A few weeks ago I received a mail with a request to look into an issue of which I was pretty sure I had solved it before. Since I couldn’t find how I did it back then I decided to post it here for future reference. The situation is like this: a web service is proxied with Mule ESB and password protection is added to it by applying Spring Security. The configuration of the service looks like this:
<?xml version="1.0" encoding="UTF-8"?> <mule xmlns:mulexml="http://www.mulesoft.org/schema/mule/xml" xmlns:https="http://www.mulesoft.org/schema/mule/https" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:spring="http://www.springframework.org/schema/beans" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern" xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security" xmlns:ss="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/3.3/mule.xsd http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/3.3/mule-http.xsd http://www.mulesoft.org/schema/mule/pattern http://www.mulesoft.org/schema/mule/pattern/3.3/mule-pattern.xsd http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.3/mule-spring-security.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <mule-ss:security-manager> <mule-ss:delegate-security-provider name="memory-dao" delegate-ref="authenticationManager" /> </mule-ss:security-manager> <spring:beans> <ss:authentication-manager alias="authenticationManager"> <ss:authentication-provider> <ss:user-service id="userService"> <ss:user name="pascal" password="alma" authorities="ROLE_ADMIN" /> </ss:user-service> </ss:authentication-provider> </ss:authentication-manager> </spring:beans> <http:connector name="NoSessionConnector"> <service-overrides sessionHandler="org.mule.session.NullSessionHandler" /> </http:connector> <pattern:web-service-proxy name="countries"> <http:inbound-endpoint address="http://localhost:8080" exchange-pattern="request-response"> <mule-ss:http-security-filter realm="mule-realm" /> </http:inbound-endpoint> <http:outbound-endpoint address="http://www.webservicex.net/country.asmx" exchange-pattern="request-response" /> </pattern:web-service-proxy> </mule>
I think the code is quite straightforward. Every request coming in at
'http://localhost:8080' is forwarded to
'http://www.webservicex.net/country.asmx' after the subject has been authenticated against the ‘authentication-provider’.
To test this setup I created a SoapUI project. Also this is quite straightforward but I show it here anyway. I use SoapUI 4.5.1.
- Create a new SoapUI project
- Enter a name and the WSDL of the service
- Test the service by making a call
- Use the web service proxy
- Supply username and password
Until here it is all straightforward except for the result in the last call!
It seems that the username and password is not supplied in the call to the proxy. This is a setting in SoapUI that you have to enable. It is ‘hidden’ in the ‘Preferences’ of the tool. You have to enable the setting like this:
While testing this code for the post I also had to uncheck the following option to get a ‘human-readable’ response in SoapUI:
Now if you send a request you get the expected answer: