DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
  1. DZone
  2. Coding
  3. Java
  4. Secure Your Mule Application With Spring Java

Secure Your Mule Application With Spring Java

In this article, we'll look at how to use our Mule application to pick up and validate credentials from a custom Java application.

Anirban Sen Chowdhary user avatar by
Anirban Sen Chowdhary
·
Mar. 21, 17 · Tutorial
Like (5)
Save
Tweet
Share
7.87K Views

Join the DZone community and get the full member experience.

Join For Free

In a previous article, Secure Your Mule Application With Spring JDBC, I explained how to configure Spring authentication in your Mule application, where we can store and validate the credentials from a database.

Here in this article, we will modify the application and will pick up and validate the credentials from our custom Java application which in turn will pick the credentials from a properties file in the application.

We will be modifying our Mule configuration as shown below:

<spring:beans>
<spring:bean class="com.authentication.CustomAuthenticationProvider" id="customAuthenticationProvider"/>
</spring:beans>

<spring:beans>
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider ref="customAuthenticationProvider"/> 
  <!-- picking credentials from Java Class -->
</ss:authentication-manager>
</spring:beans>

<mule-ss:security-manager doc:name="Spring_Security_Provider" name="security">
<mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager" />
</mule-ss:security-manager>

<http:listener-config name="HTTP_Listener_Configuration" host="localhost" port="8082" doc:name="HTTP Listener Configuration" />

<flow name="SpringAuthWithJava">
<http:listener config-ref="HTTP_Listener_Configuration" path="/secure" doc:name="HTTP"/>
<http:basic-security-filter realm="mule-realm"/>
<mule-ss:authorization-filter requiredAuthorities="#{{'ROLE_ADMIN','ROLE_USER'}}"/>
<logger level="INFO" message="## passed security" doc:name="Logger"/>
</flow>

You can see how we have configured,authentication-provider which refers to our Java class:

<ss:authentication-provider ref="customAuthenticationProvider"/>

Now, let's look into our Java class, which will implement the AuthenticationProvider interface that is shown below:

package com.authentication;

import java.util.ArrayList;
import java.util.List;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

@Override
public Authentication authenticate(Authentication authValue) throws AuthenticationException {

String name = authValue.getName().trim();
String secratePass = authValue.getCredentials().toString().trim();

if (name.equals(System.getProperty("user.name")) && secratePass.equals(System.getProperty("user.password"))) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
Authentication auth = new UsernamePasswordAuthenticationToken(name, secratePass, grantedAuths);
return auth;
} else {
throw new BadCredentialsException("Bad Credentials entered");
// Custom Message;
}
}

@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}

}

We can see above the user and password are taken from a properties file:

user.name=admin
user.password=system

And validated in our Java class:

name.equals(System.getProperty("user.name")) && secratePass.equals(System.getProperty("user.password")) 


That's it! Time to test our application.

Testing Our Application:

When we will deploy the application under Mule server and hit the application URL in a browser, we will get the following dialogue box prompted, and we will start with entering the wrong credential as shown below:

Image title

And soon we will get our custom exception message defined in our Java class in the console below:

Image title

Now, we can enter our actual credentials as below:

Image title

Which will result in the following success message in our console:

Image title

We can add now add our required business logic in the mule flow for further processing.

Now, before we end our blog, what about checking the role of the application client?

Let's change the role of the application client in the below Java class from the role to ROLE_USER:

grantedAuths.add(new SimpleGrantedAuthority("ROLE_DEVELOPER"));


So, as we can see that in our Mule flow, we are validating our role:

<mule-ss:authorization-filter requiredAuthorities="#{{'ROLE_ADMIN','ROLE_USER'}}"/>


Which purely gives permission and authentication to the above roles. So, changing the role to ROLE_USER will lead following exception in the console:

Image title

Which clearly indicates how it controls the role based authentication.

Conclusion:

With the above use case, we can realize easily that it’s very easy to implement the Spring security in our Mule application. The only thing we need to do is to create the custom Java application and configure the user credentials information in the properties file so that the application authentication can be done against those values.

application Java (programming language) Spring Security Spring Framework

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • 5 Best Python Testing Frameworks
  • Chaos Engineering Tutorial: Comprehensive Guide With Best Practices
  • 19 Most Common OpenSSL Commands for 2023
  • Kubernetes-Native Development With Quarkus and Eclipse JKube

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: