JBoss.orgCommunity Documentation
This example, located in the samples/policy
folder, demonstrates one approach that can be used to provide "policy enforcement". This example makes uses of the example Switchyard application located in the samples/ordermgmt
folder.
This example shows how a business policy can be implemented in a synchronous (or inline) manner, where the decision is taken immediate, and can therefore be used to influence the current business transaction. The benefit of this approach is that it can ensure only valid transactions are permitted, as decisions can be immediately enforced, however the disadvantage is the potential performance impact this may have on the business transaction.
This example will show how:
The runtime governance infrastructure analyses the activity events generated by an executing business transaction using one or more Activity Interceptors.
The following Activity Interceptor is deployed in the environment responsible for execution the business transaction, and gets registered with the Activity Collector mechanism:
[{ "name" : "RestrictUsage", "version" : "1", "predicate" : { "@class" : "org.overlord.rtgov.ep.mvel.MVELPredicate", "expression" : "event instanceof org.overlord.rtgov.activity.model.soa.RequestReceived && event.serviceType == \"{urn:switchyard-quickstart-demo:orders:0.1.0}OrderService\"" }, "eventProcessor" : { "@class" : "org.overlord.rtgov.ep.mvel.MVELEventProcessor", "script" : "VerifyLastUsage.mvel", "services" : { "CacheManager" : { "@class" : "org.overlord.rtgov.ep.service.infinispan.InfinispanCacheManager" } } } }]
This Activity Interceptor receives activity events generated from the executing environment and applies the optional predicate to determine if they are of interest to the defined event processor. In this case, the predicate is checking for received requests for the OrderService
service.
For events that pass this predicate, they are submitted to the business policy, defined using the MVEL script VerifyLastUsage.mvel
, which is:
String customer=event.properties.get("customer"); if (customer == null) { return; } cm = epc.getService("CacheManager"); // Attempt to lock the entry if (!cm.lock("Principals", customer)) { epc.handle(new java.lang.RuntimeException("Unable to lock entry for principal '"+customer+"'")); return; } // Access the cache of principals principals = cm.getCache("Principals"); principal = principals.get(customer); if (principal == null) { principal = new java.util.HashMap(); } java.util.Date current=principal.get(event.serviceType+"-lastaccess"); java.util.Date now=new java.util.Date(); if (current != null && (now.getTime()-current.getTime()) < 2000) { epc.handle(new java.lang.RuntimeException("Customer '"+customer+"' cannot perform more than one request every 2 seconds")); return; } principal.put(event.serviceType+"-lastaccess", now); principals.put(customer, principal); epc.logDebug("Updated principal '"+customer+"': "+principals.get(customer));
This script uses the CacheManager service, configured within the EventProcessor component, to obtain a cache called "Principals". This cache is used to store information about Principals as a map of properties. The implementation uses Infinispan, to enable the cache to be shared between other applications, as well as in a distributed/cluster environment (based on the infinispan configuration).
If a policy violation is detected, the script returns an exception using the handle() method on the EventProcessor context. This results in the exception being thrown back to the execution environment, interrupting the execution of the business transaction.
To install the example, simply set the JBOSS_HOME
environment variable to the location of your switchyard installation (download from the latest switchyard-as7 zip from [https://www.jboss.org/switchyard/downloads]).
Then open a command window, set the current working directory to the ${rtgov}/samples/ordermgmt
folder, and run:
mvn clean install
Then change to the ${rtgov}/samples/policy/sync
folder and run the same command again.
