Reputation: 1503
How to Exposing secure rest/soap service in Mule, require best and simple approach
In My flow, I have many HTTP Rest API call, I have used key-store (as below) which is fine for internal api calls. Now I need to expose rest/soap service to external api. Which is the simple and best way to secure mule api. I'm using Mule 3.5.1 Version.
<https:connector name="HTTP_HTTPS" doc:name="HTTP-HTTPS"
cookieSpec="netscape" receiveBacklog="0" receiveBufferSize="0"
sendBufferSize="0" socketSoLinger="0" validateConnections="false"
clientSoTimeout="10000" serverSoTimeout="10000" enableCookies="true">
<https:tls-key-store path="cer/check.jks"
keyPassword="abc" storePassword="abc" />
</https:connector>
<flow name="service" doc:name="service">
<https:inbound-endpoint exchange-pattern="request-response" host="localhost" port="8085" doc:name="HTTP" connector-ref="HTTP_HTTPS" responseTransformer-refs="ReponseProperty"/>
<byte-array-to-string-transformer doc:name="Byte Array to String"/>
<logger message="***Invoke****#[payload]" level="INFO" doc:name="Logger"/>
<jersey:resources doc:name="REST">
<component class="com.services.CallImpl"/>
<jersey:exception-mapper class="com.util.JerseyExceptionMapper"/>
</jersey:resources>
<byte-array-to-string-transformer doc:name="Byte Array to String"/>
So that external api calls, shouldn't interfere with other mule services. Thanks in advance.
Upvotes: 0
Views: 1524
Answers (1)
Reputation: 8311
If you want simple way, basic authentication is there which is very simple, but it is based on Transport layer, but yes simple to implement
reference :-http://confluex.com/blog/http-inbound-endpoint-basic-authentication/ ,
You can also use oauth 2.0 for securing your service where you need to validate the token before a client can access your rest service
refernce :- https://developer.mulesoft.com/docs/display/current/Creating+an+OAuth+2.0a+Web+Service+Provider
and
http://ricston.com/blog/oauth-server-mule/
also you can refer :- https://developer.mulesoft.com/docs/display/current/Mule+STS+OAuth+2.0a+Example+Application
Other options are JWT(JSON Web Token) in your Mule api, where you need to generate the Token and validate it to access your service..
reference :- http://jwt.io/
But again here you need to do a lot of Java coding to generate the token and validating it
Upvotes: 1
Related Questions
- How to consume secured SOAP Webservice in Mule 4
- Consuming REST service with basic authentication from MULE
- Https soap service in mule
- Consume SOAP web service with security in Mule flow
- How to design a SOAP/WSDL web service in Mule ESB using Mule flow?
- How to develop REST and SOAP interface for same web service using MuleSoft?
- How to implement web service consumer SOAP with Mulesoft
- Calling Rest services with various securities from MULE HTTP ENDPOINT
- How implement Mule App as a OAuth2 Resource Server of Restful Services
- Mule 3: Creating a RESTful web service endpoint