[mule-user] Developing and securing webservices - CXF, SSL and basic authentication in Mule 2

2 views

Skip to first unread message

Heimo Laukkanen

unread,

May 18, 2008, 5:44:31 AM5/18/08

to us...@mule.codehaus.org

Hi all,

just spent some time trying to understand what are the possibilities
and opportunities in creating and securing webservices with Mule 2. I
put my rant and complaints to another message, but first ask the
question.

I am able now to have a SSL secured https webservice with CXF in Mule
2. How can I add a http basic authentication requirement to it if I
don't want to or can't use WS-Security?

Based on this:
http://www.nabble.com/Https-td17024025.html#a17024025

I added a https-connector to my configuration:

<https:connector name="myHttpsConnector" clientSoTimeout="8000">
<https:tls-client
path="file:/Users/huima/programming/certificates/mulecerts/clientKeystore"
storePassword="mulepassword"/>
<https:tls-key-store
path="file:/Users/huima/programming/certificates/mulecerts/serverKeystore"
keyPassword="mulepassword" storePassword="mulepassword"/>
<https:tls-server
path="file:/Users/huima/programming/certificates/mulecerts/trustStore"
storePassword="mulepassword"/>

</https:connector>

It works perfectly with CXF.

<cxf:inbound-endpoint connector-ref="foo"
address="https://localhost:63081/hello" synchronous="true" >
</cxf:inbound-endpoint>

However Mule 2 does not allow me to add acegi securirty filter to the
inbound-endpoint ( atleast based on schema ) - though it would be nice
to be able to use it here.

I did find this post (
http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/
) that described the usage of interceptor to check headers.

Is that the proper way to do it - or is there a way to chain message
handling in a way where https-endpoint would receive it first,
authenticate with http-basic authentication and then pass the soap
message to the CXF?

I tried to do something like that by defining a global https-endpoint
and referencing in cxf:inbound element to it, but it did not seem to
work.

Any notes and information would be apprechiated.

-huima

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

Dan Diephouse

unread,

May 18, 2008, 10:10:41 PM5/18/08

to us...@mule.codehaus.org

The CXF connector uses the Mule HTTP transport, so to configure SSL you tell the CXF outbound endpoint to use cxf:https://host/path

Offhand I'm not sure on the exact best way to do this though, but I know its doable. I even saw a sample on the mailing list once, but can't seem to find it.

If nothing else, you can configure a HTTPS outgoing connection in mule like you normally would and connect cxf to it via a vm:// intermediary. For example:

CXF endpoint -> vm://intermediary -> HTTPS endpoint

This way you can use both the <cxf:outbound-endpoint> and the <https:outbound-endpoint> together.

Any other devs have thoughts?

Dan

--
Dan Diephouse
http://mulesource.com | http://netzooid.com/blog

Heimo Laukkanen

unread,

May 19, 2008, 4:51:12 AM5/19/08

to us...@mule.codehaus.org

On Mon, May 19, 2008 at 5:10 AM, Dan Diephouse
<dan.di...@mulesource.com> wrote:
> The CXF connector uses the Mule HTTP transport, so to configure SSL you tell
> the CXF outbound endpoint to use cxf:https://host/path

Yep, this is already done.

> CXF endpoint -> vm://intermediary -> HTTPS endpoint

What I'm trying to do is the opposite:

HTTPS-endpoint with acegi security filter --> CXF Endpoint to handle
Soap web service.

Based on your response I tried following ( left out schema definitions
and the setup of acegi ).

