Mule ESB allows you to authenticate requests via endpoints using transport-specific or generic authentication methods. It also allows you to control method-level authorization on your components. The Security Manager is responsible for authenticating requests based on one or more security providers. All security is pluggable via the Mule security API, so you can easily plug in custom implementations.
For information on the elements you can configure for the Security Manager, see Security Manager Configuration Reference. The following sections provide links to information on configuring different types of security managers.
*New Anypoint Enterprise Security Features
In addition to the security features described on this page, Mule offers six new security features:
For more information on these features and instructions for downloading them, see Anypoint Enterprise Security.
Spring Security is the next version of Acegi and provides a number of authentication and authorization providers such as JAAS, LDAP, CAS (Yale Central Authentication service), and DAO. The following topics will help you get started securing your flows using Spring Security:
WS-Security is a standard protocol for applying security to Web services. It contains specifications on how integrity and confidentiality in a SOAP message can be enforced via XML signatures and binary security tokens such as X.509 certificates and Kerberos tickets as well as encryption headers. It ensures end-to-end security by working in the application layer as opposed to the transport layer. Mule provides the following resources for WS-Security: