Web Services Security With Mule

Ashutosh and Mule

Web Services Security With Mule

IntroductionWeb services based integration facilitates the composition of services across heterogeneous software systems whether new or old, between different departments, organisations, platforms, modernising of the old systems, devices, PCs, mobiles, etc. Typical web based security aspects and solutions differs from the service based applications. In the web based applications the system boundaries are known, centralised security management is available, information access is mostly based on the client-server communications, perimeter based security adoption is followed, known users access the systems so the security aspects can be managed in combination of network and web security solutions.Whereas for the service based applications the following security aspects have to be considered:

Need a System of Systems viewAs the service is consumed by heterogeneous systems over the networks, so the system boundaries are not known, also this brings the requirements of standard security approach. There is no prior relationship between consumers and providers, this brings a requirement for establishing trust between businesses /organisations.Centralisation of security management is required to control change management in a better way

Need rich semantics to define tailored, dynamic, fine-grained access policies and a need for standardsEstablish separation of concerns between application and security managementMuleSoft solutions to web services security Enterprise Edition and CloudHubConsidering the above security challenges for service based applications, let us see how MuleSoft provides solutions for these security concerns.

MuleSoft ESB allows different integration scenarios using Web services:Consuming existing Web services and adding security to an existing web service using proxy.Building web services and exposing them to other applications in a secured way using ws-security policy standardsExposing a web service and providing authentication to consumers by way of CXF interceptors added to the service.

The CXF module in Mule supports a variety of web service standards including ws-security. WS-security defines a new SOAP header which is capable of carrying various security tokens that systems use to identify a Web service callers identity and privileges. CXF module in Mule provides different solutions to secure web services which are above the transport level security such as HTTPS. CXF relies on WSS4J in large part to implement WS-Security.Following are some of the security aspects covered under the CXF module of MuleWS Security 1.1WS Policy