Cannot get http basic authentication in Mule 3 to work

Question

I am having a problem with getting HTTP Basic auth. to work with Mule 3.2. We have earlier used Mule 2.1.1 without problems but now I am stuck. I have created a small test service with a configuration like this, based on examples in the Mule documentation:

<mule xmlns="http://www.mulesoft.org/schema/mule/core"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:spring="http://www.springframework.org/schema/beans"
  xmlns:http="http://www.mulesoft.org/schema/mule/http"
  xmlns:vm="http://www.mulesoft.org/schema/mule/vm"
  xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
  xmlns:ss="http://www.springframework.org/schema/security"
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/3.2/mule.xsd
    http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/3.2/mule-http.xsd
    http://www.mulesoft.org/schema/mule/vm http://www.mulesoft.org/schema/mule/vm/3.2/mule-vm.xsd
    http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.2/mule-spring-security.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
....
<spring:beans>
  <ss:authentication-manager alias="authenticationManager">
    <ss:authentication-provider>
      <ss:user-service id="userService">
        <ss:user name="ross" password="ross" authorities="ROLE_ADMIN"/>
        <ss:user name="anon" password="anon" authorities="ROLE_ANON"/>
      </ss:user-service>
    </ss:authentication-provider>
  </ss:authentication-manager>
</spring:beans>

<mule-ss:security-manager>
  <mule-ss:delegate-security-provider name="memory-provider"
                                      delegate-ref="authenticationManager"/>
</mule-ss:security-manager>

<model name="testModel">
  <service name="testService">
    <inbound>
      <http:inbound-endpoint host="localhost" port="8888" exchange-pattern="request-response">
        <mule-ss:http-security-filter realm="mule-realm"/>
      </http:inbound-endpoint>
    </inbound>
....

But when directing a browser to http://localhost:8888/ I just get an exception in the mule log:

Root Exception stack trace:
org.mule.api.security.UnauthorisedException: Registered authentication is set to com.computas.mt.mule.security.HttpBasicJBossAuthFilter but there was no security context on the session. Authentication denied on endpoint http://localhost:8888. Message payload is of type: String
    at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:160)
    at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:58)
    at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:56)
+ 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)

I have checked the response headers, and all i get back from Mule is this. I would have expected to also get the headers that indicate that authentication is required:

Content-Type: text/plain
Content-Length: 243
Connection: close

401 Unauthorized

All works fine when not using authentication. Anyone else that have experienced this and found a solution? Maybe I have done a very simple and stupid mistake, but in that case i really can't see it... Note: We run Mule inside JBoss 4.2.1, not standalone.

Regards

Jonas Heineson

Answer 1

When downgrading and using Mule 3.1.2 instead of 3.2.0 everything worked as expected. So there seem to be a bug in version 3.2.