CAMEL-23250: Add security policy documentation and apply formatter

Add a Security Policy section to spring-boot.adoc covering available
camel.security.* properties, category overrides, allowed-properties
exclusion, and per-environment policies via Spring profiles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: gnodet

core/camel-spring-boot/src/main/docs/spring-boot.adoc

@@ -502,6 +502,75 @@ management.server.accesslog.pattern=combined
 ----
 
 
+== Security Policy
+
+Camel Spring Boot automatically enforces security policies at startup, detecting insecure configuration such as disabled SSL verification, plain-text secrets, enabled Java deserialization, or development-only features.
+
+The global policy controls how Camel reacts when insecure configuration is detected:
+
+[source,properties]
+----
+# allow  — no warnings, allow the configuration
+# warn   — log a warning at startup (default)
+# fail   — throw an exception and prevent startup
+camel.security.policy=warn
+----
+
+=== Category Overrides
+
+Each security category can override the global policy independently:
+
+[source,properties]
+----
+camel.security.policy=fail
+camel.security.insecure-ssl-policy=warn
+camel.security.insecure-serialization-policy=warn
+camel.security.insecure-dev-policy=allow
+camel.security.secret-policy=fail
+----
+
+To exclude specific properties from all checks, use `allowed-properties`:
+
+[source,properties]
+----
+camel.security.allowed-properties=camel.component.http.trustAllCertificates,camel.component.netty.allowJavaSerializedObject
+----
+
+=== Per-Environment Policies with Spring Profiles
+
+Spring profiles allow you to enforce strict security in production while keeping a relaxed policy during development.
+
+In `application-prod.properties`:
+
+[source,properties]
+----
+camel.security.policy=fail
+----
+
+In `application-dev.properties`:
+
+[source,properties]
+----
+camel.security.policy=allow
+----
+
+Activate the profile via `spring.profiles.active`:
+
+[source,properties]
+----
+# application.properties
+spring.profiles.active=dev
+----
+
+Or at runtime:
+
+[source,bash]
+----
+java -Dspring.profiles.active=prod -jar myApp.jar
+----
+
+This way, developers can freely use options like `trustAllCertificates=true` locally, while production deployments will fail fast if any insecure configuration is detected.
+
 == Virtual Threads Support
 
 Camel Spring Boot provides comprehensive support for JDK 21+ Virtual Threads, offering significant performance improvements for I/O-intensive applications. Virtual threads are lightweight threads that can dramatically reduce memory overhead and improve scalability compared to traditional platform threads.

core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSecurityPolicyAutoConfiguration.java

@@ -21,7 +21,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import org.apache.camel.CamelContext;
 import org.apache.camel.RuntimeCamelException;
 import org.apache.camel.main.SecurityConfigurationProperties;
@@ -48,19 +47,15 @@ public class CamelSecurityPolicyAutoConfiguration {
     private static final Logger LOG = LoggerFactory.getLogger(CamelSecurityPolicyAutoConfiguration.class);
 
     @Bean
-    SecurityPolicyResult camelSecurityPolicyResult(
-            CamelContext camelContext,
-            CamelSecurityPolicyConfigurationProperties config,
-            Environment environment) {
+    SecurityPolicyResult camelSecurityPolicyResult(CamelContext camelContext,
+            CamelSecurityPolicyConfigurationProperties config, Environment environment) {
 
         SecurityConfigurationProperties securityConfig = applySecurityProperties(camelContext, config);
 
         Map<String, Object> camelProperties = extractCamelProperties(environment);
 
-        List<SecurityViolation> violations = SecurityUtils.detectViolations(
-                camelProperties,
-                (k, v) -> containsSensitive(camelContext, k, v),
-                securityConfig::resolvePolicy,
+        List<SecurityViolation> violations = SecurityUtils.detectViolations(camelProperties,
+                (k, v) -> containsSensitive(camelContext, k, v), securityConfig::resolvePolicy,
                 securityConfig.getAllowedPropertySet());
 
         SecurityPolicyResult result = new SecurityPolicyResult(violations);
@@ -71,14 +66,12 @@ SecurityPolicyResult camelSecurityPolicyResult(
         return result;
     }
 
-    private SecurityConfigurationProperties applySecurityProperties(
-            CamelContext camelContext,
+    private SecurityConfigurationProperties applySecurityProperties(CamelContext camelContext,
             CamelSecurityPolicyConfigurationProperties config) {
 
