具有拦截URL的Mule HTTP基本身份验证
[英]Mule HTTP Basic Authentication with intercept url
问题描述
I want to implement HTTP Basic Authentication for my mule application which listens on HTTP and the URI is http://localhost:8082/api/customers . 
我想为侦听HTTP且URI为http://localhost:8082/api/customers m子应用程序实现HTTP基本身份验证。 Lets suppose only POST and GET are supported. 假设仅支持POST和GET。
I tried to implement authentication in such a way that 我试图以这种方式实施身份验证
- If a user has ROLE_ADMIN role he can access both POST and GET endpoints 如果用户具有ROLE_ADMIN角色,则他可以访问POST和GET端点
- If a user has only ROLE_USER role he can access only GET endpoint 如果用户仅具有ROLE_USER角色,则他只能访问GET端点
I wanted to leverage Spring authentication manager for this purpose. 我想为此目的利用Spring身份验证管理器。 I configured the authentication as below: 我将身份验证配置如下:
First I created authentication manager 首先,我创建了身份验证管理器
<ss:authentication-manager xmlns:ss="http://www.springframework.org/schema/security" alias="authenticationManager">
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="user" password="user" authorities="ROLE_USER" />
<ss:user name="admin" password="admin" authorities="ROLE_ADMIN" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
Then I thought of intercepting the url 然后我想到了拦截网址
<ss:http auto-config="true" realm="mule-realm" use-expressions="true">
<ss:intercept-url pattern="/api/customers" method="GET" access="ROLE_USER"/>
<ss:intercept-url pattern="/api/customers" method="POST" access="ROLE_ADMIN"/>
</ss:http>
Finally I placed basic-security-filter after HTTP Listener like below 最后,我将basic-security-filter放在HTTP侦听basic-security-filter之后,如下所示
<http:listener config-ref="CustomerAPI-httpListenerConfig" path="/api/*" doc:name="HTTP" />
<http:basic-security-filter realm="mule-realm" securityProviders="memory-provider" />
<mule-ss:security-manager xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security" name="muleSecurityManager">
<mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager" />
</mule-ss:security-manager>
Now, what I expected is, a request from a user whose role is ROLE_USER (with user/user credentials) can only access GET and a request from a user whose role is ROLE_ADMIN (with admin/admin credentials) can access both GET and POST. 现在,我所期望的是,角色为ROLE_USER (具有user/user凭据)的用户的请求只能访问GET,而角色为ROLE_ADMIN (具有admin/admin凭据)的用户的请求可以访问GET和POST 。
But I was wrong. 但是我错了。 A request from a user whose role is ROLE_USER accesses both POST and GET which is what I never expected. 来自角色为ROLE_USER的用户的请求访问了POST和GET,这是我从未想到的。
Can anyone please guide me in the right way to achieve the above requirement? 任何人都可以以正确的方式指导我达到上述要求吗?
2 个解决方案
解决方案1
3 已采纳 2015-11-04 20:03:36
You can see this example raml-intro to setup your api with spring-security. 您可以看到此示例raml-intro来设置具有spring-security的api。 In this case, I am using the security.properties to manage users and roles. 在这种情况下,我正在使用security.properties来管理用户和角色。
As you can see in the those lines I have a flow which handle security access but there are no restriction by roles. 正如您在这些行中看到的那样,我有一个流程可以处理安全性访问,但是不受角色的限制。
In order to handle roles you can modify the code and add the following line 为了处理角色,您可以修改代码并添加以下行
<mule-ss:authorization-filter requiredAuthorities="ROLE_ADMIN"/>
Your flow should look like this: 您的流程应如下所示:
<flow name="get:/publishers:publishers-config">
<mule-ss:http-security-filter realm="mule-realm"
securityProviders="security-provider"/>
<mule-ss:authorization-filter requiredAuthorities="ROLE_ADMIN"/>
<set-payload
value="[{
 "id" : 1,
 "name" : "DC Comics"
},
{
 "id" : 2,
 "name" : "Marvel Comics"
}]"
doc:name="Set Payload" />
</flow>
解决方案2
2 2015-11-04 20:24:58
If you want to implement the authorization based on the Htttp Method, you can use the next example: 如果要基于Htttp方法实现授权,则可以使用下一个示例:
<ss:authentication-manager xmlns:ss="http://www.springframework.org/schema/security" alias="authenticationManager">
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="user" password="user" authorities="ROLE_USER" />
<ss:user name="admin" password="admin" authorities="ROLE_ADMIN,ROLE_USER" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
{...}
<flow name="testingFlow">
<http:listener config-ref="HTTP_Listener_Configuration2" path="/*" doc:name="HTTP" allowedMethods="GET,POST"/>
<http:basic-security-filter realm="mule-realm"/>
<set-variable variableName="method" value="#[header:INBOUND:http.method]" doc:name="method rest" />
<choice>
<when expression="method.equals('GET')">
<mule-ss:authorization-filter requiredAuthorities="ROLE_USER"/>
</when>
<when expression="method.equals('POST')">
<mule-ss:authorization-filter requiredAuthorities="ROLE_ADMIN"/>
</when>
</choice>
</flow>
Note that it's necessary to assign the roles ROLE_ADMIN and ROLE_USER to the user admin because "mule-ss:authorization-filter" doesn't allow multi values. 请注意,必须将角色ROLE_ADMIN和ROLE_USER分配给用户admin,因为“ mule-ss:authorization-filter”不允许使用多个值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.