Anypoint Enterprise Security 1.2 Release Notes
May 14, 2013
MuleSoft is pleased to announce the release of Anypoint Enterprise Security 1.2 which introduces new functionality and improvements to our versatile security module (formerly known as Mule Enterprise Security). For this release, we have focused our efforts bug fixes and improvements. We also continue to harden our product, making it more stable and easier to use.
Where appropriate, we have applied a Version 1.2 only marker to identify features or functionality that are available only in the Enterprise runtime.
Install Anypoint Enterprise Security 1.2 to take advantage of the latest and greatest!
Features
-
Delete Client – a message processor which removes clientIDs from the clientStore.
-
Revoke Token – a message processor which revokes access or refresh tokens, invalidating the corresponding pair as well (i.e. if the message processor revokes the access token, it automatically revokes any refresh token associated with it, and vice versa).
-
Use with Mule ESB Standalone and Maven – beyond Mule Studio, Anypoint Enterprise Security is now available for use with Mule Standalone and Maven.
Hardware and Software System Requirements
For most use cases, Anypoint Enterprise Security 1.2 does not change the hardware and software system requirements established by Mule Enterprise Security 1.1. Contact MuleSoft Support with any questions you may have about system requirements.
Known Issues
This list covers some of the known issues with Anypoint Enterprise Security 1.2. Please read this list before reporting any issues you may have spotted.
SEC-146 |
The grant configuration on the config element and at the client level is not consistent |
SEC-120 |
The default object stores are shared when there is more than one instance of the provider |
SEC-143 |
Simplify AccessTokenStoreHolder |
SEC-156 |
Resource Owner Password Credentials does not support Refresh Token grant type |
SEC-157 |
Cannot refresh an access token after it has expired |
Fixed Issues
Cannot refresh an access token after it has expired |
|
Resource Owner Password Credentials does not support Refresh Token grant type |
|
When refreshing an access token, whether to provide a new refresh token or not should be configurable |
|
Release 2.0-SNAPSHOT for Service Registry |
|
Tokens do not expire when overriding stores |
|
Signature and Property placeholder module are not being deployed |
|
Revoke token MP should also support revoking a refresh token |
|
Update schema version with new 1.2 release |
|
Exclude log4.xml from jar |
|
Simplify AccessTokenStoreHolder |
|
Make resource owner security provider optional |
|
Simplify the store holders |
|
Make sure all callbacks invoke processEvent instead of process |
|
Avoid license from being in the distribution |
|
Provide a way to revoke a token |
|
Provide a way to remove registered clients |
|
OAuth2 provider module passes seconds to object store TTLs in milliseconds |
|
OAuth2 validate and validateClient lose outbound message properties |
|
Add an option to the Validate MP to throw an exception when the token is invalid |
|
Recompile Enterprise Security components with the latest devKit |
|
Refactor package of mule-module-security-crc32 to be com.mulesoft.security |
|
Bearer headers are not decoded properly |
|
Add a new message processor to obtain the authorized user |
|
Fix CRC32 building block description text |
|
The secure property placeholder is not working on Studio |
Third Party Connectors and Other Modules
At this time, not all of the third party modules you may have been using with previous versions of Mule ESB have been upgraded to work with Mule 3.4.0. Refer to the Third-Party Software In Mule for complete details. Contact MuleSoft Support if you have a question about a specific module.
Support Resources
-
Refer to MuleSoft’s online Documentation at docs.mulesoft.com for instructions on how to use Anypoint Enterprise Security.