QSGPolicyEnforcement - Governance/rtgov GitHub Wiki
This example, located in the samples/policy folder, demonstrates two approaches that can be used to provide "policy enforcement". This example makes uses of the example Switchyard application located in the samples/ordermgmt folder.
The first approach shows how a business policy can be implemented in a synchronous (or inline) manner, where the decision is taken immediate, and can therefore be used to influence the current business transaction. The benefit of this approach is that it can ensure only valid transactions are permitted, as decisions can be immediately enforced, however the disadvantage is the potential performance impact this may have on the business transaction.
This example will show how:
-
activity event analysis, using the Activity Validator mechanism, to implement the business policy
The runtime governance infrastructure analyses the activity events generated by an executing business transaction using one or more Activity Validators. By default, Activity Validators are not invoked from within the SwitchYard environment. The specific SwitchYard applications need to be configured to include an interceptor that will invoke the validation. In the Order Management quickstart, this is achieved using the class org.overlord.rtgov.quickstarts.demos.orders.interceptors.ExchangeValidator. This class is derived from an abstract base class that provides most of the required functionality for converting an Exchange message into an activity event. For example,
@Named("ExchangeValidator") public class ExchangeValidator extends AbstractExchangeValidator implements ExchangeInterceptor { @Override public void before(String target, Exchange exchange) throws HandlerException { if (exchange.getPhase() == ExchangePhase.IN) { handleExchange(exchange); } } @Override public void after(String target, Exchange exchange) throws HandlerException { if (exchange.getPhase() == ExchangePhase.OUT) { handleExchange(exchange); } } @Override public List<String> getTargets() { return Arrays.asList(PROVIDER); } }
The following Activity Validator configuration is deployed in the environment responsible for executing the business transaction, and gets registered with the Activity Collector mechanism:
[{ "name" : "RestrictUsage", "version" : "1", "predicate" : { "@class" : "org.overlord.rtgov.ep.mvel.MVELPredicate", "expression" : "event instanceof org.overlord.rtgov.activity.model.soa.RequestReceived && event.serviceType == \"{urn:switchyard-quickstart-demo:orders:0.1.0}OrderService\"" }, "eventProcessor" : { "@class" : "org.overlord.rtgov.ep.mvel.MVELEventProcessor", "script" : "VerifyLastUsage.mvel", "services" : { "CacheManager" : { "@class" : "org.overlord.rtgov.common.infinispan.service.InfinispanCacheManager" } } } }]
This Activity Validator receives activity events generated from the executing environment and applies the optional predicate to determine if they are of interest to the defined event processor. In this case, the predicate is checking for received requests for the OrderService service.
For events that pass this predicate, they are submitted to the 'business policy', defined using the MVEL script VerifyLastUsage.mvel, which is:
String customer=event.properties.get("customer"); if (customer == null) { return; } cm = epc.getService("CacheManager"); // Attempt to lock the entry if (!cm.lock("Principals", customer)) { epc.handle(new java.lang.RuntimeException("Unable to lock entry for principal '"+customer+"'")); return; } // Access the cache of principals principals = cm.getCache("Principals"); principal = principals.get(customer); if (principal == null) { principal = new java.util.HashMap(); } java.util.Date current=principal.get(event.serviceType+"-lastaccess"); java.util.Date now=new java.util.Date(); if (current != null && (now.getTime()-current.getTime()) < 2000) { epc.handle(new java.lang.RuntimeException("Customer '"+customer+"' cannot perform more than one request every 2 seconds")); return; } principal.put(event.serviceType+"-lastaccess", now); principals.put(customer, principal); epc.logDebug("Updated principal '"+customer+"': "+principals.get(customer));
This script uses the CacheManager service, configured within the EventProcessor component, to obtain a cache called "Principals". This cache is used to store information about Principals as a map of properties. The implementation uses Infinispan, to enable the cache to be shared between other applications, as well as in a distributed/cluster environment (based on the infinispan configuration).
