Contact Us 1-800-596-4880

Configuring the Acegi Security Manager

Deprecated Module

The Acegi module is deprecated. Please upgrade to the Spring Security module instead, which is a drop-in replacement. As of Mule 3.2 the Acegi module is removed from the distribution.

The Mule Acegi security manager implementation delegates to Acegi to provide authorization and authentication functions. You can use any of the Acegi security providers such as JAAS, LDAP, CAS (Yale Central Authentication service), and DAO. For more information on the elements you can configure for a Mule security manager, see Security Manager Configuration Reference.

Example Configuration

The following example illustrates how to configure a single security provider on Mule, in this case an in-memory DAO. Here we have a static DAO security provider that allows user credentials to be set in memory with two users: ross and anon.

<mule xmlns="http://www.mulesource.org/schema/mule/core/2.2"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:spring="http://www.springframework.org/schema/beans"
       xmlns:acegi="http://www.mulesource.org/schema/mule/acegi/2.2"
    ...cut...

    <spring:bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <spring:property name="userMap">
            <spring:value>
                ross=ross,ROLE_ADMIN
                anon=anon,ROLE_ANONYMOUS
            </spring:value>
        </spring:property>
    </spring:bean>

    <spring:bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <spring:property name="userDetailsService" ref="inMemoryDaoImpl"/>
    </spring:bean>

    <acegi:security-manager>
        <acegi:delegate-security-provider name="memory-dao" delegate-ref="daoAuthenticationProvider"/>
    </acegi:security-manager>
    ...cut...
</mule>

Security Filters

Security filters can be configured on an object to either authenticate inbound requests or attach credentials to outbound requests. For example, to configure an HTTP basic authorization filter on an HTTP endpoint, you would use the following endpoint security filter:

<inbound-endpoint address="http://localhost:4567">
    <acegi:http-security-filter realm="mule-realm"/>
</inbound-endpoint>

When a request is received, the authentication header will be read from the request and authenticated against all security providers on the Security Manager. If you only want to validate on certain ones, you can supply a comma-separated list of security provider names.

<inbound-endpoint address="http://localhost:4567">
    <acegi:http-security-filter realm="mule-realm" securityProviders="default,another"/>
</inbound-endpoint>

The realm is an optional attribute required by some servers. You only need to set this attribute if required by the server on the other end.