IntegrationManager implements restrictions on file system access to prevent unauthorized reading, writing, or execution of files by scripts or external integrations. By enforcing strict access controls, the system reduces the potential for unauthorized modifications, data leakage, or the introduction of malicious code through file operations.
Allowed Paths
On provisioned IM instances, the allowed paths are defined on the config server:
|
Property |
Value |
Notes |
|---|---|---|
|
|
|
Cannot be overridden for security reasons |
Only file operations within these paths are permitted. Any attempt to access a path outside the allowed list will result in an AccessDeniedException.
Example
If you try to access a path from a route via the Camel file component which is not allowed:
<route>
<from uri="file:/var"/>
<log message="Fetch files from var"/>
</route>
This will throw AccessDeniedException because /var is not in the allowed paths list (only /var/pricefx/ is allowed).
Common Pitfalls
-
Writing temp files — Use
/homeor/var/pricefx/for temporary files. Do not use/tmpas it may not be in the allowed paths. -
SFTP downloads — When using pfx-sftp to download files, ensure the target directory is under an allowed path.
-
Custom Groovy scripts — File operations in Groovy classes (
classes/directory) are also subject to these restrictions.