WS Security in Mule

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services.
If a web service is exposed to external world, the data it carries can comes under the threat to several potential security vulnerabilities.
So, in order to protect our web service we require Web Services Security .

WS-Security describes 3 main mechanisms:

  • How to sign SOAP messages to assure integrity. Signed messages also provide non-repudiation.
  • How to encrypt SOAP messages to assure confidentiality.
  • How to attach security tokens to ascertain the sender’s identity.

WS-Security incorporates security features in the header of a SOAP message.
It works in application layer.

In this example we will be implementing a simple username and password in the WS Security format.

So, we will expose a SOAP web service that will implement WS-Security :-

Untitled

 

To expose a web service with security in Mule we need spring security in our flow :-

UntitledAnd our Mule flow will be :-

Untitled

Following will be our flow in graphical mode ready with security :-

Untitled

Testing our application

Now, we will be testing our secured web service in SOAPUI :-

Untitled

You can see here, we are testing the service by giving username and password in the header section of SOAP request and I am getting the response back from the service.

Conclusion

So, you can see WS-Security offers confidentiality and integrity protection from the creation of the message to it’s consumption.
WS-Security offers more protection than HTTPS would, and SOAP offers a richer API than any other security .
Thus we can say WS-Security has measures for authentication, integrity, confidentiality and non-repudiation.

That’s it !!! I hope you enjoyed the post.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Anirban Sen Chowdhary

Anirban Sen Chowdhary is an information technology professional currently working on Java/J2ee, Esb and Integration platform. For more information, please visit http://anirbansenchowdhary.com and you can also follow https://twitter.com/Anir37

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>