The Virtualized StockQuote Service sample policy container includes
the following policies:
- Virtualized service main policy
- Threat protection policy
- Content-based routing policies
- Response transformation policy
Virtualized Service Main Policy
The Main Policy circuit is as follows:
Virtualized Service Main Policy Circuit
|
The Main Policy uses policy shortcuts to perform the following tasks:
- The main fault handler relies on some variables to be initialized,
which is performed as soon as the policy is entered.
- The Threat Detection policy is applied to the incoming
SOAP message and HTTP headers.
- The symbol value is extracted from the incoming message, and used to
decide whether the request should be sent to one server instance or another.
- The name of the instance that served the request is added to the
response.
- In case of errors, a global fault handler is invoked. This is used to return
a custom error message to the user.
Threat Protection Policy
The Threat Protection policy circuit is as follows:
Threat Protection Policy Circuit
|
The Threat Protection policy performs the following tasks:
- The incoming request size (including attachments) is checked to be less
than 1500 KB.
- The complexity of the XML is checked in terms of number of nodes, attributes
per node, or number of child nodes per node.
- XML and eventually HTTP headers are checked for threatening content such
as SQL injection or XML processing instructions.
- If any of these filters return an error, the corresponding error handler
is called. The error handler is implemented as a policy that sets the value of
the error code and message for this error, and then re-throws the exception so
that the global fault handler catches it.
Content-based Routing Policies
The Route Based on Symbol Value policy extracts the contents of the
symbol XML node and checks whether the first letter’s value is between A-L
or K-Z . Depending on the result, it routes the request to the first or second
instance of the StockQuote server. These servers are simulated by the following
Relative Path URIs defined in the Enterprise Gateway:
-
/stockquote/instance1
-
/stockquote/instance2
The Route Based on Symbol Value policy circuit is as follows:
Route Based on Symbol Value
|
The Route Based on Symbol Node policy performs the following tasks:
- The value of the symbol node is extracted from the request using XPath. The
result is placed in a message attribute named
message.symbol.value .
- A Switch on attribute value filter is used to check the value
of the message attribute (using a regular expression), and a different policy is called
to send the request to
instance1 or instance2 .
The Route to Instance1 policy circuit is as follows:
Route to Instance1 Policy
|
The Route to Instance1 policy (called from the Switch filter) performs
the following tasks:
- Connects to the
instance1 URI .
- If successful, the instance name (
instance1 ) is placed
in a message attribute (stockquote.instance.name ). This is used
later on to insert the instance name into the response.
The Route to Instance2 policy performs the same tasks but using the
instance2 URI instead.
Response Transformation Policy
When the response is obtained from the back-end server, the Add Instance Name
to Response policy changes it to insert the instance name into a new XML node
(instanceName ). The Add Instance Name to Response policy
circuit is as follows:
Add Instance Name to Response Policy
|
This policy adds the instance name (the value of the stockquote.message.name
message attribute) to the response, using an Add XML node filter, as part
of the SOAPbody . XPath is used to define where the new node must be added.
|