how to validate “Authorization: Bearer <token>” with Mule 3.8?

Question

We need to Authenticate REST request based on header "Authorization: Bearer ". I used below configuration to enable Mule HTTP security. By default mule registered "org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter", so i have to pass Basic Authorization only with username and password. I tried to override HttpBasicAuthenticationFilter but i am not able to override this. As per our requirement, we need to validate Bearer token.

Could you please provide any pointer to vaildate "Authorization: Bearer " with Mule 3.8.

  <spring:beans>
    <spring:bean id="apiAuthenticationProvider" name="apiAuthenticationProvider" class="com.poc.ApiAuthenticationProvider" />
    <ss:authentication-manager id="authenticationManager">
            <ss:authentication-provider ref="apiAuthenticationProvider" />
        </ss:authentication-manager>
  </spring:beans>

  <mule-ss:security-manager  name="muleSecurityManager" doc:name="Spring Security Provider">
      <mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager" />
  </mule-ss:security-manager>

  <http:listener-config name="HTTP_Listener_Configuration" host="localhost" port="8081" doc:name="HTTP Listener Configuration" />

  <flow name="SpringExample">
    <http:listener config-ref="HTTP_Listener_Configuration" path="/" doc:name="HTTP"/>
    <mule-ss:http-security-filter realm="mule-realm" securityManager-ref="muleSecurityManager" />
  </flow>

Answer 1

I had word with Mulesoft Support team and concluded that this is not possible in Mule 3.8.

I come up with below options which we can use for this issue

We can use below alternative approach 1. USE API Manager to apply policy or custom validation - Much recommended, as validation will be handle before heating to implementation. 2. USE First component to validate request, Java, Script etc. 3. USE Mule interceptor