SlideShare a Scribd company logo

Mule security - authorization using spring security

Download as PPT, PDF
D.Rajesh Kumar
D.Rajesh Kumar

Mule security - authorization using spring security

Technology
1 of 10
MULE –Component Authorization Using Spring Security
2 Component Authorization Using Spring Security This page describes how you can configure method-level authorization using Spring Security on your components so that users with different roles can only invoke certain methods.
3 Securing Flow Components To secure MethodInvocations, you must add a properly configured MethodSecurityInterceptor into the application context. The beans requiring security are chained into the interceptor. This chaining is accomplished using Spring’s ProxyFactoryBean or BeanNameAutoProxyCreator. Alternatively, Spring Security provides a MethodDefinitionSourceAdvisor, which you can use with Spring’s DefaultAdvisorAutoProxyCreator to automatically chain the security interceptor in front of any beans defined against the MethodSecurityInterceptor.
4 In addition to the daoAuthenticationProvider and inMemoryDaoImpl beans (see Configuring Security), the following beans must be configured: MethodSecurityInterceptor AuthenticationManager AccessDecisionManager AutoProxyCreator RoleVoter
5 The MethodSecurityInterceptor The MethodSecurityInterceptor is configured with a reference to the following: AuthenticationManager AccessDecisionManager
6 Following is a security interceptor for intercepting calls made to the methods of a component myComponent, which defines two methods: delete and writeSomething. Roles are set on these methods as seen below in the property securityMetadataSource. <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mule="http://www.mulesource.org/schema/mule/core" xmlns:mule-ss="http://www.mulesource.org/schema/mule/spring-security" ...cut... <bean id="myComponentSecurity" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="securityMetadataSource"> <value> com.foo.myComponent.delete=ROLE_ADMIN com.foo.myComponent.writeSomething=ROLE_ANONYMOUS </value> </property> </bean>
7 The AuthenticationManager This bean is responsible for passing requests through a chain of AuthenticationProvider objects. <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <property name= "providers"> <list> <ref local="daoAuthenticationProvider"/> </list> </property> </bean>
8 The AccessDecisionManager This bean specifies that a user can access the protected methods if they have any one of the roles specified in the securityMetadataSource. <bean id="accessDecisionManager" class='org.springframework.security.access.vote.AffirmativeBased'> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> </list> </property> </bean>
9 The AutoProxyCreator This bean defines a proxy for the protected bean. When an application asks Spring for a myComponent bean, it will get this proxy instead. <bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator"> <property name="interceptorNames"> <list> <value>myComponentSecurity</value> </list> </property> <property name="beanNames"> <list> <value>myComponent</value> </list> </property> <property name='proxyTargetClass' value="true"/> </bean>
Mule security - authorization using spring security

Recommended

Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaasD.Rajesh Kumar
 
Mule security-jaas
Mule security-jaasMule security-jaas
Mule security-jaasPraneethchampion
 
Security authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyarajSecurity authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyarajsathyaraj Anand
 
Mule validators
Mule validatorsMule validators
Mule validatorskrishashi
 
Mule fips 140-2 compliance support
Mule fips 140-2 compliance supportMule fips 140-2 compliance support
Mule fips 140-2 compliance supportD.Rajesh Kumar
 
persentation
persentationpersentation
persentationvinaykumarmahla
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
Mule security - saml
Mule security - samlMule security - saml
Mule security - samlcharan teja R
 

Recommended

Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaasD.Rajesh Kumar
 
Mule security-jaas
Mule security-jaasMule security-jaas
Mule security-jaasPraneethchampion
 
Security authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyarajSecurity authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyarajsathyaraj Anand
 
