This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch camel-2.25.x
in repository https://gitbox.apache.org/repos/asf/camel.git
commit bdf1a3fa02ade645fd889ad418cff701d7776aff
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Tue May 12 08:00:35 2020 +0200
CAMEL-15050: Templating components - Variable map to be limited to
body/headers
---
components/camel-chunk/README.md | 101 ---------------------
.../camel-chunk/src/main/docs/chunk-component.adoc | 6 +-
.../camel/component/chunk/ChunkComponent.java | 17 ++++
.../camel/component/chunk/ChunkEndpoint.java | 2 +-
.../springboot/ChunkComponentConfiguration.java | 16 ++++
5 files changed, 38 insertions(+), 104 deletions(-)
diff --git a/components/camel-chunk/README.md b/components/camel-chunk/README.md
deleted file mode 100644
index 340a8a8..0000000
--- a/components/camel-chunk/README.md
+++ /dev/null
@@ -1,101 +0,0 @@
-# Chunk Component
-
-# Introduction
-
-This component use the Java Chunk library:
http://www.x5software.com/chunk/examples/ChunkExample?loc=en_US
-
-Chunk is a Template Engine for Java similar to Apache Velocity, Mustache Java
and Freemarker
-
-The **chunk:** component allows for processing a message using a Chunk
template. This can be useful when using Templating to build responses for
requests.
-
-Maven users will need to add the following dependency to their pom.xml for
this component:
-
-```xml
-
-<dependency>
- <groupId>org.apache.camel</groupId>
- <artifactId>camel-chunk</artifactId>
- <version>x.x.x</version>
- <!-- use the same version as your Camel core version -->
-</dependency>
-
-```
-
-# URI format
-
-```
-
-chunk:templateName[?options]
-
-```
-
-# Options
-
-By default the chunk library will scan a default folder "themes" for a
specific template, however is possible to define a differente folder to scan
using the specific option.
-Default extension of template file are .chtml and .cxml, however is possible
to define different extension using the specific option.
-
-| Option | Default | Description
|
-|---------------------|---------|------------------------------------------------------------------------------------------------------------------------|
-| encoding | null | Character encoding of the resource content.
|
-| themesFolder | null | Alternative folder to scan for a template
name. |
-| themeSubfolder | null | Alternative subfolder to scan for a template
name if themeFolder parameter is set. |
-| themeLayer | null | A specific layer of a template file to use
as template. |
-| extension | null | Alternative extension to scan for a template
name if themeFolder and themeSubfolder are set |
-
-# Dynamic Templates
-
-Camel-chunk component provides two headers by which you can define a different
resource location for a template or the template content itself. If any of
these headers is set then Camel-chunk component uses this over the endpoint
configured resource. This allows you to provide a dynamic template at runtime.
-
-| Header | Type | Description
| Support Version |
-|----------------------------------------------|-----------|----------------------------------------------------------------------------|-----------------|
-| ChunkConstants.CHUNK_RESOURCE_URI | String | A URI for the
template resource to use instead of the endpoint configured. | |
-| ChunkConstants.CHUNK_TEMPLATE | String | The template to
use instead of the endpoint configured. | |
-
-# Examples
-
-**Example 1**
-
-```java
- from("direct:in")
- .to("chunk://file")
- .to("direct:out");
-```
-
-In this example the chunk component will look for file.chtml template in
themes folder and it will use it as template.
-
-**Example 2**
-
-```java
- from("direct:in")
- .to("chunk:example?themeLayer=example_1")
-```
-
-In this example the chunk component will look for example.chtml in themes
folder and will use the #example_1 layer
-
-**Example 3**
-
-```java
- from("direct:in")
- .to("chunk://hello")
- .to("chunk://subfolder/theme1")
-```
-
-In this example the chunk component will look for hello.chtml template in
themes folder and for theme1.chtml in themes/subfolder/
-
-**Example 4**
-
-```java
- from("direct:in")
-
.to("chunk:subfile_example?themeFolder=folderexample&themeSubfolder=subfolderexample")
-```
-
-In this example the chunk component will look for subfile_example.chtml in
folderexample/subfolderexample/ folder and not in the default themes folder.
-
-**Example 5**
-
-```java
- from("direct:in")
-
.to("chunk:subfile_example?themeFolder=folderexample&themeSubfolder=subfolderexample&extension=file")
-```
-
-In this example the chunk component will look for subfile_example.file (not
.chtml or .cxml) in folderexample/subfolderexample/ folder and not in the
default themes folder.
diff --git a/components/camel-chunk/src/main/docs/chunk-component.adoc
b/components/camel-chunk/src/main/docs/chunk-component.adoc
index 8e820d7..9ea4011 100644
--- a/components/camel-chunk/src/main/docs/chunk-component.adoc
+++ b/components/camel-chunk/src/main/docs/chunk-component.adoc
@@ -38,7 +38,7 @@ format, `?option=value&option=value&...`
// component options: START
-The Chunk component supports 2 options, which are listed below.
+The Chunk component supports 3 options, which are listed below.
