mulesoft · dmerlob · Jul 2, 2025 · Jul 2, 2025 · Jul 2, 2025 · Jul 2, 2025
@@ -144,5 +144,4 @@ See xref:mmp-concept.adoc#configure-plugin-dependencies[Configure Plugin Depende
 
 == See Also
 
-* xref:3.9@mule-runtime::classloader-control-in-mule.adoc[Mule 3 Class-loading]
 * xref:mule-sdk::isolation.adoc[Mule SDK - About Class-loading Isolation]
@@ -33,7 +33,7 @@ You can deploy Mule applications using:
 * xref:api-manager::getting-started-proxy.adoc[The API Manager]
 * xref:runtime-manager::runtime-manager-agent.adoc[The Runtime Manager Agent]
 
-You can create functional tests with xref:2.1@munit::index.adoc[MUnit Unit Testing].
+You can create functional tests with xref:munit::index.adoc[MUnit Unit Testing].
 
 The mule-maven-plugin supports deployments to:
 
@@ -66,4 +66,4 @@ If your target deployable is a web application and not a Mule application, consi
 == See Also
 
 * xref:using-maven-with-mule.adoc[Maven Support in Mule]
-* xref:2.1@munit::index.adoc[MUnit Unit Testing]
+* xref:munit::index.adoc[MUnit Unit Testing]
@@ -141,7 +141,7 @@ Open the relevant file and comment or uncomment items in the lists to manually c
 == Tips and Limitations
 
 * The Bouncy Castle security provider bundled with the Mule Runtime distribution isn't FIPS certified. When Mule starts in FIPS security mode, the Bouncy Castle provider isn't registered or used.
-* Not all encryption schemes and signatures included in xref:cryptography.adoc[Mule Cryptography Module] and xref:secure-configuration-properties.adoc[Mule Secure Properties] configuration options are FIPS compliant. If your application is using an algorithm that isn't approved for FIPS use, you will get an error at runtime that reads:
+* Not all encryption schemes and signatures included in xref:securing.adoc#cryptography-module[Mule Cryptography Module] and xref:secure-configuration-properties.adoc[Mule Secure Properties] configuration options are FIPS compliant. If your application is using an algorithm that isn't approved for FIPS use, you will get an error at runtime that reads:
 ....
 	Could not find encryption algorithm '<algorithm-name>'.
 	You are running in FIPS mode, so please verify that

@@ -5,7 +5,7 @@ endif::[]
 
 In Mule 4, the Anypoint Enterprise Security module was split into different modules:
 
-* xref:cryptography.adoc[Cryptography Module] replaces the Mule 3 Encryption and Signature modules
+* xref:securing.adoc#cryptography-module[Cryptography Module] replaces the Mule 3 Encryption and Signature modules
 * xref:secure-configuration-properties.adoc[Secure Configuration Properties Module] replaces the Mule 3 Secure Property Placeholder
 * xref:connectors::validation/validation-connector.adoc[Validation Module] incorporated functionality from the Mule 3 Filters Module
 * xref:connectors::oauth/oauth2-provider-documentation-reference.adoc[OAuth2 Provider] replaces the Mule 3 OAuth2 Provider

@@ -43,7 +43,7 @@ attachments or exception payloads MEL is recommended.
 The next sections show how to adapt some uses of MEL to Mule 4.
 
 === Accessing Context Variables
-Except for the following changes, xref:3.9@mule-runtime::mel-cheat-sheet.adoc#server-mule-application-and-message-variables[context variables]
+Except for the following changes, context variables
 (also called Mule Runtime variables) remain the same in DataWeave:
 
 [cols="1a,1a", options="header"]
@@ -421,7 +421,6 @@ xref:dataweave.adoc[DataWeave Language]
 
 https://blogs.mulesoft.com/dev/mule-dev/why-dataweave-main-expression-language-mule-4/[Why DataWeave is the Main Expression Language in Mule 4 Beta]
 
-xref:3.9@mule-runtime::mule-expression-language-mel.adoc[Mule Expression Language (MEL)] (3.9)
 
 
 ////

@@ -58,4 +58,4 @@ The following examples compare MUnit tests in 1.x to 2.x.
 
