MULE –Anypoint Enterprise Security

2

Overview

Anypoint Enterprise Security is a collection of security features that enforce

secure access to information in Mule applications.

This suite of security features provides various methods for applying

security to Mule Service-Oriented Architecture (SOA) implementations and

Web services. The following security features bridge gaps between trust

boundaries in applications:

3

Mule Secure Token Service (STS) OAuth 2.0a Provider

Mule Credentials Vault

Mule Message Encryption Processor

Mule Digital Signature Processor

Mule Filter Processor

Mule CRC32 Processor

Install the Anypoint Enterprise Security update on your instance of Anypoint Studio Enterprise Edition 3.3.2 or later

4

Why Do Applications Need Security?

Businesses must ensure that the valuable information they store and make available through software applications and Web services is secure. Locked away and protected from unauthorized users and malicious attackers, protected resources — such as credit card information or Social Security numbers — must still be accessible to authorized legitimate users and systems in order to conduct business transactions.

5

To provide secure access to information, applications and services can apply a variety of security measures. The suite of security features in Anypoint Enterprise Security enables developers to protect applications according to security requirements, prevent security breaches and facilitate authorized access to data.

6

Advantages of Anypoint Enterprise Security

Anypoint Enterprise Security adds new features on top of of Mule ESB Enterprise’s existing security capabilities. Mule ESB already provides the following security features:

Mule Security Manager, client authentication and authorization on inbound requests as well as credential mapping for outbound calls

LDAP and third party identity management system integration

Validation of inbound requests through the SAML 2.0 federated identity standard

Secure FTP (SFTP) Transport that enables Mule flows to read and write to remote directories over the SSH protocol.

7

In most cases the above features were accessible only to expert Mule developers who are very familiar with the Spring Security framework. Anypoint Enterprise Security expands the types of security available to apply to Mule applications and, through its accessibility in Studio, makes security features accessible to a broader range of skilled developers.

Compiled to form an easily-accessible, user-friendly collection, Anypoint Enterprise Security offers developers a clear, structured method for adding security to Mule ESB applications. Developers can easily drag-and-drop one or more security features into Mule flows in Studio, Mule ESB’s graphical user interface (GUI), and can find configuration support in Mule documentation.

8

Anypoint Enterprise Security offers developers six tools to ensure that authorized end users have secure access to protected data. Each tool plays a different role in securing a Mule application.