Author: Sonali Chougule
Mule provides different options to secure applications. One of them is Spring security which provides authentication and authorization. Spring security filter is used to authenticate inbound requests against the user’s credentials. In this article, we will see how to use spring for basic authentication.
Let’s get started!
- Create a simple application
- In Anypoint Studio, create an application as shown below. Add a basic security filter after the listener from the HTTP module.
- Edit the Realm value to “Validate credentials”.
- Set a dummy payload.
- Add the Spring module in the application.
- Create a bean file.
- Create a xml file named bean.xml in resources folder and paste the below code in the file.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:ss="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-4.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="user1" password="{noop}test" authorities="ROLE_ADMIN" />
<ss:user name="user2" password="{noop}test" authorities="ROLE_ADMIN" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
</beans>
- Make sure the namespace is added in the file.
- Mention the username and corresponding passwords as shown in the code. Also, remember the authentication Manager alias name.
- The prefix{noop} must be added before the password for the encoder to validate the password.
- Create the global elements required.
- Spring Config- Give the path/name of the beans.xml file.
- Spring Security manager- Provide a name and reference. The alias name in the bean file should be given as the reference.
- Run the Application.
- Make sure there are no errors in the application and run the application. Hit the API from a browser and you should see a popup as below.
- Enter the correct username and password as given in the bean file and you should get the response.
- If the credentials provided are not of an authenticated user, it will give ‘Authentication Failed Attempt’ error.
