SlideShare uma empresa Scribd logo

Rest security in mule

S
Son Nguyen

Rest security in mule

Tecnologia
1 de 17
REST SECURITY IN MULE
We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful web services ???
We can easily secure our REST service using OAUTH 2.0
For implementing OAUTH 2.0 in our REST web service we require 3 steps :- • Authorisation to obtain a secret code • Use that secret code to obtain an access_token • Use the access_token to validate and access the web service
Let us we have following Mule flow:- Here is our web service which will be secured by using OAUTH 2.0 security. You can see the OAUTH 2.0 component is placed between HTTP and CXF component which will validate the access_token and will permit to accesses the web service
The corresponding Mule flow will be as follows:- Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP
Here you can see we have configured the Spring security with username and password to obtain a secret code. Also in oauth2 provider config we configured client id and client secret
Authorization to obtain a secret code
Now we will go with first step : Step 1 :- Authorisation to obtain a secret code We will put the following url in browser :- http://localhost:8084/tweetbook/api/authorize?response_type=code&client_id=e7aaf348-f08a-11e1-9237- 96c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri=http://localhost:8082/getData/insert You can see we are passing client id and client code in our url and we will get the above page for login
We will be providing the username and password configure in our Spring security in Mule Config:- username john and password is doe in our case, and we will hit login and Authorize button
We will get a secrete code in browser url as following :- We will use that secret code to obtain an access_token
Use that secret code to obtain an access_token
Now we will go with second step : Step 2 :- Use that secret code to obtain an access_token We need to include the secret code in our url as follows :- http://localhost:8084/tweetbook/api/token?grant_type=AUTHORIZATION_CODE&client_id=e7aaf348-f08a-11e1-9237- 96c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20- 96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX85YOxNl LFTg&redirect_uri=http://localhost:8082/getData/insert We will use that secret code to obtain an access_token. And now you can see we got the access_token in the browser. And this access_token will be using to access our web service
Use the access_token to validate and access the web service
Now we will go with third step : Step 3 :- Use the access_token to validate and access the web service We need the access_token to be pass as a header when accessing web service as follows You can see we are using REST Client for testing our web service and passing the access_token in the header
Now, you can see that if we hit the web service in the REST Client with the an access_token in the header, the secured service is providing the response
In my next slide I will bring some other techniques in Mule implementation . Hope you have enjoyed this simpler version. Keep sharing your knowledge and let our Mule community grow 

Recomendados

Rest security with oauth 2.0
Rest security with oauth 2.0Rest security with oauth 2.0
Rest security with oauth 2.0
Anirban Sen Chowdhary
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedin
Khasim Saheb
 
Mule ESB integration with Stripe
Mule ESB integration with StripeMule ESB integration with Stripe
Mule ESB integration with Stripe
Ramakrishna Narkedamilli
 
Integration of linked in using mule esb
Integration of linked in using mule esbIntegration of linked in using mule esb
Integration of linked in using mule esb
Sanjeet Pandey
 
Integrate facebook using mule esb
Integrate facebook using mule esbIntegrate facebook using mule esb
Integrate facebook using mule esb
Sanjeet Pandey
 
Salesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSalesforce Integration using Mule ESB
Salesforce Integration using Mule ESB
Sreekanth Kondapalli
 
Demo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook ConnectorDemo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook Connector
Rupesh Sinha
 
Https service mule
Https service muleHttps service mule
Https service mule
Karnam Karthik
 

Recomendados

Rest security with oauth 2.0
Rest security with oauth 2.0Rest security with oauth 2.0
Rest security with oauth 2.0
Anirban Sen Chowdhary
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedin
Khasim Saheb
 
Mule ESB integration with Stripe
Mule ESB integration with StripeMule ESB integration with Stripe
Mule ESB integration with Stripe
Ramakrishna Narkedamilli
 
Integration of linked in using mule esb
Integration of linked in using mule esbIntegration of linked in using mule esb
Integration of linked in using mule esb
Sanjeet Pandey
 
Integrate facebook using mule esb
Integrate facebook using mule esbIntegrate facebook using mule esb
Integrate facebook using mule esb
Sanjeet Pandey
 
Salesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSalesforce Integration using Mule ESB
Salesforce Integration using Mule ESB
Sreekanth Kondapalli
 
Demo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook ConnectorDemo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook Connector
Rupesh Sinha
 
Https service mule
Https service muleHttps service mule
Https service mule
Karnam Karthik
 
Manage and consume the api
Manage and consume the apiManage and consume the api
Manage and consume the api
Achyuta Lakshmi Puvvala
 
Mule with facebook
Mule with facebookMule with facebook
Mule with facebook
D.Rajesh Kumar
 
Query in share point by mule
Query in share point by muleQuery in share point by mule
Query in share point by mule
Son Nguyen
 
Mule organization
Mule organizationMule organization
Mule organization
Son Nguyen
 
Mule Salesforce Connector
Mule Salesforce ConnectorMule Salesforce Connector
Mule Salesforce Connector
Ankush Sharma
 
Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)
Anirban Sen Chowdhary
 
Anypoint lessons
Anypoint lessonsAnypoint lessons
Anypoint lessons
Dwight Cavalcanti
 
Messaging APIs of RingCentral
Messaging APIs of RingCentralMessaging APIs of RingCentral
Messaging APIs of RingCentral
Anirban Sen Chowdhary
 
Integrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azureIntegrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azure
Son Nguyen
 
Sharing Multiple IP Addresses
Sharing Multiple IP AddressesSharing Multiple IP Addresses
Sharing Multiple IP Addresses
HTS Hosting
 
Automatic documentation with mule
Automatic documentation with muleAutomatic documentation with mule
Automatic documentation with mule
F K
 
Deploy with maven
Deploy with mavenDeploy with maven
Deploy with maven
Son Nguyen
 
The Password & Security Interface of cPanel
The Password & Security Interface of cPanelThe Password & Security Interface of cPanel
The Password & Security Interface of cPanel
HTS Hosting
 
The ViewModel pattern
The ViewModel patternThe ViewModel pattern
The ViewModel pattern
Simone Chiaretta
 
Mule management console installation with Tomcat
Mule management console installation with TomcatMule management console installation with Tomcat
Mule management console installation with Tomcat
Sudha Ch
 
Mule esb stripe
Mule esb stripeMule esb stripe
Mule esb stripe
D.Rajesh Kumar
 
Integration with sales force
Integration with sales forceIntegration with sales force
Integration with sales force
Son Nguyen
 
Mule Security
Mule SecurityMule Security
Mule Security
Shanky Gupta
 
Mulesoft encryption
Mulesoft encryptionMulesoft encryption
Mulesoft encryption
Jagruti Sakhare
 
scootering
scooteringscootering
scootering
André Prager
 
D@W REST security
D@W REST securityD@W REST security
D@W REST security
Gaurav Sharma
 
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based ApproachDetection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
Francis Palma
 

Mais conteúdo relacionado

Mais procurados

Mais procurados (17)

Manage and consume the api
Manage and consume the apiManage and consume the api
Manage and consume the api
 
Mule with facebook
Mule with facebookMule with facebook
Mule with facebook
 
Query in share point by mule
Query in share point by muleQuery in share point by mule
Query in share point by mule
 
Mule organization
Mule organizationMule organization
Mule organization
 
Mule Salesforce Connector
Mule Salesforce ConnectorMule Salesforce Connector
Mule Salesforce Connector
 
Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)
 
Anypoint lessons
Anypoint lessonsAnypoint lessons
Anypoint lessons
 
Messaging APIs of RingCentral
Messaging APIs of RingCentralMessaging APIs of RingCentral
Messaging APIs of RingCentral
 
Integrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azureIntegrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azure
 
Sharing Multiple IP Addresses
Sharing Multiple IP AddressesSharing Multiple IP Addresses
Sharing Multiple IP Addresses
 
Automatic documentation with mule
Automatic documentation with muleAutomatic documentation with mule
Automatic documentation with mule
 