Mule validators
Mule validatorsMule validators
Mule validatorskrishashi
 
Mule fips 140-2 compliance support
Mule fips 140-2 compliance supportMule fips 140-2 compliance support
Mule fips 140-2 compliance supportD.Rajesh Kumar
 
persentation
persentationpersentation
persentationvinaykumarmahla
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
Mule security - saml
Mule security - samlMule security - saml
Mule security - samlcharan teja R
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
Application security [appsec]
Application security [appsec]Application security [appsec]
Application security [appsec]Judy Ngure
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL InjectionVortana Say
 
Win32 Introduction To Perl And Vista S Feature User Acceptance Control
Win32 Introduction To Perl And Vista S Feature User Acceptance ControlWin32 Introduction To Perl And Vista S Feature User Acceptance Control
Win32 Introduction To Perl And Vista S Feature User Acceptance Controlddn123456
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
SSO with sfdc
SSO with sfdcSSO with sfdc
SSO with sfdcMing Yuan
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
Sql injection
Sql injectionSql injection
Sql injectionSafwan Hashmi
 
Addmi 06-security mgmt
Addmi 06-security mgmtAddmi 06-security mgmt
Addmi 06-security mgmtodanyboy
 
Obiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsObiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsRavi Kumar Lanke
 
Validation module in mule
Validation module in muleValidation module in mule
Validation module in muleAnkit Lawaniya
 
Paul Marples Resume
Paul Marples ResumePaul Marples Resume
Paul Marples ResumePaul Marples
 
Mainstream vs independent questions
Mainstream vs independent questionsMainstream vs independent questions
Mainstream vs independent questionsDomsInTheHouse98
 
Financial Education in Portugal - Exchange of Good Practices
Financial Education in Portugal - Exchange of Good PracticesFinancial Education in Portugal - Exchange of Good Practices
Financial Education in Portugal - Exchange of Good PracticesHelena Serdoura
 
muceda engineering workshop technology(MEWT)
muceda engineering workshop technology(MEWT)muceda engineering workshop technology(MEWT)
muceda engineering workshop technology(MEWT)Musa Ibrahim Haule
 
Anders Boer CV
Anders Boer CVAnders Boer CV
Anders Boer CVAnders Boer
 
Soap in mule
Soap in muleSoap in mule
Soap in muleD.Rajesh Kumar
 
Summit entertainment, film4, icon, fox warp
Summit entertainment, film4, icon, fox warpSummit entertainment, film4, icon, fox warp
Summit entertainment, film4, icon, fox warpharryhazell4
 
Mule esb-microsoft
Mule esb-microsoftMule esb-microsoft
Mule esb-microsoftD.Rajesh Kumar
 
Students illustrate: The Legend of Martisor
Students illustrate: The Legend of Martisor Students illustrate: The Legend of Martisor
Students illustrate: The Legend of Martisor Maria Savvopoulou
 

More Related Content

What's hot

What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Application security [appsec]
Application security [appsec]Application security [appsec]
Application security [appsec]Judy Ngure
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL InjectionVortana Say
 
Win32 Introduction To Perl And Vista S Feature User Acceptance Control
Win32 Introduction To Perl And Vista S Feature User Acceptance ControlWin32 Introduction To Perl And Vista S Feature User Acceptance Control
Win32 Introduction To Perl And Vista S Feature User Acceptance Controlddn123456
 
SSO with sfdc
SSO with sfdcSSO with sfdc
SSO with sfdcMing Yuan
 
Addmi 06-security mgmt
Addmi 06-security mgmtAddmi 06-security mgmt
Addmi 06-security mgmtodanyboy
 
Obiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsObiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsRavi Kumar Lanke
 
Validation module in mule
Validation module in muleValidation module in mule
Validation module in muleAnkit Lawaniya
 

What's hot (13)

What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Sql injection
Sql injectionSql injection
Sql injection
 
Application security [appsec]
Application security [appsec]Application security [appsec]
Application security [appsec]
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL Injection
 
Win32 Introduction To Perl And Vista S Feature User Acceptance Control
Win32 Introduction To Perl And Vista S Feature User Acceptance ControlWin32 Introduction To Perl And Vista S Feature User Acceptance Control
Win32 Introduction To Perl And Vista S Feature User Acceptance Control
 
