如何在Mule CE上实现Oauth2双腿令牌安全性?

时间:2013-04-23 08:47:43

标签: oauth-2.0 mule

我正在使用Mule CE,需要使用Oauth2实现基于令牌的安全性(最好)。我已经配置了授权服务器,我确实看到了日志文件中的默认映射,但是当我在“/ oauth / token”上发送消息时没有任何反应。

当在Tomcat上作为独立的Spring Web服务应用程序部署时,类似的OAuth2配置可以与Spring / Tomcat一起使用。

这是我的Mule配置:

<mule xmlns:mulexml="http://www.mulesoft.org/schema/mule/xml"
    xmlns:https="http://www.mulesoft.org/schema/mule/https" xmlns:jersey="http://www.mulesoft.org/schema/mule/jersey"
    xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns="http://www.mulesoft.org/schema/mule/core"
    xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:vm="http://www.mulesource.org/schema/mule/vm/2.0"
    xmlns:spring="http://www.springframework.org/schema/beans" version="CE-3.3.1"
    xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:ss="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
    xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd 
http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd 
http://www.mulesoft.org/schema/mule/xml 
http://www.mulesoft.org/schema/mule/xml/3.3/mule-xml.xsd
http://www.mulesoft.org/schema/mule/http 
http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd 
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-current.xsd 
http://www.mulesoft.org/schema/mule/core 
http://www.mulesoft.org/schema/mule/core/current/mule.xsd 
http://www.mulesoft.org/schema/mule/https 
http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd
http://www.mulesoft.org/schema/mule/jersey 
http://www.mulesoft.org/schema/mule/jersey/current/mule-jersey.xsd 
http://www.mulesoft.org/schema/mule/spring-security 
http://www.mulesoft.org/schema/mule/spring-security/3.3/mule-spring-security.xsd
http://www.springframework.org/schema/security/oauth2 
http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.mulesoft.org/schema/mule/pattern 
http://www.mulesoft.org/schema/mule/pattern/3.3/mule-pattern.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/util 
http://www.springframework.org/schema/util/spring-util.xsd ">




    <mule-ss:security-manager>
        <mule-ss:delegate-security-provider
            name="memory-provider" delegate-ref="authenticationManager" />
    </mule-ss:security-manager>
    <spring:beans>
        <ss:authentication-manager alias="authenticationManager">
            <ss:authentication-provider ref="myAuthenticationProvider" />
        </ss:authentication-manager>
        <oauth:client-details-service id="clientDetailsService">
            <oauth:client client-id="admin"
                authorized-grant-types="password,authorization_code,refresh_token,implicit,client_credentials"
                authorities="ROLE_USER, ROLE_TRUSTED_CLIENT" scope="read,write,trust"
                access-token-validity="60" />
        </oauth:client-details-service>
        <oauth:authorization-server
            client-details-service-ref="clientDetailsService" token-services-ref="tokenServices">
            <oauth:authorization-code />
            <oauth:implicit />
            <oauth:refresh-token />
            <oauth:client-credentials />
            <oauth:password />
        </oauth:authorization-server>
    </spring:beans>

    <spring:beans>

        <mvc:annotation-driven />
        <spring:bean id="myAuthenticationProvider"
            class="com.sachin.tech.security.MyUserAuthenticationProvider" />

        <spring:bean id="oauthAuthenticationEntryPoint"
            class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
            <spring:property name="realmName" value="myCustomerAppRealm" />
        </spring:bean>

        <spring:bean id="oauth2AccessDeniedHandler"
            class="org.springframework.security.web.access.AccessDeniedHandlerImpl" />

        <spring:bean id="clientCredentialsTokenEndpointFilter"
            class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
            <spring:property name="authenticationManager" ref="authenticationManager" />
        </spring:bean>

        <spring:bean id="tokenStore"
            class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />

        <spring:bean id="tokenServices"
            class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
            <spring:property name="tokenStore" ref="tokenStore" />
            <spring:property name="supportRefreshToken" value="true" />
            <spring:property name="accessTokenValiditySeconds"
                value="60" />
        </spring:bean>

    </spring:beans>

    <flow name="wsauthentication_2" doc:name="wsauthentication_2">
        <http:inbound-endpoint exchange-pattern="request-response"
            host="localhost" port="8098" doc:name="MyHTTPInbound2_2"
            doc:description="wsauthentication_2 Desc">
        </http:inbound-endpoint>
        <echo-component doc:name="Echo" />
    </flow>

</mule>

日志中的映射似乎很好:

13:48:01,789 DEBUG FrameworkEndpointHandlerMapping:125 - Looking for request mappings in application context: org.mule.config.spring.MuleApplicationContext@7fe3a7ec: startup date [Tue Apr 23 13:47:56 IST 2013]; root of context hierarchy
13:48:01,836  INFO FrameworkEndpointHandlerMapping:197 - Mapped "{[/oauth/error],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint.handleError(javax.servlet.http.HttpServletRequest)
13:48:01,836  INFO FrameworkEndpointHandlerMapping:197 - Mapped "{[/oauth/confirm_access],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint.getAccessConfirmation(java.util.Map<java.lang.String, java.lang.Object>) throws java.lang.Exception
13:48:01,851  INFO FrameworkEndpointHandlerMapping:197 - Mapped "{[/oauth/authorize],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)
13:48:01,851  INFO FrameworkEndpointHandlerMapping:197 - Mapped "{[/oauth/authorize],methods=[POST],params=[user_oauth_approval],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.View org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.approveOrDeny(java.util.Map<java.lang.String, java.lang.String>,java.util.Map<java.lang.String, ?>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)
13:48:01,851  INFO FrameworkEndpointHandlerMapping:197 - Mapped "{[/oauth/token],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(java.security.Principal,java.lang.String,java.util.Map<java.lang.String, java.lang.String>)

请帮忙。

1 个答案:

答案 0 :(得分:0)

我不认为Sprint OAuth实际上可以在Java Web容器的外部工作。

对于Mule EE,您可以使用OAuth2 provider from the Enterprise Security package

对于Mule CE,您可以尝试运行嵌入式Jetty容器并在其后面使用Mule的Servlet端点。这应该提供一个Spring OAuth可以工作的环境。有关灵感,请参阅随Mule发行版提供的书店示例。