I would like to share scenario (below) on dp extension functions
and usage of dynamic back end firewall type.
Case2:-
Please post any issues/query’s related to BPM,WODM and DATAPOWER to "mdondetisbit@gmail.com"
Scenario :-(Username based routing)
This scenario aims to route the flow based upon the user ,if the
user is valid then flow has to continue and need to call particular service based on username ,for Invalid users flow has to reject need to send message as response
Note :-Both request and response in XML format.
For example:-
If the request has username as ‘Mahesh’ (valid user) it has to call ‘Service1’ ,’Rajesh’(valid user)
then service2…….. ,’seetha’ then flow has to reject If user does not exist then
need to reject the flow ,send response as valid users“<UserStatus>Hello mahesh</UserStatus> “.
Invalid users “<errorMsg>The person is unauthorized
User</errorMsg>”.
What
is and XmlFirewall?
The XML Firewall is designed to
process generic XML requests and responses transmitted over HTTP or HTTPS. The
XML Firewall uses a single protocol and contains one processing policy with a
set of request, response, two-way, and error rules. Its configuration defines
the listening IP address-port pair as well as general Threat protection.
Different types of Firewall services:-
Dynamic Backend
Indicates support for multiple backend
servers. Server addresses and port numbers are extracted from incoming client
requests.
Loopback Proxy
Indicates an XML Firewall that
performs internal processing of client requests without a backend server.
Without a backend server, the appliance does not need to provide client
credentials (an SSL Proxy Profile).
Static Backend
Indicates support for a single backend server.
dp:accept usage:
Allows or rejects further message
processing. You can invoke multiple dp:accept, dp:reject, and dp:xreject elements.
The last processed element determines the disposition of the message.
dp:reject
usage:-
Denies access through the DataPower service. The appliance sends
the denial message to the client in a SOAP fault message. Also stops document
processing and optionally invokes the error rule for custom error handling.
dp:xreject
is an extended version of the dp:reject element. dp:xreject uses an
XPath expression to construct the rejection text that the appliance sends back
to the client in a SOAP fault message.
Note:- So as per our scenario we need to
use dynamic back end because based upon
the user name has to select the particular service .and using dp:accept and
dp:reject functions to stop/continue the flow.
Request
Rule:-
In request rule I used the “usercheck.xsl” in
transform activity for calling dynamic
backend services as shown in below figure.
usercheck.xsl:-
<?xml version="1.0"
encoding="UTF-8"?>
<xsl:stylesheet
version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:dp="http://www.datapower.com/extensions"
xmlns:dpconfig="http://www.datapower.com/param/config"
extension-element-prefixes="dp" exclude-result-prefixes="dp
dpconfig">
<xsl:output method="xml"/>
<xsl:template match="/Test">
<xsl:variable name="user"
select="/Test/user"/>
<xsl:choose>
<xsl:when
test="$user='mahesh'">
<newuser><xsl:value-of
select="$user"/></newuser>
<dp:set-variable
name="'var://service/routing-url'"
value="'http://00.000.000'"/>
<dp:accept>
</dp:accept>
</xsl:when>
<xsl:when
test="$user='rajesh'">
<newuser><xsl:value-of
select="$user"/></newuser>
<dp:set-variable
name="'var://service/routing-url'"
value="'http://00.000.000'"/>
<dp:accept>
</dp:accept>
</xsl:when>
<xsl:when
test="$user='kalyan'">
<newuser><xsl:value-of
select="$user"/></newuser>
<dp:set-variable
name="'var://service/routing-url'"
value="'http://00.000.000'"/>
<dp:accept>
</dp:accept>
</xsl:when>
<xsl:otherwise>
<dp:reject>
<errorMsg>The person is unauthorized
User</errorMsg>
</dp:reject>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>
Response Rule:-
Here no transformation is there so used simple match activity with
*
Error rule:-
Error rule is used to handle the exception in policy here I used error
code “0x0*” which will represents generic error code(means all errorcodes
because each errorcode in starts with 0x0) .As shown below.
Testing Service:-
As mentioned in xsl(usercheck.xsl) valid users are Mahesh,rajesh,kalian
if we enter any of them as input then it will call dp:accept function so flow
go with further steps Otherwise flow
dp:reject function invoke gives response as “<errorMsg>The person
is unauthorized User</errorMsg>” as
shown in below figures.
Case1:-
I hope this post helps you. So far this is my best effort to explain.
Please correct me if I do anything wrong.
Please share you valuable suggestions and feedback to my mail
id"mdondetisbit@gmail.com"
to improve myself.
Please post any issues/query’s related to BPM,WODM and DATAPOWER to "mdondetisbit@gmail.com"
No comments:
Post a Comment