Sql injection
Sql injectionSql injection
Sql injection
 
SSO with sfdc
SSO with sfdcSSO with sfdc
SSO with sfdc
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Addmi 06-security mgmt
Addmi 06-security mgmtAddmi 06-security mgmt
Addmi 06-security mgmt
 
Obiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsObiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissions
 
Validation module in mule
Validation module in muleValidation module in mule
Validation module in mule
 

Viewers also liked

Paul Marples Resume
Paul Marples ResumePaul Marples Resume
Paul Marples ResumePaul Marples
 
Mainstream vs independent questions
Mainstream vs independent questionsMainstream vs independent questions
Mainstream vs independent questionsDomsInTheHouse98
 
Financial Education in Portugal - Exchange of Good Practices
Financial Education in Portugal - Exchange of Good PracticesFinancial Education in Portugal - Exchange of Good Practices
Financial Education in Portugal - Exchange of Good PracticesHelena Serdoura
 
muceda engineering workshop technology(MEWT)
muceda engineering workshop technology(MEWT)muceda engineering workshop technology(MEWT)
muceda engineering workshop technology(MEWT)Musa Ibrahim Haule
 
Summit entertainment, film4, icon, fox warp
Summit entertainment, film4, icon, fox warpSummit entertainment, film4, icon, fox warp
Summit entertainment, film4, icon, fox warpharryhazell4
 
Students illustrate: The Legend of Martisor
Students illustrate: The Legend of Martisor Students illustrate: The Legend of Martisor
Students illustrate: The Legend of Martisor Maria Savvopoulou
 
Independent vs mainstream films
Independent vs mainstream filmsIndependent vs mainstream films
Independent vs mainstream filmsellahollyoverson13
 
The Golden Dragon story in Financial Education
The Golden Dragon story in Financial EducationThe Golden Dragon story in Financial Education
The Golden Dragon story in Financial EducationHelena Serdoura
 
Developing ideas summer homework
Developing ideas summer homeworkDeveloping ideas summer homework
Developing ideas summer homeworkNaamah Hill
 
Vigilancia de enfermedades no transmisibles y factores de riesgo
Vigilancia de enfermedades no transmisibles y factores de riesgoVigilancia de enfermedades no transmisibles y factores de riesgo
Vigilancia de enfermedades no transmisibles y factores de riesgoMarta Isabel Fonseca Godoy
 
Media Evaluation
Media EvaluationMedia Evaluation
Media EvaluationMaya Tormos
 
Digi pak indie solo research.pptx new
Digi pak indie solo research.pptx newDigi pak indie solo research.pptx new
Digi pak indie solo research.pptx newMaya Tormos
 
All-polymer based fabrication process for an all-polymer flexible and paralle...
All-polymer based fabrication process for an all-polymer flexible and paralle...All-polymer based fabrication process for an all-polymer flexible and paralle...
All-polymer based fabrication process for an all-polymer flexible and paralle...Jilin Yang
 

Viewers also liked (20)

Paul Marples Resume
Paul Marples ResumePaul Marples Resume
Paul Marples Resume
 
Mainstream vs independent questions
Mainstream vs independent questionsMainstream vs independent questions
Mainstream vs independent questions
 
Financial Education in Portugal - Exchange of Good Practices
Financial Education in Portugal - Exchange of Good PracticesFinancial Education in Portugal - Exchange of Good Practices
Financial Education in Portugal - Exchange of Good Practices
 
muceda engineering workshop technology(MEWT)
muceda engineering workshop technology(MEWT)muceda engineering workshop technology(MEWT)
muceda engineering workshop technology(MEWT)
 
Anders Boer CV
Anders Boer CVAnders Boer CV
Anders Boer CV
 
Soap in mule
Soap in muleSoap in mule
Soap in mule
 
Summit entertainment, film4, icon, fox warp
Summit entertainment, film4, icon, fox warpSummit entertainment, film4, icon, fox warp
Summit entertainment, film4, icon, fox warp
 
