Over a million developers have joined DZone.

Testing a Secured Mule ESB Web Service Proxy with SoapUI

DZone's Guide to

Testing a Secured Mule ESB Web Service Proxy with SoapUI

· Java Zone
Free Resource

Learn how to troubleshoot and diagnose some of the most common performance issues in Java today. Brought to you in partnership with AppDynamics.

A few weeks ago I received a mail with a request to look into an issue which I was pretty sure I had solved it before. Since I couldn’t find how I did it back then I decided to post it here for future reference. The situation is like this: a web service is proxied with Mule ESB and password protection is added to it by applying Spring Security. The configuration of the service looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:mulexml="http://www.mulesoft.org/schema/mule/xml" xmlns:https="http://www.mulesoft.org/schema/mule/https"
	xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:spring="http://www.springframework.org/schema/beans" xmlns:http="http://www.mulesoft.org/schema/mule/http"
	xsi:schemaLocation="http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd
       http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd 
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
       http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/3.3/mule.xsd
       http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/3.3/mule-http.xsd
       http://www.mulesoft.org/schema/mule/pattern http://www.mulesoft.org/schema/mule/pattern/3.3/mule-pattern.xsd
       http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.3/mule-spring-security.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

			name="memory-dao" delegate-ref="authenticationManager" />

        <ss:authentication-manager alias="authenticationManager">
                <ss:user-service id="userService">
                    <ss:user name="pascal" password="alma" authorities="ROLE_ADMIN" />

    <http:connector name="NoSessionConnector">
        <service-overrides sessionHandler="org.mule.session.NullSessionHandler" />

    <pattern:web-service-proxy name="countries">
        <http:inbound-endpoint address="http://localhost:8080" exchange-pattern="request-response">
            <mule-ss:http-security-filter realm="mule-realm" />
        <http:outbound-endpoint address="http://www.webservicex.net/country.asmx" exchange-pattern="request-response" />
I think the code is quite straightforward. Every request coming in at 'http://localhost:8080' is forwarded to 'http://www.webservicex.net/country.asmx' after the subject has been authenticated against the ‘authentication-provider’.

To test this setup I created a SoapUI project. Also this is quite straightforward but I show it here anyway. I use SoapUI 4.5.1.

  • Create a new SoapUI project
  • Screen Shot 2013-01-19 at 09.13.10

  • Enter a name and the WSDL of the service
  • Screen Shot 2013-01-19 at 09.14.02

  • Test the service by making a call
  • Screen Shot 2013-01-19 at 09.18.05

  • Use the web service proxy
  • Screen Shot 2013-01-19 at 13.25.23

  • Supply username and password
  • Screen Shot 2013-01-19 at 13.47.25

Until here it is all straightforward except for the result in the last call!
Screen Shot 2013-01-19 at 14.00.54
It seems that the username and password is not supplied in the call to the proxy. This is a setting in SoapUI that you have to enable. It is ‘hidden’ in the ‘Preferences’ of the tool. You have to enable the setting like this:
Screen Shot 2012-12-24 at 14.25.44
While testing this code for the post I also had to uncheck the following option to get a ‘human-readable’ response in SoapUI:
Screen Shot 2012-12-24 at 21.42.49
Now if you send a request you get the expected answer:
Screen Shot 2013-01-19 at 13.54.47

Understand the needs and benefits around implementing the right monitoring solution for a growing containerized market. Brought to you in partnership with AppDynamics.


Published at DZone with permission of Pascal Alma. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}