Deploy with maven
Deploy with mavenDeploy with maven
Deploy with maven
 
The Password & Security Interface of cPanel
The Password & Security Interface of cPanelThe Password & Security Interface of cPanel
The Password & Security Interface of cPanel
 
The ViewModel pattern
The ViewModel patternThe ViewModel pattern
The ViewModel pattern
 
Mule management console installation with Tomcat
Mule management console installation with TomcatMule management console installation with Tomcat
Mule management console installation with Tomcat
 
Mule esb stripe
Mule esb stripeMule esb stripe
Mule esb stripe
 
Integration with sales force
Integration with sales forceIntegration with sales force
Integration with sales force
 

Destaque

Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
CA API Management
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Cesare Pautasso
 

Destaque (20)

Mule Security
Mule SecurityMule Security
Mule Security
 
Mulesoft encryption
Mulesoft encryptionMulesoft encryption
Mulesoft encryption
 
scootering
scooteringscootering
scootering
 
D@W REST security
D@W REST securityD@W REST security
D@W REST security
 
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based ApproachDetection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
 
The routing message processor scatter gather
The routing message processor scatter gatherThe routing message processor scatter gather
The routing message processor scatter gather
 
Mulesoft intergrate for android app
Mulesoft intergrate for android appMulesoft intergrate for android app
Mulesoft intergrate for android app
 
Scatter gather flow in mule
Scatter gather flow in muleScatter gather flow in mule
Scatter gather flow in mule
 
Create dynamic json using mule
Create dynamic json using muleCreate dynamic json using mule
Create dynamic json using mule
 
mule custom aggregator
mule custom aggregatormule custom aggregator
mule custom aggregator
 
Muleflowarchitecturepart2
Muleflowarchitecturepart2Muleflowarchitecturepart2
Muleflowarchitecturepart2
 
Data weave more operations
Data weave more operationsData weave more operations
Data weave more operations
 
Load balancer in mule
Load balancer in muleLoad balancer in mule
Load balancer in mule
 
Anypoint enterprise security overview
Anypoint enterprise security overviewAnypoint enterprise security overview
Anypoint enterprise security overview
 
Using spring scheduler mule
Using spring scheduler muleUsing spring scheduler mule
Using spring scheduler mule
 
REST API Doc Best Practices
REST API Doc Best PracticesREST API Doc Best Practices
REST API Doc Best Practices
 
Runing batch job in mule
Runing batch job in muleRuning batch job in mule
Runing batch job in mule
 
REST API Best (Recommended) Practices
REST API Best (Recommended) PracticesREST API Best (Recommended) Practices
REST API Best (Recommended) Practices
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
 

Semelhante a Rest security in mule

Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
Alvaro Sanchez-Mariscal
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuth
Vivastream
 
O auth how_to
O auth how_toO auth how_to
O auth how_to
vivaqa
 

Semelhante a Rest security in mule (20)

LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To Hero
 
Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
How to implement Keycloak authentication in React.pptx
How to implement Keycloak authentication in React.pptxHow to implement Keycloak authentication in React.pptx
How to implement Keycloak authentication in React.pptx
 
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT BearerMulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
 
Esquema de pasos de ejecución IdM
Esquema de pasos de ejecución IdMEsquema de pasos de ejecución IdM
Esquema de pasos de ejecución IdM
 
Api security
Api security Api security
Api security
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity Server
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
Some OAuth love
Some OAuth loveSome OAuth love
Some OAuth love
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuth
 
O auth how_to
O auth how_toO auth how_to
O auth how_to
 
Mule soft Meetup #3
Mule soft Meetup #3 Mule soft Meetup #3
Mule soft Meetup #3
 

Mais de Son Nguyen

Mais de Son Nguyen (20)

Wsdl connector introduction
Wsdl connector introductionWsdl connector introduction
Wsdl connector introduction
 
Android intergrate with mule
Android intergrate with muleAndroid intergrate with mule
Android intergrate with mule
 
Mule flow overview
Mule flow overviewMule flow overview
Mule flow overview
 
Mule flow and filter
Mule flow and filterMule flow and filter
Mule flow and filter
 