Mule esb-microsoft
Mule esb-microsoftMule esb-microsoft
Mule esb-microsoft
 
Students illustrate: The Legend of Martisor
Students illustrate: The Legend of Martisor Students illustrate: The Legend of Martisor
Students illustrate: The Legend of Martisor
 
Patologias
PatologiasPatologias
Patologias
 
1 chapter
1 chapter1 chapter
1 chapter
 
Independent vs mainstream films
Independent vs mainstream filmsIndependent vs mainstream films
Independent vs mainstream films
 
The Golden Dragon story in Financial Education
The Golden Dragon story in Financial EducationThe Golden Dragon story in Financial Education
The Golden Dragon story in Financial Education
 
Developing ideas summer homework
Developing ideas summer homeworkDeveloping ideas summer homework
Developing ideas summer homework
 
Vigilancia de enfermedades no transmisibles y factores de riesgo
Vigilancia de enfermedades no transmisibles y factores de riesgoVigilancia de enfermedades no transmisibles y factores de riesgo
Vigilancia de enfermedades no transmisibles y factores de riesgo
 
Eurotunnel
EurotunnelEurotunnel
Eurotunnel
 
Media Evaluation
Media EvaluationMedia Evaluation
Media Evaluation
 
Digi pak indie solo research.pptx new
Digi pak indie solo research.pptx newDigi pak indie solo research.pptx new
Digi pak indie solo research.pptx new
 
All-polymer based fabrication process for an all-polymer flexible and paralle...
All-polymer based fabrication process for an all-polymer flexible and paralle...All-polymer based fabrication process for an all-polymer flexible and paralle...
All-polymer based fabrication process for an all-polymer flexible and paralle...
 
İnternet Stratejileri ve E-Ticaret - 2
İnternet Stratejileri ve E-Ticaret - 2İnternet Stratejileri ve E-Ticaret - 2
İnternet Stratejileri ve E-Ticaret - 2
 

Similar to Mule security - authorization using spring security

Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
Web Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - ZurichWeb Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - Zurichjavagroup2006
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptaljbsysatm
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAASrahmed_sct
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasirfan1008
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasKhasim Saheb
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasPhaniu
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasPhaniu
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaascharan teja R
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasAnand kalla
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaashimajareddys
 
Azure Security Best Practises for Enterprises
Azure Security Best Practises for EnterprisesAzure Security Best Practises for Enterprises
Azure Security Best Practises for EnterprisesNuvento Systems Pvt Ltd
 
Data protection api's in asp dot net
Data protection api's in asp dot netData protection api's in asp dot net
Data protection api's in asp dot netsonia merchant
 
Enterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin BlockEnterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin Blockmcgurk
 

Similar to Mule security - authorization using spring security (20)

Spring Security
Spring SecuritySpring Security
Spring Security
 
Web Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - ZurichWeb Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - Zurich
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAAS
 
Spring Security Framework
Spring Security FrameworkSpring Security Framework
Spring Security Framework
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaas
 
Azure Security Best Practises for Enterprises
Azure Security Best Practises for EnterprisesAzure Security Best Practises for Enterprises
Azure Security Best Practises for Enterprises
 
Java EE Services
Java EE ServicesJava EE Services
Java EE Services
 
MULE-JAAS
MULE-JAASMULE-JAAS
MULE-JAAS
 
Web security
Web securityWeb security
Web security
 
Data protection api's in asp dot net
Data protection api's in asp dot netData protection api's in asp dot net
Data protection api's in asp dot net
 
Enterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin BlockEnterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin Block
 

More from D.Rajesh Kumar

Mule soft meetup_-_finland_september_25th__2020 v2.0
Mule soft meetup_-_finland_september_25th__2020 v2.0Mule soft meetup_-_finland_september_25th__2020 v2.0
Mule soft meetup_-_finland_september_25th__2020 v2.0D.Rajesh Kumar
 
