Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Implementing HTTPS with Mule ESB

DZone's Guide to

Implementing HTTPS with Mule ESB

· Integration Zone
Free Resource

Build APIs from SQL and NoSQL or Salesforce data sources in seconds. Read the Creating REST APIs white paper, brought to you in partnership with CA Technologies.

At one of my clients we use the Mule ESB (3.1) to communicate with the outside world. A big difference compared with having Mule running inside the company network is the security. One of the steps to make the communication more secure is to use HTTPS instead of HTTP. Other measures we took (signing the outgoing and validating the incoming SOAP requests) will be handled in another post.

Luckily with a tool as Mule ESB this is not a big issue. Simply define a HTTPS connector in your config and refer to that instead of the HTTP connector in your HTTP endpoints. The connector definition looks like this:

<https:connector name="httpsConnector" clientSoTimeout="0" serverSoTimeout="0">
       <https:tls-client path="${my.ssl.keystore}" storePassword="${my.ssl.keystore.password}"/>
       <https:tls-key-store path="${my.ssl.keystore}"  storePassword="${my.ssl.keystore.password}" keyPassword="${my.ssl.keystore.password}"/>
       <https:tls-server path="${my.ssl.keystore}" storePassword="${my.ssl.keystore.password}"/>
   </https:connector>

And your endpoints will become something like:

<flow name="my-secure-flow">
        <https:inbound-endpoint address="${my.incoming.url}" connector-ref="httpsConnector">
            ...
        </https:inbound-endpoint>
        <https:outbound-endpoint address="${my.internal.url}" connector-ref="httpsConnector">
            ...
        </https:outbound-endpoint>
    </flow>

By the way, all ‘${…}’ are translated to real values at deploy time. There is a nice article how to accomplish this.

However this is just the basic SSL setup. In our case the customer wanted to take it a step further and implement the mutual authentication which is explained nicely here. The question is if this is also doable with the Mule ESB. Although it took me a while to find out I ended up here in the Mule forum and it seems quite easy to accomplish. Just add the property requireClientAuthentication=”true” to the ‘tls-server’ and it is should be fixed.

<https:connector name="httpsConnector" clientSoTimeout="0" serverSoTimeout="0">
       <https:tls-client path="${my.ssl.keystore}" storePassword="${my.ssl.keystore.password}"/>
       <https:tls-key-store path="${my.ssl.keystore}"  storePassword="${my.ssl.keystore.password}" keyPassword="${my.ssl.keystore.password}"/>
       <https:tls-server path="${my.ssl.keystore}" storePassword="${my.ssl.keystore.password}" requireClientAuthentication="true"/>
   </https:connector>

We will test this of course but so far it is looking good.




The Integration Zone is brought to you in partnership with CA Technologies.  Use CA Live API Creator to quickly create complete application backends, with secure APIs and robust application logic, in an easy to use interface.

Topics:

Published at DZone with permission of Pascal Alma, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}