</https:connector>

This configuration challenges me to authenticate and is protected with
SSL, but the webservice part does not function.

http://localhost:68031/hello?wsdl produces error in log

INFO 2008-05-19 10:51:23,968 [myHttpsConnector.receiver.6]
org.mule.transport.http.HttpsMessageReceiver: Closing HTTP connection.
May 19, 2008 10:51:23 AM org.apache.cxf.transport.http.WSDLQueryHandler getStem
WARNING: URL creation failed:
java.net.MalformedURLException: unknown protocol: vm
at java.net.URL.<init>(URL.java:574)
at java.net.URL.<init>(URL.java:464)
at java.net.URL.<init>(URL.java:413)
at org.apache.cxf.transport.http.WSDLQueryHandler.getStem(WSDLQueryHandler.java:393)
at org.apache.cxf.transport.http.WSDLQueryHandler.isRecognizedQuery(WSDLQueryHandler.java:102)
at org.apache.cxf.transport.http.WSDLQueryHandler.isRecognizedQuery(WSDLQueryHandler.java:385)
at org.mule.transport.cxf.CxfServiceComponent.generateWSDLOrXSD(CxfServiceComponent.java:166)
at org.mule.transport.cxf.CxfServiceComponent.onCall(CxfServiceComponent.java:108)
at org.mule.model.resolvers.CallableEntryPointResolver.invoke(CallableEntryPointResolver.java:52)
at org.mule.model.resolvers.DefaultEntryPointResolverSet.invoke(DefaultEntryPointResolverSet.java:50)
at org.mule.component.DefaultLifecycleAdapter.intercept(DefaultLifecycleAdapter.java:202)
at org.mule.component.AbstractJavaComponent.invokeComponentInstance(AbstractJavaComponent.java:82)
at org.mule.component.AbstractJavaComponent.doOnCall(AbstractJavaComponent.java:73)
at org.mule.component.AbstractComponent.onCall(AbstractComponent.java:87)
at org.mule.model.seda.SedaService.doSend(SedaService.java:234)
at org.mule.service.AbstractService.sendEvent(AbstractService.java:510)
at org.mule.DefaultMuleSession.sendEvent(DefaultMuleSession.java:347)
at org.mule.routing.inbound.DefaultInboundRouterCollection.send(DefaultInboundRouterCollection.java:196)
at org.mule.routing.inbound.DefaultInboundRouterCollection.route(DefaultInboundRouterCollection.java:164)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:604)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:346)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:269)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:262)
at org.mule.transport.vm.VMMessageReceiver.onMessage(VMMessageReceiver.java:98)
at org.mule.transport.vm.VMMessageDispatcher.doDispatch(VMMessageDispatcher.java:66)
at org.mule.transport.AbstractMessageDispatcher$Worker.run(AbstractMessageDispatcher.java:261)
at org.mule.work.WorkerContext.run(WorkerContext.java:310)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575)
at java.lang.Thread.run(Thread.java:637)
INFO 2008-05-19 10:51:26,373 [myHttpsConnector.receiver.7]
org.mule.transport.http.HttpsMessageReceiver: Closing HTTP connection.
May 19, 2008 10:51:26 AM org.apache.cxf.transport.http.WSDLQueryHandler getStem
WARNING: URL creation failed:
java.net.MalformedURLException: unknown protocol: vm
at java.net.URL.<init>(URL.java:574)
at java.net.URL.<init>(URL.java:464)
at java.net.URL.<init>(URL.java:413)
at org.apache.cxf.transport.http.WSDLQueryHandler.getStem(WSDLQueryHandler.java:393)
at org.apache.cxf.transport.http.WSDLQueryHandler.isRecognizedQuery(WSDLQueryHandler.java:102)
at org.apache.cxf.transport.http.WSDLQueryHandler.isRecognizedQuery(WSDLQueryHandler.java:385)
at org.mule.transport.cxf.CxfServiceComponent.generateWSDLOrXSD(CxfServiceComponent.java:166)
at org.mule.transport.cxf.CxfServiceComponent.onCall(CxfServiceComponent.java:108)
at org.mule.model.resolvers.CallableEntryPointResolver.invoke(CallableEntryPointResolver.java:52)
at org.mule.model.resolvers.DefaultEntryPointResolverSet.invoke(DefaultEntryPointResolverSet.java:50)
at org.mule.component.DefaultLifecycleAdapter.intercept(DefaultLifecycleAdapter.java:202)
at org.mule.component.AbstractJavaComponent.invokeComponentInstance(AbstractJavaComponent.java:82)
at org.mule.component.AbstractJavaComponent.doOnCall(AbstractJavaComponent.java:73)
at org.mule.component.AbstractComponent.onCall(AbstractComponent.java:87)
at org.mule.model.seda.SedaService.doSend(SedaService.java:234)
at org.mule.service.AbstractService.sendEvent(AbstractService.java:510)
at org.mule.DefaultMuleSession.sendEvent(DefaultMuleSession.java:347)
at org.mule.routing.inbound.DefaultInboundRouterCollection.send(DefaultInboundRouterCollection.java:196)
at org.mule.routing.inbound.DefaultInboundRouterCollection.route(DefaultInboundRouterCollection.java:164)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:604)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:346)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:269)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:262)
at org.mule.transport.vm.VMMessageReceiver.onMessage(VMMessageReceiver.java:98)
at org.mule.transport.vm.VMMessageDispatcher.doDispatch(VMMessageDispatcher.java:66)
at org.mule.transport.AbstractMessageDispatcher$Worker.run(AbstractMessageDispatcher.java:261)
at org.mule.work.WorkerContext.run(WorkerContext.java:310)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575)
at java.lang.Thread.run(Thread.java:637)
---------------