If a policy violation is detected, the script returns an exception using the handle() method on the EventProcessor context. This results in the exception being thrown back to the execution environment, interrupting the execution of the business transaction.
To install the example, the first step is to start the Switchyard server using the following command from the bin folder:
./standalone.sh -c standalone-full.xml
The next step is to install the example Switchyard application, achieved by running the following command from the $\{rtgov\}/samples/ordermgmt folder:
mvn jboss-as:deploy
Then change to the $\{rtgov\}/samples/policy/sync folder and run the same command again.
To demonstrate the synchronous policy, we will send the following message twice in less than 2 seconds, to the example Switchyard application at the following URL: http://localhost:8080/demo-orders/OrderService
<?xml version="1.0" encoding="UTF-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <orders:submitOrder xmlns:orders="urn:switchyard-quickstart-demo:orders:1.0"> <order> <orderId>1</orderId> <itemId>BUTTER</itemId> <quantity>100</quantity> <customer>Fred</customer> </order> </orders:submitOrder> </soap:Body> </soap:Envelope>
The messages can be sent using an appropriate SOAP client (e.g. SOAP-UI) or by running the test client available with the Switchyard application, by running the following command from the $\{rtgov\}/samples/ordermgmt/app folder:
mvn exec:java -Dreq=order1 -Dcount=2
If the two requests are received within two seconds of each other, this will result in the following response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>org.switchyard.exception.SwitchYardException: Customer 'Fred' cannot perform more than one request every 2 seconds</faultstring> </soap:Fault> </soap:Body> </soap:Envelope>
The second approach shows how a business policy can be implemented in an asynchronous (or out-of-band) manner, where the decision is taken after the fact, and can therefore only be used to influence future business transactions. The benefit of this approach is that the decision making process does not have to occur immediately and therefore avoids potentially impacting the performance of the business transaction. The disadvantage is that it does not permit any decision that is made to be enforced immediately.
This example will show how:
-
activity event analysis, using the Event Processor Network mechanism, can be used to implement business policies
-
results from the business policies can be cached for reference by other applications
-
platform specific interceptors can reference the results to impact the behavior of the business transaction (e.g. prevent suspended customers purchasing further items)
There are three components that comprise 'the policy' within this example.
The runtime governance infrastructure analyses the activity events generated by an executing business transaction using one or more Event Processor Networks (or EPN).
A standard EPN is deployed within the infrastructure to isolate the SOA events (e.g. request/responses being sent or received). This quickstart deploys another EPN that subscribes to the events produced by the standard EPN:
{ "name" : "AssessCreditPolicyEPN", "version" : "1", "subscriptions" : [ { "nodeName" : "AssessCredit", "subject" : "SOAEvents" } ], "nodes" : [ { "name" : "AssessCredit", "sourceNodes" : [ ], "destinationSubjects" : [ ], "maxRetries" : 3, "retryInterval" : 0, "predicate" : { "@class" : "org.overlord.rtgov.ep.mvel.MVELPredicate", "expression" : "event.serviceProvider && !event.request && event.serviceType == \"{urn:switchyard-quickstart-demo:orders:0.1.0}OrderService\"" }, "eventProcessor" : { "@class" : "org.overlord.rtgov.ep.mvel.MVELEventProcessor", "script" : "AssessCredit.mvel", "services" : { "CacheManager" : { "@class" : "org.overlord.rtgov.common.infinispan.service.InfinispanCacheManager" } } } } ] }
This EPN subscribes to the published SOA events and applies the predicate which ensures that only events from a service provider interface, that are responses and are associated with the OrderService service, will be processed. Events that pass this predicate are then submitted to the 'business policy' (defined in the MVEL script 'AssessCredit.mvel'), which is:
String customer=event.properties.get("customer"); if (customer == null) { return; } cm = epc.getService("CacheManager"); // Attempt to lock the entry if (!cm.lock("Principals", customer)) { epc.handle(new Exception("Unable to lock entry for principal '"+customer+"'")); return; } // Access the cache of principals principals = cm.getCache("Principals"); principal = principals.get(customer); if (principal == null) { principal = new java.util.HashMap(); } int current=principal.get("exposure"); if (current == null) { current = 0; } if (event.operation == "submitOrder") { double total=event.properties.get("total"); int newtotal=current+total; if (newtotal > 150 && current <= 150) { principal.put("suspended", Boolean.TRUE); } principal.put("exposure", newtotal); } else if (event.operation == "makePayment") { double amount=event.properties.get("amount"); int newamount=current-amount; if (newamount <= 150 && current > 150) { principal.put("suspended", Boolean.FALSE); } principal.put("exposure", newamount); } principals.put(customer, principal); epc.logDebug("Updated principal '"+customer+"': "+principals.get(customer));
This script uses the CacheManager service, configured within the EPN node, to obtain a cache called "Principals". This cache is used to store information about Principals as a map of properties. The implementation uses Infinispan, to enable the cache to be shared between other applications, as well as in a distributed/cluster environment (based on the infinispan configuration).