To run the example, the first step is to start the Switchyard server using the following command from the bin
folder:
./standalone.sh --server-config=standalone-full.xml
Once the server has fully started, then send the following message (using SOAP-UI or an equivalent SOAP client) twice in less than 2 seconds to: http://localhost:8080/demo-orders/OrderService
<?xml version="1.0" encoding="UTF-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <orders:submitOrder xmlns:orders="urn:switchyard-quickstart-demo:orders:1.0"> <order> <orderId>PO-19838-XYZ</orderId> <itemId>BUTTER</itemId> <quantity>100</quantity> <customer>Fred</customer> </order> </orders:submitOrder> </soap:Body> </soap:Envelope>
If the two requests are received within two seconds of each other, this will result in the following response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>org.switchyard.exception.SwitchYardException: Customer 'Fred' cannot perform more than one request every 2 seconds</faultstring> </soap:Fault> </soap:Body> </soap:Envelope>
This example shows how a business policy can be implemented in an asynchronous (or out-of-band) manner, where the decision is taken after the fact, and can therefore only be used to influence future business transactions. The benefit of this approach is that the decision making process does not have to occur immediately and therefore avoids potentially impacting the performance of the business transaction. The disadvantage is that it does not permit any decision that is made to be enforced immediately.
This example will show how:
There are three components that comprise the policy within this example.
The runtime governance infrastructure analyses the activity events generated by an executing business transaction using one or more Event Processor Networks (or EPN).
A standard EPN is deployed within the infrastructure to isolate the SOA events (e.g. request/responses being sent or received). This quickstart deploys another EPN:
{ "name" : "AssessCreditPolicyEPN", "version" : "1", "subscriptions" : [ { "nodeName" : "AssessCredit", "subject" : "SOAEvents" } ], "nodes" : [ { "name" : "AssessCredit", "sourceNodes" : [ ], "destinationSubjects" : [ ], "maxRetries" : 3, "retryInterval" : 0, "predicate" : { "@class" : "org.overlord.rtgov.ep.mvel.MVELPredicate", "expression" : "event.serviceProvider && !event.request && event.serviceType == \"{urn:switchyard-quickstart-demo:orders:0.1.0}OrderService\"" }, "eventProcessor" : { "@class" : "org.overlord.rtgov.ep.mvel.MVELEventProcessor", "script" : "AssessCredit.mvel", "services" : { "CacheManager" : { "@class" : "org.overlord.rtgov.ep.service.infinispan.InfinispanCacheManager" } } } } ] }
This EPN subscribes to the published SOA events and applies the predicate which ensures that only events from a service provider interface, that are responses and are associated with the OrderService
service, will be processed. Events that pass this predicate are then submitted to the business policy (defined in the MVEL script AssessCredit.mvel), which is:
String customer=event.properties.get("customer"); if (customer == null) { return; } cm = epc.getService("CacheManager"); // Attempt to lock the entry if (!cm.lock("Principals", customer)) { epc.handle(new Exception("Unable to lock entry for principal '"+customer+"'")); return; } // Access the cache of principals principals = cm.getCache("Principals"); principal = principals.get(customer); if (principal == null) { principal = new java.util.HashMap(); } int current=principal.get("exposure"); if (current == null) { current = 0; } if (event.operation == "submitOrder") { double total=event.properties.get("total"); int newtotal=current+total; if (newtotal > 150 && current <= 150) { principal.put("suspended", Boolean.TRUE); } principal.put("exposure", newtotal); } else if (event.operation == "makePayment") { double amount=event.properties.get("amount"); int newamount=current-amount; if (newamount <= 150 && current > 150) { principal.put("suspended", Boolean.FALSE); } principal.put("exposure", newamount); } principals.put(customer, principal); epc.logDebug("Updated principal '"+customer+"': "+principals.get(customer));
This script uses the CacheManager service, configured within the EPN node, to obtain a cache called "Principals". This cache is used to store information about Principals as a map of properties. The implementation uses Infinispan, to enable the cache to be shared between other applications, as well as in a distributed/cluster environment (based on the infinispan configuration).
As mentioned in the previous section, the results derived from the previous policy are stored in an Infinispan implemented cache called "Principals". To make this information available to runtime governance clients, we use the Active Collection mechanism - more specifically we define an Active Collection that wraps the Infinispan cache.
The configuration of the Active Collection Source is:
[ { ...... },{ "@class" : "org.overlord.rtgov.active.collection.ActiveCollectionSource", "name" : "Principals", "type" : "Map", "visibility" : "Private", "factory" : { "@class" : "org.overlord.rtgov.active.collection.infinispan.InfinispanActiveCollectionFactory", "cache" : "Principals" } } ]
The visibility is marked as private to ensure that exposure information regarding customers is not publicly available via the Active Collection REST API.