And with Soap message produced by local copy of the wsdl, error is:

ERROR 2008-05-19 11:44:48,647 [connector.VM.0.dispatcher.4]
org.mule.service.DefaultServiceExceptionStrategy:
********************************************************************************
Message : Endpoint "vm://foo" not found
Type : org.mule.api.endpoint.EndpointNotFoundException
Code : MULE_ERROR-66126
JavaDoc :
http://mule.mulesource.org/docs/apidocs/org/mule/api/endpoint/EndpointNotFoundException.html
********************************************************************************
Exception stack is:
1. Endpoint "vm://foo" not found
(org.mule.api.endpoint.EndpointNotFoundException)
org.mule.transport.cxf.CxfServiceComponent:246
(http://mule.mulesource.org/docs/apidocs/org/mule/api/endpoint/EndpointNotFoundException.html)
********************************************************************************
Root Exception stack trace:
org.mule.api.endpoint.EndpointNotFoundException: Endpoint "vm://foo" not found
at org.mule.transport.cxf.CxfServiceComponent.sendToDestination(CxfServiceComponent.java:246)
at org.mule.transport.cxf.CxfServiceComponent.onCall(CxfServiceComponent.java:112)
at org.mule.model.resolvers.CallableEntryPointResolver.invoke(CallableEntryPointResolver.java:52)
at org.mule.model.resolvers.DefaultEntryPointResolverSet.invoke(DefaultEntryPointResolverSet.java:50)
at org.mule.component.DefaultLifecycleAdapter.intercept(DefaultLifecycleAdapter.java:202)
at org.mule.component.AbstractJavaComponent.invokeComponentInstance(AbstractJavaComponent.java:82)
at org.mule.component.AbstractJavaComponent.doOnCall(AbstractJavaComponent.java:73)
at org.mule.component.AbstractComponent.onCall(AbstractComponent.java:87)
at org.mule.model.seda.SedaService.doSend(SedaService.java:234)
at org.mule.service.AbstractService.sendEvent(AbstractService.java:510)
at org.mule.DefaultMuleSession.sendEvent(DefaultMuleSession.java:347)
at org.mule.routing.inbound.DefaultInboundRouterCollection.send(DefaultInboundRouterCollection.java:196)
at org.mule.routing.inbound.DefaultInboundRouterCollection.route(DefaultInboundRouterCollection.java:164)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:604)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:346)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:269)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:262)
at org.mule.transport.vm.VMMessageReceiver.onMessage(VMMessageReceiver.java:98)
at org.mule.transport.vm.VMMessageDispatcher.doDispatch(VMMessageDispatcher.java:66)
at org.mule.transport.AbstractMessageDispatcher$Worker.run(AbstractMessageDispatcher.java:261)
at org.mule.work.WorkerContext.run(WorkerContext.java:310)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575)
at java.lang.Thread.run(Thread.java:637)

********************************************************************************

----------------

Other thing that I tried, but did not work was to define global endpoint.