Meetup bangalore-sept5th 2020 (1)
Meetup bangalore-sept5th 2020 (1)Meetup bangalore-sept5th 2020 (1)
Meetup bangalore-sept5th 2020 (1)D.Rajesh Kumar
 
Mule soft meetup_-_finland_july_11th__2020
Mule soft meetup_-_finland_july_11th__2020Mule soft meetup_-_finland_july_11th__2020
Mule soft meetup_-_finland_july_11th__2020D.Rajesh Kumar
 
Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10D.Rajesh Kumar
 
Meetup bangalore 9_novupdated
Meetup bangalore 9_novupdatedMeetup bangalore 9_novupdated
Meetup bangalore 9_novupdatedD.Rajesh Kumar
 
Meetup bangalore aug31st2019
Meetup bangalore aug31st2019Meetup bangalore aug31st2019
Meetup bangalore aug31st2019D.Rajesh Kumar
 
Meetup bangalore june29th2019
Meetup bangalore june29th2019Meetup bangalore june29th2019
Meetup bangalore june29th2019D.Rajesh Kumar
 
mulesoft meetup @ bangalore
mulesoft meetup @ bangaloremulesoft meetup @ bangalore
mulesoft meetup @ bangaloreD.Rajesh Kumar
 
Meetup_Bangalore_Rajesh
Meetup_Bangalore_RajeshMeetup_Bangalore_Rajesh
Meetup_Bangalore_RajeshD.Rajesh Kumar
 
Calico to secure host interfaces
Calico to secure host interfacesCalico to secure host interfaces
Calico to secure host interfacesD.Rajesh Kumar
 
Calico and how interprets neutron api
Calico and how interprets neutron apiCalico and how interprets neutron api
Calico and how interprets neutron apiD.Rajesh Kumar
 
Calico with open stack and chef
Calico with open stack and chefCalico with open stack and chef
Calico with open stack and chefD.Rajesh Kumar
 
Calico with open stack
Calico with open stackCalico with open stack
Calico with open stackD.Rajesh Kumar
 
Slack connector with in MULE
Slack connector with in MULESlack connector with in MULE
Slack connector with in MULED.Rajesh Kumar
 
MuleSoft Offers a Data Migration Solution
MuleSoft Offers a Data Migration SolutionMuleSoft Offers a Data Migration Solution
MuleSoft Offers a Data Migration SolutionD.Rajesh Kumar
 

More from D.Rajesh Kumar (20)

Mule soft meetup_-_finland_september_25th__2020 v2.0
Mule soft meetup_-_finland_september_25th__2020 v2.0Mule soft meetup_-_finland_september_25th__2020 v2.0
Mule soft meetup_-_finland_september_25th__2020 v2.0
 
Meetup bangalore-sept5th 2020 (1)
Meetup bangalore-sept5th 2020 (1)Meetup bangalore-sept5th 2020 (1)
Meetup bangalore-sept5th 2020 (1)
 
Mule soft meetup_-_finland_july_11th__2020
Mule soft meetup_-_finland_july_11th__2020Mule soft meetup_-_finland_july_11th__2020
Mule soft meetup_-_finland_july_11th__2020
 
Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10
 
Meetup bangalore 9_novupdated
Meetup bangalore 9_novupdatedMeetup bangalore 9_novupdated
Meetup bangalore 9_novupdated
 
Meetup bangalore aug31st2019
Meetup bangalore aug31st2019Meetup bangalore aug31st2019
Meetup bangalore aug31st2019
 
Meetup bangalore june29th2019
Meetup bangalore june29th2019Meetup bangalore june29th2019
Meetup bangalore june29th2019
 
mulesoft meetup @ bangalore
mulesoft meetup @ bangaloremulesoft meetup @ bangalore
mulesoft meetup @ bangalore
 