Handle exceptions in mule
Handle exceptions in muleHandle exceptions in mule
Handle exceptions in mule
 
Spring security integrate with mule
Spring security integrate with muleSpring security integrate with mule
Spring security integrate with mule
 
Message processor in mule
Message processor in muleMessage processor in mule
Message processor in mule
 
Expression language in mule
Expression language in muleExpression language in mule
Expression language in mule
 
Mule with data weave
Mule with data weaveMule with data weave
Mule with data weave
 
Composite source in bound and out-bound
Composite source in bound and out-boundComposite source in bound and out-bound
Composite source in bound and out-bound
 
Batch job processing
Batch job processingBatch job processing
Batch job processing
 
Using message enricher
Using message enricherUsing message enricher
Using message enricher
 
Finance connectors with mule
Finance connectors with muleFinance connectors with mule
Finance connectors with mule
 
Google drive connection
Google drive connectionGoogle drive connection
Google drive connection
 
Using properties in mule
Using properties in muleUsing properties in mule
Using properties in mule
 
Mule integrate with microsoft
Mule integrate with microsoftMule integrate with microsoft
Mule integrate with microsoft
 
Jms queue
Jms queueJms queue
Jms queue
 
Anypoint connectors
Anypoint connectorsAnypoint connectors
Anypoint connectors
 
Mule esb basic introduction
Mule esb basic introductionMule esb basic introduction
Mule esb basic introduction
 
Mule integration with cloud hub
Mule integration with cloud hubMule integration with cloud hub
Mule integration with cloud hub
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Rest security in mule

  • 2. We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful web services ???
  • 3. We can easily secure our REST service using OAUTH 2.0
  • 4. For implementing OAUTH 2.0 in our REST web service we require 3 steps :- • Authorisation to obtain a secret code • Use that secret code to obtain an access_token • Use the access_token to validate and access the web service
  • 5. Let us we have following Mule flow:- Here is our web service which will be secured by using OAUTH 2.0 security. You can see the OAUTH 2.0 component is placed between HTTP and CXF component which will validate the access_token and will permit to accesses the web service
  • 6. The corresponding Mule flow will be as follows:- Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP
  • 7. Here you can see we have configured the Spring security with username and password to obtain a secret code. Also in oauth2 provider config we configured client id and client secret
  • 8. Authorization to obtain a secret code
  • 9. Now we will go with first step : Step 1 :- Authorisation to obtain a secret code We will put the following url in browser :- http://localhost:8084/tweetbook/api/authorize?response_type=code&client_id=e7aaf348-f08a-11e1-9237- 96c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri=http://localhost:8082/getData/insert You can see we are passing client id and client code in our url and we will get the above page for login
  • 10. We will be providing the username and password configure in our Spring security in Mule Config:- username john and password is doe in our case, and we will hit login and Authorize button
  • 11. We will get a secrete code in browser url as following :- We will use that secret code to obtain an access_token
  • 12. Use that secret code to obtain an access_token
  • 13. Now we will go with second step : Step 2 :- Use that secret code to obtain an access_token We need to include the secret code in our url as follows :- http://localhost:8084/tweetbook/api/token?grant_type=AUTHORIZATION_CODE&client_id=e7aaf348-f08a-11e1-9237- 96c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20- 96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX85YOxNl LFTg&redirect_uri=http://localhost:8082/getData/insert We will use that secret code to obtain an access_token. And now you can see we got the access_token in the browser. And this access_token will be using to access our web service
  • 14. Use the access_token to validate and access the web service
  • 15. Now we will go with third step : Step 3 :- Use the access_token to validate and access the web service We need the access_token to be pass as a header when accessing web service as follows You can see we are using REST Client for testing our web service and passing the access_token in the header
  • 16. Now, you can see that if we hit the web service in the REST Client with the an access_token in the header, the secured service is providing the response
  • 17. In my next slide I will bring some other techniques in Mule implementation . Hope you have enjoyed this simpler version. Keep sharing your knowledge and let our Mule community grow 