org.mule.api.security.UnauthorisedException

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • new wersion of mule runtime has a bug in http connector. When http connector receive request http attributes are: Headers[http.version, accept-encoding, connection, http.remote.address, http.uri.params, content-type, soapaction, http.listener.path, authorization, http.request.uri, content-length, http.method, http.query.params, host, user-agent, http.scheme, http.request.path, http.query.string] -- The main problem of basic auth is that, mule passed attribute authorization instead of Authorization, and if you configure <http:basic-security-filter realm="mule-realm"/> and then is thrown exception: org.mule.api.security.UnauthorisedException: Registered authentication is set to org.mule.transport.http.filters.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint none. Message payload is of type: NullPayload at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:156) at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:54) at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:52) + 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything) Below fragment of HttpBasicAuthenticationFilter class: else if (header == null) { setUnauthenticated(event); throw new UnauthorisedException(event, event.getSession().getSecurityContext(), this); } where header is fetch as: String header = event.getMessage().getInboundProperty(HttpConstants.HEADER_AUTHORIZATION); cause HttpConstants.HEADER_AUTHORIZATION value is "Authorization".
    via by Sylwester Zieliński,
  • new wersion of mule runtime has a bug in http connector. When http connector receive request http attributes are: Headers[http.version, accept-encoding, connection, http.remote.address, http.uri.params, content-type, soapaction, http.listener.path, authorization, http.request.uri, content-length, http.method, http.query.params, host, user-agent, http.scheme, http.request.path, http.query.string] -- The main problem of basic auth is that, mule passed attribute authorization instead of Authorization, and if you configure <http:basic-security-filter realm="mule-realm"/> and then is thrown exception: org.mule.api.security.UnauthorisedException: Registered authentication is set to org.mule.transport.http.filters.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint none. Message payload is of type: NullPayload at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:156) at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:54) at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:52) + 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything) Below fragment of HttpBasicAuthenticationFilter class: else if (header == null) { setUnauthenticated(event); throw new UnauthorisedException(event, event.getSession().getSecurityContext(), this); } where header is fetch as: String header = event.getMessage().getInboundProperty(HttpConstants.HEADER_AUTHORIZATION); cause HttpConstants.HEADER_AUTHORIZATION value is "Authorization".
    via by Sylwester Zieliński,
    • org.mule.api.security.UnauthorisedException: Registered authentication is set to org.mule.transport.http.filters.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint none. Message payload is of type: NullPayload at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:156) at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:54) at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:52)

    Users with the same issue

    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,