This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 03951a0eac95b1e34f19967de3bc079574abb178
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Tue May 12 07:57:58 2020 +0200
CAMEL-15050: Templating components - Variable map to be limited to
body/headers
---
.../freemarker/FreemarkerComponentConfigurer.java | 5 +++++
.../freemarker/FreemarkerEndpointConfigurer.java | 5 +++++
.../apache/camel/component/freemarker/freemarker.json | 2 ++
.../src/main/docs/freemarker-component.adoc | 6 ++++--
.../camel/component/freemarker/FreemarkerComponent.java | 17 +++++++++++++++++
.../camel/component/freemarker/FreemarkerEndpoint.java | 2 +-
.../component/freemarker/FreemarkerEndpointTest.java | 1 +
.../component/freemarker/FreemarkerSetHeaderTest.java | 2 +-
.../camel/component/freemarker/FreemarkerTest.java | 2 +-
.../freemarker/FreemarkerValuesInPropertiesTest.java | 1 +
.../apache/camel/component/freemarker/camel-context.xml | 4 ++--
11 files changed, 40 insertions(+), 7 deletions(-)
diff --git
a/components/camel-freemarker/src/generated/java/org/apache/camel/component/freemarker/FreemarkerComponentConfigurer.java
b/components/camel-freemarker/src/generated/java/org/apache/camel/component/freemarker/FreemarkerComponentConfigurer.java
index 3c7db66..80b2f9f 100644
---
a/components/camel-freemarker/src/generated/java/org/apache/camel/component/freemarker/FreemarkerComponentConfigurer.java
+++
b/components/camel-freemarker/src/generated/java/org/apache/camel/component/freemarker/FreemarkerComponentConfigurer.java
@@ -19,6 +19,8 @@ public class FreemarkerComponentConfigurer extends
PropertyConfigurerSupport imp
public boolean configure(CamelContext camelContext, Object obj, String
name, Object value, boolean ignoreCase) {
FreemarkerComponent target = (FreemarkerComponent) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "allowcontextmapall":
+ case "allowContextMapAll":
target.setAllowContextMapAll(property(camelContext, boolean.class, value));
return true;
case "allowtemplatefromheader":
case "allowTemplateFromHeader":
target.setAllowTemplateFromHeader(property(camelContext, boolean.class,
value)); return true;
case "basicpropertybinding":
@@ -33,6 +35,7 @@ public class FreemarkerComponentConfigurer extends
PropertyConfigurerSupport imp
@Override
public Map<String, Object> getAllOptions(Object target) {
Map<String, Object> answer = new CaseInsensitiveMap();
+ answer.put("allowContextMapAll", boolean.class);
answer.put("allowTemplateFromHeader", boolean.class);
answer.put("basicPropertyBinding", boolean.class);
answer.put("configuration", freemarker.template.Configuration.class);
@@ -44,6 +47,8 @@ public class FreemarkerComponentConfigurer extends
PropertyConfigurerSupport imp
public Object getOptionValue(Object obj, String name, boolean ignoreCase) {
FreemarkerComponent target = (FreemarkerComponent) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "allowcontextmapall":
+ case "allowContextMapAll": return target.isAllowContextMapAll();
case "allowtemplatefromheader":
case "allowTemplateFromHeader": return
target.isAllowTemplateFromHeader();
case "basicpropertybinding":
diff --git
a/components/camel-freemarker/src/generated/java/org/apache/camel/component/freemarker/FreemarkerEndpointConfigurer.java
b/components/camel-freemarker/src/generated/java/org/apache/camel/component/freemarker/FreemarkerEndpointConfigurer.java
index 9be1755..f0898c9 100644
---
a/components/camel-freemarker/src/generated/java/org/apache/camel/component/freemarker/FreemarkerEndpointConfigurer.java
+++
b/components/camel-freemarker/src/generated/java/org/apache/camel/component/freemarker/FreemarkerEndpointConfigurer.java
@@ -19,6 +19,8 @@ public class FreemarkerEndpointConfigurer extends
PropertyConfigurerSupport impl
public boolean configure(CamelContext camelContext, Object obj, String
name, Object value, boolean ignoreCase) {
FreemarkerEndpoint target = (FreemarkerEndpoint) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "allowcontextmapall":
+ case "allowContextMapAll":
