CAMEL-23812: camel-milo better username & password handling

[robMate]

Description

The Camel Milo client component previously embedded authentication credentials directly in the endpoint URI using the format user:password@host.
To prevent Milo from receiving credentials (which it doesn't handle), the component used string manipulation with discoveryUri.replaceFirst(user + "@", "") to strip credentials from the URL before connection. This caused issues because the replaceFirst() function uses regex patterns that fail with regex special characters like "$.*", and passwords containing characters like "%" cause issues with java.net.URLDecoder.decode() due to percent-encoding in URLs.

This approach has limitations: it fails when credentials contain special characters commonly found in auto-generated passwords, such as:

@ (breaks URI parsing)
?, & (URI query parameter delimiters)
/, # (URI structure delimiters)
$, % (encoding/variable expansion) 

For example, a password like pass@$?&/#% would cause the discovery URI reconstruction to fail or produce incorrect results.

Target

• I checked that the commit is targeting the correct branch (Camel 4 uses the main branch)

Tracking

• If this is a large change, bug fix, or code improvement, I checked there is a JIRA issue filed for the change (usually before you start working on it).

Apache Camel coding standards and style

• I checked that each commit in the pull request has a meaningful subject line and body.

• I have run mvn clean install -DskipTests locally from root folder and I have committed all auto-generated changes.

[github-actions]

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

• First-time contributors require MANUAL approval for the GitHub Actions to run
• You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
• You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
• Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

[Croway]

as per https://issues.apache.org/jira/browse/CAMEL-23250 it should be secret = "secret"

[davsclaus]

Nice work tackling the special-character credential handling — the replaceFirst(user + "@", "") regex approach was genuinely broken and the explicit-parameter alternative is a clean solution.

One blocking item and a couple of minor observations:

Blocking: missing generated files — the new @UriParam fields (username, password) in MiloClientConfiguration should trigger regeneration of the component metadata (src/generated/). The current milo-client.json doesn't contain these params, and the diff doesn't include any generated-file changes. CI will fail with uncommitted generated changes. Please run mvn clean install -DskipTests in the components/camel-milo directory and commit the regenerated files.

Minor observations (non-blocking):

• The endpoint-level getUsername/setUsername/getPassword/setPassword delegation methods are not annotated with @UriParam. Since MiloClientConfiguration already declares these as @UriParam and configuration itself is a @UriParam on the endpoint, Camel's property binding should resolve them through the nested config object — the endpoint-level methods may be redundant.
• Discovery URI reconstruction now always runs (even without user info), which is correct but subtly changes from the prior conditional-only modification.

This review was generated by an AI agent and may contain inaccuracies. Please verify all suggestions before applying.

[davsclaus]

Nit: double blank line here — should be a single blank line per code style.

[davsclaus]

replaced by other PR closing this