SlideShare uma empresa Scribd logo

Rest security in mule

S
Son Nguyen

Rest security in mule

Tecnologia
1 de 17
REST SECURITY IN MULE
We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful web services ???
We can easily secure our REST service using OAUTH 2.0
For implementing OAUTH 2.0 in our REST web service we require 3 steps :- • Authorisation to obtain a secret code • Use that secret code to obtain an access_token • Use the access_token to validate and access the web service
Let us we have following Mule flow:- Here is our web service which will be secured by using OAUTH 2.0 security. You can see the OAUTH 2.0 component is placed between HTTP and CXF component which will validate the access_token and will permit to accesses the web service
The corresponding Mule flow will be as follows:- Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP
Here you can see we have configured the Spring security with username and password to obtain a secret code. Also in oauth2 provider config we configured client id and client secret
Authorization to obtain a secret code
Now we will go with first step : Step 1 :- Authorisation to obtain a secret code We will put the following url in browser :- http://localhost:8084/tweetbook/api/authorize?response_type=code&client_id=e7aaf348-f08a-11e1-9237- 96c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri=http://localhost:8082/getData/insert You can see we are passing client id and client code in our url and we will get the above page for login
We will be providing the username and password configure in our Spring security in Mule Config:- username john and password is doe in our case, and we will hit login and Authorize button
We will get a secrete code in browser url as following :- We will use that secret code to obtain an access_token
Use that secret code to obtain an access_token
Now we will go with second step : Step 2 :- Use that secret code to obtain an access_token We need to include the secret code in our url as follows :- http://localhost:8084/tweetbook/api/token?grant_type=AUTHORIZATION_CODE&client_id=e7aaf348-f08a-11e1-9237- 96c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20- 96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX85YOxNl LFTg&redirect_uri=http://localhost:8082/getData/insert We will use that secret code to obtain an access_token. And now you can see we got the access_token in the browser. And this access_token will be using to access our web service
Use the access_token to validate and access the web service
Now we will go with third step : Step 3 :- Use the access_token to validate and access the web service We need the access_token to be pass as a header when accessing web service as follows You can see we are using REST Client for testing our web service and passing the access_token in the header
Now, you can see that if we hit the web service in the REST Client with the an access_token in the header, the secured service is providing the response
In my next slide I will bring some other techniques in Mule implementation . Hope you have enjoyed this simpler version. Keep sharing your knowledge and let our Mule community grow 

Recomendados

Rest security with oauth 2.0
Rest security with oauth 2.0Rest security with oauth 2.0
Rest security with oauth 2.0Anirban Sen Chowdhary
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedinKhasim Saheb
 
Mule ESB integration with Stripe
Mule ESB integration with StripeMule ESB integration with Stripe
Mule ESB integration with StripeRamakrishna Narkedamilli
 
Integration of linked in using mule esb
Integration of linked in using mule esbIntegration of linked in using mule esb
Integration of linked in using mule esbSanjeet Pandey
 
Integrate facebook using mule esb
Integrate facebook using mule esbIntegrate facebook using mule esb
Integrate facebook using mule esbSanjeet Pandey
 
Salesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSalesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSreekanth Kondapalli
 
Demo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook ConnectorDemo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook ConnectorRupesh Sinha
 
Https service mule
Https service muleHttps service mule
Https service muleKarnam Karthik
 

Recomendados

Rest security with oauth 2.0
Rest security with oauth 2.0Rest security with oauth 2.0
Rest security with oauth 2.0Anirban Sen Chowdhary
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedinKhasim Saheb
 
Mule ESB integration with Stripe
Mule ESB integration with StripeMule ESB integration with Stripe
Mule ESB integration with StripeRamakrishna Narkedamilli
 
Integration of linked in using mule esb
Integration of linked in using mule esbIntegration of linked in using mule esb
Integration of linked in using mule esbSanjeet Pandey
 
Integrate facebook using mule esb
Integrate facebook using mule esbIntegrate facebook using mule esb
Integrate facebook using mule esbSanjeet Pandey
 
Salesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSalesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSreekanth Kondapalli
 
Demo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook ConnectorDemo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook ConnectorRupesh Sinha
 
Https service mule
Https service muleHttps service mule
Https service muleKarnam Karthik
 
Manage and consume the api
Manage and consume the apiManage and consume the api
Manage and consume the apiAchyuta Lakshmi Puvvala
 
