Implement Custom Policy Using Flow Designer

Author: Shahzeb Ali Khan

Introduction

Policies enforce regulations to help manage security, control traffic, and improve API adoption. For example, a policy can control authentication, access, and service level agreements (SLAs). Anypoint Platform offers us many out-of-the-box policies which we can apply to our APIs. But sometimes we have some specific business requirements and to achieve those we develop a Custom Policy. 

Purpose

The normal way of developing a custom policy is through writing the xml code manually as a mule policy does not allow using the flow designer. Now this has several drawbacks.

• XML code is not readable
• Complexity of writing the logic increases
• Development time increases.

Now , there is a workaround to avoid writing everything in xml code and to be able to use flow designer to write the logic. To begin with creating a custom policy and setting up the settings.xml you can refer to these links:

• Custom Policy in Mule 4 – Apisero 
• Publishing a Mule 4 Custom Policy | MuleSoft Documentation

Using Flow Designer to develop the policy

Once you have created and imported the policy in your anypoint studio, In your template.xml,

1.  Keep the attributes, payload or any fields you fetch from the UI of the policy in separate variables.(Only if it’s required) 
2. Now all you have to do is, in xml make a flow reference inside <http-policy:source> , and point to a flow.
3. Now you can go to the flow designer and start creating flow with the same name which you referred to in flow-ref and implement the logic.
4. You can store the result in a variable and after the flow-ref, you can validate the response and send a response from policy as usual.

Notes:

• If you want to use attributes, you will have to store it in a variable before flow-ref , otherwise it will evaluate to null in sub-flow.
• Make sure your flow begins after </http-policy:proxy>.

• You have to create the flow inside template.xml only. If you have multiple mule configuration xml files, it will fail at build. 

Use Case:

To authenticate our APIs, we will receive a JWT assertion in the headers. Our custom policy would decode the token , send an HTTP Request to the OAuth provider and then invoke a java method to verify the token based on whether we either allow the request or raise an error. Below is the step by step explanation:

1. Create a folder in which you want to create your policy and open a command prompt in that folder. Once done, run the below code(modify it based on your requirement).

mvn -Parchetype-repository archetype:generate -DarchetypeGroupId=org.mule.tools -DarchetypeArtifactId=api-gateway-custom-policy-archetype -DarchetypeVersion=1.2.0  -DgroupId=7f149ad6-1c86-48d2-ae7d-4cbca9eb6059 -DartifactId=ValidateJWT  -Dversion=1.0.0-SNAPSHOT -Dpackage=mule-policy

2. After we import the project to anypoint studio,we will configure 4 fields to be taken from the custom policy UI. In your project folder Goto <project_name>.yaml file and use the code below.
   

id: Validate JWT Token name: Validate JWT Token description: This policy would validate the JWT token received. category: Custom type: custom resourceLevelSupported: true encryptionSupported: false standalone: true requiredCharacteristics: [] providedCharacteristics: [] configuration:  – propertyName: clientIds    name: Subjects    description: A comma-separated list of required Client Ids    type: string    optional: false    sensitive: false    allowMultiple: false  – propertyName: accountServerUrl    name: Issuer    type: string    optional: false    sensitive: false    allowMultiple: false  – propertyName: expiryTime    name: Expiry Time    type: int    optional: false    sensitive: false    allowMultiple: false    defaultValue: 0  – propertyName: scopes    name: Scopes    type: string    optional: true    sensitive: false    allowMultiple: false

Now we are going to use the trick mentioned above. We would save whatever we require in some variables and create a flow-ref inside .

1. We can now go to the message flow. 
   1. Drag and drop a flow and give it the same name you used in flow reference.
   2. You can now start with implementing the business logic.
   3. In the end of the flow make sure you store the final response in a variable.