[mule-user] Handling BadCredentialsException on mule spring jdbc Authentication

Omar slim

unread,

Dec 11, 2009, 11:09:24 AM12/11/09

to us...@mule.codehaus.org

Hello ,

I am using a jdbc -> oracle spring authentication on an HTTP endpoint; it's working correctly.
The problem is when i provide incorrect login/passwd , i get BadCredentialsException. In my mule conf file i have an interceptor where i have access to login & password used (if success) , i tried to catch the exception but it's impossible.
It seems the authentication process hapens before the interceptor is 'active', since then, when the exception is raised all try catch blocks or testing the login/passwd from the interceptor doesn't work.

here are snippets code of mule config & from the interceptor & the exeption :

=================mule conf==========================
...
<spring:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<spring:property name="driverClassName">
<spring:value>oracle.jdbc.driver.OracleDriver</spring:value>
</spring:property>
<spring:property name="url">
<spring:value>jdbc:oracle:thin:@localhost:1521:XE</spring:value>
</spring:property>
<spring:property name="username">
<spring:value>muleuser</spring:value>
</spring:property>
<spring:property name="password">
<spring:value>muleuser</spring:value>
</spring:property>
</spring:bean>

<spring:beans>
<ss:authentication-manager alias="authenticationManager" />

<ss:authentication-provider>
<ss:jdbc-user-service data-source-ref="dataSource" />
</ss:authentication-provider>
</spring:beans>

<mule-ss:security-manager>
<mule-ss:delegate-security-provider
name="memory-dao" delegate-ref="authenticationManager" />
</mule-ss:security-manager>

<security-manager>
<password-encryption-strategy name="passwordEncryption"
password="password" />
</security-manager>

<custom-transformer name="StringToNameString"
class="ma.atexo.transformers.StringToNameString" />
<custom-transformer name="HttpRequestToNameString"
class="ma.atexo.transformers.HttpRequestToNameString" />
<custom-transformer name="ExceptionToString"
class="ma.atexo.transformers.ExceptionToString" />
<custom-transformer name="HttpRequestToParameter"
class="org.mule.transport.servlet.transformers.HttpRequestToParameter" />
<custom-transformer name="ObjectToString"
class="ma.atexo.transformers.ObjectToString" />

<jms:activemq-connector name="jmsConnector"
maxRedelivery="1" brokerURL="tcp://localhost:61616" specification="1.1"
durable="true" persistentDelivery="true">
</jms:activemq-connector>

<message-properties-transformer name="PlainTextResponseTransformer">
<add-message-property key="Content-Type" value="text/plain" />
</message-properties-transformer>

==========================================

======================Interceptor snippet ===============================
//try catch block are ineffective even catching the exception i get

public class LoginInterceptoronlyhttp implements Interceptor {

public MuleMessage intercept(Invocation invocation) throws MuleException{

if (invocation.getMessage().getPayload() != null) {

SecurityContext securityContext =invocation.getEvent().getSession().getSecurityContext();
if (securityContext == null) {
throw new DefaultMuleException("No SecurityContext present");
}
User user = (User) securityContext.getAuthentication().getPrincipal();
String username=user.getUsername().toString();

try { //some db treatment

Logmule unlogmule= new Logmule();
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
unlogmule.setIntanceMule(1);
unlogmule.setDateEnvoi(format.format(new Date()));
unlogmule.setMuleMessageId(invocation.getMessage().getPayload().toString());
unlogmule.setStatut1("R1");
SaveDataToOracle.createLogMume(unlogmule);
}

catch (Exception e) {}

}
return invocation.getMessage();

}

}

=====================exception stacktrace============================

********************************************************************************
Exception stack is:
1. Bad credentials (org.springframework.security.BadCredentialsException)
org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider:124 (null)
2. Authentication Attempt Failed. Message payload is of type: String (org.mule.api.security.UnauthorisedException)
org.mule.security.MuleSecurityManager:95 (http://www.mulesource.org/docs/site/current2/apidocs/org/mule/api/security/UnauthorisedException.html)
********************************************************************************
Root Exception stack trace:
org.springframework.security.BadCredentialsException: Bad credentials
at org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:124)
at org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:188)
at org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46)
at org.mule.module.spring.security.SpringProviderAdapter.authenticate(SpringProviderAdapter.java:69)
at org.mule.security.MuleSecurityManager.authenticate(MuleSecurityManager.java:89)
at org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:138)
at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:181)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:335)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:252)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:193)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:273)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:227)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:190)
at org.mule.work.WorkerContext.run(WorkerContext.java:310)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575)
at java.lang.Thread.run(Unknown Source)

********************************************************************************

any idea ? i searched the web but found nothing

plz help me !

