Camel http4 and url-encoded passwords being interpreted as separate arguments

Question

We've got an Apache Camel (2.13.2) app that uses http4 to communicate with a webserver, using NTLM for auth.

The endpoint is defined as (pseudo):

...
.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=" + pass 
   + "&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");

This works well as long as the pass variable contains "non-special" chars.

However, if the pass contains for example "abcd&def" - Camel will intepret the ampersand as a query parameter separator, as it should.

But url encoding the ampersand (i.e "abcd%26def") makes no difference at all?

We still end up with Camel invoking the endpoint "http://thegreat.server.com/uri?authMethod=NTLM&def=", with a truncated password.

Is there something obvious we're missing out on, or does this kind of look like a bug?

Thanks.

score 5 · Accepted Answer · answered Sep 17 '14 at 07:14

5

See the Camel documentation how to configure endpoint uris

http://camel.apache.org/how-do-i-configure-endpoints.html

There is a section that covers about passwords, eg you should use the RAW() syntax.

So it would be something a like

.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=RAW(" + pass 
   + ")&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");

answered Sep 17 '14 at 07:14

Claus Ibsen

56,060
7
50
65

1

RAW() syntax has only been introduced since Camel 2.11. For those who are still using previous version see my posts [here](http://stackoverflow.com/q/25555434/628006) – рüффп Jan 09 '15 at 13:24

Camel http4 and url-encoded passwords being interpreted as separate arguments

1 Answers1

Linked