CAMEL-23525: Add optional JWT issuer and audience claim validation

[sb3vecore]

Description

The embedded HTTP server in camel-platform-http-main previously configured Vert.x JWTAuth with keystore parameters only. Tokens were verified for signature and the default exp / nbf claims, but the RFC 7519 registered claims iss (issuer) and aud (audience)
were not validated.

This PR adds optional jwtIssuer and jwtAudience properties to both HttpServerConfigurationProperties (camel.server.*) and HttpManagementServerConfigurationProperties (camel.management.*). When either is set, a JWTOptions configured with the
corresponding values is attached to the JWTAuthOptions passed to JWTAuth.create. Behaviour is unchanged when both are unset.

jwtAudience accepts a comma-separated list; a token is accepted if its aud claim matches any configured value.

Changes

• JWTAuthenticationConfigurer builds a Vert.x JWTOptions only when either new property is set, and attaches it to the JWTAuthOptions passed to JWTAuth.create.
• New test class JWTIssuerAudienceAuthenticationMainHttpServerTest with 6 cases: matching iss + first audience (200), matching iss + second audience (200), wrong issuer (401), wrong audience (401), missing audience claim (401), no token (401).
• Existing JWTAuthenticationMainHttpServerTest and AuthenticationConfigurationMainHttpServerTest continue to pass, confirming backwards compatibility when neither property is set.
• Documentation updated in platform-http-main.adoc.
• Generated config metadata (core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json) regenerated.

Target

• I checked that the commit is targeting the correct branch (Camel 4 uses the main branch)

Tracking

• If this is a large change, bug fix, or code improvement, I checked there is a JIRA issue filed for the change.

Apache Camel coding standards and style

• I checked that each commit in the pull request has a meaningful subject line and body.
• I have run mvn clean install -DskipTests locally from root folder and I have committed all auto-generated changes.

---

Claude Code on behalf of Vishal Nagaraj

[davsclaus]

Nice addition — the implementation is clean and the test coverage is solid.

Minor observations:

1. Field ordering: In both HttpServerConfigurationProperties and HttpManagementServerConfigurationProperties, the two new fields (jwtAudience, jwtIssuer) are interleaved with the existing keystore fields rather than grouped together. Consider placing them together (both before or both after the keystore trio) for readability.

2. Upgrade guide: Per project conventions, new user-visible configuration properties should get a brief mention in camel-4x-upgrade-guide-4_21.adoc. Since these are purely additive (no behavioral change when unset), this is minor.

Everything else looks good — backwards compatibility is preserved, tests cover positive and negative paths, docs and generated metadata are updated.

This review does not replace specialized tools like CodeRabbit or SonarCloud.

This review was generated by an AI agent and may contain inaccuracies. Please verify all suggestions before applying.

[oscerd]

When something is assigned, you should ask if the assignee want to leave the issue to you. Thanks for doing this, but next time look at the assignee.

[github-actions]

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

• First-time contributors require MANUAL approval for the GitHub Actions to run
• You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
• You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
• Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

[github-actions]

🧪 CI tested the following changed modules:

• catalog/camel-catalog
• components/camel-platform-http-main
• core/camel-main
• docs

ℹ️ Dependent modules were not tested because the total number of affected modules exceeded the threshold (50). Use the test-dependents label to force testing all dependents.

Build reactor — dependencies compiled but only changed modules were tested (4 modules)

• Camel :: Catalog :: Camel Catalog
• Camel :: Docs
• Camel :: Main
• Camel :: Platform HTTP :: Main

---

⚙️ View full build and test results

[sb3vecore]

@oscerd I am extremely sorry that I overlooked this. I am eager to contribute responsibly to the project!