However it does not seem to work, since with normal http requests it
produced back the response from my service and the url in the request,
and just echoed back the soap requests.

</https:connector>

<https:endpoint name="clients" address="https://localhost:63081/hello">
<acegi:http-security-filter realm="mule-realm"/>
</https:endpoint>

Heimo Laukkanen

unread,

May 19, 2008, 5:58:29 AM5/19/08

to us...@mule.codehaus.org

Hi, I really should be doing something else already but this just bugs
me too much.

I identified a strange behaviour that happens with the acegi filter.

Following configuration works without the filter, with the filter it
produces errors. Works in this case means that the soap request goest
through and my component responds. Works also means that if I just try
to get wsdl, there will be an error in the log because of that.

<service name="test">
<inbound>
<https:inbound-endpoint host="localhost" path="hello"

port="63081" name="client" synchronous="true">

</https:inbound-endpoint>
</inbound>
<outbound>
<outbound-pass-through-router>
<vm:outbound-endpoint address="vm://foo"/>
</outbound-pass-through-router>
</outbound>

</service>

<service name="PermAppUMO">
<inbound>
<cxf:inbound-endpoint address="vm://foo"

wsdlLocation="/Users/huima/hello.wsdl" synchronous="true">

</cxf:inbound-endpoint>
</inbound>
<component
class="fi.helsinki.muledemo.services.PermissionApplicationServiceImpl" />
</service>
</model>

</mule>

It seems that also the bindingUri parameter works in similar way:

<service name="PermAppUMO">
<inbound>
<cxf:inbound-endpoint address="vm://foo"

bindingUri="https://localhost:63081/hello" synchronous="true">

</cxf:inbound-endpoint>
</inbound>
<component
class="fi.helsinki.muledemo.services.PermissionApplicationServiceImpl" />
</service>

These however mean that soap:Binding in wsdl is vm:// ...

Error to log for wsdl requets is:

INFO 2008-05-19 12:46:16,517 [myHttpsConnector.receiver.8]
org.mule.transport.http.HttpsMessageReceiver: Closing HTTP connection.
May 19, 2008 12:50:01 PM org.apache.cxf.transport.http.WSDLQueryHandler getStem

WARNING: URL creation failed:
java.net.MalformedURLException: unknown protocol: vm
at java.net.URL.<init>(URL.java:574)
at java.net.URL.<init>(URL.java:464)
at java.net.URL.<init>(URL.java:413)
at org.apache.cxf.transport.http.WSDLQueryHandler.getStem(WSDLQueryHandler.java:393)
at org.apache.cxf.transport.http.WSDLQueryHandler.isRecognizedQuery(WSDLQueryHandler.java:102)
at org.apache.cxf.transport.http.WSDLQueryHandler.isRecognizedQuery(WSDLQueryHandler.java:385)
at org.mule.transport.cxf.CxfServiceComponent.generateWSDLOrXSD(CxfServiceComponent.java:166)

When I put acegi security filter on, the wsdl-request still produces
same error - but now soap messages don't go through. I have
credentials in the request, and t hey are correct - since wrong
credentials produce 401 response.

