File System Access Restriction

Owned by Ondřej Tesař
Aug 26, 2024
1 min read

IntegrationManager implements restrictions on file system access to prevent unauthorized reading, writing, or execution of files by scripts or external integrations. By enforcing strict access controls, the system reduces the potential for unauthorized modifications, data leakage, or the introduction of malicious code through file operations.

The restrictions differ according to the type of IM you have:

  • Provisioned IntegrationManager
    The allowed paths are defined on the config server. The property name is integration.security.allowed-paths. The value is /home,/var/pricefx/ and for security reasons it cannot be overridden.

  • Manual IntegrationManager
    By default the only allowed path is /home folder. Other paths must be added by a developer who is fully responsible for setting the correct values.

If you try to access a path from a route via the Camel file component which is not allowed, then AccessDeniedException will be thrown.

<route> <from uri="file:/var"/> <log message="Fetch files from var"/> </route>

IntegrationManager version 5.8.0