Contact Us 1-800-596-4880
  1. Homepage
  2. FTPS Connector (2.0)

  3. FTPS Connector Studio Configuration

All Connectors

Using Anypoint Studio to Configure FTPS Connector 2.0 - Mule 4

Anypoint Studio (Studio) editors help you design and update your Mule applications, properties, and configuration files.

To add and configure a connector in Studio:

  1. Create a Mule project.

  2. Add the connector to your Mule project.

  3. Configure a source for the connector’s flow.

  4. Add a connector operation to the flow.

  5. Configure a global element for the connector.

  6. Configure FTPS Mode for FTPS Connector.

  7. Configure TLS with Keystores and Truststores.

  8. Configure Java JDK for Session Reuse.

  9. Configure Bouncy Castle Libraries and Security Provider.

When you run the connector, you can view the app log to check for problems in real time, as described in View the App Log.

If you are new to configuring connectors in Studio, see Use Studio to Configure a Connector. If, after reading this topic, you need additional information about the connector fields, see the FTPS Connector Reference Reference.

Create a Mule Project

In Studio, create a new Mule project in which to add and configure the connector:

  1. In Studio, select File > New > Mule Project.

  2. Enter a name for your Mule project and click Finish.

Add the Connector to Your Mule Project

Add FTPS Connector to your Mule project to automatically populate the XML code with the connector’s namespace and schema location and to add the required dependencies to the project’s pom.xml file:

  1. In the Mule Palette view, click (X) Search in Exchange.

  2. In the Add Dependencies to Project window, type ftps in the search field.

  3. Click FTPS Connector in Available modules.

  4. Click Add.

  5. Click Finish.

Adding a connector to a Mule project in Studio does not make that connector available to other projects in your Studio workspace.

Configure a Source

A source initiates a flow when a specified condition is met. You can configure one of these sources to use with FTPS Connector:

  • On New or Updated File
    Initiates a flow by polling a directory for files that have been created or updated and generates a message for each file found.

  • HTTP Listener
    Initiates a flow each time it receives a request on the configured host and port.

  • Scheduler
    Initiates a flow when a time-based condition is met.

For example, to configure the On New or Updated File source, follow these steps:

  1. In the Mule Palette view, select On New or Updated File.

  2. Drag On New or Updated File to the Studio canvas.

  3. On the On New or Updated File configuration screen, optionally change the value of the Display Name field.

  4. Specify a value for the Path field.

  5. Click the plus sign (+) next to the Connector configuration field to configure a global element that can be used by all instances of On New or Updated File in the app.

  6. On the General tab, specify the connection information for the connector.

  7. Set Host to specify the FTPS server host, for example, localhost or 192.168.0.1.

  8. Click Test Connection to confirm that Mule can connect with the specified server.

  9. Click OK.

  10. On the On New or Updated File configuration screen, specify a Scheduling Strategy value and optionally complete other fields.

Add a Connector Operation to the Flow

When you add a connector operation to your flow, you immediately define a specific operation for that connector to perform.

To add an operation for FTPS Connector, follow these steps:

  1. In the Mule Palette view, select FTPS and then select the desired operation.

  2. Drag the operation onto the Studio canvas and to the right of the source.

FTP Connector Operations in Mule palette

Configure a Global Element for the Connector

When you configure a connector, it’s best to configure a global element that all instances of that connector in the app can use. Configuring a global element requires you to configure the FTP server connection.

To configure the global element for FTPS Connector, follow these steps:

  1. Select the name of the connector in the Studio canvas.

  2. Select the operation in the Studio canvas.

  3. In the configuration screen for the operation, click the plus sign (+) next to the Connector configuration field to access the global element configuration fields.

  4. On the General tab, specify the connection information for the connector:

  5. Set the Working Directory as the root of every relative path used with this connector.
    If it’s not provided, the value defaults to the remote server.

  6. Set Host to specify the FTPS server host, for example, localhost or 0.0.0.0.

  7. Set Username and Password.

  8. Configure Bouncy Castle libraries in the Required Libraries field.

  9. On the Advanced tab, optionally specify a timeout configuration and reconnection strategy.

  10. On the TLS tab, specify TLS configuration.

  11. Click Test Connection to confirm that Mule can connect with the specified server.

  12. Click OK.

FTPS Connector Global Element Configuration

In the Configuration XML editor, the configuration ftps:config looks like this:

<ftps:config name="FTPS_Config">
  <ftps:connection username="anonymous" password="password"
   host="0.0.0.0" port="21" workingDir="${workingDir}">
    <tls:context>
        <tls:trust-store path="path/to/keystore" password="mulepassword" />
    </tls:context>
  </ftps:connection>
</ftps:config>

Configure FTPS Mode for FTPS Connector

In the global element configuration, you can configure the Ftps mode field to either the following options:

  • Ftps explicit mode (Default) The explicit mode connects in an unprotected way to the FTP server. The client can negotiate TLS for either the command or data channel.

  • Ftps implicit mode The implicit mode assumes that a secure connection through an SSL/TLS handshake must take place before any FTP command is sent. This ensures that the entire FTP session is encrypted.

When you configure the Ftps explicit mode (Default), you can also configure the data channel protection level through the PROT Settings field to either one of these options:

  • CLEAR The clear protection level indicates that the data channel carries the raw data of the file transfer, with no security applied. This is the default value.

  • PRIVATE The private protection level indicates that the integrity of the data and confidentiality are protected.

FTPS Connector explicit mode configuration in Studio

In the Configuration XML editor, the ftps=mode, ftps-explicit-mode, and protSetting configurations look like this:

 <ftps:config name="FTPS_Config">
   <ftps:connection username="anonymous" password="password"
    host="0.0.0.0" port="21" workingDir="${workingDir}">
     <tls:context>
         <tls:trust-store path="path/to/keystore" password="mulepassword" />
     </tls:context>
     <ftps:ftps-mode >
         <ftps:ftps-explicit-mode protSetting="PRIVATE" />
     </ftps:ftps-mode>
   </ftps:connection>
 </ftps:config>
FTPS Connector implicit mode configuration in Studio

In the Configuration XML editor, the ftps=mode and ftps-implicit-mode configurations look like this:

<ftps:config name="FTPS_Config">
  <ftps:connection username="anonymous" password="password"
   host="0.0.0.0" port="21" workingDir="${workingDir}">
    <tls:context>
        <tls:trust-store path="path/to/keystore" password="mulepassword" />
    </tls:context>
    <ftps:ftps-mode >
        <ftps:ftps-implicit-mode />
    </ftps:ftps-mode>
  </ftps:connection>
</ftps:config>

Configure TLS with Keystores and Truststores

You can use Transport Layer Security (TLS) and configure FTPS by providing a key store with your certificate. You can also enable 2-way authentication by providing a trust store. For more information about TLS configuration, refer to the configure TLS with Keystores and Truststores documentation.

Configure Java JDK for Session Reuse

To reuse sessions using FTPS, you must disable the Extended Main Secret extension for compatibility (JDK-8192045), which by default is set to true. The extension protects users from vulnerabilities by using the same session on different groups of clients and servers, which contradicts the demand to use the same session for control and data connections. With the Extended Main Secret extension activated, session reuse is possible only by endpoint verification, which is implemented for HTTPS and LDAP only.

To disable the extension when working in Anypoint Studio, follow these steps:

  1. In Studio, click Run > Run Configurations…​.

  2. In the Run Configurations screen, click the (x)=Arguments tab.

  3. In the VM arguments box, add the following argument to the JVM execution:

    -M-Djdk.tls.useExtendedMasterSecret=false

JVM argument to disable Extended Main Secret in Run Configurations window

  1. Click Apply.

  2. Click Run.

To disable the Extended Main Secret extension when working in a standalone Mule environment, add the following argument to the JVM execution:

./bin/mule -Djdk.tls.useExtendedMasterSecret=false

Configure Bouncy Castle Libraries and Security Provider

This connector no longer relies on reflection to reuse the SSL session from the command channel to data channels. Instead, it now supports SSL session resumption between the client and host using externally provided Bouncy Castle libraries. You must add Bouncy Castle libraries to prevent MITM attacks.

To reuse sessions using FTPS Connector, you must configure Bouncy Castle libraries in the Required Libraries field while configuring the global element for the connector. You can choose one of the three available options.

Global element properties window showing the options of how to add Bouncy Castle libraries

You can also add these libraries to the JAVA_VM_FOLDER/jre/lib/ext folder and set up the Bouncy Castle security provider:

  1. Open the AnypointStudio.ini file and identify where Java VM is stored, for example, /Applications/AnypointStudio.app/Contents/Eclipse/plugins/org.mule.tooling.jdk.v8.macosx.x86_64_1.3.3/Contents/Home/jre/lib/ext. The path to Java VM is set up by the -vm command. In the following steps, assume the path where Java VM is stored is JAVA_VM_FOLDER.

  2. Download the bcprov-jdk18on.jar, bctls-jdk18on.jar, bcpkix-jdk18on.jar, and bcutil-jdk18on.jar files from https://www.bouncycastle.org/download/bouncy-castle-java/.

  3. Copy the files to the JAVA_VM_FOLDER/jre/lib/ext folder.

  4. Open the JAVA_VM_FOLDER/jre/lib/security/java.security file.

  5. Set the Bouncy Castle security providers at the beginning of the file, as shown in the following section:

    security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider security.provider.3=sun.security.provider.Sun security.provider.4=sun.security.rsa.SunRsaSign security.provider.5=sun.security.ec.SunEC security.provider.6=com.sun.net.ssl.internal.ssl.Provider security.provider.7=com.sun.crypto.provider.SunJCE security.provider.8=sun.security.jgss.SunProvider security.provider.9=com.sun.security.sasl.Provider security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.11=sun.security.smartcardio.SunPCSC security.provider.12=apple.security.AppleProvider

  1. Click Apply.

  2. Click Run.

View the App Log

To check for problems, you can view the app log as follows:

  • If you’re running the app from Anypoint Platform, the output is visible in the Anypoint Studio console window.

  • If you’re running the app using Mule from the command line, the app log is visible in your OS console.

Unless the log file path is customized in the app’s log file (log4j2.xml), you can also view the app log in the default location MULE_HOME/logs/<app-name>.log.

See Also

Back to top
View on GitHub