ERROR 2008-05-19 12:53:37,725 [myHttpsConnector.receiver.5]
org.mule.config.i18n.MessageFactory: Failed to find message for id 134
in resource bundle META-INF.services.org.mule.i18n.core-messages
WARN 2008-05-19 12:53:37,728 [myHttpsConnector.receiver.5]
org.mule.transport.http.HttpsMessageReceiver: Request was made but was
not authenticated: Registered authentication is set to
org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter but
there was no security context on the session. . Message payload is of
type: ContentLengthInputStream
org.mule.api.security.UnauthorisedException: Registered authentication
is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter
but there was no security context on the session. . Message payload is
of type: ContentLengthInputStream
at org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:164)
at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:181)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:575)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:346)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:287)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:239)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:197)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:163)

at org.mule.work.WorkerContext.run(WorkerContext.java:310)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575)
at java.lang.Thread.run(Thread.java:637)

ERROR 2008-05-19 12:53:37,729 [myHttpsConnector.receiver.5]
org.mule.DefaultExceptionStrategy:
********************************************************************************
Message : Registered authentication is set to
org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter but
there was no security context on the session. . Message payload is of
type: ContentLengthInputStream
Type : org.mule.api.security.UnauthorisedException
Code : MULE_ERROR-54999
Payload :
org.apache.commons.httpclient.ContentLengthInputStream@21d96c05
JavaDoc :
http://mule.mulesource.org/docs/apidocs/org/mule/api/security/UnauthorisedException.html
********************************************************************************
Exception stack is:
1. Registered authentication is set to
org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter but
there was no security context on the session. . Message payload is of
type: ContentLengthInputStream
(org.mule.api.security.UnauthorisedException)
org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter:164
(http://mule.mulesource.org/docs/apidocs/org/mule/api/security/UnauthorisedException.html)

********************************************************************************
Root Exception stack trace:

org.mule.api.security.UnauthorisedException: Registered authentication
is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter
but there was no security context on the session. . Message payload is
of type: ContentLengthInputStream
at org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:164)
at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:181)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:575)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:346)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:287)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:239)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:197)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:163)

********************************************************************************

INFO 2008-05-19 12:53:37,730 [myHttpsConnector.receiver.5]
org.mule.transport.http.HttpsMessageReceiver: Closing HTTP connection.
WARN 2008-05-19 12:53:37,751 [myHttpsConnector.receiver.6]
org.mule.transport.cxf.CxfServiceComponent: Could not dispatch message
to XFire!

org.mule.api.endpoint.EndpointNotFoundException: Endpoint "vm://foo" not found
at org.mule.transport.cxf.CxfServiceComponent.sendToDestination(CxfServiceComponent.java:246)
at org.mule.transport.cxf.CxfServiceComponent.onCall(CxfServiceComponent.java:112)
at org.mule.model.resolvers.CallableEntryPointResolver.invoke(CallableEntryPointResolver.java:52)
at org.mule.model.resolvers.DefaultEntryPointResolverSet.invoke(DefaultEntryPointResolverSet.java:50)
at org.mule.component.DefaultLifecycleAdapter.intercept(DefaultLifecycleAdapter.java:202)
at org.mule.component.AbstractJavaComponent.invokeComponentInstance(AbstractJavaComponent.java:82)
at org.mule.component.AbstractJavaComponent.doOnCall(AbstractJavaComponent.java:73)
at org.mule.component.AbstractComponent.onCall(AbstractComponent.java:87)
at org.mule.model.seda.SedaService.doSend(SedaService.java:234)
at org.mule.service.AbstractService.sendEvent(AbstractService.java:510)
at org.mule.DefaultMuleSession.sendEvent(DefaultMuleSession.java:347)
at org.mule.routing.inbound.DefaultInboundRouterCollection.send(DefaultInboundRouterCollection.java:196)
at org.mule.routing.inbound.DefaultInboundRouterCollection.route(DefaultInboundRouterCollection.java:164)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:604)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:346)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:269)