Meetup_Bangalore_Rajesh
Meetup_Bangalore_RajeshMeetup_Bangalore_Rajesh
Meetup_Bangalore_Rajesh
 
Calico and container
Calico and containerCalico and container
Calico and container
 
Calico docker+ipam
Calico docker+ipamCalico docker+ipam
Calico docker+ipam
 
Calico architecture
Calico architectureCalico architecture
Calico architecture
 
Calico to secure host interfaces
Calico to secure host interfacesCalico to secure host interfaces
Calico to secure host interfaces
 
Calico and how interprets neutron api
Calico and how interprets neutron apiCalico and how interprets neutron api
Calico and how interprets neutron api
 
Calico with open stack and chef
Calico with open stack and chefCalico with open stack and chef
Calico with open stack and chef
 
Calico with open stack
Calico with open stackCalico with open stack
Calico with open stack
 
Calico with docker
Calico with dockerCalico with docker
Calico with docker
 
Object Store in Mule
Object Store in MuleObject Store in Mule
Object Store in Mule
 
Slack connector with in MULE
Slack connector with in MULESlack connector with in MULE
Slack connector with in MULE
 
MuleSoft Offers a Data Migration Solution
MuleSoft Offers a Data Migration SolutionMuleSoft Offers a Data Migration Solution
MuleSoft Offers a Data Migration Solution
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Mule security - authorization using spring security

  • 2. 2 Component Authorization Using Spring Security This page describes how you can configure method-level authorization using Spring Security on your components so that users with different roles can only invoke certain methods.
  • 3. 3 Securing Flow Components To secure MethodInvocations, you must add a properly configured MethodSecurityInterceptor into the application context. The beans requiring security are chained into the interceptor. This chaining is accomplished using Spring’s ProxyFactoryBean or BeanNameAutoProxyCreator. Alternatively, Spring Security provides a MethodDefinitionSourceAdvisor, which you can use with Spring’s DefaultAdvisorAutoProxyCreator to automatically chain the security interceptor in front of any beans defined against the MethodSecurityInterceptor.
  • 4. 4 In addition to the daoAuthenticationProvider and inMemoryDaoImpl beans (see Configuring Security), the following beans must be configured: MethodSecurityInterceptor AuthenticationManager AccessDecisionManager AutoProxyCreator RoleVoter
  • 5. 5 The MethodSecurityInterceptor The MethodSecurityInterceptor is configured with a reference to the following: AuthenticationManager AccessDecisionManager
  • 6. 6 Following is a security interceptor for intercepting calls made to the methods of a component myComponent, which defines two methods: delete and writeSomething. Roles are set on these methods as seen below in the property securityMetadataSource. <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mule="http://www.mulesource.org/schema/mule/core" xmlns:mule-ss="http://www.mulesource.org/schema/mule/spring-security" ...cut... <bean id="myComponentSecurity" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="securityMetadataSource"> <value> com.foo.myComponent.delete=ROLE_ADMIN com.foo.myComponent.writeSomething=ROLE_ANONYMOUS </value> </property> </bean>
  • 7. 7 The AuthenticationManager This bean is responsible for passing requests through a chain of AuthenticationProvider objects. <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <property name= "providers"> <list> <ref local="daoAuthenticationProvider"/> </list> </property> </bean>
  • 8. 8 The AccessDecisionManager This bean specifies that a user can access the protected methods if they have any one of the roles specified in the securityMetadataSource. <bean id="accessDecisionManager" class='org.springframework.security.access.vote.AffirmativeBased'> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> </list> </property> </bean>
  • 9. 9 The AutoProxyCreator This bean defines a proxy for the protected bean. When an application asks Spring for a myComponent bean, it will get this proxy instead. <bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator"> <property name="interceptorNames"> <list> <value>myComponentSecurity</value> </list> </property> <property name="beanNames"> <list> <value>myComponent</value> </list> </property> <property name='proxyTargetClass' value="true"/> </bean>