         // get the security config from camel-main's MainConfigurationProperties
         // which is already bound by CamelAutoConfiguration via CamelConfigurationProperties
-        SecurityConfigurationProperties securityConfig
-                = new SecurityConfigurationProperties(null);
+        SecurityConfigurationProperties securityConfig = new SecurityConfigurationProperties(null);
 
         securityConfig.setPolicy(config.getPolicy());
         if (config.getSecretPolicy() != null) {
@@ -143,8 +136,8 @@ private static void enforceViolations(List<SecurityViolation> violations) {
         if (!failures.isEmpty()) {
             throw new RuntimeCamelException(
                     "Security policy violations detected (policy=fail):\n - " + String.join("\n - ", failures)
-                                            + "\nTo allow specific properties, add them to camel.security.allowed-properties"
-                                            + " or change the policy to 'warn' or 'allow'.");
+                            + "\nTo allow specific properties, add them to camel.security.allowed-properties"
+                            + " or change the policy to 'warn' or 'allow'.");
         }
     }
 

core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSecurityPolicyConfigurationProperties.java

@@ -51,14 +51,14 @@ public class CamelSecurityPolicyConfigurationProperties {
     private String insecureSslPolicy;
 
     /**
-     * Security policy for insecure deserialization configuration. When set, overrides the global policy for options that
-     * enable dangerous deserialization of untrusted data.
+     * Security policy for insecure deserialization configuration. When set, overrides the global policy for options
+     * that enable dangerous deserialization of untrusted data.
      */
     private String insecureSerializationPolicy;
 
     /**
-     * Security policy for development-only features. When set, overrides the global policy for options intended only for
-     * development environments.
+     * Security policy for development-only features. When set, overrides the global policy for options intended only
+     * for development environments.
      */
     private String insecureDevPolicy;
 

core/camel-spring-boot/src/test/java/org/apache/camel/spring/boot/security/CamelSecurityPolicyAutoConfigurationTest.java

@@ -27,10 +27,8 @@
 
 public class CamelSecurityPolicyAutoConfigurationTest {
 
-    private final ApplicationContextRunner runner = new ApplicationContextRunner()
-            .withConfiguration(AutoConfigurations.of(
-                    CamelAutoConfiguration.class,
-                    CamelSecurityPolicyAutoConfiguration.class));
+    private final ApplicationContextRunner runner = new ApplicationContextRunner().withConfiguration(
+            AutoConfigurations.of(CamelAutoConfiguration.class, CamelSecurityPolicyAutoConfiguration.class));
 
     @Test
     public void noSecurityPropertiesShouldStartNormally() {
@@ -44,9 +42,7 @@ public void noSecurityPropertiesShouldStartNormally() {
 
     @Test
     public void policyAllowShouldIgnoreInsecureConfig() {
-        runner.withPropertyValues(
-                "camel.security.policy=allow",
-                "camel.component.http.trustAllCertificates=true")
+        runner.withPropertyValues("camel.security.policy=allow", "camel.component.http.trustAllCertificates=true")
                 .run(context -> {
                     assertThat(context).hasNotFailed();
                     SecurityPolicyResult result = context.getBean(SecurityPolicyResult.class);
@@ -56,9 +52,7 @@ public void policyAllowShouldIgnoreInsecureConfig() {
 
     @Test
     public void policyWarnShouldStartWithViolations() {
-        runner.withPropertyValues(
-                "camel.security.policy=warn",
-                "camel.component.http.trustAllCertificates=true")
+        runner.withPropertyValues("camel.security.policy=warn", "camel.component.http.trustAllCertificates=true")
                 .run(context -> {
                     assertThat(context).hasNotFailed();
                     SecurityPolicyResult result = context.getBean(SecurityPolicyResult.class);
@@ -70,25 +64,18 @@ public void policyWarnShouldStartWithViolations() {
 
     @Test
     public void policyFailShouldPreventStartup() {
-        runner.withPropertyValues(
-                "camel.security.policy=fail",
-                "camel.component.http.trustAllCertificates=true")
+        runner.withPropertyValues("camel.security.policy=fail", "camel.component.http.trustAllCertificates=true")
                 .run(context -> {
                     assertThat(context).hasFailed();
-                    assertThat(context.getStartupFailure())
-                            .rootCause()
-                            .isInstanceOf(RuntimeCamelException.class)
+                    assertThat(context.getStartupFailure()).rootCause().isInstanceOf(RuntimeCamelException.class)
                             .hasMessageContaining("Security policy violations detected");
                 });
     }
 
