1. 技术文章
  2. Use groovy expression for limited IP in mule

Use groovy expression for limited IP in mule

爷,独闯天下 提交于 2019-12-30 07:49:27

问题


I created a proxy service with cxf in mule. My version of mule is 3.3.0 CE. Now, I want to put a restriction in my wsdl that created with proxy service. My restriction shouldn't allow to per IP that they see my wsdl. for this, I find Groovy expression and bellow code:

<expression-filter
        expression="#[groovy:'${allowed}'.contains(message.getInboundProperty('MULE_REMOTE_CLIENT_ADDRESS').substring(message.getInboundProperty('MULE_REMOTE_CLIENT_ADDRESS').indexOf('/')+1, message.getInboundProperty('MULE_REMOTE_CLIENT_ADDRESS').indexOf(':')))]"
        doc:name="Expression" />

I don't know Is good code Or no? and I don't know where do I should define my valid Ip?


回答1:


That approach is valid. Only suggest I would do is to extract the IP parsing to a global function for reusability and better readability:

<configuration>
    <expression-language>
        <global-functions>
            def parseIp(fullIp) {
                return fullIp.substring(fullIp.indexOf('/') + 1, fullIp.indexOf(':'))
            }
        </global-functions>
    </expression-language>
</configuration>

Then you can use it as follows:

<expression-filter expression="#['${allowed}'.contains(parseIp(message.inboundProperties['MULE_REMOTE_CLIENT_ADDRESS']))]"
        doc:name="Expression" />



回答2:


Restricting service based on IP address doesn't look a scalable approach.

What if you've more clients coming in or may be even for 1 client, request can be sent from different environments (prod, test, dev), then you'll have different IPs.

Client can also change their machine and IP won't remain same. You don't want to design a system in which changes on client end affects you and your solution should be scalable enough to accommodate more clients.

One solution is to look for Securing your web service. This blog post talks about it. http://blogs.mulesoft.org/securing-soap-web-services-using-ws-security/

Googling web service security with Mule will give your more results.




回答3:


For Mule EE users, MuleSoft now offers an Enterprise Security module that includes an IP filter.



来源:https://stackoverflow.com/questions/14599111/use-groovy-expression-for-limited-ip-in-mule

标签
groovy
filter
mule
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!