target.setAllowContextMapAll(property(camelContext, boolean.class, value));
return true;
case "allowtemplatefromheader":
case "allowTemplateFromHeader":
target.setAllowTemplateFromHeader(property(camelContext, boolean.class,
value)); return true;
case "basicpropertybinding":
@@ -39,6 +41,7 @@ public class FreemarkerEndpointConfigurer extends
PropertyConfigurerSupport impl
@Override
public Map<String, Object> getAllOptions(Object target) {
Map<String, Object> answer = new CaseInsensitiveMap();
+ answer.put("allowContextMapAll", boolean.class);
answer.put("allowTemplateFromHeader", boolean.class);
answer.put("basicPropertyBinding", boolean.class);
answer.put("configuration", freemarker.template.Configuration.class);
@@ -54,6 +57,8 @@ public class FreemarkerEndpointConfigurer extends
PropertyConfigurerSupport impl
public Object getOptionValue(Object obj, String name, boolean ignoreCase) {
FreemarkerEndpoint target = (FreemarkerEndpoint) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "allowcontextmapall":
+ case "allowContextMapAll": return target.isAllowContextMapAll();
case "allowtemplatefromheader":
case "allowTemplateFromHeader": return
target.isAllowTemplateFromHeader();
case "basicpropertybinding":
diff --git
a/components/camel-freemarker/src/generated/resources/org/apache/camel/component/freemarker/freemarker.json
b/components/camel-freemarker/src/generated/resources/org/apache/camel/component/freemarker/freemarker.json
index 8444005..3564fde 100644
---
a/components/camel-freemarker/src/generated/resources/org/apache/camel/component/freemarker/freemarker.json
+++
b/components/camel-freemarker/src/generated/resources/org/apache/camel/component/freemarker/freemarker.json
@@ -21,6 +21,7 @@
"lenientProperties": false
},
"componentProperties": {
+ "allowContextMapAll": { "kind": "property", "displayName": "Allow Context
Map All", "group": "producer", "label": "", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "Sets whether the context map should
allow access to all details. By default only the message body and headers can
be accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a [...]
"allowTemplateFromHeader": { "kind": "property", "displayName": "Allow
Template From Header", "group": "producer", "label": "", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the he [...]
"lazyStartProducer": { "kind": "property", "displayName": "Lazy Start
Producer", "group": "producer", "label": "producer", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Whether the producer should be started
lazy (on the first message). By starting lazy you can use this to allow
CamelContext and routes to startup in situations where a producer may otherwise
fail during starting and cause the r [...]
"basicPropertyBinding": { "kind": "property", "displayName": "Basic
Property Binding", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Whether the component should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities" },
@@ -28,6 +29,7 @@
},
"properties": {
"resourceUri": { "kind": "path", "displayName": "Resource Uri", "group":
"producer", "label": "", "required": true, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "deprecationNote": "", "secret":
false, "description": "Path to the resource. You can prefix with: classpath,
file, http, ref, or bean. classpath, file and http loads the resource using
these protocols (classpath is default). ref will lookup the resource in the
registry. bean will call a method on a [...]
+ "allowContextMapAll": { "kind": "parameter", "displayName": "Allow Context
Map All", "group": "producer", "label": "", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "Sets whether the context map should
allow access to all details. By default only the message body and headers can
be accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a [...]
"allowTemplateFromHeader": { "kind": "parameter", "displayName": "Allow
Template From Header", "group": "producer", "label": "", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the h [...]
"configuration": { "kind": "parameter", "displayName": "Configuration",
"group": "producer", "label": "", "required": false, "type": "object",
"javaType": "freemarker.template.Configuration", "deprecated": false, "secret":
false, "description": "Sets the Freemarker configuration to use" },
"contentCache": { "kind": "parameter", "displayName": "Content Cache",
"group": "producer", "label": "", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "secret": false, "defaultValue":
"false", "description": "Sets whether to use resource content cache or not" },
diff --git
a/components/camel-freemarker/src/main/docs/freemarker-component.adoc
b/components/camel-freemarker/src/main/docs/freemarker-component.adoc
index 6743126..670f187 100644
--- a/components/camel-freemarker/src/main/docs/freemarker-component.adoc
+++ b/components/camel-freemarker/src/main/docs/freemarker-component.adoc
@@ -48,13 +48,14 @@ You can append query options to the URI in the following
format,
// component options: START
-The Freemarker component supports 4 options, which are listed below.
+The Freemarker component supports 5 options, which are listed below.
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *allowContextMapAll* (producer) | Sets whether the context map should allow
access to all details. By default only the message body and headers can be
accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a potential security risk as this opens
access to the full power of CamelContext API. | false | boolean
| *allowTemplateFromHeader* (producer) | Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the header is coming from a malicious user, so use
this with care. | false | boolean
| *lazyStartProducer* (producer) | Whether the producer should be started lazy
(on the first message). By starting lazy you can use this to allow CamelContext
and routes to startup in situations where a producer may otherwise fail during
starting and cause the route to fail being started. By deferring this startup
to be lazy then the startup failure can be handled during routing messages via
Camel's routing error handlers. Beware that when the first message is processed
then creating and [...]
| *basicPropertyBinding* (advanced) | Whether the component should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities | false | boolean
@@ -85,12 +86,13 @@ with the following path and query parameters:
|===
-=== Query Parameters (8 parameters):
+=== Query Parameters (9 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *allowContextMapAll* (producer) | Sets whether the context map should allow
access to all details. By default only the message body and headers can be
accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a potential security risk as this opens
access to the full power of CamelContext API. | false | boolean
| *allowTemplateFromHeader* (producer) | Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the header is coming from a malicious user, so use
this with care. | false | boolean
| *configuration* (producer) | Sets the Freemarker configuration to use | |
Configuration
| *contentCache* (producer) | Sets whether to use resource content cache or
not | false | boolean
diff --git
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
index 23d71e3..a34f1d3 100644
---
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
+++
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
@@ -37,6 +37,8 @@ public class FreemarkerComponent extends DefaultComponent {
@Metadata(defaultValue = "false")
private boolean allowTemplateFromHeader;
+ @Metadata(defaultValue = "false")
+ private boolean allowContextMapAll;
@Metadata(label = "advanced")
private Configuration configuration;
private Configuration noCacheConfiguration;
@@ -65,6 +67,7 @@ public class FreemarkerComponent extends DefaultComponent {
endpoint.setEncoding(encoding);
}
endpoint.setAllowTemplateFromHeader(allowTemplateFromHeader);
+ endpoint.setAllowContextMapAll(allowContextMapAll);
endpoint.setContentCache(cache);
endpoint.setConfiguration(config);
endpoint.setTemplateUpdateDelay(templateUpdateDelay);
@@ -120,6 +123,20 @@ public class FreemarkerComponent extends DefaultComponent {
this.allowTemplateFromHeader = allowTemplateFromHeader;
}
+ public boolean isAllowContextMapAll() {
+ return allowContextMapAll;
+ }
+
+ /**
+ * Sets whether the context map should allow access to all details.
+ * By default only the message body and headers can be accessed.
+ * This option can be enabled for full access to the current Exchange and
CamelContext.
+ * Doing so impose a potential security risk as this opens access to the
full power of CamelContext API.
+ */
+ public void setAllowContextMapAll(boolean allowContextMapAll) {
+ this.allowContextMapAll = allowContextMapAll;
+ }
+
private synchronized Configuration getNoCacheConfiguration() {
if (noCacheConfiguration == null) {
// create a clone of the regular configuration
diff --git
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
index 6e9811f..7372258 100644
---
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
+++
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
@@ -156,7 +156,7 @@ public class FreemarkerEndpoint extends ResourceEndpoint {
dataModel =
exchange.getIn().getHeader(FreemarkerConstants.FREEMARKER_DATA_MODEL,
Object.class);
}
if (dataModel == null) {
- dataModel = ExchangeHelper.createVariableMap(exchange);
+ dataModel = ExchangeHelper.createVariableMap(exchange,
isAllowContextMapAll());
}
// let freemarker parse and generate the result in buffer
Template template;
diff --git
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerEndpointTest.java
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerEndpointTest.java
index f6bd3a9..a9b414c 100644
---
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerEndpointTest.java
+++
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerEndpointTest.java
@@ -33,6 +33,7 @@ public class FreemarkerEndpointTest extends FreemarkerTest {
FreemarkerEndpoint endpoint = new FreemarkerEndpoint();
endpoint.setCamelContext(context);
endpoint.setAllowTemplateFromHeader(true);
+ endpoint.setAllowContextMapAll(true);
endpoint.setResourceUri("org/apache/camel/component/freemarker/example.ftl");
Configuration configuraiton = new Configuration();
diff --git
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerSetHeaderTest.java
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerSetHeaderTest.java
index a2bc81e..27f98a0 100644
---
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerSetHeaderTest.java
+++
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerSetHeaderTest.java
@@ -36,7 +36,7 @@ public class FreemarkerSetHeaderTest extends
CamelSpringTestSupport {
assertRespondsWith("orange", "I am an orange");
}
- protected void assertRespondsWith(final String value, String expectedBody)
throws InvalidPayloadException, InterruptedException {
+ protected void assertRespondsWith(final String value, String expectedBody)
throws Exception {
MockEndpoint mock = getMockEndpoint("mock:result");
mock.expectedMessageCount(1);
//mock.expectedHeaderReceived("fruit", value);
diff --git
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerTest.java
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerTest.java
index 267e9be..2fd8388 100644
---
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerTest.java
+++
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerTest.java
@@ -73,7 +73,7 @@ public class FreemarkerTest extends CamelTestSupport {
public void configure() {
// START SNIPPET: example
from("direct:a").
-
to("freemarker:org/apache/camel/component/freemarker/example.ftl?allowTemplateFromHeader=true");
+
to("freemarker:org/apache/camel/component/freemarker/example.ftl?allowTemplateFromHeader=true&allowContextMapAll=true");
// END SNIPPET: example
}
};
diff --git
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerValuesInPropertiesTest.java
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerValuesInPropertiesTest.java
index 9805a19..00c48b6 100644
---
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerValuesInPropertiesTest.java
+++
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerValuesInPropertiesTest.java
@@ -51,6 +51,7 @@ public class FreemarkerValuesInPropertiesTest extends
CamelTestSupport {
public void configure() throws Exception {
FreemarkerComponent fc = context.getComponent("freemarker",
FreemarkerComponent.class);
fc.setAllowTemplateFromHeader(true);
+ fc.setAllowContextMapAll(true);
from("direct:a")
.to("freemarker:dummy")
diff --git
a/components/camel-freemarker/src/test/resources/org/apache/camel/component/freemarker/camel-context.xml
b/components/camel-freemarker/src/test/resources/org/apache/camel/component/freemarker/camel-context.xml
index 6b1e3ba..951f3a2 100644
---
a/components/camel-freemarker/src/test/resources/org/apache/camel/component/freemarker/camel-context.xml
+++
b/components/camel-freemarker/src/test/resources/org/apache/camel/component/freemarker/camel-context.xml
@@ -28,12 +28,12 @@
<from uri="direct:start"/>
<filter>
<method ref="fruitFilter" method="isApple"/>
- <to
uri="freemarker:org/apache/camel/component/freemarker/AppleTemplate.ftl" />
+ <to
uri="freemarker:org/apache/camel/component/freemarker/AppleTemplate.ftl?allowContextMapAll=true"
/>
<to uri="mock:result" />
</filter>
<filter>
<method ref="fruitFilter" method="isOrange"/>
- <to
uri="freemarker:org/apache/camel/component/freemarker/OrangeTemplate.ftl" />
+ <to
uri="freemarker:org/apache/camel/component/freemarker/OrangeTemplate.ftl?allowContextMapAll=true"
/>
<to uri="mock:result" />
</filter>
</route>
