Testing a secured Mule ESB Web Service Proxy with SoapUI

23 Jan

A few weeks ago I received a mail with a request to look into an issue of which I was pretty sure I had solved it before. Since I couldn’t find how I did it back then I decided to post it here for future reference. The situation is like this: a web service is proxied with Mule ESB and password protection is added to it by applying Spring Security. The configuration of the service looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:mulexml="http://www.mulesoft.org/schema/mule/xml" xmlns:https="http://www.mulesoft.org/schema/mule/https"
	xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:spring="http://www.springframework.org/schema/beans" xmlns:http="http://www.mulesoft.org/schema/mule/http"
	xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern"
	xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
	xmlns:ss="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd
       http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd 
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
       http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/3.3/mule.xsd
       http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/3.3/mule-http.xsd
       http://www.mulesoft.org/schema/mule/pattern http://www.mulesoft.org/schema/mule/pattern/3.3/mule-pattern.xsd
       http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.3/mule-spring-security.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <mule-ss:security-manager>
        <mule-ss:delegate-security-provider
			name="memory-dao" delegate-ref="authenticationManager" />
    </mule-ss:security-manager>

    <spring:beans>
        <ss:authentication-manager alias="authenticationManager">
            <ss:authentication-provider>
                <ss:user-service id="userService">
                    <ss:user name="pascal" password="alma" authorities="ROLE_ADMIN" />
                </ss:user-service>
            </ss:authentication-provider>
        </ss:authentication-manager>
    </spring:beans>

    <http:connector name="NoSessionConnector">
        <service-overrides sessionHandler="org.mule.session.NullSessionHandler" />
    </http:connector>

    <pattern:web-service-proxy name="countries">
        <http:inbound-endpoint address="http://localhost:8080" exchange-pattern="request-response">
            <mule-ss:http-security-filter realm="mule-realm" />
        </http:inbound-endpoint>
        <http:outbound-endpoint address="http://www.webservicex.net/country.asmx" exchange-pattern="request-response" />
    </pattern:web-service-proxy>
</mule>

I think the code is quite straightforward. Every request coming in at 'http://localhost:8080' is forwarded to 'http://www.webservicex.net/country.asmx' after the subject has been authenticated against the ‘authentication-provider’.
To test this setup I created a SoapUI project. Also this is quite straightforward but I show it here anyway. I use SoapUI 4.5.1.

  • Create a new SoapUI project
  • Screen Shot 2013-01-19 at 09.13.10

  • Enter a name and the WSDL of the service
  • Screen Shot 2013-01-19 at 09.14.02

  • Test the service by making a call
  • Screen Shot 2013-01-19 at 09.18.05

  • Use the web service proxy
  • Screen Shot 2013-01-19 at 13.25.23

  • Supply username and password
  • Screen Shot 2013-01-19 at 13.47.25

Until here it is all straightforward except for the result in the last call!
Screen Shot 2013-01-19 at 14.00.54
It seems that the username and password is not supplied in the call to the proxy. This is a setting in SoapUI that you have to enable. It is ‘hidden’ in the ‘Preferences’ of the tool. You have to enable the setting like this:
Screen Shot 2012-12-24 at 14.25.44
While testing this code for the post I also had to uncheck the following option to get a ‘human-readable’ response in SoapUI:
Screen Shot 2012-12-24 at 21.42.49
Now if you send a request you get the expected answer:
Screen Shot 2013-01-19 at 13.54.47

9 Responses to “Testing a secured Mule ESB Web Service Proxy with SoapUI”

  1. Neha Mishra 28/02/2013 at 15:28 #

    Hi, I am new to Mule ESB and need some help on it. I have to configure proxy settings in Mule ESB which is installed in Linux environment. I am trying to test my webservices from SOAP UI with WS-security. I have all the required certificates and URL’s .

    Any advice would be great help.

    Thanks,
    Neha Mishra

    • Pascal Alma 02/03/2013 at 12:12 #

      Hi Neha,
      I am not sure what your issue is but if you are having problems because your Linux server is behind a corporate proxy or something similar I would try to set the proxy settings at Linux level. Have a look here to see if this helps.
      Another solution could be to define it in the HTTP connector like describes here.

  2. Neha Mishra 06/03/2013 at 14:39 #

    Hi Pascal, Thanks for the reply.
    I don;t have to do proxy settings at Linux level. I think i was not clear in my question.

    We have installed Mule ESB in our development environment which is a linux box. Now, i want to use Mule ESB as a proxy server to access my external web services. Basically, i want to route my web service call through this Mule ESB proxy server. I need to make some change to configure proxy settings in Mule ESB such as configuring webservice URL’s etc.

    What are the other configurations i need to make to set up Mule ESB as proxy server.

    Thanks,
    Neha Mishra

    • Pascal Alma 06/03/2013 at 19:08 #

      Hi Neha,
      That is indeed another issue then what I first thought the issue was. About the proxy setup did you already have a look here, here and here?
      I think there is a lot of examples and info to find about this pattern so it shouldn’t be too hard to crack this one yourself :-)

      • Neha Mishra 07/03/2013 at 16:07 #

        Hi Pascal,

        So my question is : Can i create a workflow in Mule Studio which will redirect all my webservice calls to webserver. Is it possible to create such process flow in Studio.

        Thanks.

      • Pascal Alma 09/03/2013 at 13:02 #

        Hi Neha, Yes I believe it is possible. I never used the Mule Studio myself but I saw you already found this post which describes how to do it. If you combine this example with mine here you should be there.

  3. Abhijit 09/04/2013 at 15:06 #

    Hello Pascal,

    Thank you very much for the nice article. I have done a setup similar to what you have mentioned, except in my case the inbound address is over SSL (HTTPS). The Presentation Layer (hosted on Drupal) calls the Mule which proxies an internal service hosted on JBOSS and running on HTTP. Thus, I can say that mule terminates SSL when does the proxy to the actual service. I have managed to import a PFX certificate (with password protection) into the java keystore (JKS) using keytool utility and configured the mule to use this JKS.
    When Drupal server is hitting the mule over HTTPS, I have double checked the Service End Points used by Drupal to be over SSL (HTTPS and not HTTP) I get following in the mule logs. What is it I am missing ? any pointers would be of great help ..

    ERROR 2013-04-09 12:49:58,985 [[reverse-proxy-service].httpsConnector.receiver.02] org.mule.exception.DefaultSystemExceptionStrategy: Caught exception in Exception Strategy: Unrecognized SSL message, plaintext connection?
    javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671)
    at sun.security.ssl.InputRecord.read(InputRecord.java:504)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:69)
    at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
    at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
    at org.mule.transport.http.HttpServerConnection.readLine(HttpServerConnection.java:219)
    at org.mule.transport.http.HttpServerConnection.readRequest(HttpServerConnection.java:185)
    at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:155)
    at org.mule.work.WorkerContext.run(WorkerContext.java:311)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

    • Pascal Alma 14/04/2013 at 07:02 #

      Hi Abhijit,
      Can you post the relevant part of the Mule config? I believe you can post XML code between [ sourcecode language='xml'] tags to make it readable in the comment.

      • Abhijit 22/04/2013 at 14:34 #

        Thanks for your help. I could solve the problem, it was something to do with the keystore that I created.. There was a problem importing the cert into the keystore..

Comments are closed.

Follow

Get every new post delivered to your Inbox.

Join 97 other followers

%d bloggers like this: