Platinum Partner
java,enterprise-integration,testing,tips and tricks,soapui,mule esb

Testing a Secured Mule ESB Web Service Proxy with SoapUI

A few weeks ago I received a mail with a request to look into an issue which I was pretty sure I had solved it before. Since I couldn’t find how I did it back then I decided to post it here for future reference. The situation is like this: a web service is proxied with Mule ESB and password protection is added to it by applying Spring Security. The configuration of the service looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:mulexml="http://www.mulesoft.org/schema/mule/xml" xmlns:https="http://www.mulesoft.org/schema/mule/https"
	xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:spring="http://www.springframework.org/schema/beans" xmlns:http="http://www.mulesoft.org/schema/mule/http"
	xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern"
	xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
	xmlns:ss="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd
       http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd 
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
       http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/3.3/mule.xsd
       http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/3.3/mule-http.xsd
       http://www.mulesoft.org/schema/mule/pattern http://www.mulesoft.org/schema/mule/pattern/3.3/mule-pattern.xsd
       http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.3/mule-spring-security.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <mule-ss:security-manager>
        <mule-ss:delegate-security-provider
			name="memory-dao" delegate-ref="authenticationManager" />
    </mule-ss:security-manager>

    <spring:beans>
        <ss:authentication-manager alias="authenticationManager">
            <ss:authentication-provider>
                <ss:user-service id="userService">
                    <ss:user name="pascal" password="alma" authorities="ROLE_ADMIN" />
                </ss:user-service>
            </ss:authentication-provider>
        </ss:authentication-manager>
    </spring:beans>

    <http:connector name="NoSessionConnector">
        <service-overrides sessionHandler="org.mule.session.NullSessionHandler" />
    </http:connector>

    <pattern:web-service-proxy name="countries">
        <http:inbound-endpoint address="http://localhost:8080" exchange-pattern="request-response">
            <mule-ss:http-security-filter realm="mule-realm" />
        </http:inbound-endpoint>
        <http:outbound-endpoint address="http://www.webservicex.net/country.asmx" exchange-pattern="request-response" />
    </pattern:web-service-proxy>
</mule>
I think the code is quite straightforward. Every request coming in at 'http://localhost:8080' is forwarded to 'http://www.webservicex.net/country.asmx' after the subject has been authenticated against the ‘authentication-provider’.

To test this setup I created a SoapUI project. Also this is quite straightforward but I show it here anyway. I use SoapUI 4.5.1.

  • Create a new SoapUI project
  • Screen Shot 2013-01-19 at 09.13.10

  • Enter a name and the WSDL of the service
  • Screen Shot 2013-01-19 at 09.14.02

  • Test the service by making a call
  • Screen Shot 2013-01-19 at 09.18.05

  • Use the web service proxy
  • Screen Shot 2013-01-19 at 13.25.23

  • Supply username and password
  • Screen Shot 2013-01-19 at 13.47.25

Until here it is all straightforward except for the result in the last call!
Screen Shot 2013-01-19 at 14.00.54
It seems that the username and password is not supplied in the call to the proxy. This is a setting in SoapUI that you have to enable. It is ‘hidden’ in the ‘Preferences’ of the tool. You have to enable the setting like this:
Screen Shot 2012-12-24 at 14.25.44
While testing this code for the post I also had to uncheck the following option to get a ‘human-readable’ response in SoapUI:
Screen Shot 2012-12-24 at 21.42.49
Now if you send a request you get the expected answer:
Screen Shot 2013-01-19 at 13.54.47




Published at DZone with permission of {{ articles[0].authors[0].realName }}, DZone MVB. (source)

Opinions expressed by DZone contributors are their own.

{{ tag }}, {{tag}},

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}
{{ parent.authors[0].realName || parent.author}}

{{ parent.authors[0].tagline || parent.tagline }}

{{ parent.views }} ViewsClicks
Tweet

{{parent.nComments}}