Mule ESB allows for authentication of requests via various transport-specific and generic authentication methods. It also supports controlling authorization at the method level on service components. Security is pluggable via the Mule security API, allowing custom implementations. Spring Security 3.0 and Acegi provide authentication and authorization options like JAAS, LDAP, and CAS. WS-Security is a standard for applying security to web services through XML signatures, encryption headers, and binary security tokens. Mule supports WS-Security, SAML for security information exchange, and other options like encryption strategies, PGP security, and Jaas security.

1. MULE –ESB :Security

2. 2
Configuring Security
Mule ESB allows you to authenticate requests via endpoints using
transport-specific or generic authentication methods. It also allows you to
control method-level authorization on your service components. The
Security Manager is responsible for authenticating requests based on one
or more security providers. All security is pluggable via the Mule security
API , so you can easily plug in custom implementations.

3. 3
Spring Security 3.0
Spring Security is the next version of Acegi and provides a number of
authentication and authorization providers such as JAAS, LDAP, CAS
(Yale Central Authentication service), and DAO. The following topics will
help you get started securing your services using Spring Security:
•Configuring the Spring Security Manager
•Component Authorization Using Spring Security
•Setting up LDAP Provider for Spring Security

4. 4
Acegi
Acegi provides a number of authentication and authorization providers such
as JAAS, LDAP, CAS (Yale Central Authentication service), and DAO. The
following topics will help you get started securing your services using
Acegi:
•Configuring the Acegi Security Manager
•Component Authorization Using Acegi
•Setting up LDAP Provider for Acegi

5. 5
WS-Security and SAML
WS-Security is a standard protocol for applying security to Web services. It
contains specifications on how integrity and confidentiality in a SOAP
message can be enforced via XML signatures and binary security tokens
such as X.509 certificates and Kerberos tickets as well as encryption
headers. It ensures end-to-end security by working in the application layer
as opposed to the transport layer

6. 6
WS-Security Example The WS-Security example demonstrates the
different possibilities available for incorporating WS-Security into your Mule
application. This example is available in the enterprise edition of Mule as of
version 2.2.3.
Enabling WS-Security - Describes how to secure your CXF SOAP
endpoints with WS-Security.
SAML Module - Mule now supports the SAML standard for exchange of
security information between systems. This module is available in the
enterprise edition of Mule as of version 2.2.3

7. 7
Other Security Integration
Mule also supports the following security technologies:
Encryption Strategies - Secure your messages by encrypting them.
PGP Security - Secure your messages by encrypting them with PGP.
Jaas Security