Quantcast

Using Spring Security (HTTP) in Mule for REST APIs ?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Using Spring Security (HTTP) in Mule for REST APIs ?

Adrian Brenes-2
Hello:

We are using Mule 3.1.0 version and have one of the component that exposes some REST APIs using Mule Jersey Module. I'm looking to secure these REST URLs through Spring Security using it's HTTP based security mechanism that applies security to the set of URLs specified directly in application context xml.

The challenge I'm facing is : Spring Security mechanism gets kicked off through ServletFilter (DelegatingFilterProxy) and it's pretty easy for web application having web.xml where filters can be defined easily. However, my application is deployed having native Mule structure with no web.xml and I'm wondering how should I integrate Spring Security's HTTP mechanism here. I tried injecting the filter through jetty handler programmatically, however not successful yet.

I would appreciate any suggestions/advice on this.

Thanks and Appreciate your help very much.

Regards,
-Hiten

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Using Spring Security (HTTP) in Mule for REST APIs ?

rvoliva@gmail.com
We do it by setting up Spring Security in our mule config.  We use it for both http basic auth as well as annotation-based-role-based security.

<!-- Global security manager -->
<mule-ss:security-manager>
<mule-ss:delegate-security-provider
name="jdbc-security-provider" delegate-ref="authenticationManager" />
</mule-ss:security-manager>

<spring:beans>

<!-- Setup authentication -->
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider
user-service-ref="customUserDetailsService">
<ss:password-encoder hash="md5" />
</ss:authentication-provider>
</ss:authentication-manager>
<spring:bean id="customUserDetailsService"
class="xxx.xxx.mule.security.userdetails.UserDetailsDelegateService" />

<ss:global-method-security
jsr250-annotations="enabled" />

</spring:beans>

On Fri, Feb 10, 2012 at 1:15 AM, giveway [via Mule] <[hidden email]> wrote:
Hello:

We are using Mule 3.1.0 version and have one of the component that exposes some REST APIs using Mule Jersey Module. I'm looking to secure these REST URLs through Spring Security using it's HTTP based security mechanism that applies security to the set of URLs specified directly in application context xml.

The challenge I'm facing is : Spring Security mechanism gets kicked off through ServletFilter (DelegatingFilterProxy) and it's pretty easy for web application having web.xml where filters can be defined easily. However, my application is deployed having native Mule structure with no web.xml and I'm wondering how should I integrate Spring Security's HTTP mechanism here. I tried injecting the filter through jetty handler programmatically, however not successful yet.

I would appreciate any suggestions/advice on this.

Thanks and Appreciate your help very much.

Regards,
-Hiten

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





If you reply to this email, your message will be added to the discussion below:
http://mule.1045714.n5.nabble.com/Using-Spring-Security-HTTP-in-Mule-for-REST-APIs-tp5471721p5471721.html
To start a new topic under Mule - User, email [hidden email]
To unsubscribe from Mule - User, click here.
NAML

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Using Spring Security (HTTP) in Mule for REST APIs ?

alejandro.such
This post has NOT been accepted by the mailing list yet.
With that configuration, I receive a 404 when my @PreAuthorize("hasRole(..., ...)") annotations are put on a Jersey REST service. Everything goes well when put on any other autowired Spring Bean.

Do I need any other extra configuration?

Thx,
Alx
Loading...