at org.mule.transport.vm.VMMessageReceiver.onCall(VMMessageReceiver.java:106)
at org.mule.transport.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:104)
at org.mule.transport.AbstractMessageDispatcher.send(AbstractMessageDispatcher.java:157)
at org.mule.transport.AbstractConnector.send(AbstractConnector.java:1889)
at org.mule.endpoint.DefaultOutboundEndpoint.send(DefaultOutboundEndpoint.java:76)
at org.mule.DefaultMuleSession.sendEvent(DefaultMuleSession.java:324)
at org.mule.DefaultMuleSession.sendEvent(DefaultMuleSession.java:210)
at org.mule.routing.outbound.AbstractOutboundRouter.send(AbstractOutboundRouter.java:122)
at org.mule.routing.outbound.FilteringOutboundRouter.route(FilteringOutboundRouter.java:68)
at org.mule.routing.outbound.OutboundPassThroughRouter.route(OutboundPassThroughRouter.java:70)
at org.mule.routing.outbound.DefaultOutboundRouterCollection$1.doInTransaction(DefaultOutboundRouterCollection.java:65)
at org.mule.transaction.TransactionTemplate.execute(TransactionTemplate.java:44)
at org.mule.routing.outbound.DefaultOutboundRouterCollection.route(DefaultOutboundRouterCollection.java:70)
at org.mule.service.AbstractService.sendToOutboundRouter(AbstractService.java:894)
at org.mule.model.seda.SedaService.doSend(SedaService.java:235)

at org.mule.service.AbstractService.sendEvent(AbstractService.java:510)
at org.mule.DefaultMuleSession.sendEvent(DefaultMuleSession.java:347)
at org.mule.routing.inbound.DefaultInboundRouterCollection.send(DefaultInboundRouterCollection.java:196)
at org.mule.routing.inbound.DefaultInboundRouterCollection.route(DefaultInboundRouterCollection.java:164)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:604)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:346)

at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:287)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:239)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:197)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:163)

Response to soapUI-client is:

HTTP/1.1 200 OK
Content-Length: 0
Expires: Mon, 19 May 2008 12:46:16 EEST
MULE_CORRELATION_ID: 6cf99a11-2588-11dd-a910-c14bd9ca48f9
MULE_CORRELATION_SEQUENCE: -1
MULE_CORRELATION_GROUP_SIZE: -1
Date: Mon, 19 May 2008 12:46:16 EEST
Server: Mule Core/2.0.0
Content-Type: text/xml;charset=UTF-8

Does the filter screw up something or what have I misunderstood?

Antoine Borg

unread,

May 19, 2008, 1:14:55 PM5/19/08

to us...@mule.codehaus.org

Hi,

From your stack trace:

> Exception stack is:
> 1. Registered authentication is set to
> org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter
> but there was no security context on the session. . Message
> payload is of

In Mule 1.x you'd need to set up a security manager and refer to providers.
This seems to be the same in Mule 2 but I haven't tried it myself.
http://mule.mulesource.org/display/MULE2USER/Acegi+Module#AcegiModule-acegis
ecuritymanager should help a little ....

HTHT

Antoine Borg, Senior Consultant | Tel: +356 21334457 | Fax: +356 21 334156
ricston Ltd., Lincoln, 7 Ferdinand Grech Street, Lija LJA1142, MALTA
email: antoin...@ricston.com | blog: blog.ricston.com | web: ricston.com

</mule>

****************************************************************************
****

er.java:163)
at org.mule.work.WorkerContext.run(WorkerContext.java:310)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1061)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run

Heimo Laukkanen

unread,

May 19, 2008, 1:36:08 PM5/19/08

to us...@mule.codehaus.org

On Mon, May 19, 2008 at 8:14 PM, Antoine Borg <antoin...@ricston.com> wrote:

> Hi,

>
> In Mule 1.x you'd need to set up a security manager and refer to providers.
> This seems to be the same in Mule 2 but I haven't tried it myself.
> http://mule.mulesource.org/display/MULE2USER/Acegi+Module#AcegiModule-acegis
> ecuritymanager should help a little ....

Hi Antoine,

I do have them in the configuration and the security manager seems to
be working ok otherwise. It is just that with CXF everything goes
wrong. See my other post about making it all work with Axis without a
hassle.

By the way, are the Skills matter courses that you do concentrating on
Mule 1 or Mule 2 architecture?

