Mule Encryption

Introduction

“Do not reinvent the wheel.” , that’s the principle Mule applies when it comes to Mule Message Security. Anypoint Enterprise Security is a suite that comes bundled with all the necessary modules/methods for applying security to Mule Service Oriented Architecture (SOA) implementations and Web services.

Objectives

My main concern regarding the security was Mule Message Encryption. Mule provides three extraordinary Encryption Strategies

  • JCE Encrypter: encrypts stream, byte[] or string.
  • XML Encrypter: encrypts string, encrypts individual fields using xpath expressions.
  • PGP Encrypter: encrypts stream, byte[] or string.

In this blog post I will try to explain how to configure Anypoint Studio for applying encryption strategies to mule messages using the JCE Encrypter.

Getting your hands dirty

Let’s get our hands dirty. I will try to explain everything starting from the installation of Anypoint Enterprise Security. Also I would like to point out the troubleshooting during the installation process.

Installation of Anypoint Enterprise Security

I am using Mule 3.8 EE for this experiment. Please do take a look at this link for the installation guide in detail. Here is a screenshot,

screen-shot-2016-12-09-at-4-38-55-pm

Please select the Premium bundle and proceed. In my case I could not install the software initially. If the same problem continues in your case please uncheck the “Contact all update sites during install to find required software” checkbox.

After successful installation restart your Anypoint studio. You should see the following components  under the security group palettes.

security_pallete
Security components

Now you are ready to go !

Create a Mule maven project

Let’s create a simple Mule Maven project using Anypoint Studio. The most important point is to add the following repository in the pom.xml file.

<repository>
   <id>mulesoft-public</id>
   <name>MuleSoft Public Repository</name>
   <url>https://repository.mulesoft.org/nexus/content/repositories/public/</url>
   <layout>default</layout>
</repository>

Creating a simple flow

Let’s create a simple flow. The scenario is as follows. We send some JSON data to an HTTP endpoint. Then the JSON data is encrypted using JCE Encryption Strategy and we log the encrypted data. After that we simply decrypt the encrypted data and log it. Here is diagram of the flow.

flow-diaram
Simple Flow Diagram

Digging into JCE Encryption

“The Java Cryptography Extension (JCE) is an officially released Standard Extension to the Java Platform and part of Java Cryptography Architecture. JCEprovides a framework and implementation for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms.”

Step 1

First let’s configure a global Encryption element.

encryption_global_elm
Encryption Global Element Configuration

Do mind it to select the Default Encryptor dropdown as JCE_ENCRYPTER.  I have named the global element as JCE.

Step 2

Now after configuring the global Encryption element in step 1 let’s configure the Encryption component (labeled as JCE Encryption in the flow. This is a Encryption palette found under the Security category of Mule palettes). Here is the screen shot,

configure_encryption_in_flow
Configure Encryption component in the flow.

In the Connector Configuration please select the global encryption element(JCE) that we have defined in step 1. In the Operation dropdown select Encrypt. In the Input Reference field I am putting the whole payload (JSON data) for encryption. Do remember that you can use MEL expression here to encrypt some part of the payload too. As we are using JCE_ENCRYPTER in this example, let us configure it. Select the Define attributes radio button in the JCE encrypter Strategy Configuration for operation category.

Key:  It must be a 16 digit phrase.

Key Password:  (whatever you wish)

Algorithm:  Choose an algorithm from the dropdown list.

Encryption Mode: Choose from the dropdown list.

That’s it. You are ready to go. There is another way to make it more secure  using Keystore. I will show you later in another post.

Step 3

In the step 2 we have encrypted the message. Now let’s decrypt the encrypted message. Here we are going to configure the component labelled as Decrypt payload. (It’s nothing but a Encryption  palette found under the Security category of Mule palettes. Here is the configuration,

Configuration for Decryption.

The configuration is almost same as for encryption. The only difference is the

Operation: Decrypt

Testing

Now let us run the project. After running the project, send a POST request with JSON payload. I am using Postman for this operation. On observing in the Anypoint console you can see the encrypted message as well as decrypted message.

postman
Testing with Postman.

Please find the source code here.

N.B: Use mvn eclipse:eclipse to import the maven dependencies.

Advertisements

2 thoughts on “Mule Encryption

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s