 == See Also
 
-* xref:2.2@munit::munit-test-concept.adoc[MUnit 2 Test structure]
+* xref:munit::munit-test-concept.adoc[MUnit 2 Test structure]
@@ -0,0 +1,73 @@
+= Security
+ifndef::env-site,env-github[]
+include::_attributes.adoc[]
+endif::[]
+:keywords: security, securing
+:page-aliases: mule-security.adoc, configuring-security.adoc
+
+It is critical to ensure that the valuable information that a business stores and makes available through software applications and web services is secure, protected from unauthorized users and malicious attackers. But it is also critical that these protected resources, such as credit card information or Social Security numbers, be immediately accessible to authorized, legitimate users and systems to conduct business transactions. +
+
+To provide secure access to information, applications and services can apply a variety of security measures. Mule runtime engine (Mule) provides several tools and methods that enables you to protect applications:
+
+* Securing application configuration properties
+* Using the Cryptography module
+* Configuring a FIPS 140-2 certified environment
+* Securing flows with Spring security
+* Configuring TLS cryptographic protocol
+* Obtaining access to protected resource using Oath Authorization Grant Types
+* Configuring the Mule Secure Token Service
+
+
+== Secure Configuration Properties
+Encrypting configuration properties for your applications involves creating a secure configuration properties file, defining the secure properties in the file, and configuring the file in your project with the Mule Secure Configuration Properties Extension module. +
+
+See details in xref:secure-configuration-properties.adoc[Secure Configuration Properties]
+
+== Cryptography Module
+Cryptography Module provides cryptography capabilities to a Mule application. Its main features include:
+
+* Symmetric encryption and decryption of messages.
+* Asymmetric encryption and decryption of messages.
+* Message signing and signature validation of signed messages.
+
+The module supports these strategies to encrypt and sign your messages:
+
+* JCE +
+Provides cryptography capabilities of Java Cryptography Extension.
+* PGP +
+Provides signing and encryption using Pretty Good Privacy.
+* XML +
+Provides signing and encryption of XML documents or elements.
+
+For details, refer to xref:cryptography-module::index.adoc[Cryptography Module].
+
+== FIPS 140-2 Compliance Support
+You can configure Mule 4 to run in a FIPS 140-2 certified environment if you meet the following two requirements:
+
+* A certified cryptography module installed in your Java environment
+* Mule settings adjusted to run in FIPS security mode
+
+See details in xref:fips-140-2-compliance-support.adoc[FIPS 140-2 Compliance Support]
+
+== Spring Security
+Spring Security provides authentication and authorization via JAAS, LDAP, CAS (Yale Central Authentication service), and DAO. The following topics help get you started securing your flows using Spring Security:
+
+* xref:setting-up-ldap-provider-for-spring-security.adoc[Configure LDAP Provider for Spring Security] +
+Perform component authorization, or use it as a Mule security provider.
+* xref:component-authorization-using-spring-security.adoc[Component Authorization Using Spring Security] +
+Configure authorization using Spring Security features on your Mule components, so that users with different roles can only invoke certain methods.
+
+== TLS Configuration
+TLS is a cryptographic protocol that provides communications security for your Mule app. Mule 4.x supports Transport Layer Security (TLS) 1.1 and 1.2.
+
+See details in xref:tls-configuration.adoc[TLS Configuration]
+
+== OAuth Authorization Grant Types
+There are four types of authorization grants that an OAuth consumer (a client app) can use to obtain access to a protected resource from an OAuth service provider: Authorization Code, Implicit, Resource Owner Password Credentials, and Client Credentials.
+
+See details in xref:authorization-grant-types.adoc[OAuth Authorization Grant Types]
+
+== Mule Secure Token Service
+Mule supports the OAuth 2.0 protocol. How you configure OAuth 2.0 authorization depends on your OAuth role and objective.
+
+See details in xref:mule-secure-token-service.adoc[Mule Secure Token Service]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -144,5 +144,4 @@ See xref:mmp-concept.adoc#configure-plugin-dependencies[Configure Plugin Depende

		== See Also

		* xref:3.9@mule-runtime::classloader-control-in-mule.adoc[Mule 3 Class-loading]
		* xref:mule-sdk::isolation.adoc[Mule SDK - About Class-loading Isolation]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -58,4 +58,4 @@ The following examples compare MUnit tests in 1.x to 2.x.

		== See Also

		* xref:2.2@munit::munit-test-concept.adoc[MUnit 2 Test structure]
		* xref:munit::munit-test-concept.adoc[MUnit 2 Test structure]