apache · davsclaus · Dec 21, 2025 · Dec 21, 2025 · Dec 21, 2025
diff --git a/...boot/src/main/resources/org/apache/camel/springboot/catalog/components/platform-http.json b/...boot/src/main/resources/org/apache/camel/springboot/catalog/components/platform-http.json
@@ -28,9 +28,10 @@
     "bridgeErrorHandler": { "index": 0, "kind": "property", "displayName": "Bridge Error Handler", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions (if possible) occurred while the Camel consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. Important: This is only possible if the 3rd party component allows Camel to be alerted if an exception was thrown. Some components handle this internally only, and therefore bridgeErrorHandler is not possible. In other situations we may improve the Camel component to hook into the 3rd party component and make this possible for future releases. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored." },
     "handleWriteResponseError": { "index": 1, "kind": "property", "displayName": "Handle Write Response Error", "group": "consumer", "label": "advanced,consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "When Camel is complete processing the message, and the HTTP server is writing response. This option controls whether Camel should catch any failure during writing response and store this on the Exchange, which allows onCompletion\/UnitOfWork to regard the Exchange as failed and have access to the caused exception from the HTTP server." },
     "requestTimeout": { "index": 2, "kind": "property", "displayName": "Request Timeout", "group": "consumer", "label": "advanced,consumer", "required": false, "type": "integer", "javaType": "long", "deprecated": false, "autowired": false, "secret": false, "description": "The period in milliseconds after which the request should be timed out." },
-    "autowiredEnabled": { "index": 3, "kind": "property", "displayName": "Autowired Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which then gets configured on the component. This can be used for automatic configuring JDBC data sources, JMS connection factories, AWS Clients, etc." },
-    "engine": { "index": 4, "kind": "property", "displayName": "Engine", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.platform.http.spi.PlatformHttpEngine", "deprecated": false, "autowired": false, "secret": false, "description": "An HTTP Server engine implementation to serve the requests" },
-    "headerFilterStrategy": { "index": 5, "kind": "property", "displayName": "Header Filter Strategy", "group": "filter", "label": "filter", "required": false, "type": "object", "javaType": "org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired": false, "secret": false, "description": "To use a custom org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel message." }
+    "serverRequestValidation": { "index": 3, "kind": "property", "displayName": "Server Request Validation", "group": "consumer", "label": "advanced,consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether HTTP server should do preliminary validation of incoming requests, validating if Content-Type\/Accept header, matches what is allowed according to consumes\/produces configuration (if set). If validation fails HTTP Status 415\/406 is returned. The HTTP server performs this validation before Camel is involved, and as such if validation fails then Camel is never activated. Setting this option to false, allows Camel to process any incoming requests such as to do custom validation or all requests must be handled by Camel." },
+    "autowiredEnabled": { "index": 4, "kind": "property", "displayName": "Autowired Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which then gets configured on the component. This can be used for automatic configuring JDBC data sources, JMS connection factories, AWS Clients, etc." },
+    "engine": { "index": 5, "kind": "property", "displayName": "Engine", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.platform.http.spi.PlatformHttpEngine", "deprecated": false, "autowired": false, "secret": false, "description": "An HTTP Server engine implementation to serve the requests" },
+    "headerFilterStrategy": { "index": 6, "kind": "property", "displayName": "Header Filter Strategy", "group": "filter", "label": "filter", "required": false, "type": "object", "javaType": "org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired": false, "secret": false, "description": "To use a custom org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel message." }
   },
   "properties": {
     "path": { "index": 0, "kind": "path", "displayName": "Path", "group": "consumer", "label": "", "required": true, "type": "string", "javaType": "java.lang.String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "description": "The path under which this endpoint serves the HTTP requests, for proxy use 'proxy'" },

