1

我们在 Mule 上部署的 RestFul Web 服务中使用基本身份验证,安全性由内置的 Spring Security 提供支持。我们正在使用 Mule 3.3.0。

我们将 mflow 分成 2 个不同的部分 - main.xml 和 connector.xml。原因是在运行功能测试时,我们传递了另一个 mflow connector-test.xml 而不是 connector.xml,其中所有端点(如 AMQ 等)都被存根。但是对于 Rest,我们仍然使用正确的端点。在我们的 Mule 功能测试中,我们使用 apache commons httpclient 对这些端点进行安静的 WS 调用,等待响应,然后检查它是否通过了测试。

相同的功能在 mule 独立版中运行良好 - 即 rest webservice 部署良好,我们可以发出 http rest 请求 - 它获得基本身份验证,然后返回响应。但是,在功能测试期间进行身份验证时,它会失败并显示消息

Exception stack is:
1. There is no Security Provider reqistered called "org.mule.security.DefaultMuleAuthentication" (org.mule.api.security.SecurityProviderNotFoundException)
  org.mule.security.MuleSecurityManager:107 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/security/SecurityProviderNotFoundException.html)
********************************************************************************
Root Exception stack trace:
org.mule.api.security.SecurityProviderNotFoundException: There is no Security Provider reqistered called "org.mule.security.DefaultMuleAuthentication"
      at org.mule.security.MuleSecurityManager.authenticate(MuleSecurityManager.java:107)
      at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:134)
      at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:58)
      at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:56)
      at org.mule.security.AbstractEndpointSecurityFilter.doFilter(AbstractEndpointSecurityFilter.java:49)
      at org.mule.processor.SecurityFilterMessageProcessor.process(SecurityFilterMessageProcessor.java:52)
      at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:27)
      at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:43)
      at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:43)
      at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:27)
      at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:43)
      at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:43)
      at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:27)
      at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:43)
      at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:43)
      at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:27)
      at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:43)
      at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:43)
      at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:192)
      at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:174)
      at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:166)
      at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:153)
      at org.mule.transport.http.HttpMessageReceiver$HttpWorker$1.process(HttpMessageReceiver.java:310)
      at org.mule.transport.http.HttpMessageReceiver$HttpWorker$1.process(HttpMessageReceiver.java:305)
      at org.mule.execution.ExecuteCallbackInterceptor.execute(ExecuteCallbackInterceptor.java:20)
      at org.mule.execution.HandleExceptionInterceptor.execute(HandleExceptionInterceptor.java:34)
      at org.mule.execution.HandleExceptionInterceptor.execute(HandleExceptionInterceptor.java:18)
      at org.mule.execution.BeginAndResolveTransactionInterceptor.execute(BeginAndResolveTransactionInterceptor.java:58)
      at org.mule.execution.ResolvePreviousTransactionInterceptor.execute(ResolvePreviousTransactionInterceptor.java:48)
      at org.mule.execution.SuspendXaTransactionInterceptor.execute(SuspendXaTransactionInterceptor.java:54)
      at org.mule.execution.ValidateTransactionalStateInterceptor.execute(ValidateTransactionalStateInterceptor.java:44)
      at org.mule.execution.IsolateCurrentTransactionInterceptor.execute(IsolateCurrentTransactionInterceptor.java:44)
      at org.mule.execution.ExternalTransactionInterceptor.execute(ExternalTransactionInterceptor.java:52)
      at org.mule.execution.RethrowExceptionInterceptor.execute(RethrowExceptionInterceptor.java:32)
      at org.mule.execution.RethrowExceptionInterceptor.execute(RethrowExceptionInterceptor.java:17)
      at org.mule.execution.TransactionalErrorHandlingExecutionTemplate.execute(TransactionalErrorHandlingExecutionTemplate.java:113)
      at org.mule.execution.TransactionalErrorHandlingExecutionTemplate.execute(TransactionalErrorHandlingExecutionTemplate.java:34)
      at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:304)
      at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:250)
      at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:163)
      at org.mule.work.WorkerContext.run(WorkerContext.java:311)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:662)

知道为什么安全提供者没有注册吗?

