A few weeks ago I received a mail with a request to look into an issue of which I was pretty sure I had solved it before. Since I couldn’t find how I did it back then I decided to post it here for future reference. The situation is like this: a web service is proxied with Mule ESB and password protection is added to it by applying Spring Security. The configuration of the service looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:mulexml="http://www.mulesoft.org/schema/mule/xml" xmlns:https="http://www.mulesoft.org/schema/mule/https"
xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:spring="http://www.springframework.org/schema/beans" xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern"
xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
xmlns:ss="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd
http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/3.3/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/3.3/mule-http.xsd
http://www.mulesoft.org/schema/mule/pattern http://www.mulesoft.org/schema/mule/pattern/3.3/mule-pattern.xsd
http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.3/mule-spring-security.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<mule-ss:security-manager>
<mule-ss:delegate-security-provider
name="memory-dao" delegate-ref="authenticationManager" />
</mule-ss:security-manager>
<spring:beans>
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="pascal" password="alma" authorities="ROLE_ADMIN" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
</spring:beans>
<http:connector name="NoSessionConnector">
<service-overrides sessionHandler="org.mule.session.NullSessionHandler" />
</http:connector>
<pattern:web-service-proxy name="countries">
<http:inbound-endpoint address="http://localhost:8080" exchange-pattern="request-response">
<mule-ss:http-security-filter realm="mule-realm" />
</http:inbound-endpoint>
<http:outbound-endpoint address="http://www.webservicex.net/country.asmx" exchange-pattern="request-response" />
</pattern:web-service-proxy>
</mule>
I think the code is quite straightforward. Every request coming in at 'http://localhost:8080' is forwarded to 'http://www.webservicex.net/country.asmx' after the subject has been authenticated against the ‘authentication-provider’.
To test this setup I created a SoapUI project. Also this is quite straightforward but I show it here anyway. I use SoapUI 4.5.1.
- Create a new SoapUI project
- Enter a name and the WSDL of the service
- Test the service by making a call
- Use the web service proxy
- Supply username and password
Until here it is all straightforward except for the result in the last call!
It seems that the username and password is not supplied in the call to the proxy. This is a setting in SoapUI that you have to enable. It is ‘hidden’ in the ‘Preferences’ of the tool. You have to enable the setting like this:
While testing this code for the post I also had to uncheck the following option to get a ‘human-readable’ response in SoapUI:
Now if you send a request you get the expected answer:
The Pragmatic Integrator 
Hi, I am new to Mule ESB and need some help on it. I have to configure proxy settings in Mule ESB which is installed in Linux environment. I am trying to test my webservices from SOAP UI with WS-security. I have all the required certificates and URL’s .
Any advice would be great help.
Thanks,
Neha Mishra
Hi Neha,
I am not sure what your issue is but if you are having problems because your Linux server is behind a corporate proxy or something similar I would try to set the proxy settings at Linux level. Have a look here to see if this helps.
Another solution could be to define it in the HTTP connector like describes here.
Hi Pascal, Thanks for the reply.
I don;t have to do proxy settings at Linux level. I think i was not clear in my question.
We have installed Mule ESB in our development environment which is a linux box. Now, i want to use Mule ESB as a proxy server to access my external web services. Basically, i want to route my web service call through this Mule ESB proxy server. I need to make some change to configure proxy settings in Mule ESB such as configuring webservice URL’s etc.
What are the other configurations i need to make to set up Mule ESB as proxy server.
Thanks,
Neha Mishra
Hi Neha,
That is indeed another issue then what I first thought the issue was. About the proxy setup did you already have a look here, here and here?
I think there is a lot of examples and info to find about this pattern so it shouldn’t be too hard to crack this one yourself 🙂
Hi Pascal,
So my question is : Can i create a workflow in Mule Studio which will redirect all my webservice calls to webserver. Is it possible to create such process flow in Studio.
Thanks.
Hi Neha, Yes I believe it is possible. I never used the Mule Studio myself but I saw you already found this post which describes how to do it. If you combine this example with mine here you should be there.
Hello Pascal,
Thank you very much for the nice article. I have done a setup similar to what you have mentioned, except in my case the inbound address is over SSL (HTTPS). The Presentation Layer (hosted on Drupal) calls the Mule which proxies an internal service hosted on JBOSS and running on HTTP. Thus, I can say that mule terminates SSL when does the proxy to the actual service. I have managed to import a PFX certificate (with password protection) into the java keystore (JKS) using keytool utility and configured the mule to use this JKS.
When Drupal server is hitting the mule over HTTPS, I have double checked the Service End Points used by Drupal to be over SSL (HTTPS and not HTTP) I get following in the mule logs. What is it I am missing ? any pointers would be of great help ..
ERROR 2013-04-09 12:49:58,985 [[reverse-proxy-service].httpsConnector.receiver.02] org.mule.exception.DefaultSystemExceptionStrategy: Caught exception in Exception Strategy: Unrecognized SSL message, plaintext connection?
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671)
at sun.security.ssl.InputRecord.read(InputRecord.java:504)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:69)
at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
at org.mule.transport.http.HttpServerConnection.readLine(HttpServerConnection.java:219)
at org.mule.transport.http.HttpServerConnection.readRequest(HttpServerConnection.java:185)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:155)
at org.mule.work.WorkerContext.run(WorkerContext.java:311)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
Hi Abhijit,
Can you post the relevant part of the Mule config? I believe you can post XML code between [ sourcecode language=’xml’] tags to make it readable in the comment.
Thanks for your help. I could solve the problem, it was something to do with the keystore that I created.. There was a problem importing the cert into the keystore..