Thursday, March 10, 2016

MuleSoft - How To Implement HTTP Listener Basic Authentication?

I've been looking for a simple example on how to implement a Basic Authentication HTTP Listener.

First step: I went through this docs https://docs.mulesoft.com/mule-user-guide/v/3.7/component-authorization-using-spring-security but I just need a very simple and straightforward.

Second step: I just created a simple one. Please refer the below on how I did it:

Let's create a new Mule Project:
name: poc-http-basic-authentication

Step 1: Let's just create a a flow and name it with "HTTPBasicAuthServer" and then just add a HTTP Listener then set a payload response. That's it.

Step 2: Let's define a spring beans. Use the code snippet below:

 <spring:beans>
    <ss:authentication-manager alias="authenticationManager">
      <ss:authentication-provider>
        <ss:user-service id="userService">
          <ss:user name="admin" password="admin" authorities="ROLE_ADMIN" />
        </ss:user-service>
      </ss:authentication-provider>
    </ss:authentication-manager> 

  </spring:beans>

Step 3: Add the following security-manager config:

  <mule-ss:security-manager>
      <mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager"/>

  </mule-ss:security-manager>

Step 4: Open the configuration XML and look for the flow "HTTPBasicAuthServer". Add the "basic-security-filter" config in between the HTTP Listener and the Set Payload.


  <http:basic-security-filter realm="mule-realm" securityProviders="memory-provider"/> 

Step 5: Save it and run.

Full Source Code below:

<mule xmlns:tls="http://www.mulesoft.org/schema/mule/tls" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns:tracking="http://www.mulesoft.org/schema/mule/ee/tracking" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
    xmlns:spring="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
    xmlns:ss="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/ee/tracking http://www.mulesoft.org/schema/mule/ee/tracking/current/mule-tracking-ee.xsd
http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.1/mule-spring-security.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.mulesoft.org/schema/mule/tls http://www.mulesoft.org/schema/mule/tls/current/mule-tls.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd">

  <spring:beans>
    <ss:authentication-manager alias="authManager">
      <ss:authentication-provider>
        <ss:user-service id="userService">
          <ss:user name="admin" password="password1" authorities="ROLE_ADMIN" />
        </ss:user-service>
      </ss:authentication-provider>
    </ss:authentication-manager> 
  </spring:beans>

  <mule-ss:security-manager>
      <mule-ss:delegate-security-provider name="auth-provider" delegate-ref="authManager"/>
  </mule-ss:security-manager>

  <http:listener-config name="HTTP_Listener_Configuration" host="0.0.0.0" port="8081" doc:name="HTTP Listener Configuration" />
    

  <flow name="HTTPBasicAuthServer">
    <http:listener config-ref="HTTP_Listener_Configuration" path="server" doc:name="HTTP"/>
      <logger level="INFO" message=">>>> Before Authentication" doc:name="LOG Before Authentication"/>
    <http:basic-security-filter realm="mule-realm" securityProviders="auth-provider"/>      
    <logger level="INFO" message=">>>> Granted and After Authentication" doc:name="LOG After Authentication"/>
      <set-payload value="Success" doc:name="Set static Payload Response"/>
  </flow>

</mule>