UltraESB - Open Source ESB - best in Performance

HTTP Basic and Digest Authentication with the UltraESB

Samples

This example shows how HTTP Basic and Digest authentication could be enabled on a transport for authentication, and the user information retrieved during message mediation.

 

This example shows the use of HTTP Basic and Digest authentication with the UltraESB. The sample configuration is ultra-sample-103.xml and the HTTP listener is configured as follows

    <bean id="http-8280" class="org.adroitlogic.ultraesb.transport.http.HttpNIOListener">
        <constructor-arg ref="fileCache"/>
        <property name="port" value="8280"/>
        <property name="requestFilters">
            <list>
                <!--<bean class="org.adroitlogic.ultraesb.transport.http.auth.BasicAuthenticationFilter">
                    <property name="realmName" value="adroitlogic"/>
                </bean>-->
                <bean class="org.adroitlogic.ultraesb.transport.http.auth.DigestProcessingFilter">
                    <property name="realmName" value="adroitlogic"/>
                </bean>
            </list>
        </property>
    </bean>

The Basic or Digest authentication is enforced as a request filter to the transport listener. In the above example, the Digest authentication is configured, and the example shows the configuration for use with Basic authentication within the commented fragment. The credentials for authentication is picked up via the standard Spring security configuration fragment shown below

    <!-- Usernames/Password is asankha/adroitlogic -->
    <s:authentication-provider>
        <!--<s:password-encoder hash="md5"/>
        <s:user-service>
            <s:user name="asankha" password="abac6d7582d9ab52c629f7490fd3eb2f" authorities="ROLE_ADMIN, ROLE_USER"/>
	    </s:user-service>-->
        <s:user-service>
            <s:user name="asankha" password="adroitlogic" authorities="ROLE_USER, ROLE_MANAGER"/>
        </s:user-service>
    </s:authentication-provider>

Note that if using Digest authentication, the authentication provider must store the password for the user, whereas for Basic authentication, just the hash could be stored. However, any passwords that must be stored in the UltraESB configuration file could separately be encrypted using Jasypt. See the article Securing the UltraESB configuration for more details.

The proxy service used in the example is a simple mock service that echoes the requesting users name and roles - on successful authentication, among other information.

    <u:proxy id="rest-mock">
        <u:transport id="http-8280"/>
        <u:target>
            <u:inSequence>
                <u:java><![CDATA[
                    System.out.println("User is : " + msg.getMessageProperty("ultra.http.username"));
                    System.out.println("Roles are : " + msg.getMessageProperty("ultra.http.userroles"));
                    mediation.setPayloadFromString(msg,
                        "<response>" +
                        "<user>" + msg.getMessageProperty("ultra.http.username") + "</user>" +
                        "<roles>" + msg.getMessageProperty("ultra.http.userroles") + "</roles>" +
                        "<method>" + msg.getMessageProperty("HTTP_METHOD") + "</method>" +
                        "<uri>" + msg.getDestinationURL() + "</uri>" +
                        "<query>" + msg.getMessageProperty("QUERY_STRING") + "</query>" +
                        "</response>");
                    mediation.sendResponse(msg, 200);
                ]]></u:java>
            </u:inSequence>
        </u:target>
    </u:proxy>

Now, start the sample configuration 103 of the UltraESB through the ToolBox, or the command line as follows

asankha@asankha:~/java/ultraesb-1.0-beta-1/bin$ ./ultraesb.sh -sample 103

Issuing a request to the URL http://localhost:8280/service/rest-mock?a=1&b=2 from the ToolBox HTTP/S client using Digest authentication or via the web browser, will now return the following response after authentication:

<response><user>asankha</user><roles>[ROLE_MANAGER, ROLE_USER]</roles><method>GET</method><uri>/service/rest-mock?a=1&b=2</uri><query>?a=1&b=2</query></response>

You can easily switch the authentication to Basic authentication by commenting out the Digest authentication specific lines, and uncommenting the Basic authentication specific lines to experiment further.