我们在 Mule 上部署的 RestFul Web 服务中使用基本身份验证,安全性由内置的 Spring Security 提供支持。我们正在使用 Mule 3.3.0。
我们将 mflow 分成 2 个不同的部分 - main.xml 和 connector.xml。原因是在运行功能测试时,我们传递了另一个 mflow connector-test.xml 而不是 connector.xml,其中所有端点(如 AMQ 等)都被存根。但是对于 Rest,我们仍然使用正确的端点。在我们的 Mule 功能测试中,我们使用 apache commons httpclient 对这些端点进行安静的 WS 调用,等待响应,然后检查它是否通过了测试。
相同的功能在 mule 独立版中运行良好 - 即 rest webservice 部署良好,我们可以发出 http rest 请求 - 它获得基本身份验证,然后返回响应。但是,在功能测试期间进行身份验证时,它会失败并显示消息
Exception stack is:
1. There is no Security Provider reqistered called "org.mule.security.DefaultMuleAuthentication" (org.mule.api.security.SecurityProviderNotFoundException)
org.mule.security.MuleSecurityManager:107 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/security/SecurityProviderNotFoundException.html)
********************************************************************************
Root Exception stack trace:
org.mule.api.security.SecurityProviderNotFoundException: There is no Security Provider reqistered called "org.mule.security.DefaultMuleAuthentication"
at org.mule.security.MuleSecurityManager.authenticate(MuleSecurityManager.java:107)
at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:134)
at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:58)
at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:56)
at org.mule.security.AbstractEndpointSecurityFilter.doFilter(AbstractEndpointSecurityFilter.java:49)
at org.mule.processor.SecurityFilterMessageProcessor.process(SecurityFilterMessageProcessor.java:52)
at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:27)
at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:43)
at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:43)
at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:27)
at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:43)
at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:43)
at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:27)
at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:43)
at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:43)
at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:27)
at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:43)
at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:43)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:192)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:174)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:166)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:153)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker$1.process(HttpMessageReceiver.java:310)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker$1.process(HttpMessageReceiver.java:305)
at org.mule.execution.ExecuteCallbackInterceptor.execute(ExecuteCallbackInterceptor.java:20)
at org.mule.execution.HandleExceptionInterceptor.execute(HandleExceptionInterceptor.java:34)
at org.mule.execution.HandleExceptionInterceptor.execute(HandleExceptionInterceptor.java:18)
at org.mule.execution.BeginAndResolveTransactionInterceptor.execute(BeginAndResolveTransactionInterceptor.java:58)
at org.mule.execution.ResolvePreviousTransactionInterceptor.execute(ResolvePreviousTransactionInterceptor.java:48)
at org.mule.execution.SuspendXaTransactionInterceptor.execute(SuspendXaTransactionInterceptor.java:54)
at org.mule.execution.ValidateTransactionalStateInterceptor.execute(ValidateTransactionalStateInterceptor.java:44)
at org.mule.execution.IsolateCurrentTransactionInterceptor.execute(IsolateCurrentTransactionInterceptor.java:44)
at org.mule.execution.ExternalTransactionInterceptor.execute(ExternalTransactionInterceptor.java:52)
at org.mule.execution.RethrowExceptionInterceptor.execute(RethrowExceptionInterceptor.java:32)
at org.mule.execution.RethrowExceptionInterceptor.execute(RethrowExceptionInterceptor.java:17)
at org.mule.execution.TransactionalErrorHandlingExecutionTemplate.execute(TransactionalErrorHandlingExecutionTemplate.java:113)
at org.mule.execution.TransactionalErrorHandlingExecutionTemplate.execute(TransactionalErrorHandlingExecutionTemplate.java:34)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:304)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:250)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:163)
at org.mule.work.WorkerContext.run(WorkerContext.java:311)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
知道为什么安全提供者没有注册吗?
这里是设置..
main.xml 的内容
<flow name="RestFlow" doc:name="RestFlow">
<inbound-endpoint ref="restEndPoint" mimeType="text/xml">
<mule-ss:http-security-filter realm="easervices-realm" />
</inbound-endpoint>
<jersey:resources doc:name="REST">
<component>
<spring-object bean="createCompany"/>
</component>
<component>
<spring-object bean="activateNumbers"/>
</component>
</jersey:resources>
</flow>
........
如您所见,安全位被注入到上面的 RestFlow 中。其余的安全设置在 connector.xml(live) 或 connector-test.xml(test) 中完成
connector-test.xml 的内容- 在内存中部署以运行功能测试时需要注意的点 Rest 端点部署在端口 8098 上,但这与安全性无关
<spring:beans>
<spring:import resource="classpath:spring/external-service-config-stub.xml" />
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider>
<ss:password-encoder hash="sha" />
<ss:user-service id="userService">
<ss:user name="adminportal" password="0314795e56347590b54b7da2afba3456fgcd4968"
authorities="ROLE_ADMIN" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
<ss:global-method-security
pre-post-annotations="enabled" jsr250-annotations="enabled" />
</spring:beans>
<http:endpoint exchange-pattern="request-response" host="localhost"
port="8098" path="mypath" name="restEndPoint" doc:name="HTTP" />
<mule-ss:security-manager>
<mule-ss:delegate-security-provider
name="memory-provider" delegate-ref="authenticationManager" />
</mule-ss:security-manager>
connector.xml 的内容- 在 mule-standalone 中部署时的注意点 Rest 暴露在端口 8088 上,并且注入了真正的 Spring 服务(尽管它们与安全性无关)
<spring:beans>
<spring:import resource="classpath:spring/external-service-config.xml" />
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider>
<ss:password-encoder hash="sha" />
<ss:user-service id="userService">
<ss:user name="adminportal" password="0314795e56347590b54b7da2afba3456fgcd4968"
authorities="ROLE_ADMIN" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
<ss:global-method-security
pre-post-annotations="enabled" jsr250-annotations="enabled" />
<context:property-placeholder location="classpath:config/mule-config.properties" />
</spring:beans>
<http:endpoint exchange-pattern="request-response" host="localhost"
port="8088" path="mypath" name="restEndPoint" mimeType="text/xml"
doc:name="HTTP" />
<mule-ss:security-manager>
<mule-ss:delegate-security-provider
name="memory-provider" delegate-ref="authenticationManager" />
</mule-ss:security-manager>
在我们的功能测试代码中调用代码,在运行测试时发出 http 休息请求。
httpClient.getState().setCredentials(
new AuthScope("localhost", 8098, "easervices-realm"),
new UsernamePasswordCredentials("adminportal",
"thepassword"));
httpClient.getParams().setAuthenticationPreemptive(true);
httpClient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
Collections.singleton(AuthPolicy.BASIC));
final PostMethod meth = new PostMethod("http://localhost:8098/horizon"
+ url);
meth.setDoAuthentication(true);
meth.setRequestEntity(new StringRequestEntity(xml, "text/xml",
"ISO-8859-1"));
// meth.addRequestHeader("Content-Type", "text/xml");
httpClient.executeMethod(meth);
请帮忙。connector.xml 中使用了相同的安全设置,当应用程序部署在独立的 mule 3.3.0 中时,它可以正常部署并且基本身份验证也很好。不知何故,安全提供者在运行 Mule 功能测试时没有注册,其中 mule 服务器在内存中启动,并且应用程序部署为使用测试配置进行测试。