May 14, 2013
MuleSoft is pleased to announce the release of Anypoint Enterprise Security 1.2 which introduces new functionality and improvements to our versatile security module (formerly known as Mule Enterprise Security). For this release, we have focused our efforts bug fixes and improvements. We also continue to harden our product, making it more stable and easier to use.
Where appropriate, we have applied a Version 1.2 only marker to identify features or functionality that are available only in the Enterprise runtime.
Install Anypoint Enterprise Security 1.2 to take advantage of the latest and greatest!
-
Delete Client – a message processor which removes clientIDs from the clientStore.
-
Revoke Token – a message processor which revokes access or refresh tokens, invalidating the corresponding pair as well (i.e. if the message processor revokes the access token, it automatically revokes any refresh token associated with it, and vice versa).
-
Use with Mule ESB Standalone and Maven – beyond Mule Studio, Anypoint Enterprise Security is now available for use with Mule Standalone and Maven.
For most use cases, Anypoint Enterprise Security 1.2 does not change the hardware and software system requirements established by Mule Enterprise Security 1.1. Please contact MuleSoft with any questions you may have about system requirements.
This list covers some of the known issues with Anypoint Enterprise Security 1.2. Please read this list before reporting any issues you may have spotted.
SEC-146 |
The grant configuration on the config element and at the client level is not consistent |
SEC-120 |
The default object stores are shared when there is more than one instance of the provider |
SEC-143 |
Simplify AccessTokenStoreHolder |
SEC-156 |
Resource Owner Password Credentials does not support Refresh Token grant type |
SEC-157 |
Cannot refresh an access token after it has expired |
Fixed in this Release
Cannot refresh an access token after it has expired |
|
Resource Owner Password Credentials does not support Refresh Token grant type |
|
When refreshing an access token, whether to provide a new refresh token or not should be configurable |
|
Release 2.0-SNAPSHOT for Service Registry |
|
Tokens do not expire when overriding stores |
|
Signature and Property placeholder module are not being deployed |
|
Revoke token MP should also support revoking a refresh token |
|
Update schema version with new 1.2 release |
|
Exclude log4.xml from jar |
|
Simplify AccessTokenStoreHolder |
|
Make resource owner security provider optional |
|
Simplify the store holders |
|
Make sure all callbacks invoke processEvent instead of process |
|
Avoid license from being in the distribution |
|
Provide a way to revoke a token |
|
Provide a way to remove registered clients |
|
OAuth2 provider module passes seconds to object store TTLs in milliseconds |
|
OAuth2 validate and validateClient lose outbound message properties |
|
Add an option to the Validate MP to throw an exception when the token is invalid |
|
Recompile Enterprise Security components with the latest devKit |
|
Refactor package of mule-module-security-crc32 to be com.mulesoft.security |
|
Bearer headers are not decoded properly |
|
Add a new message processor to obtain the authorized user |
|
Fix CRC32 building block description text |
|
The secure property placeholder is not working on Studio |
At this time, not all of the third party modules you may have been using with previous versions of Mule ESB have been upgraded to work with Mule ESB 3.4.0. Refer to the Third-Party Software In Mule for complete details. Contact MuleSoft if you have a question about a specific module.
-
Refer to MuleSoft’s online Documentation at mulesoft.org for instructions on how to use Anypoint Enterprise Security.
-
Access MuleSoft’s MuleForge forum to pose questions and get help from Mule’s broad community of users.
-
To access MuleSoft’s expert support team, subscribe to Mule ESB Enterprise and log in to MuleSoft’s Customer Portal.