I am having a problem with getting HTTP Basic auth. to work with Mule 3.2. We have earlier used Mule 2.1.1 without problems but now I am stuck. I have created a small test service with a configuration like this, based on examples in the Mule documentation:
<mule xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns:vm="http://www.mulesoft.org/schema/mule/vm"
xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
xmlns:ss="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/3.2/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/3.2/mule-http.xsd
http://www.mulesoft.org/schema/mule/vm http://www.mulesoft.org/schema/mule/vm/3.2/mule-vm.xsd
http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.2/mule-spring-security.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
....
<spring:beans>
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="ross" password="ross" authorities="ROLE_ADMIN"/>
<ss:user name="anon" password="anon" authorities="ROLE_ANON"/>
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
</spring:beans>
<mule-ss:security-manager>
<mule-ss:delegate-security-provider name="memory-provider"
delegate-ref="authenticationManager"/>
</mule-ss:security-manager>
<model name="testModel">
<service name="testService">
<inbound>
<http:inbound-endpoint host="localhost" port="8888" exchange-pattern="request-response">
<mule-ss:http-security-filter realm="mule-realm"/>
</http:inbound-endpoint>
</inbound>
....
But when directing a browser to http://localhost:8888/ I just get an exception in the mule log:
Root Exception stack trace:
org.mule.api.security.UnauthorisedException: Registered authentication is set to com.computas.mt.mule.security.HttpBasicJBossAuthFilter but there was no security context on the session. Authentication denied on endpoint http://localhost:8888. Message payload is of type: String
at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:160)
at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:58)
at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:56)
+ 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
I have checked the response headers, and all i get back from Mule is this. I would have expected to also get the headers that indicate that authentication is required:
Content-Type: text/plain
Content-Length: 243
Connection: close
401 Unauthorized
All works fine when not using authentication. Anyone else that have experienced this and found a solution? Maybe I have done a very simple and stupid mistake, but in that case i really can't see it... Note: We run Mule inside JBoss 4.2.1, not standalone.
Regards
Jonas Heineson
When downgrading and using Mule 3.1.2 instead of 3.2.0 everything worked as expected. So there seem to be a bug in version 3.2.