About Me

About Me
Working with SOA technologies , implementing solution using IBM BPM , IBM Integration Designer,IBM WODM and IBM DataPower

About me

View Mahesh Dondeti's profile on LinkedIn

upcoming posts on IBM Bluemix,Devops,Worklight,Node js.

Friday, 11 October 2013

Using ”dp:accept “and “dp:reject” functions in Dynamic backend XML Firewall Service.

I would like to share scenario (below) on dp extension functions and usage of dynamic back end firewall type.  
Scenario :-(Username based routing)
This scenario aims to route the flow based upon the user ,if the user is valid then flow has to continue and need to call  particular service  based on username ,for Invalid users  flow has to reject need to send message as response
Note :-Both request and response in XML format.
For example:-
If the request has username as ‘Mahesh’ (valid user) it  has to call ‘Service1’ ,’Rajesh’(valid user) then service2…….. ,’seetha’ then flow has to reject If user does not exist then need to reject the flow ,send response as  valid users“<UserStatus>Hello mahesh</UserStatus>       “.
Invalid users “<errorMsg>The person is unauthorized User</errorMsg>”.

What is and XmlFirewall?

The XML Firewall is designed to process generic XML requests and responses transmitted over HTTP or HTTPS. The XML Firewall uses a single protocol and contains one processing policy with a set of request, response, two-way, and error rules. Its configuration defines the listening IP address-port pair as well as general Threat protection.

Different types of Firewall services:-

Dynamic Backend

Indicates support for multiple backend servers. Server addresses and port numbers are extracted from incoming client requests.

Loopback Proxy

Indicates an XML Firewall that performs internal processing of client requests without a backend server. Without a backend server, the appliance does not need to provide client credentials (an SSL Proxy Profile).

Static Backend

Indicates support for a single backend server.

dp:accept usage: 

Allows or rejects further message processing. You can invoke multiple dp:accept, dp:reject, and dp:xreject elements. The last processed element determines the disposition of the message.

dp:reject usage:- 

Denies access through the DataPower service. The appliance sends the denial message to the client in a SOAP fault message. Also stops document processing and optionally invokes the error rule for custom error handling.
dp:xreject is an extended version of the dp:reject element. dp:xreject uses an XPath expression to construct the rejection text that the appliance sends back to the client in a SOAP fault message.

Note:- So as per our scenario we need to use  dynamic back end because based upon the user name has to select the particular service .and using dp:accept and dp:reject functions to stop/continue the flow.



Request Rule:-





In request rule I used the “usercheck.xsl” in transform activity for calling dynamic  backend services as shown in below figure.


usercheck.xsl:-
 <?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dp="http://www.datapower.com/extensions" xmlns:dpconfig="http://www.datapower.com/param/config" extension-element-prefixes="dp" exclude-result-prefixes="dp dpconfig">
    <xsl:output method="xml"/>
  <xsl:template match="/Test">
  <xsl:variable name="user" select="/Test/user"/>
  <xsl:choose>
  <xsl:when test="$user='mahesh'">
  <newuser><xsl:value-of select="$user"/></newuser>
  <dp:set-variable name="'var://service/routing-url'" value="'http://00.000.000'"/>
  <dp:accept>
  </dp:accept>
  </xsl:when>
  <xsl:when test="$user='rajesh'">
  <newuser><xsl:value-of select="$user"/></newuser>
  <dp:set-variable name="'var://service/routing-url'" value="'http://00.000.000'"/>
  <dp:accept>
  </dp:accept>
  </xsl:when>
  <xsl:when test="$user='kalyan'">
  <newuser><xsl:value-of select="$user"/></newuser>
  <dp:set-variable name="'var://service/routing-url'" value="'http://00.000.000'"/>
  <dp:accept>
  </dp:accept>
  </xsl:when>
  <xsl:otherwise>
  <dp:reject>
  <errorMsg>The person is unauthorized User</errorMsg>
</dp:reject>
</xsl:otherwise>
  </xsl:choose>
  </xsl:template>
</xsl:stylesheet>



Response Rule:-


Here no transformation is there so used simple match activity with *





Error rule:-

Error rule is used to handle the exception in policy here I used error code “0x0*” which will represents generic error code(means all errorcodes because each errorcode in starts with 0x0) .As shown below.



Testing Service:-


As mentioned in xsl(usercheck.xsl) valid users are Mahesh,rajesh,kalian if we enter any of them as input then it will call dp:accept function so flow go with further steps Otherwise flow  dp:reject function invoke gives response as “<errorMsg>The person is unauthorized User</errorMsg>” as  shown in below figures.




Case1:-



Case2:-

  




I hope this post helps you. So far this is my best effort to explain. Please correct me if I do anything wrong.

Please share you valuable suggestions and feedback to my mail id"mdondetisbit@gmail.com" to improve myself.


Please post any issues/query’s related to BPM,WODM and DATAPOWER  to "mdondetisbit@gmail.com"