diff --git a/components-starter/camel-platform-http-starter/src/main/docs/platform-http.json b/components-starter/camel-platform-http-starter/src/main/docs/platform-http.json
@@ -62,6 +62,13 @@
       "type": "java.lang.Long",
       "description": "The period in milliseconds after which the request should be timed out.",
       "sourceType": "org.apache.camel.component.platform.http.springboot.PlatformHttpComponentConfiguration"
+    },
+    {
+      "name": "camel.component.platform-http.server-request-validation",
+      "type": "java.lang.Boolean",
+      "description": "Whether HTTP server should do preliminary validation of incoming requests, validating if Content-Type\/Accept header, matches what is allowed according to consumes\/produces configuration (if set). If validation fails HTTP Status 415\/406 is returned. The HTTP server performs this validation before Camel is involved, and as such if validation fails then Camel is never activated. Setting this option to false, allows Camel to process any incoming requests such as to do custom validation or all requests must be handled by Camel.",
+      "sourceType": "org.apache.camel.component.platform.http.springboot.PlatformHttpComponentConfiguration",
+      "defaultValue": true
     }
   ],
   "hints": [],

diff --git a/.../java/org/apache/camel/component/platform/http/springboot/CamelRequestHandlerMapping.java b/.../java/org/apache/camel/component/platform/http/springboot/CamelRequestHandlerMapping.java
@@ -59,7 +59,7 @@ public int getOrder() {
     @Override
     protected String[] getCandidateBeanNames() {
         // no candidates
-        return new String[] {};
+        return new String[]{};
     }
 
     @Override
@@ -202,12 +202,14 @@ private void createRequestMappingInfo(HttpEndpointModel model, RequestMethod rm,
                 .methods(methods)
                 .options(this.getBuilderConfiguration());
 
-        if (model.getConsumes() != null
+        if (component.isServerRequestValidation()) {
+            if (model.getConsumes() != null && rm != null
                 && (RequestMethod.POST.name().equals(rm.name()) || RequestMethod.PUT.name().equals(rm.name()) || RequestMethod.PATCH.name().equals(rm.name()))) {
-            info.consumes(model.getConsumes().split(","));
-        }
-        if (model.getProduces() != null) {
-            info.produces(model.getProduces().split(","));
+                info.consumes(model.getConsumes().split(","));
+            }
+            if (model.getProduces() != null) {
+                info.produces(model.getProduces().split(","));
+            }
         }
 
         result.add(info.build());

diff --git a/...g/apache/camel/component/platform/http/springboot/PlatformHttpComponentConfiguration.java b/...g/apache/camel/component/platform/http/springboot/PlatformHttpComponentConfiguration.java
@@ -63,6 +63,17 @@ public class PlatformHttpComponentConfiguration
      * The period in milliseconds after which the request should be timed out.
      */
     private Long requestTimeout;
+    /**
+     * Whether HTTP server should do preliminary validation of incoming
+     * requests, validating if Content-Type/Accept header, matches what is
+     * allowed according to consumes/produces configuration (if set). If
+     * validation fails HTTP Status 415/406 is returned. The HTTP server
+     * performs this validation before Camel is involved, and as such if
+     * validation fails then Camel is never activated. Setting this option to
+     * false, allows Camel to process any incoming requests such as to do custom
+     * validation or all requests must be handled by Camel.
+     */
+    private Boolean serverRequestValidation = true;
     /**
      * Whether autowiring is enabled. This is used for automatic autowiring
      * options (the option must be marked as autowired) by looking up in the
@@ -108,6 +119,14 @@ public void setRequestTimeout(Long requestTimeout) {
         this.requestTimeout = requestTimeout;
     }
 
+    public Boolean getServerRequestValidation() {
+        return serverRequestValidation;
+    }
+
+    public void setServerRequestValidation(Boolean serverRequestValidation) {
+        this.serverRequestValidation = serverRequestValidation;
+    }
+
     public Boolean getAutowiredEnabled() {
         return autowiredEnabled;
     }

