[mule-user] Tagging HTTP Basic Auth to outbound packets
kellizer
Hello,
I’m struggling to get simple HTTP basic authentication be “tagged” to http
endpoints (for outbound communications). I’m using 2.0
I followed this page:
http://mule.mulesource.org/display/MULE2USER/Mule+Security
And ended up with
<http:endpoint name="WebServiceGateway" host="127.0.0.1" user="123"
password="password" remoteSync="true" port="8080" path="/echo"
method="POST">
<property key="Content-Type" value="text/xml"/>
<security-filter
className="org.mule.extras.acegi.filters.http.HttpBasicAuthenticationFilter">
<properties>
<property name="realm" value="my-realm"/>
</properties>
</security-filter>
</http:endpoint>
I get a schema issue;
23/07 02:56:23:234 main DEBUG - insert
org.mule.config.spring.factories.OutboundEndpointFactoryBean ->
org.mule.routing.outbound.OutboundPassThroughRouter
23/07 02:56:23:234 main DEBUG - register ref:WebServiceGateway.17:
org.mule.config.spring.factories.OutboundEndpointFactoryBean
23/07 02:56:23:328 main ERROR - Configuration with
"org.mule.config.builders.WebappMuleXmlConfigurationBuilder" failed.
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line
38 in XML document from profile/shared/environment-config.xml is invalid;
nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'security-filter'. One of
'{"http://www.mulesource.org/schema/mule/core/2.0":abstract-transformer,
"http://www.mulesource.org/schema/mule/core/2.0":transformers,
"http://www.mulesource.org/schema/mule/core/2.0":response-transformers,
"http://www.mulesource.org/schema/mule/core/2.0":abstract-transaction,
"http://www.mulesource.org/schema/mule/core/2.0":abstract-filter,
"http://www.mulesource.org/schema/mule/core/2.0":abstract-security-filter,
"http://www.mulesource.org/schema/mule/core/2.0":property,
"http://www.mulesource.org/schema/mule/core/2.0":properties}' is expected.
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:389)
at
I have also tried to use http-security-filter from acegi but with no
success.
My question is; Is this is correct way to attach credential to http outbound
packets via the http:endpoint? If so, it is simply a schema issue?
Any assistance would be greatly appreciated.
Thanks,
Ian.
--
View this message in context: http://www.nabble.com/Tagging-HTTP-Basic-Auth-to-outbound-packets-tp18608758p18608758.html
Sent from the Mule - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
Antoine Borg
The config for the security filter on the page you mention is in Mule 1.x
format so you will need to convert things slightly. The realm property may
be an attribute now for example.
HTH
Antoine Borg, Senior Consultant | Tel: +32 28 504 696
ricston Ltd., BP 2, 1180 Uccle, Brussels, BELGIUM
email: antoin...@ricston.com | blog: blog.ricston.com | web: ricston.com
kellizer
Many thanks Antoine for your quick response.
Does any know what XSD file (or source code fiels) the security-filter
structure is defined/stored or if the function was removed from the Version
2 release?
A pointer in the correct direction would be great help.
Best Regards,
Ian.
Antoine Borg wrote:
>
> Hi,
>
> The config for the security filter on the page you mention is in Mule 1.x
> format so you will need to convert things slightly. The realm property
> may
> be an attribute now for example.
>
> HTH
>
>
> Antoine Borg, Senior Consultant | Tel: +32 28 504 696
> ricston Ltd., BP 2, 1180 Uccle, Brussels, BELGIUM
> email: antoin...@ricston.com | blog: blog.ricston.com | web:
> ricston.com
>
> -----Original Message-----
> From: kellizer [mailto:kell...@gmail.com]
> Sent: Wednesday, July 23, 2008 1:33 PM
> To: us...@mule.codehaus.org
> Subject: [mule-user] Tagging HTTP Basic Auth to outbound packets
>
>
--
View this message in context: http://www.nabble.com/Tagging-HTTP-Basic-Auth-to-outbound-packets-tp18608758p18630467.html
Andrew Perepelytsya
- mule (core)
- mule-acegi
- mule-jaas
- mule-pgp
- mule-jms
Andrew
kellizer
Many thanks for this - I think i'm getting the bottom of it now I believe it
all happens via ACEGI only now and is related to the MuleSession
Let me explain;
In HttpBasicAuthenticationFilter (which is defined as http-security-filter)
there is the authenicateOutbound event is handled (see below). So looking at
the code, it seems that is is looking for an Authentication object to then
pass the values from this object into the HTTP header. So, my focus now is
on finding how to wire the authentication but it seems to be associated with
the MuleSession.
So anyone had experience with authenticating (or setting authentication
properties) for mule sessions or indeed using MuleCredentials?
Many Thanks,
Ian.
public void authenticateOutbound(MuleEvent event)
throws SecurityException, SecurityProviderNotFoundException
{
if (event.getSession().getSecurityContext() == null)
{
if (isAuthenticate())
{
throw new UnauthorisedException(event.getMessage(),
event.getSession().getSecurityContext(),
event.getEndpoint(), this);
}
else
{
return;
}
}
Authentication auth =
event.getSession().getSecurityContext().getAuthentication();
if (isAuthenticate())
{
auth = getSecurityManager().authenticate(auth);
if (logger.isDebugEnabled())
{
logger.debug("Authentication success: " + auth.toString());
}
}
StringBuffer header = new StringBuffer(128);
header.append("Basic ");
String token = auth.getCredentials().toString();
header.append(new String(Base64.encodeBase64(token.getBytes())));
event.getMessage().setStringProperty(HttpConstants.HEADER_AUTHORIZATION,
header.toString());
}
Andrew Perepelytsya wrote:
>
> A quick search showed that the following xsds have security-filter
> mentioned
> in one form or another:
>
> - mule (core)
> - mule-acegi
> - mule-jaas
> - mule-pgp
> - mule-jms
>
> HTH,
> Andrew
>
>
--
View this message in context: http://www.nabble.com/Tagging-HTTP-Basic-Auth-to-outbound-packets-tp18608758p18638905.html