     @Test
     public void categoryOverrideShouldTakePrecedence() {
-        runner.withPropertyValues(
-                "camel.security.policy=fail",
-                "camel.security.insecure-ssl-policy=allow",
-                "camel.component.http.trustAllCertificates=true")
-                .run(context -> {
+        runner.withPropertyValues("camel.security.policy=fail", "camel.security.insecure-ssl-policy=allow",
+                "camel.component.http.trustAllCertificates=true").run(context -> {
                     assertThat(context).hasNotFailed();
                     SecurityPolicyResult result = context.getBean(SecurityPolicyResult.class);
                     assertThat(result.hasViolations()).isFalse();
@@ -97,26 +84,20 @@ public void categoryOverrideShouldTakePrecedence() {
 
     @Test
     public void categoryOverrideWarnWhileGlobalFail() {
-        runner.withPropertyValues(
-                "camel.security.policy=fail",
-                "camel.security.insecure-ssl-policy=warn",
-                "camel.component.http.trustAllCertificates=true")
-                .run(context -> {
+        runner.withPropertyValues("camel.security.policy=fail", "camel.security.insecure-ssl-policy=warn",
+                "camel.component.http.trustAllCertificates=true").run(context -> {
                     assertThat(context).hasNotFailed();
                     SecurityPolicyResult result = context.getBean(SecurityPolicyResult.class);
                     assertThat(result.hasViolations()).isTrue();
-                    assertThat(result.getViolations()).anyMatch(
-                            v -> "warn".equals(v.policy()));
+                    assertThat(result.getViolations()).anyMatch(v -> "warn".equals(v.policy()));
                 });
     }
 
     @Test
     public void allowedPropertiesShouldExcludeFromChecks() {
-        runner.withPropertyValues(
-                "camel.security.policy=fail",
+        runner.withPropertyValues("camel.security.policy=fail",
                 "camel.security.allowed-properties=camel.component.http.trustAllCertificates",
-                "camel.component.http.trustAllCertificates=true")
-                .run(context -> {
+                "camel.component.http.trustAllCertificates=true").run(context -> {
                     assertThat(context).hasNotFailed();
                     SecurityPolicyResult result = context.getBean(SecurityPolicyResult.class);
                     assertThat(result.hasViolations()).isFalse();
@@ -125,11 +106,8 @@ public void allowedPropertiesShouldExcludeFromChecks() {
 
     @Test
     public void multipleViolationsDetected() {
-        runner.withPropertyValues(
-                "camel.security.policy=warn",
-                "camel.component.http.trustAllCertificates=true",
-                "camel.component.netty.allowJavaSerializedObject=true")
-                .run(context -> {
+        runner.withPropertyValues("camel.security.policy=warn", "camel.component.http.trustAllCertificates=true",
+                "camel.component.netty.allowJavaSerializedObject=true").run(context -> {
                     assertThat(context).hasNotFailed();
                     SecurityPolicyResult result = context.getBean(SecurityPolicyResult.class);
                     assertThat(result.getViolationCount()).isGreaterThanOrEqualTo(2);
@@ -138,22 +116,16 @@ public void multipleViolationsDetected() {
 
     @Test
     public void insecureDevPolicyOverride() {
-        runner.withPropertyValues(
-                "camel.security.policy=fail",
-                "camel.security.insecure-dev-policy=allow",
-                "camel.main.devConsoleEnabled=true")
-                .run(context -> {
+        runner.withPropertyValues("camel.security.policy=fail", "camel.security.insecure-dev-policy=allow",
+                "camel.main.devConsoleEnabled=true").run(context -> {
                     assertThat(context).hasNotFailed();
                 });
     }
 
     @Test
     public void insecureSerializationPolicyOverride() {
-        runner.withPropertyValues(
-                "camel.security.policy=fail",
-                "camel.security.insecure-serialization-policy=warn",
-                "camel.component.netty.allowJavaSerializedObject=true")
-                .run(context -> {
+        runner.withPropertyValues("camel.security.policy=fail", "camel.security.insecure-serialization-policy=warn",
+                "camel.component.netty.allowJavaSerializedObject=true").run(context -> {
                     assertThat(context).hasNotFailed();
                     SecurityPolicyResult result = context.getBean(SecurityPolicyResult.class);
                     assertThat(result.hasViolations()).isTrue();