@@ -46,6 +46,7 @@ The Chunk component supports 2 options, which are listed
below.
|===
| Name | Description | Default | Type
| *allowTemplateFrom Header* (producer) | Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the header is coming from a malicious user, so use
this with care. | false | boolean
+| *allowContextMapAll* (producer) | Sets whether the context map should allow
access to all details. By default only the message body and headers can be
accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a potential security risk as this opens
access to the full power of CamelContext API. | false | boolean
| *resolveProperty Placeholders* (advanced) | Whether the component should
resolve property placeholders on itself when starting. Only properties which
are of String type can use property placeholders. | true | boolean
|===
// component options: END
@@ -71,12 +72,13 @@ with the following path and query parameters:
|===
-=== Query Parameters (8 parameters):
+=== Query Parameters (9 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *allowContextMapAll* (producer) | Sets whether the context map should allow
access to all details. By default only the message body and headers can be
accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a potential security risk as this opens
access to the full power of CamelContext API. | false | boolean
| *allowTemplateFromHeader* (producer) | Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the header is coming from a malicious user, so use
this with care. | false | boolean
| *contentCache* (producer) | Sets whether to use resource content cache or
not | false | boolean
| *encoding* (producer) | Define the encoding of the body | | String
diff --git
a/components/camel-chunk/src/main/java/org/apache/camel/component/chunk/ChunkComponent.java
b/components/camel-chunk/src/main/java/org/apache/camel/component/chunk/ChunkComponent.java
index a07c001..f18b644 100644
---
a/components/camel-chunk/src/main/java/org/apache/camel/component/chunk/ChunkComponent.java
+++
b/components/camel-chunk/src/main/java/org/apache/camel/component/chunk/ChunkComponent.java
@@ -26,6 +26,8 @@ public class ChunkComponent extends UriEndpointComponent {
@Metadata(defaultValue = "false")
private boolean allowTemplateFromHeader;
+ @Metadata(defaultValue = "false")
+ private boolean allowContextMapAll;
public ChunkComponent() {
super(ChunkEndpoint.class);
@@ -35,6 +37,7 @@ public class ChunkComponent extends UriEndpointComponent {
protected Endpoint createEndpoint(String uri, String remaining,
Map<String, Object> parameters) throws Exception {
ChunkEndpoint endpoint = new ChunkEndpoint(uri, this, remaining);
endpoint.setAllowTemplateFromHeader(allowTemplateFromHeader);
+ endpoint.setAllowContextMapAll(allowContextMapAll);
setProperties(endpoint, parameters);
return endpoint;
}
@@ -53,4 +56,18 @@ public class ChunkComponent extends UriEndpointComponent {
this.allowTemplateFromHeader = allowTemplateFromHeader;
}
+ public boolean isAllowContextMapAll() {
+ return allowContextMapAll;
+ }
+
+ /**
+ * Sets whether the context map should allow access to all details.
+ * By default only the message body and headers can be accessed.
+ * This option can be enabled for full access to the current Exchange and
CamelContext.
+ * Doing so impose a potential security risk as this opens access to the
full power of CamelContext API.
+ */
+ public void setAllowContextMapAll(boolean allowContextMapAll) {
+ this.allowContextMapAll = allowContextMapAll;
+ }
+
}
diff --git
a/components/camel-chunk/src/main/java/org/apache/camel/component/chunk/ChunkEndpoint.java
b/components/camel-chunk/src/main/java/org/apache/camel/component/chunk/ChunkEndpoint.java
index ddd8058f..40af9c5 100644
---
a/components/camel-chunk/src/main/java/org/apache/camel/component/chunk/ChunkEndpoint.java
+++
b/components/camel-chunk/src/main/java/org/apache/camel/component/chunk/ChunkEndpoint.java
@@ -119,7 +119,7 @@ public class ChunkEndpoint extends ResourceEndpoint {
}
// Execute Chunk
- Map<String, Object> variableMap =
ExchangeHelper.createVariableMap(exchange);
+ Map<String, Object> variableMap =
ExchangeHelper.createVariableMap(exchange, isAllowContextMapAll());
StringWriter writer = new StringWriter();
newChunk.putAll(variableMap);
newChunk.render(writer);
diff --git
a/platforms/spring-boot/components-starter/camel-chunk-starter/src/main/java/org/apache/camel/component/chunk/springboot/ChunkComponentConfiguration.java
b/platforms/spring-boot/components-starter/camel-chunk-starter/src/main/java/org/apache/camel/component/chunk/springboot/ChunkComponentConfiguration.java
index 6be6420..1ea8c58 100644
---
a/platforms/spring-boot/components-starter/camel-chunk-starter/src/main/java/org/apache/camel/component/chunk/springboot/ChunkComponentConfiguration.java
+++
b/platforms/spring-boot/components-starter/camel-chunk-starter/src/main/java/org/apache/camel/component/chunk/springboot/ChunkComponentConfiguration.java
@@ -44,6 +44,14 @@ public class ChunkComponentConfiguration
*/
private Boolean allowTemplateFromHeader = false;
/**
+ * Sets whether the context map should allow access to all details. By
+ * default only the message body and headers can be accessed. This option
+ * can be enabled for full access to the current Exchange and CamelContext.
+ * Doing so impose a potential security risk as this opens access to the
+ * full power of CamelContext API.
+ */
+ private Boolean allowContextMapAll = false;
+ /**
* Whether the component should resolve property placeholders on itself
when
* starting. Only properties which are of String type can use property
* placeholders.
@@ -58,6 +66,14 @@ public class ChunkComponentConfiguration
this.allowTemplateFromHeader = allowTemplateFromHeader;
}
+ public Boolean getAllowContextMapAll() {
+ return allowContextMapAll;
+ }
+
+ public void setAllowContextMapAll(Boolean allowContextMapAll) {
+ this.allowContextMapAll = allowContextMapAll;
+ }
+
public Boolean getResolvePropertyPlaceholders() {
return resolvePropertyPlaceholders;
}
