[mule-user] Passing credentials from two endpoints - Mule 2.x

0 views
Skip to first unread message

67chevelle

unread,
Sep 12, 2008, 5:56:09 PM9/12/08
to us...@mule.codehaus.org

Hello,

I need to pass the security credentials (using acegisecurity) from one
endpoint to another. I have tried the following configuration on my
endpoints in the mule-config file:

synchronous="true"
remoteSync="true"
connector-ref="syncVm"

This is the partial stack trace I get when trying to call the second
endpoint -

Exception stack is:
1. An Authentication object was not found in the SecurityContext
(org.acegisecurity.AuthenticationCredentialsNotFoundException)
org.acegisecurity.intercept.AbstractSecurityInterceptor:375 (null)
2. Component that caused exception is: test2Service. Message payload is of
type: String (org.mule.api.service.ServiceException)
org.mule.component.DefaultLifecycleAdapter:214
(http://mule.mulesource.org/docs/apidocs/org/mule/api/service/ServiceException.html)
********************************************************************************
Root Exception stack trace:
org.acegisecurity.AuthenticationCredentialsNotFoundException: An
Authentication object was not found in the SecurityContext
at
org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:375)
at
org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:288)
at
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:63)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy25.onCall(Unknown Source)


Has someone found (or built) a good example to accomplish this? Any help
would be greatly appreciated.

Thanks ...
--
View this message in context: http://www.nabble.com/Passing-credentials-from-two-endpoints---Mule-2.x-tp19464785p19464785.html
Sent from the Mule - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email


Antoine Borg

unread,
Sep 15, 2008, 5:05:10 AM9/15/08
to us...@mule.codehaus.org
Hi,

If you could post your configuration, that would be very helpful. This could
be a mis-configured security manager, for example.

It sounds like the right authentication object is not available in your
first service - are you authenticating in any way?

A


Antoine Borg, Senior Consultant | Tel: +32 28 504 696
ricston Ltd., BP 2, 1180 Uccle, Brussels, BELGIUM
email: antoin...@ricston.com | blog: blog.ricston.com | web: ricston.com

67chevelle

unread,
Sep 15, 2008, 1:52:46 PM9/15/08
to us...@mule.codehaus.org

Hi Antoine,

Yes, I am authenticating with LDAP by passing the mule user property (
MuleCredentials.createHeader(userid, pwd) ) when the message is sent (
dispatcher.sendRemote() )

Here is more detail of what I am trying to do -

I can call the service esbUserLdapService (with authentication) by itself.

What I am trying next is to call the service esbMuleRequestService (which
works) and then have that call the service esbUserLdapService as an
outbound-endpoint. That is where the error is occurring (outbound-endpoint).

Attached are my mule-config.xml and security-config.xml

http://www.nabble.com/file/p19497851/esb-config.xml esb-config.xml
http://www.nabble.com/file/p19497851/esb-security.xml esb-security.xml

Thanks,
Jeff


antoine.borg wrote:
>
> Hi,
>
> If you could post your configuration, that would be very helpful. This
> could
> be a mis-configured security manager, for example.
>
> It sounds like the right authentication object is not available in your
> first service - are you authenticating in any way?
>
> A
>
>
> Antoine Borg, Senior Consultant | Tel: +32 28 504 696
> ricston Ltd., BP 2, 1180 Uccle, Brussels, BELGIUM
> email: antoin...@ricston.com | blog: blog.ricston.com | web:
> ricston.com
>
> -----Original Message-----
> From: 67chevelle [mailto:jne...@rich-software.com]
> Sent: Friday, September 12, 2008 11:56 PM
> To: us...@mule.codehaus.org
> Subject: [mule-user] Passing credentials from two endpoints - Mule 2.x
>
>

