The document discusses configuring Spring Security 3.0 as a security manager in Mule. It provides an example configuration that uses an in-memory database of users for authentication. It also describes adding the necessary Spring Security schema references and using security filters to authenticate inbound and outbound requests.

1. MULE –Spring Security Manager

2. 2
Configuring the Spring Security Manager
Use Spring Security 3.0 as a Security Manager inside of Mule. You can use
any of the library’s security providers such as JAAS, LDAP, CAS (Yale
Central Authentication service), and DAO. For more information on the
elements you can configure for a Mule security manager, see Security
Manager Configuration Reference.

3. 3
Example
The following example illustrates how to configure a single security provider
on Mule, in this case an in-memory database of users. To configure the
provider, we set up a <user-service> element and the <authentication-
manager> to which Mule delegates.

4. 4
<mule xmlns:tls="http://www.mulesoft.org/schema/mule/tls"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns:tracking="http://www.mulesoft.org/schema/mule/ee/tracking"
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans" version="EE-3.6.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
xmlns:ss="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core
http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http
http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/ee/tracking
http://www.mulesoft.org/schema/mule/ee/tracking/current/mule-tracking-ee.xsd
http://www.mulesoft.org/schema/mule/spring-security
http://www.mulesoft.org/schema/mule/spring-security/3.1/mule-spring-security.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.mulesoft.org/schema/mule/tls
http://www.mulesoft.org/schema/mule/tls/current/mule-tls.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.mulesoft.org/schema/mule/https

5. 5
<spring:beans>
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="user" password="password" authorities="ROLE_ADMIN" />
<ss:user name="anon" password="anon" authorities="ROLE_ANON" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
</spring:beans>
<mule-ss:security-manager>
<mule-ss:delegate-security-provider name="memory-provider" delegate-
ref="authenticationManager" />
</mule-ss:security-manager>
<http:listener-config name="HTTP_Listener_Configuration" host="localhost" port="8081"
doc:name="HTTP Listener Configuration" />
<flow name="SpringExample">
<http:listener config-ref="HTTP_Listener_Configuration" path="/" doc:name="HTTP"/>
<logger level="INFO" message="## received" doc:name="Logger"/>
<http:basic-security-filter realm="mule-realm"/>
<logger level="INFO" message="## passed security" doc:name="Logger"/>
</flow>
</mule>

6. 6
Adding Spring Security References
To make Spring security work, you need to add XML schema declarations
to your Mule App. Notice the above example includes the following
references inside the root XML element:
xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
xmlns:ss="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core
http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http
http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/ee/tracking
http://www.mulesoft.org/schema/mule/ee/tracking/current/mule-tracking-ee.xsd
http://www.mulesoft.org/schema/mule/spring-security
http://www.mulesoft.org/schema/mule/spring-security/3.1/mule-spring-security.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd

7. 7
Security Filters
Security filters can be configured on an object to either authenticate
inbound requests or attach credentials to outbound requests. For example,
to configure an HTTP basic authorization filter on an HTTP connector, you
would use the following connector security filter:
<mule-ss:http-security-filter realm="mule-realm"/>

8. 8
When a request is received, the authentication header is read from the
request and authenticated against all security providers on the Security
Manager. If you only want to validate on certain providers, you can supply a
comma-separated list of security provider names.
<mule-ss:http-security-filter realm="mule-realm"
securityProviders="default,another"/>

9. 9
This bean defines a proxy for the protected bean. When an application
asks Spring for a myComponent bean, it will get this proxy instead.
<bean id="autoProxyCreator"
class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<property name="interceptorNames">
<list>
<value>myComponentSecurity</value>
</list>
</property>
<property name="beanNames">
<list>
<value>myComponent</value>
</list>
</property>
<property name='proxyTargetClass' value="true"/>
</bean>