Configuring the Spring Security Manager

As of Mule 3.1, you can use Spring Security 3.0 as a Security Manager inside of Mule. You can use any of the library’s security providers such as JAAS, LDAP, CAS (Yale Central Authentication service), and DAO. For more information on the elements you can configure for a Mule security manager, see Security Manager Configuration Reference.

Example

The following example illustrates how to configure a single security provider on Mule, in this case an in-memory database of users. To configure the provider, we set up a <user-service> element and the <authentication-manager> to which Mule delegates.

<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns="http://www.mulesoft.org/schema/mule/core"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:spring="http://www.springframework.org/schema/beans"
    xmlns:http="http://www.mulesoft.org/schema/mule/http"
    xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
    xmlns:ss="http://www.springframework.org/schema/security"
    xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
       http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/3.1/mule.xsd
       http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/3.1/mule-http.xsd
       http://www.mulesoft.org/schema/mule/spring-security
http://www.mulesoft.org/schema/mule/spring-security/3.1/mule-spring-security.xsd
       http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <mule-ss:security-manager>
        <mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager" />
    </mule-ss:security-manager>

    <spring:beans>
      <ss:authentication-manager alias="authenticationManager">
        <ss:authentication-provider>
          <ss:user-service id="userService">
            <ss:user name="ross" password="ross" authorities="ROLE_ADMIN" />
            <ss:user name="anon" password="anon" authorities="ROLE_ANON" />
          </ss:user-service>
        </ss:authentication-provider>
      </ss:authentication-manager>
    </spring:beans>
    ...cut...
</mule>

Security Filters

Security filters can be configured n an object to either authenticate inbound requests or attach credentials to outbound requests. For example, to configure an HTTP basic authorization filter on an HTTP endpoint, you would use the following endpoint security filter:

<inbound-endpoint address="http://localhost:4567">
    <mule-ss:http-security-filter realm="mule-realm"/>
</inbound-endpoint>

When a request is receive, the authentication header will read from the request and authenticated against all security providers on the Security Manager. If you only want to validate on certain ones, you can supply a comma-seperated list of security provider names.

<inbound-endpoint address="http://localhost:4567">
    <mule-ss:http-security-filter realm="mule-realm" securityProviders="default,another"/>
</inbound-endpoint>

The realm is an optional attribute required by some servers. You only need to set this attribute if required by the server on the other end.

Gartner names MuleSoft a Leader

Create connected experiences with AI

Future of connected AI agents

The world of AI is a world of APIs