> Hello,
>
> I need to pass the security credentials (using acegisecurity) from one
> endpoint to another. I have tried the following configuration on my
> endpoints in the mule-config file:
>
> synchronous="true"
> remoteSync="true"
> connector-ref="syncVm"
>
> This is the partial stack trace I get when trying to call the second
> endpoint -
>
> Exception stack is:
> 1. An Authentication object was not found in the SecurityContext
> (org.acegisecurity.AuthenticationCredentialsNotFoundException)
> org.acegisecurity.intercept.AbstractSecurityInterceptor:375 (null) 2.
> Component that caused exception is: test2Service. Message payload is of
> type: String (org.mule.api.service.ServiceException)
> org.mule.component.DefaultLifecycleAdapter:214
> (http://mule.mulesource.org/docs/apidocs/org/mule/api/service/ServiceExcepti
> on.html)
> ****************************************************************************
> ****
> Root Exception stack trace:
> org.acegisecurity.AuthenticationCredentialsNotFoundException: An
> Authentication object was not found in the SecurityContext
> at

> org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(
> AbstractSecurityInterceptor.java:375)
> at
> org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(Abs
> tractSecurityInterceptor.java:288)
> at
> org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.inv
> oke(MethodSecurityInterceptor.java:63)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Reflect
> iveMethodInvocation.java:171)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopPro

> xy.java:204)
> at $Proxy25.onCall(Unknown Source)
>
>
> Has someone found (or built) a good example to accomplish this? Any help
> would be greatly appreciated.
>
> Thanks ...
> --
> View this message in context:
> http://www.nabble.com/Passing-credentials-from-two-endpoints---Mule-2.x-tp19
> 464785p19464785.html
> Sent from the Mule - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
>
>

--
View this message in context: http://www.nabble.com/Passing-credentials-from-two-endpoints---Mule-2.x-tp19464785p19497851.html

Antoine Borg

unread,
Sep 16, 2008, 2:56:08 AM9/16/08
to us...@mule.codehaus.org
Hello,

You mention dispatcher.sendRemote() ... Does this mean that you're
authenticating in a different application? Could it be that the Mule
instance would not have done any authentication until you try to call
esbUserLdapService?

67chevelle

unread,
Sep 16, 2008, 10:51:58 AM9/16/08
to us...@mule.codehaus.org

Hello Antoine,

I have a webapp that is calling out to some services in Mule. The webapp
user is authenticated separately and correctly sets the MULE_USER_PROPERTY
for the original endpoint (so Mule can protect its services). It's the fact
that the handoff from one endpoint to the next loses the authentication
info.

Thanks,
Jeff


antoine.borg wrote:
>
> Hello,
>
> You mention dispatcher.sendRemote() ... Does this mean that you're
> authenticating in a different application? Could it be that the Mule
> instance would not have done any authentication until you try to call
> esbUserLdapService?
>

> A
>
>
> Antoine Borg, Senior Consultant | Tel: +32 28 504 696
> ricston Ltd., BP 2, 1180 Uccle, Brussels, BELGIUM
> email: antoin...@ricston.com | blog: blog.ricston.com | web:
> ricston.com
>
> -----Original Message-----
> From: 67chevelle [mailto:jne...@rich-software.com]

> Sent: Monday, September 15, 2008 7:53 PM
> To: us...@mule.codehaus.org

>> (http://mule.mulesource.org/docs/apidocs/org/mule/api/service/ServiceE
>> xcepti
>> on.html)
>> **********************************************************************
>> ******

>> ****
>> Root Exception stack trace:
>> org.acegisecurity.AuthenticationCredentialsNotFoundException: An
>> Authentication object was not found in the SecurityContext
>> at

>> org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNot
>> Found(
>> AbstractSecurityInterceptor.java:375)
>> at
>> org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocati
>> on(Abs
>> tractSecurityInterceptor.java:288)
>> at
>> org.acegisecurity.intercept.method.aopalliance.MethodSecurityIntercept
>> or.inv
>> oke(MethodSecurityInterceptor.java:63)
>> at
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(R
>> eflect
>> iveMethodInvocation.java:171)
>> at
>> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamic
>> AopPro

--
View this message in context: http://www.nabble.com/Passing-credentials-from-two-endpoints---Mule-2.x-tp19464785p19513531.html

Antoine Borg

unread,
Sep 29, 2008, 3:42:06 AM9/29/08
to us...@mule.codehaus.org
Hi Jeff,

I stand to be corrected on this one ... But, I believe that setting the
properties is not enough. I think Mule needs to perform the necessary
authentication.

HTH

Reply all
Reply to author
Forward
0 new messages