diff --git a/...nent/platform/http/springboot/SpringBootPlatformHttpServerRequestValidationFalseTest.java b/...nent/platform/http/springboot/SpringBootPlatformHttpServerRequestValidationFalseTest.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.platform.http.springboot;
+
+import io.restassured.RestAssured;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.platform.http.PlatformHttpComponent;
+import org.apache.camel.spring.boot.CamelAutoConfiguration;
+import org.apache.camel.test.spring.junit5.CamelSpringBootTest;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.server.LocalServerPort;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.is;
+
+@EnableAutoConfiguration(exclude = {OAuth2ClientAutoConfiguration.class, SecurityAutoConfiguration.class})
+@CamelSpringBootTest
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {CamelAutoConfiguration.class,
+        SpringBootPlatformHttpServerRequestValidationFalseTest.class, SpringBootPlatformHttpServerRequestValidationFalseTest.TestConfiguration.class,
+        PlatformHttpComponentAutoConfiguration.class, SpringBootPlatformHttpAutoConfiguration.class,})
+public class SpringBootPlatformHttpServerRequestValidationFalseTest {
+
+    @LocalServerPort
+    private Integer port;
+
+    @BeforeEach
+    void setUp() {
+        RestAssured.port = port;
+    }
+
+    // *************************************
+    // Config
+    // *************************************
+    @Configuration
+    public static class TestConfiguration {
+
+        @Bean
+        public RouteBuilder servletPlatformHttpRouteBuilder() {
+            return new RouteBuilder() {
+                @Override
+                public void configure() {
+                    PlatformHttpComponent phc = getContext().getComponent("platform-http", PlatformHttpComponent.class);
+                    phc.setServerRequestValidation(false);
+
+                    restConfiguration().component("platform-http")
+                            .contextPath("/rest");
+
+                    rest().post("/test")
+                            .consumes("application/json")
+                            .produces("application/json")
+                            .to("direct:rest");
+
+                    from("direct:rest")
+                            .setBody(simple("Hello"));
+                }
+            };
+        }
+    }
+
+    @Test
+    void testServerRequestFalse() throws Exception {
+        given()
+                .body("<hello>World</hello>")
+                .contentType("application/xml")
+                .post("/rest/test")
+                .then()
+                .statusCode(200)
+                .body(is("Hello"));
+
+        given()
+                .body("{ \"name\": \"jack\" }")
+                .contentType("application/json")
+                .accept("application/xml")
+                .post("/rest/test")
+                .then()
+                .statusCode(200)
+                .body(is("Hello"));
+    }
+
+}
diff --git a/...onent/platform/http/springboot/SpringBootPlatformHttpServerRequestValidationTrueTest.java b/...onent/platform/http/springboot/SpringBootPlatformHttpServerRequestValidationTrueTest.java
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.platform.http.springboot;
+
+import io.restassured.RestAssured;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.platform.http.PlatformHttpComponent;
+import org.apache.camel.spring.boot.CamelAutoConfiguration;
+import org.apache.camel.test.spring.junit5.CamelSpringBootTest;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.server.LocalServerPort;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.is;
+
+@EnableAutoConfiguration(exclude = {OAuth2ClientAutoConfiguration.class, SecurityAutoConfiguration.class})
+@CamelSpringBootTest
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {CamelAutoConfiguration.class,
+        SpringBootPlatformHttpServerRequestValidationTrueTest.class, SpringBootPlatformHttpServerRequestValidationTrueTest.TestConfiguration.class,
+        PlatformHttpComponentAutoConfiguration.class, SpringBootPlatformHttpAutoConfiguration.class,})
+public class SpringBootPlatformHttpServerRequestValidationTrueTest {
+
+    @LocalServerPort
+    private Integer port;
+
+    @BeforeEach
+    void setUp() {
+        RestAssured.port = port;
+    }
+
+    // *************************************
+    // Config
+    // *************************************
+    @Configuration
+    public static class TestConfiguration {
+
+        @Bean
+        public RouteBuilder servletPlatformHttpRouteBuilder() {
+            return new RouteBuilder() {
+                @Override
+                public void configure() {
+                    PlatformHttpComponent phc = getContext().getComponent("platform-http", PlatformHttpComponent.class);
+                    phc.setServerRequestValidation(true);
+
+                    restConfiguration().component("platform-http")
+                            .contextPath("/rest");
+
+                    rest().post("/test")
+                            .consumes("application/json")
+                            .produces("application/json")
+                            .to("direct:rest");
+
+                    from("direct:rest")
+                            .setBody(simple("Hello"));
+                }
+            };
+        }
+    }
+
+    @Test
+    void testServerRequestFalse() throws Exception {
+        given()
+                .body("<hello>World</hello>")
+                .contentType("application/xml")
+                .post("/rest/test")
+                .then()
+                .statusCode(415);
+
+        given()
+                .body("{ \"name\": \"jack\" }")
+                .contentType("application/json")
+                .accept("application/xml")
+                .post("/rest/test")
+                .then()
+                .statusCode(406);
+    }
+
+}