Compared to Mule 3, Mule 4 improvements have provided significant API-led connectivity solutions to smooth the process of API development and testing with enhanced security. The basic authentication process in Mule 4 using the HTTPS protocol will ensure solid security to Mule applications. Below, we dive into the process of creating and enabling the HTTPS configuration for providing HTTPS service, security filters and authorization filters for validating the HTTPS request based on Spring module with basic authentication.
Process for Applying and Enabling HTTPS Configuration for Mule 4 HTTP Connector
Steps to Create Mule4 HTTPS Listener Configuration
Step 1: Create and import certificates.
Here, we cover the process of generating and using Keystore configuration. The standard Java JDK distribution does not include a Keystore by default. So, use Keytool to generate Keystores and certificates. The Keystore generated contains a private key and a public certificate. This certificate is self-signed. To create a self-signed cert:
keytool -genkey -alias mule -keyalg RSA -keystore keystore.jks
Executing the above command results in the following commands to populate and provide necessary details:
Upon successful execution, the Keystore.jks file will be generated. Move this into the Mule application location (src/main/resources).
Step 2: Run Anypoint Studio and create a new Mule project.
As illustrated in the below image, create a sample flow with HTTP Connector for HTTPS configuration, security filter and authorization filter for validating the HTTPS request based on the Spring module with basic authentication. In the Mule configuration file, drag the HTTP Listener and other required connectors from the palette and then test the application.
Step 3: Under HTTP Listener general configuration, set the protocol to HTTPS and use the 8082 as the port.
Step 4: Under HTTP Listener TLS configuration, provide Keystore configuration parameters to apply HTTPS secured protocol policy.
The Keystore contains private keys and is essential only when a server is running on an SSL connection. Store public keys and the certificates issued from the certificate authority. Here, the focus is on the process of using the Keystore configuration.
Under HTTP Listener TLS Keystore configuration, pass Keystore type, location of the Keystore authenticated file (like .JKS file if Type=JKS) and other parameters.
The Mule application is now ready to provide HTTPS-based Listener service for all requests which are using this HTTPS configuration. Test this process using the application URL: https://localhost:8082/testPath. The below screenshot illustrates the request submitted successfully.
Process for Applying and Enabling Spring Authentication of HTTPS Requests
In this process, set up and configure the Mule application to be able to use the authorization filter with the Spring security manager for providing basic authentication to the HTTP/HTTPS Listener.
Steps in Applying HTTP/HTTPS Listener Basic Authentication
Step 1: Create a project in Studio 7 and add the Spring module from Exchange.
Step 2: Create an XML in the resources/basic-auth folder to define the bean configuration.
Step 3: Go to the global elements tab of your configuration and create the below configurations:
- Spring configuration to import basic-auth/beans.xml:
- Spring Security Manager to provide authentication-manager (defined in bean configuration XML: basic-auth/beans.xml) as delegate reference:
Here, the developer should make sure the POM file must contain the following dependencies in the POM. Check the POM file for the Mule Maven plugin containing the following shared libraries:
Step 4: Design and execute the below flow with an HTTP Listener and add the security filter from the palette:
Step 5: It's common to test the HTTPS and basic authentication of Mule 4 HTTP Listener. Upon successful application deployment, perform the below steps:
- In Postman under Authorization, select Basic Auth as the Type.
- Provide a valid username and password.
- Trigger the application URL: https://localhost:8082/testPath
Note: If the request submitted is valid, then it will be successful and the response status will be “Success (200).” If the request submitted is invalid, then the response status will be “Not Authorized (401).”