Mule with facebook
Mule with facebookMule with facebook
Mule with facebookD.Rajesh Kumar
 
Query in share point by mule
Query in share point by muleQuery in share point by mule
Query in share point by muleSon Nguyen
 
Mule organization
Mule organizationMule organization
Mule organizationSon Nguyen
 
Mule Salesforce Connector
Mule Salesforce ConnectorMule Salesforce Connector
Mule Salesforce ConnectorAnkush Sharma
 
Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Anirban Sen Chowdhary
 
Anypoint lessons
Anypoint lessonsAnypoint lessons
Anypoint lessonsDwight Cavalcanti
 
Messaging APIs of RingCentral
Messaging APIs of RingCentralMessaging APIs of RingCentral
Messaging APIs of RingCentralAnirban Sen Chowdhary
 
Integrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azureIntegrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azureSon Nguyen
 
Sharing Multiple IP Addresses
Sharing Multiple IP AddressesSharing Multiple IP Addresses
Sharing Multiple IP AddressesHTS Hosting
 
Automatic documentation with mule
Automatic documentation with muleAutomatic documentation with mule
Automatic documentation with muleF K
 
Deploy with maven
Deploy with mavenDeploy with maven
Deploy with mavenSon Nguyen
 
The Password & Security Interface of cPanel
The Password & Security Interface of cPanelThe Password & Security Interface of cPanel
The Password & Security Interface of cPanelHTS Hosting
 
The ViewModel pattern
The ViewModel patternThe ViewModel pattern
The ViewModel patternSimone Chiaretta
 
Mule management console installation with Tomcat
Mule management console installation with TomcatMule management console installation with Tomcat
Mule management console installation with TomcatSudha Ch
 
Mule esb stripe
Mule esb stripeMule esb stripe
Mule esb stripeD.Rajesh Kumar
 
Integration with sales force
Integration with sales forceIntegration with sales force
Integration with sales forceSon Nguyen
 
Mule Security
Mule SecurityMule Security
Mule SecurityShanky Gupta
 
Mulesoft encryption
Mulesoft encryptionMulesoft encryption
Mulesoft encryptionJagruti Sakhare
 
scootering
scooteringscootering
scooteringAndré Prager
 
D@W REST security
D@W REST securityD@W REST security
D@W REST securityGaurav Sharma
 
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based ApproachDetection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based ApproachFrancis Palma
 

Mais conteúdo relacionado

Mais procurados

Query in share point by mule
Query in share point by muleQuery in share point by mule
Query in share point by muleSon Nguyen
 
Mule organization
Mule organizationMule organization
Mule organizationSon Nguyen
 
Mule Salesforce Connector
Mule Salesforce ConnectorMule Salesforce Connector
Mule Salesforce ConnectorAnkush Sharma
 
Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Anirban Sen Chowdhary
 
Integrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azureIntegrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azureSon Nguyen
 
Sharing Multiple IP Addresses
Sharing Multiple IP AddressesSharing Multiple IP Addresses
Sharing Multiple IP AddressesHTS Hosting
 
Automatic documentation with mule
Automatic documentation with muleAutomatic documentation with mule
Automatic documentation with muleF K
 
Deploy with maven
Deploy with mavenDeploy with maven
Deploy with mavenSon Nguyen
 
The Password & Security Interface of cPanel
The Password & Security Interface of cPanelThe Password & Security Interface of cPanel
The Password & Security Interface of cPanelHTS Hosting
 
Mule management console installation with Tomcat
Mule management console installation with TomcatMule management console installation with Tomcat
Mule management console installation with TomcatSudha Ch
 
Integration with sales force
Integration with sales forceIntegration with sales force
Integration with sales forceSon Nguyen
 

Mais procurados (17)

Manage and consume the api
Manage and consume the apiManage and consume the api
Manage and consume the api
 
Mule with facebook
Mule with facebookMule with facebook
Mule with facebook
 
Query in share point by mule
Query in share point by muleQuery in share point by mule
Query in share point by mule
 
Mule organization
Mule organizationMule organization
Mule organization
 
Mule Salesforce Connector
Mule Salesforce ConnectorMule Salesforce Connector
Mule Salesforce Connector
 
Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)
 
Anypoint lessons
Anypoint lessonsAnypoint lessons
Anypoint lessons
 
Messaging APIs of RingCentral
Messaging APIs of RingCentralMessaging APIs of RingCentral
Messaging APIs of RingCentral
 
Integrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azureIntegrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azure
 
Sharing Multiple IP Addresses
Sharing Multiple IP AddressesSharing Multiple IP Addresses
Sharing Multiple IP Addresses
 
Automatic documentation with mule
Automatic documentation with muleAutomatic documentation with mule
Automatic documentation with mule
 
Deploy with maven
Deploy with mavenDeploy with maven
Deploy with maven
 
The Password & Security Interface of cPanel
The Password & Security Interface of cPanelThe Password & Security Interface of cPanel
The Password & Security Interface of cPanel
 
The ViewModel pattern
The ViewModel patternThe ViewModel pattern
The ViewModel pattern
 
Mule management console installation with Tomcat
Mule management console installation with TomcatMule management console installation with Tomcat
Mule management console installation with Tomcat
 
Mule esb stripe
Mule esb stripeMule esb stripe
Mule esb stripe
 
Integration with sales force
Integration with sales forceIntegration with sales force
Integration with sales force
 

Destaque

Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based ApproachDetection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based ApproachFrancis Palma
 
The routing message processor scatter gather
The routing message processor scatter gatherThe routing message processor scatter gather
The routing message processor scatter gatherSon Nguyen
 
Mulesoft intergrate for android app
Mulesoft intergrate for android appMulesoft intergrate for android app
Mulesoft intergrate for android appSon Nguyen
 
Scatter gather flow in mule
Scatter gather flow in muleScatter gather flow in mule
Scatter gather flow in muleSon Nguyen
 
Create dynamic json using mule
Create dynamic json using muleCreate dynamic json using mule
Create dynamic json using muleSon Nguyen
 
mule custom aggregator
mule custom aggregatormule custom aggregator
mule custom aggregatorPaolo Mojica
 
Muleflowarchitecturepart2
Muleflowarchitecturepart2Muleflowarchitecturepart2
Muleflowarchitecturepart2vijaynerd
 
Data weave more operations
Data weave more operationsData weave more operations
Data weave more operationsRamakrishna kapa
 
Anypoint enterprise security overview
Anypoint enterprise security overviewAnypoint enterprise security overview
Anypoint enterprise security overviewdanishsm84
 
Using spring scheduler mule
Using spring scheduler muleUsing spring scheduler mule
Using spring scheduler muleSon Nguyen
 
REST API Doc Best Practices
REST API Doc Best PracticesREST API Doc Best Practices
REST API Doc Best PracticesMarta Rauch
 
Runing batch job in mule
Runing batch job in muleRuning batch job in mule
Runing batch job in muleSon Nguyen
 
REST API Best (Recommended) Practices
REST API Best (Recommended) PracticesREST API Best (Recommended) Practices
REST API Best (Recommended) PracticesRasheed Waraich
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Cesare Pautasso
 

Destaque (20)

Mule Security
Mule SecurityMule Security
Mule Security
 
Mulesoft encryption
Mulesoft encryptionMulesoft encryption
Mulesoft encryption
 
scootering
scooteringscootering
scootering
 
D@W REST security
D@W REST securityD@W REST security
D@W REST security
 
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based ApproachDetection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
 
The routing message processor scatter gather
The routing message processor scatter gatherThe routing message processor scatter gather
The routing message processor scatter gather
 
Mulesoft intergrate for android app
Mulesoft intergrate for android appMulesoft intergrate for android app
Mulesoft intergrate for android app
 
Scatter gather flow in mule
Scatter gather flow in muleScatter gather flow in mule
Scatter gather flow in mule
 
Create dynamic json using mule
Create dynamic json using muleCreate dynamic json using mule
Create dynamic json using mule
 
mule custom aggregator
mule custom aggregatormule custom aggregator
mule custom aggregator
 
Muleflowarchitecturepart2
Muleflowarchitecturepart2Muleflowarchitecturepart2
Muleflowarchitecturepart2
 
Data weave more operations
Data weave more operationsData weave more operations
Data weave more operations
 
Load balancer in mule
Load balancer in muleLoad balancer in mule
Load balancer in mule
 
Anypoint enterprise security overview
Anypoint enterprise security overviewAnypoint enterprise security overview
Anypoint enterprise security overview
 
Using spring scheduler mule
Using spring scheduler muleUsing spring scheduler mule
Using spring scheduler mule
 
