mock:result");
}
};
}
diff --git
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocitySupplementalContextTest.java
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocitySupplementalContextTest.java
index ac22301..93244b4 100644
---
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocitySupplementalContextTest.java
+++
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocitySupplementalContextTest.java
@@ -61,7 +61,7 @@ public class VelocitySupplementalContextTest extends
CamelTestSupport {
public void configure() throws Exception {
from("direct:input")
.setHeader(VelocityConstants.VELOCITY_SUPPLEMENTAL_CONTEXT).constant(supplementalContext)
- .to("velocity:template-in-header")
+
.to("velocity:template-in-header?allowTemplateFromHeader=true")
.to("mock:results");
}
};
diff --git
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityTemplateInHeaderTest.java
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityTemplateInHeaderTest.java
index 16582f3..9065503 100644
---
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityTemplateInHeaderTest.java
+++
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityTemplateInHeaderTest.java
@@ -78,6 +78,9 @@ public class VelocityTemplateInHeaderTest extends
CamelTestSupport {
protected RouteBuilder createRouteBuilder() {
return new RouteBuilder() {
public void configure() {
+ VelocityComponent vc = context.getComponent("velocity",
VelocityComponent.class);
+ vc.setAllowTemplateFromHeader(true);
+
from("direct:a").to("velocity://dummy");
}
};
diff --git
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityTest.java
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityTest.java
index 7e97ac1..423e8d7f 100644
---
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityTest.java
+++
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityTest.java
@@ -76,7 +76,7 @@ public class VelocityTest extends CamelTestSupport {
public void configure() {
// START SNIPPET: example
from("direct:a").
-
to("velocity:org/apache/camel/component/velocity/example.vm");
+
to("velocity:org/apache/camel/component/velocity/example.vm?allowTemplateFromHeader=true");
// END SNIPPET: example
}
};
diff --git
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityValuesInPropertiesTest.java
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityValuesInPropertiesTest.java
index 65aa9b0..2fa24a5 100644
---
a/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityValuesInPropertiesTest.java
+++
b/components/camel-velocity/src/test/java/org/apache/camel/component/velocity/VelocityValuesInPropertiesTest.java
@@ -49,7 +49,7 @@ public class VelocityValuesInPropertiesTest extends
CamelTestSupport {
return new RouteBuilder() {
public void configure() throws Exception {
from("direct:a")
- .to("velocity:dummy")
+ .to("velocity:dummy?allowTemplateFromHeader=true")
.to("mock:result");
}
};