这里是设置..

main.xml 的内容

 <flow name="RestFlow" doc:name="RestFlow">
    <inbound-endpoint ref="restEndPoint" mimeType="text/xml">
            <mule-ss:http-security-filter realm="easervices-realm" />
        </inbound-endpoint>

            <jersey:resources doc:name="REST">
 <component>
            <spring-object bean="createCompany"/>            
        </component>
        <component>
            <spring-object bean="activateNumbers"/>            
        </component>
 </jersey:resources>
</flow>
    ........

如您所见,安全位被注入到上面的 RestFlow 中。其余的安全设置在 connector.xml(live) 或 connector-test.xml(test) 中完成

connector-test.xml 的内容- 在内存中部署以运行功能测试时需要注意的点 Rest 端点部署在端口 8098 上,但这与安全性无关

<spring:beans>
      <spring:import resource="classpath:spring/external-service-config-stub.xml" />

      <ss:authentication-manager alias="authenticationManager">
            <ss:authentication-provider>
                  <ss:password-encoder hash="sha" />
                  <ss:user-service id="userService">
                        <ss:user name="adminportal" password="0314795e56347590b54b7da2afba3456fgcd4968"
                              authorities="ROLE_ADMIN" />
                  </ss:user-service>

            </ss:authentication-provider>
      </ss:authentication-manager>
      <ss:global-method-security
            pre-post-annotations="enabled" jsr250-annotations="enabled" />
      </spring:beans>

<http:endpoint exchange-pattern="request-response" host="localhost"
            port="8098" path="mypath" name="restEndPoint" doc:name="HTTP" />
<mule-ss:security-manager>
            <mule-ss:delegate-security-provider
                  name="memory-provider" delegate-ref="authenticationManager" />
      </mule-ss:security-manager>

connector.xml 的内容- 在 mule-standalone 中部署时的注意点 Rest 暴露在端口 8088 上,并且注入了真正的 Spring 服务(尽管它们与安全性无关)

<spring:beans>
    <spring:import resource="classpath:spring/external-service-config.xml" />

    <ss:authentication-manager alias="authenticationManager">
         <ss:authentication-provider>
                  <ss:password-encoder hash="sha" />
                  <ss:user-service id="userService">
                        <ss:user name="adminportal" password="0314795e56347590b54b7da2afba3456fgcd4968"
                              authorities="ROLE_ADMIN" />
                  </ss:user-service>

            </ss:authentication-provider>
    </ss:authentication-manager>
    <ss:global-method-security
        pre-post-annotations="enabled" jsr250-annotations="enabled" />

    <context:property-placeholder location="classpath:config/mule-config.properties" />
    </spring:beans>

<http:endpoint exchange-pattern="request-response" host="localhost"
        port="8088" path="mypath" name="restEndPoint" mimeType="text/xml"
        doc:name="HTTP" />
<mule-ss:security-manager>
        <mule-ss:delegate-security-provider
            name="memory-provider" delegate-ref="authenticationManager" />
    </mule-ss:security-manager>

在我们的功能测试代码中调用代码,在运行测试时发出 http 休息请求。

httpClient.getState().setCredentials(
                new AuthScope("localhost", 8098, "easervices-realm"),
                new UsernamePasswordCredentials("adminportal",
                        "thepassword"));
        httpClient.getParams().setAuthenticationPreemptive(true);
        httpClient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
                Collections.singleton(AuthPolicy.BASIC));
        final PostMethod meth = new PostMethod("http://localhost:8098/horizon"
                + url);
        meth.setDoAuthentication(true);
        meth.setRequestEntity(new StringRequestEntity(xml, "text/xml",
                "ISO-8859-1"));
        // meth.addRequestHeader("Content-Type", "text/xml");

        httpClient.executeMethod(meth);

请帮忙。connector.xml 中使用了相同的安全设置,当应用程序部署在独立的 mule 3.3.0 中时,它可以正常部署并且基本身份验证也很好。不知何故,安全提供者在运行 Mule 功能测试时没有注册,其中 mule 服务器在内存中启动,并且应用程序部署为使用测试配置进行测试。

4

0 回答 0