REST API Doc Best Practices
REST API Doc Best PracticesREST API Doc Best Practices
REST API Doc Best Practices
 
Runing batch job in mule
Runing batch job in muleRuning batch job in mule
Runing batch job in mule
 
REST API Best (Recommended) Practices
REST API Best (Recommended) PracticesREST API Best (Recommended) Practices
REST API Best (Recommended) Practices
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
 

Semelhante a Rest security in mule

LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroTaylor Singletary
 
Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Alvaro Sanchez-Mariscal
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Alvaro Sanchez-Mariscal
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Alvaro Sanchez-Mariscal
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
How to implement Keycloak authentication in React.pptx
How to implement Keycloak authentication in React.pptxHow to implement Keycloak authentication in React.pptx
How to implement Keycloak authentication in React.pptxKnoldus Inc.
 
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT BearerMulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT BearerVince Soliza
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular jsBixlabs
 
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)ikram_ahamed
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerAnupam Gogoi
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuthVivastream
 
O auth how_to
O auth how_toO auth how_to
O auth how_tovivaqa
 
Mule soft Meetup #3
Mule soft Meetup #3 Mule soft Meetup #3
Mule soft Meetup #3Gaurav Sethi
 

Semelhante a Rest security in mule (20)

LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To Hero
 
Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
How to implement Keycloak authentication in React.pptx
How to implement Keycloak authentication in React.pptxHow to implement Keycloak authentication in React.pptx
How to implement Keycloak authentication in React.pptx
 
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT BearerMulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
 
Esquema de pasos de ejecución IdM
Esquema de pasos de ejecución IdMEsquema de pasos de ejecución IdM
Esquema de pasos de ejecución IdM
 
Api security
Api security Api security
Api security
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity Server
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
Some OAuth love
Some OAuth loveSome OAuth love
Some OAuth love
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuth
 
O auth how_to
O auth how_toO auth how_to
O auth how_to
 
Mule soft Meetup #3
Mule soft Meetup #3 Mule soft Meetup #3
Mule soft Meetup #3
 

Mais de Son Nguyen

Wsdl connector introduction
Wsdl connector introductionWsdl connector introduction
Wsdl connector introductionSon Nguyen
 
Android intergrate with mule
Android intergrate with muleAndroid intergrate with mule
Android intergrate with muleSon Nguyen
 
Mule flow overview
Mule flow overviewMule flow overview
Mule flow overviewSon Nguyen
 
Mule flow and filter
Mule flow and filterMule flow and filter
Mule flow and filterSon Nguyen
 
Handle exceptions in mule
Handle exceptions in muleHandle exceptions in mule
Handle exceptions in muleSon Nguyen
 
Spring security integrate with mule
Spring security integrate with muleSpring security integrate with mule
Spring security integrate with muleSon Nguyen
 
Message processor in mule
Message processor in muleMessage processor in mule
Message processor in muleSon Nguyen
 
Expression language in mule
Expression language in muleExpression language in mule
Expression language in muleSon Nguyen
 
Mule with data weave
Mule with data weaveMule with data weave
Mule with data weaveSon Nguyen
 
Composite source in bound and out-bound
Composite source in bound and out-boundComposite source in bound and out-bound
Composite source in bound and out-boundSon Nguyen
 
Batch job processing
Batch job processingBatch job processing
Batch job processingSon Nguyen
 
Using message enricher
Using message enricherUsing message enricher
Using message enricherSon Nguyen
 
Finance connectors with mule
Finance connectors with muleFinance connectors with mule
Finance connectors with muleSon Nguyen
 
Google drive connection
Google drive connectionGoogle drive connection
Google drive connectionSon Nguyen
 
Using properties in mule
Using properties in muleUsing properties in mule
Using properties in muleSon Nguyen
 
Mule integrate with microsoft
Mule integrate with microsoftMule integrate with microsoft
Mule integrate with microsoftSon Nguyen
 
Anypoint connectors
Anypoint connectorsAnypoint connectors
Anypoint connectorsSon Nguyen
 
Mule esb basic introduction
Mule esb basic introductionMule esb basic introduction
Mule esb basic introductionSon Nguyen
 
Mule integration with cloud hub
Mule integration with cloud hubMule integration with cloud hub
Mule integration with cloud hubSon Nguyen
 

Mais de Son Nguyen (20)

Wsdl connector introduction
Wsdl connector introductionWsdl connector introduction
Wsdl connector introduction
 
Android intergrate with mule
Android intergrate with muleAndroid intergrate with mule
Android intergrate with mule
 
Mule flow overview
Mule flow overviewMule flow overview
Mule flow overview
 
Mule flow and filter
Mule flow and filterMule flow and filter
Mule flow and filter
 
Handle exceptions in mule
Handle exceptions in muleHandle exceptions in mule
Handle exceptions in mule
 
Spring security integrate with mule
Spring security integrate with muleSpring security integrate with mule
Spring security integrate with mule
 
Message processor in mule
Message processor in muleMessage processor in mule
Message processor in mule
 
Expression language in mule
Expression language in muleExpression language in mule
Expression language in mule
 
Mule with data weave
Mule with data weaveMule with data weave
Mule with data weave
 
Composite source in bound and out-bound
Composite source in bound and out-boundComposite source in bound and out-bound
Composite source in bound and out-bound
 
Batch job processing
Batch job processingBatch job processing
Batch job processing
 
Using message enricher
Using message enricherUsing message enricher
Using message enricher
 
Finance connectors with mule
Finance connectors with muleFinance connectors with mule
Finance connectors with mule
 
Google drive connection
Google drive connectionGoogle drive connection
Google drive connection
 
Using properties in mule
Using properties in muleUsing properties in mule
Using properties in mule
 
Mule integrate with microsoft
Mule integrate with microsoftMule integrate with microsoft
Mule integrate with microsoft
 
Jms queue
Jms queueJms queue
Jms queue
 
Anypoint connectors
Anypoint connectorsAnypoint connectors
Anypoint connectors
 
Mule esb basic introduction
Mule esb basic introductionMule esb basic introduction
Mule esb basic introduction
 
Mule integration with cloud hub
Mule integration with cloud hubMule integration with cloud hub
Mule integration with cloud hub
 

Último

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 

Último (20)

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 

Rest security in mule

  • 2. We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful web services ???
  • 3. We can easily secure our REST service using OAUTH 2.0
  • 4. For implementing OAUTH 2.0 in our REST web service we require 3 steps :- • Authorisation to obtain a secret code • Use that secret code to obtain an access_token • Use the access_token to validate and access the web service
  • 5. Let us we have following Mule flow:- Here is our web service which will be secured by using OAUTH 2.0 security. You can see the OAUTH 2.0 component is placed between HTTP and CXF component which will validate the access_token and will permit to accesses the web service
  • 6. The corresponding Mule flow will be as follows:- Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP
  • 7. Here you can see we have configured the Spring security with username and password to obtain a secret code. Also in oauth2 provider config we configured client id and client secret
  • 8. Authorization to obtain a secret code
  • 9. Now we will go with first step : Step 1 :- Authorisation to obtain a secret code We will put the following url in browser :- http://localhost:8084/tweetbook/api/authorize?response_type=code&client_id=e7aaf348-f08a-11e1-9237- 96c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri=http://localhost:8082/getData/insert You can see we are passing client id and client code in our url and we will get the above page for login
  • 10. We will be providing the username and password configure in our Spring security in Mule Config:- username john and password is doe in our case, and we will hit login and Authorize button
  • 11. We will get a secrete code in browser url as following :- We will use that secret code to obtain an access_token
  • 12. Use that secret code to obtain an access_token
  • 13. Now we will go with second step : Step 2 :- Use that secret code to obtain an access_token We need to include the secret code in our url as follows :- http://localhost:8084/tweetbook/api/token?grant_type=AUTHORIZATION_CODE&client_id=e7aaf348-f08a-11e1-9237- 96c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20- 96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX85YOxNl LFTg&redirect_uri=http://localhost:8082/getData/insert We will use that secret code to obtain an access_token. And now you can see we got the access_token in the browser. And this access_token will be using to access our web service
  • 14. Use the access_token to validate and access the web service
  • 15. Now we will go with third step : Step 3 :- Use the access_token to validate and access the web service We need the access_token to be pass as a header when accessing web service as follows You can see we are using REST Client for testing our web service and passing the access_token in the header
  • 16. Now, you can see that if we hit the web service in the REST Client with the an access_token in the header, the secured service is providing the response
  • 17. In my next slide I will bring some other techniques in Mule implementation . Hope you have enjoyed this simpler version. Keep sharing your knowledge and let our Mule community grow 