Mule ESB allows authentication of requests via various transport-specific and generic authentication methods. It also controls authorization at the method level on service components. Security is pluggable via the Mule security API, allowing custom implementations. Spring Security 3.0 and Acegi provide authentication and authorization providers like LDAP, JAAS, and CAS. WS-Security enforces integrity, confidentiality and end-to-end security in SOAP messages using XML signatures and security tokens. Mule also supports encryption strategies, PGP security, and Jaas security.