Use groovy expression for limited IP in mule
Question
I created a proxy service with cxf in mule. My version of mule is 3.3.0 CE. Now, I want to put a restriction in my wsdl that created with proxy service. My restriction shouldn't allow to per IP that they see my wsdl. for this, I find Groovy expression and bellow code:
<expression-filter
expression="#[groovy:'${allowed}'.contains(message.getInboundProperty('MULE_REMOTE_CLIENT_ADDRESS').substring(message.getInboundProperty('MULE_REMOTE_CLIENT_ADDRESS').indexOf('/')+1, message.getInboundProperty('MULE_REMOTE_CLIENT_ADDRESS').indexOf(':')))]"
doc:name="Expression" />
I don't know Is good code Or no? and I don't know where do I should define my valid Ip?
3 answers
solution1
3 ACCPTED 2013-01-30 13:28:12
That approach is valid. Only suggest I would do is to extract the IP parsing to a global function for reusability and better readability:
<configuration>
<expression-language>
<global-functions>
def parseIp(fullIp) {
return fullIp.substring(fullIp.indexOf('/') + 1, fullIp.indexOf(':'))
}
</global-functions>
</expression-language>
</configuration>
Then you can use it as follows:
<expression-filter expression="#['${allowed}'.contains(parseIp(message.inboundProperties['MULE_REMOTE_CLIENT_ADDRESS']))]"
doc:name="Expression" />
solution2
0 2013-01-30 14:18:47
Restricting service based on IP address doesn't look a scalable approach.
What if you've more clients coming in or may be even for 1 client, request can be sent from different environments (prod, test, dev), then you'll have different IPs.
Client can also change their machine and IP won't remain same. You don't want to design a system in which changes on client end affects you and your solution should be scalable enough to accommodate more clients.
One solution is to look for Securing your web service . This blog post talks about it. http://blogs.mulesoft.org/securing-soap-web-services-using-ws-security/
Googling web service security with Mule will give your more results.
solution3
0 2013-01-30 15:25:08
对于Mule EE用户,MuleSoft现在提供包含IP过滤器的企业安全模块。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.