Give your old school API some love

motif

If you’re an assiduous reader of this blog, then you probably already heard about our vision around APIs, our Anypoint API Manager solution and all our RAML based stories. Those are our recommended way of approaching REST APIs and if you haven’t already, we all highly recommend you to take a look at them. However, we’re about connecting everything, everywhere. Thus we recognize that there are a lot of APIs out there built in plain old Java code and a migration process is not something you can do overnight.

Cross domain REST calls using CORS

motif

To fight XSS attacks, the web browser imposes the same origin policy for HTTP requests made by JavaScript code:

But there are a lot of use cases where this kind of cross domain HTTP request is desired, so developers came up with some workarounds:

  • Server side proxy: the idea is to avoid cross domain requests in the browser by doing them on the server:To do that in Mule you can use the HTTP proxy pattern as explained in this post.

Securing REST Web Services against LDAP

motif

Many Mule users create RESTful services but they are not always clear on the way to authenticate and apply authorization to a RESTful Web Service. I have seen questions about this topic so I decided to write a tutorial that covers a common use case. We’re going to use Jersey, Spring Security and LDAP and of course Mule to pull  it all together.  I will show you how to do the following:

  1. Expose REST resource using Jersey
  2. Secure the REST resource using HTTP Basic Authentication
  3. Authenticate and authorize users against an LDAP Directory
  4. Apply authorisation based on users groups to this REST resource