Configuring Security
Mule Runtime allows you to authenticate requests via connectors using transport-specific or generic authentication methods. It also allows you to control method-level authorization on your components. The Security Manager is responsible for authenticating requests based on one or more security providers.
For information on the elements you can configure for the Security Manager, see Security Manager Configuration Reference. The following sections provide links to information on configuring different types of security managers.
New Anypoint Enterprise Security Features In addition to the security features described on this page, Mule offers six new security features:
For more information on these features and instructions for downloading them, see Anypoint Enterprise Security. |
Spring Security 3.0
Spring Security is the next version of Acegi and provides a number of authentication and authorization providers such as JAAS, LDAP, CAS (Yale Central Authentication service), and DAO. The following topics help get you started securing your flows using Spring Security:
WS-Security and SAML
WS-Security is a standard protocol for applying security to Web services. It contains specifications on how integrity and confidentiality in a SOAP message can be enforced via XML signatures and binary security tokens such as X.509 certificates and Kerberos tickets as well as encryption headers. It ensures end-to-end security by working in the application layer as opposed to the transport layer. Mule provides the following resources for WS-Security:
-
Enabling WS-Security - Describes how to secure your CXF connectors with WS-Security.
-
SAML Module - Mule now supports the SAML standard for exchange of security information between systems. This module is available in the enterprise edition of Mule as of version 2.2.3.
Other Security Integration
Mule also supports the following security technologies:
-
Encryption Strategies - Secure your messages by encrypting them.
-
PGP Security - Secure your messages by encrypting them with PGP.