The enforcement is provided by a specific Switchyard ExchangeHandler implementation (PolicyEnforcer) that is included with the order management application. The main part of this handler is:
public void handleMessage(Exchange exchange) throws HandlerException { .... if (_principals != null) { String contentType=null; for (Property p : exchange.getContext().getProperties( org.switchyard.Scope.valueOf(exchange.getPhase().toString()))) { if (p.getName().equals("org.switchyard.contentType")) { contentType = ((QName)p.getValue()).toString(); } } if (exchange.getPhase() == ExchangePhase.IN && contentType != null && contentType.equals("{urn:switchyard-quickstart-demo:orders:1.0}submitOrder")) { String customer=getCustomer(exchange); if (customer != null && _principals.containsKey(customer)) { java.util.Map<String,java.io.Serializable> props= (java.util.Map<String,java.io.Serializable>) _principals.get(customer); // Check if customer is suspended if (props.containsKey("suspended") && props.get("suspended").equals(Boolean.TRUE)) { throw new HandlerException("Customer '"+customer +"' has been suspended"); } } } } }
The variable _principals refers to an Active Map used to maintain information about the principal (i.e. the customer in this case). This information is updated using the policy rule defined in the previous section.
To install the example, simply set the JBOSS_HOME
environment variable to the location of your switchyard installation (download from the latest switchyard-as7 zip from [https://www.jboss.org/switchyard/downloads]).
Then open a command window, set the current working directory to the ${rtgov}/samples/ordermgmt
folder, and run:
mvn clean install
Then change to the ${rtgov}/samples/policy/async
folder and run the same command again.
To run the example, the first step is to start the Switchyard server using the following command from the bin
folder:
./standalone.sh --server-config=standalone-full.xml
Once the server has fully started, then send the following message (using SOAP-UI or an equivalent SOAP client) to: http://localhost:8080/demo-orders/OrderService
<?xml version="1.0" encoding="UTF-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <orders:submitOrder xmlns:orders="urn:switchyard-quickstart-demo:orders:1.0"> <order> <orderId>PO-19838-XYZ</orderId> <itemId>BUTTER</itemId> <quantity>100</quantity> <customer>Fred</customer> </order> </orders:submitOrder> </soap:Body> </soap:Envelope>
This will result in the following response, indicating that the purchase was successful, as well as identifying the total cost of the purchase (i.e. 125).
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <orders:submitOrderResponse xmlns:orders="urn:switchyard-quickstart-demo:orders:1.0"> <orderAck> <orderId>PO-19838-XYZ</orderId> <accepted>true</accepted> <status>Order Accepted</status> <customer>Fred</customer> <total>125.0</total> </orderAck> </orders:submitOrderResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
You may recall from the overview above that the threshold if 150, the customer would be suspended. Therefore if the same request is issued again, resulting in another total of 125, then the overall exposure regarding this customer is now 250.
If we then attempt to issue the same request a third time, this time we will receive a SOAP fault from the server. This is due to the fact that the PolicyEnforcer handler has intercepted the request, and detected that the customer is now suspended.
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Server</faultcode> <faultstring>Customer 'Fred' has been suspended</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
If we now send a "makePayment" request as follows to the same URL:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:switchyard-quickstart-demo:orders:1.0"> <soapenv:Header/> <soapenv:Body> <urn:makePayment> <payment> <customer>Fred</customer> <amount>200</amount> </payment> </urn:makePayment> </soapenv:Body> </soapenv:Envelope>
this will result in the customer being unsuspended, as it removes 200 from their current exposure (leaving 50). To confirm this, try sending the "submitOrder" request again.
This quickstart example demonstrates how a policy enforcement mechanism can be provided using a combination of the Runtime Governance infrastructure and platform specific interceptors.
This particular example uses an asynchronous approach to evaluate the business policies, only enforcing the policy based on a summary result from the decision making process. The benefit of this approach is that it can be more efficient, and reduce the performance impact on the business transaction being policed. The disadvantage is that decisions are made after the fact, so leaves a tiny window of opportunity for invalid transactions to be performed.