Security in Mule

Anypoint Enterprise Security offers developers six tools to ensure that authorized end users have secure access to protected data. Each tool plays a different role in securing a Mule application.

Mule can apply Oauth 2.0 security to a REST Web service provider or consumer. OAuth uses tokens to ensure that a resource owner never has to share credentials, such as a username or password, with a 3rd-party Web service.

For example, Facebook uses OAuth to connect to Gmail to collect a user’s Gmail contacts. When a user initiates the request to connect, Facebook opens a new browser window for the user to enter a Gmail address and password. If authenticated, Gmail provides all the user’s contacts to Facebook, but does not share the user’s Gmail login credentials. OAuth ensures that the 3rd-party Facebook application never has access to the user’s protected Gmail credentials.

Mule can encrypt properties in a properties file. The properties file in Mule stores data as key-value pairs. Mule flows may access this data — usernames, first and last names, credit card information — as the flow processes messages. In the context of Anypoint Enterprise Security, Mule refers to the encrypted properties file as the Mule Credentials Vault. Much more detailed information about using encrypted properties files is available in the Mule Credentials Vault documentation.

Mule can encrypt an entire payload or several fields of data within a message. Where sensitive information must move between users, yet remain hidden from them, a developer can encrypt message content to prevent unauthorized access. Typically, you may need to encrypt data such as a password, credit card number or social security number (SSN).

Mule uses digital signatures to ensure that messages maintain integrity and authenticity. Mule can verify that an incoming Web service request originates from a valid source, and can sign an outgoing Web service response to ensure its contents. Digital signatures ensure that a sender is valid, that a message is not modified in transit between Web services, and that no unauthorized user has tampered with a message.

Mule can filter messages it receives to avoid processing invalid ones. With a filter processor in place, Mule discards any message it receives that does not match the filter’s parameters — a message from outside a set range of IP addresses, for example.

Mule can apply a cyclic redundancy check (CRC) to messages to ensure message integrity. CRC uses an algorithm to apply a check value to a message when it enters a system, and verifies the value when the message leaves the system. If the entry and exit values do not match, CRC marks the message as changed. Generally, CRC32 (32 indicates the 33-bit polynomial length in the algorithm) detects unintentional changes to messages, such as the accumulation of “noise” between transmission points, but it can also detect unauthorized intentional changes – for instance, flagging a message that has been tampered with during transmission to change it into a Trojan horse.