DZone
Security Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Security Zone > Secure Your Mule Application With Spring Java

Secure Your Mule Application With Spring Java

In this article, we'll look at how to use our Mule application to pick up and validate credentials from a custom Java application.

Anirban Sen Chowdhary user avatar by
Anirban Sen Chowdhary
·
Mar. 21, 17 · Security Zone · Tutorial
Like (5)
Save
Tweet
7.64K Views

Join the DZone community and get the full member experience.

Join For Free

In a previous article, Secure Your Mule Application With Spring JDBC, I explained how to configure Spring authentication in your Mule application, where we can store and validate the credentials from a database.

Here in this article, we will modify the application and will pick up and validate the credentials from our custom Java application which in turn will pick the credentials from a properties file in the application.

We will be modifying our Mule configuration as shown below:

<spring:beans>
<spring:bean class="com.authentication.CustomAuthenticationProvider" id="customAuthenticationProvider"/>
</spring:beans>

<spring:beans>
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider ref="customAuthenticationProvider"/> 
  <!-- picking credentials from Java Class -->
</ss:authentication-manager>
</spring:beans>

<mule-ss:security-manager doc:name="Spring_Security_Provider" name="security">
<mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager" />
</mule-ss:security-manager>

<http:listener-config name="HTTP_Listener_Configuration" host="localhost" port="8082" doc:name="HTTP Listener Configuration" />

<flow name="SpringAuthWithJava">
<http:listener config-ref="HTTP_Listener_Configuration" path="/secure" doc:name="HTTP"/>
<http:basic-security-filter realm="mule-realm"/>
<mule-ss:authorization-filter requiredAuthorities="#{{'ROLE_ADMIN','ROLE_USER'}}"/>
<logger level="INFO" message="## passed security" doc:name="Logger"/>
</flow>

You can see how we have configured,authentication-provider which refers to our Java class:

<ss:authentication-provider ref="customAuthenticationProvider"/>

Now, let's look into our Java class, which will implement the AuthenticationProvider interface that is shown below:

package com.authentication;

import java.util.ArrayList;
import java.util.List;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

@Override
public Authentication authenticate(Authentication authValue) throws AuthenticationException {

String name = authValue.getName().trim();
String secratePass = authValue.getCredentials().toString().trim();

if (name.equals(System.getProperty("user.name")) && secratePass.equals(System.getProperty("user.password"))) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
Authentication auth = new UsernamePasswordAuthenticationToken(name, secratePass, grantedAuths);
return auth;
} else {
throw new BadCredentialsException("Bad Credentials entered");
// Custom Message;
}
}

@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}

}

We can see above the user and password are taken from a properties file:

user.name=admin
user.password=system

And validated in our Java class:

name.equals(System.getProperty("user.name")) && secratePass.equals(System.getProperty("user.password")) 


That's it! Time to test our application.

Testing Our Application:

When we will deploy the application under Mule server and hit the application URL in a browser, we will get the following dialogue box prompted, and we will start with entering the wrong credential as shown below:

Image title

And soon we will get our custom exception message defined in our Java class in the console below:

Image title

Now, we can enter our actual credentials as below:

Image title

Which will result in the following success message in our console:

Image title

We can add now add our required business logic in the mule flow for further processing.

Now, before we end our blog, what about checking the role of the application client?

Let's change the role of the application client in the below Java class from the role to ROLE_USER:

grantedAuths.add(new SimpleGrantedAuthority("ROLE_DEVELOPER"));


So, as we can see that in our Mule flow, we are validating our role:

<mule-ss:authorization-filter requiredAuthorities="#{{'ROLE_ADMIN','ROLE_USER'}}"/>


Which purely gives permission and authentication to the above roles. So, changing the role to ROLE_USER will lead following exception in the console:

Image title

Which clearly indicates how it controls the role based authentication.

Conclusion:

With the above use case, we can realize easily that it’s very easy to implement the Spring security in our Mule application. The only thing we need to do is to create the custom Java application and configure the user credentials information in the properties file so that the application authentication can be done against those values.

application Java (programming language) Spring Security Spring Framework

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • SQL vs. NoSQL: Pros and Cons
  • Machine Learning in Cybersecurity
  • Develop With Oracle Transactional Event Queues
  • How to Solve Context Propagation Challenges in Distributed Tracing

Comments

Security Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo