MuleSoft Technical Guides

Basic Authentication in Mule 4

User MuleSoft Integration Team
Calendar February 18, 2021

Basic Authentication is an authentication system built into the HTTP protocol. The request is sent with an Authorization header whose value is a Base64 encoded string of username and password combination.

It is a primary authentication mechanism. If the Authentication fails, the server responds with a 401 (Unauthorized) status code.

Process for Applying Basic Authentication in Mule 4 

    1. Create a new project and add the Spring module.
    2. Add beans.xml under src/main/resources.

<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN" />
<ss:user name="user" password="{noop}user" authorities="ROLE_USER" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>

Note: For Spring 5.x, all passwords need to be prefixed with {noop}
1. Add Spring Config and Spring Security manager global elements.

In Spring Config config refer to the beans.xml.

In Spring Security manager, provide the Name and Delegate reference as below:

  1. Create a new flow with HTTP listener to trigger the flow.
  2. Add Basic Security Filter just after the listener to validate the request, specify realm as mule.
  3. By this point, all incoming requests will be validated for the username-password combination but not the role. For this, add Authorization Filter from the Spring module.
  4. In the Required authorities textbox, write ROLE_ADMIN.
  5. By this point, the flow should look like below:

Deploy the app and hit the application from the postman or any REST client. Set Authorization to Basic Auth and provide username and password as required.

Since the required authority is ROLE_ADMIN, only requests with the admin’s credentials will be passed further. Requests with user credentials, though correct, will fail at Spring Authorization filter with MULE: NOT_PERMITTED error.

Change username/password to incorrect combination and requests will fail with HTTP: BASIC_AUTHENTICATION error.

Here’s all about basic authentication in Mule 4.

Recent Blogs

NetSuite Integration using MuleSoft
NetSuite Integration using MuleSoft

NetSuite is a cloud-based enterprise resource planning (ERP) software suite that...…

Learn how MuleSoft & Salesforce helps businesses create incredible digital experiences. Speak with one of our consultants today

Let's Work Together

Leave a comment

Your email address will not be published. Required fields are marked *