Enterprise Integration
Enterprise Integration Zone is brought to you in partnership with:

Pascal is a senior JEE Developer and Architect at 4Synergy in The Netherlands. Pascal has been designing and building J2EE applications since 2001. He is particularly interested in Open Source toolstack (Mule, Spring Framework, JBoss) and technologies like Web Services, SOA and Cloud technologies. Specialties: JEE XML Web Services Mule ESB Maven Cloud Technology Pascal is a DZone MVB and is not an employee of DZone and has posted 33 posts at DZone. You can read more from them at their website. View Full User Profile

Testing a Secured Mule ESB Web Service Proxy with SoapUI

02.07.2013
| 1419 views |
  • submit to reddit

Related MicroZone Resources

MuleESB: SOA with Eclipse, Maven, Spring and Ant

SOA Best Practices

Easy Legacy System Integration

6 SaaS Metrics that Matter

Use Your Java Toolchain with SAP

Like this piece? Share it with your friends:

| More
A few weeks ago I received a mail with a request to look into an issue which I was pretty sure I had solved it before. Since I couldn’t find how I did it back then I decided to post it here for future reference. The situation is like this: a web service is proxied with Mule ESB and password protection is added to it by applying Spring Security. The configuration of the service looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:mulexml="http://www.mulesoft.org/schema/mule/xml" xmlns:https="http://www.mulesoft.org/schema/mule/https"
	xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:spring="http://www.springframework.org/schema/beans" xmlns:http="http://www.mulesoft.org/schema/mule/http"
	xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern"
	xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
	xmlns:ss="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd
       http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd 
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
       http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/3.3/mule.xsd
       http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/3.3/mule-http.xsd
       http://www.mulesoft.org/schema/mule/pattern http://www.mulesoft.org/schema/mule/pattern/3.3/mule-pattern.xsd
       http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.3/mule-spring-security.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <mule-ss:security-manager>
        <mule-ss:delegate-security-provider
			name="memory-dao" delegate-ref="authenticationManager" />
    </mule-ss:security-manager>

    <spring:beans>
        <ss:authentication-manager alias="authenticationManager">
            <ss:authentication-provider>
                <ss:user-service id="userService">
                    <ss:user name="pascal" password="alma" authorities="ROLE_ADMIN" />
                </ss:user-service>
            </ss:authentication-provider>
        </ss:authentication-manager>
    </spring:beans>

    <http:connector name="NoSessionConnector">
        <service-overrides sessionHandler="org.mule.session.NullSessionHandler" />
    </http:connector>

    <pattern:web-service-proxy name="countries">
        <http:inbound-endpoint address="http://localhost:8080" exchange-pattern="request-response">
            <mule-ss:http-security-filter realm="mule-realm" />
        </http:inbound-endpoint>
        <http:outbound-endpoint address="http://www.webservicex.net/country.asmx" exchange-pattern="request-response" />
    </pattern:web-service-proxy>
</mule>
I think the code is quite straightforward. Every request coming in at 'http://localhost:8080' is forwarded to 'http://www.webservicex.net/country.asmx' after the subject has been authenticated against the ‘authentication-provider’.

To test this setup I created a SoapUI project. Also this is quite straightforward but I show it here anyway. I use SoapUI 4.5.1.

  • Create a new SoapUI project

    • Screen Shot 2013-01-19 at 09.13.10

  • Enter a name and the WSDL of the service

    • Screen Shot 2013-01-19 at 09.14.02

  • Test the service by making a call

    • Screen Shot 2013-01-19 at 09.18.05

  • Use the web service proxy

    • Screen Shot 2013-01-19 at 13.25.23

  • Supply username and password

    • Screen Shot 2013-01-19 at 13.47.25

Until here it is all straightforward except for the result in the last call!
Screen Shot 2013-01-19 at 14.00.54
It seems that the username and password is not supplied in the call to the proxy. This is a setting in SoapUI that you have to enable. It is ‘hidden’ in the ‘Preferences’ of the tool. You have to enable the setting like this:
Screen Shot 2012-12-24 at 14.25.44
While testing this code for the post I also had to uncheck the following option to get a ‘human-readable’ response in SoapUI:
Screen Shot 2012-12-24 at 21.42.49
Now if you send a request you get the expected answer:
Screen Shot 2013-01-19 at 13.54.47




Published at DZone with permission of Pascal Alma, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

"Starting from scratch" is seductive but disease ridden
-Pithy Advice for Programmers