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

Antoine Borg

unread,

Dec 14, 2009, 5:17:33 AM12/14/09

to us...@mule.codehaus.org

Have you tried using exception strategies? That is the place to catch
exceptions in a Mule application

HTH

A

--

Antoine Borg , Director of Services | Tel: +32 28 504 696
ricston Ltd., BP 2, 1180 Uccle, Brussels, BELGIUM
See our full schedule of Mule and Android courses online: Ricston Course
Schedules <http://www.ricston.com/courses/schedules>
email: antoin...@ricston.com <mailto:antoin...@ricston.com> |
twitter: twitter.com/antoinericston <http://www.twitter.com/antoinericston>
----------
* Disclaimer* - This email and any files transmitted with it are
confidential and contain privileged or copyright information. You must
not present this message to another party without first gaining
permission from the sender. If you are not the intended recipient you
must not copy, distribute or use this email or the information contained
in it for any purpose other than to notify us. If you have received this
message in error, please notify the sender immediately and delete this
email from your system. We do not guarantee that this material is free
from viruses or any other defects although due care has been taken to
minimise the risk. Any views stated in this communication are those of
the actual sender and not necessarily those of Ricston Ltd. or its
subsidiaries.

Omar slim

unread,

Dec 15, 2009, 6:16:48 AM12/15/09

to us...@mule.codehaus.org

Yes i have used the default-service-exception-strategy with no effect; i also used the default-connector-exception-strategy on the http connector but it generates some problems :
when i get the user/passwd dialog box of the internet navigator and until i click on "OK" with the login/passwd, an exception is generated :

Exception stack is:
1. Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. . Message payload is of type: String (org.mule.api.security.UnauthorisedException)
org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter:164 (http://www.mulesource.org/docs/site/current2/apidocs/org/mule/api/security/UnauthorisedException.html)

********************************************************************************
Root Exception stack trace:

org.mule.api.security.UnauthorisedException: Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. . Message payload is of type: String
at org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:164)

at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:181)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:335)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:252)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:193)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:273)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:227)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:190)
at org.mule.work.WorkerContext.run(WorkerContext.java:310)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575)
at java.lang.Thread.run(Unknown Source)

********************************************************************************
so the default-connector-exception-strategy gets activated with this exception which is not the source of my pb;it's not 'harmful' since everything is ok after validating a login/passwd in the dialog box.
the real problem is that i can't catch the spring exception (badcredentialsexception) until now even with different catch strategies.

Have you tried using exception strategies? That is the place to catch
exceptions in a Mule application

HTH

---------------------------------------------------------------------

allen rodson

unread,

Dec 28, 2009, 9:32:50 AM12/28/09

to us...@mule.codehaus.org

Hi, i'm a newbie,
i have been trying to do the same but i get the same exception !

I used different kinds of exception strategies in different places in mule conf file but nothing could catch "BadCredentialsException" thrown by spring

I wish somone got the answer !

Eric Tice

unread,

Sep 1, 2011, 3:59:42 PM9/1/11

to us...@mule.codehaus.org

Was there ever a resolution to this issue? I am having the same problem with Mule 3.1.0. The service is being called by curl. and seems to be working but is throwing this irritating message

WARN 2011-09-01 14:10:00,609 [[UserServices].httpsConnector.receiver.10] org.mule.processor.SecurityFilterMessageProcessor: Outbound Request was made but was not authenticated: Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String
org.mule.api.security.UnauthorisedException: Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String
at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:160)
at org.mule.security.AbstractAuthenticationFilter.authenticate(AbstractAuthenticationFilter.java:70)
at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:60)
at org.mule.security.AbstractEndpointSecurityFilter.doFilter(AbstractEndpointSecurityFilter.java:53)
at org.mule.processor.SecurityFilterMessageProcessor.process(SecurityFilterMessageProcessor.java:59)
at org.mule.processor.ExceptionHandlingMessageProcessor.process(ExceptionHandlingMessageProcessor.java:25)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:185)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:158)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:145)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:247)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:206)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:164)
at org.mule.work.WorkerContext.run(WorkerContext.java:309)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:987)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:528)
at java.lang.Thread.run(Thread.java:662)
ERROR 2011-09-01 14:10:00,610 [[UserServices].httpsConnector.receiver.10] org.mule.exception.DefaultServiceExceptionStrategy:
********************************************************************************
Message : Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String
Code : MULE_ERROR-54999
--------------------------------------------------------------------------------
Exception stack is:
1. Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String (org.mule.api.security.UnauthorisedException)
org.mule.transport.http.filters.HttpBasicAuthenticationFilter:160 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/security/UnauthorisedException.html)
--------------------------------------------------------------------------------
Root Exception stack trace:
org.mule.api.security.UnauthorisedException: Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String
at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:160)
at org.mule.security.AbstractAuthenticationFilter.authenticate(AbstractAuthenticationFilter.java:70)
at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:60)
+ 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************

Reply all

Reply to author

Forward