<spring:bean id="inMemoryDaoImpl"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<spring:property name="userMap">
<spring:value>
ross=ross,ROLE_ADMIN
anon=anon,ROLE_ANONYMOUS
</spring:value>
</spring:property>
</spring:bean>

<spring:bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<spring:property name="userDetailsService" ref="inMemoryDaoImpl"/>
</spring:bean>

<acegi:security-manager>
<acegi:delegate-security-provider name="memory-dao"
delegate-ref="daoAuthenticationProvider"/>
</acegi:security-manager>

-huima

Dan Diephouse

unread,

May 19, 2008, 7:56:59 PM5/19/08

to us...@mule.codehaus.org

Ah, ignore my post - it was ridiculously stupid. I mistook your <https:connector> configuration for a CXF specific thing.

I will work to improve the docs, but I'm still a little confused about what you're trying to do. It sounds like ultimately you want a way to enforce basic authentication on your service, right? And the current issue is that security filters are not being applied properly to the cxf endpoints? Although this thing works fine on Axis.

With the advent of the CXF connector, we changed how transformers/security filters were applied. If you think about a CXF service inside Mule you really have two endpoints. One which receives the HTTP/XML message and another which receives the serialize POJO message. With the CXF connector, any security filters/transformers end up getting applied to the POJOs now instead of at the HTTP layer. The idea behind this is that you can always do a layer of indirection if you need to: HTTP -> VM -> CXF. Then you can apply transformers/security-filters at either the HTTP or POJO level.

However, it seems that serving out the WSDL over the vm:// protocol does not work, which prevents you from talking to the endpoint. I created a JIRA for this: http://mule.mulesource.org/jira/browse/MULE-3383

Some ideas for a work around until we get this fixed:
1. Do WSDL first development so you don't have to serve the wsdl over the vm transport
2. Write a CXF interceptor which performs authentication so the cxf service can listen directly on cxf:https://host. This could look something like this:

public MyAuthenticationInterceptor extends AbstractInterceptor {
public MyAuthenticationInterceptor() {
    super(Phase.RECEIVE);
}
public void handleMessage(Message m) {
    Map<String,List<String>> protocolHeaders = m.get(Message.PROTOCOL_HEADERS);
    List<String> authHeader = (List<String>) protocolHeaders.get("Authorization");
    // there should only be one value for this header, but you shoudl implement checks
    String value = authHeader.get(0);
    // the authorization header is base64 encoded
    String decodedVal = Base64.decode(value);
    // the decodedVal variable will be in the form of "username:password"
    authorize(decodedVal);
}
}
And then you can apply it like so:

<cxf:inbound-endpoint ...>
<cxf:inInterceptors>
     <spring:bean class="MyAuthenticationInterceptor"/>
</cxf:inInterceptors>
</cxf:inbound-endpoint>

I will ask around to see if other people have a better idea too.

Antoine Borg

unread,

May 20, 2008, 3:50:39 AM5/20/08

to us...@mule.codehaus.org

Hello Heimo,

Dan is far better at answering the technicalities of this question (as he
mentioned, the manner in which filters are applied/used has changed)

The Skills Matter courses that I deliver are still 1.4 specific but we
should have a Mule 2 version out sometime in June. Keep an eye on our web
site or my blog for news (links in the sig)

HTH

-----Original Message-----
From: heimo.l...@gmail.com [mailto:heimo.l...@gmail.com] On Behalf
Of Heimo Laukkanen
Sent: Monday, May 19, 2008 7:36 PM
To: us...@mule.codehaus.org
Subject: Re: [mule-user] Developing and securing webservices - CXF, SSL and
basic authentication in Mule 2

On Mon, May 19, 2008 at 8:14 PM, Antoine Borg <antoin...@ricston.com>
wrote:

> Hi,
>
> In Mule 1.x you'd need to set up a security manager and refer to
providers.
> This seems to be the same in Mule 2 but I haven't tried it myself.
> http://mule.mulesource.org/display/MULE2USER/Acegi+Module#AcegiModule-