As mentioned in the previous section, the results derived from the previous policy are stored in an Infinispan implemented cache called "Principals". To make this information available to runtime governance clients, we use the Active Collection mechanism - more specifically we define an Active Collection, as part of the standard installation, that wraps the Infinispan cache.
The configuration of the Active Collection Source is:
[ { ...... },{ "@class" : "org.overlord.rtgov.active.collection.ActiveCollectionSource", "name" : "Principals", "type" : "Map", "lazy" : true, "visibility" : "Private", "factory" : { "@class" : "org.overlord.rtgov.active.collection.infinispan.InfinispanActiveCollectionFactory", "cache" : "Principals" } } ]
The visibility is marked as private to ensure that exposure information regarding customers is not publicly available via the Active Collection REST API.
The enforcement is provided by a specific Switchyard exchange interceptor implementation (PolicyEnforcer) that is included with the order management application. The main part of this interceptor is:
public void before(String call, Exchange exch) throws HandlerException { .... if (_principals != null) { org.switchyard.Message mesg=exch.getMessage(); if (mesg == null) { LOG.severe("Could not obtain message for phase ("+phase+") and exchange: "+exch); return; } org.switchyard.Context context=exch.getContext(); Property p=context.getProperty(Exchange.CONTENT_TYPE, org.switchyard.Scope.MESSAGE); if (LOG.isLoggable(Level.FINER)) { LOG.finer("Content type="+(p==null?null:p.getValue())); } if (p != null && p.getValue().toString().equals( "java:org.overlord.rtgov.quickstarts.demos.orders.Order")) { String customer=getCustomer(mesg); if (customer != null) { if (_principals.containsKey(customer)) { @SuppressWarnings("unchecked") java.util.Map<String,java.io.Serializable> props= (java.util.Map<String,java.io.Serializable>) _principals.get(customer); // Check if customer is suspended if (props.containsKey("suspended") && props.get("suspended").equals(Boolean.TRUE)) { throw new HandlerException("Customer '"+customer +"' has been suspended"); } } if (LOG.isLoggable(Level.FINE)) { LOG.fine("*********** Policy Enforcer: customer '" +customer+"' has not been suspended"); LOG.fine("*********** Principal: "+_principals.get(customer)); } } else { LOG.warning("Unable to find customer name"); } } } }
The variable '_principals' refers to an Active Map used to maintain information about the principal (i.e. the customer in this case). This information is updated using the policy rule defined in the previous section.
To install the example, the first step is to start the Switchyard server using the following command from the bin folder:
./standalone.sh -c standalone-full.xml
The next step is to install the example Switchyard application, achieved by running the following command from the $\{rtgov\}/samples/ordermgmt folder:
mvn jboss-as:deploy
Then change to the $\{rtgov\}/samples/policy/async folder and run the same command again.
To demonstrate the asynchronous policy enforcement, we will send the following message to the example Switchyard application at the following URL: http://localhost:8080/demo-orders/OrderService
<?xml version="1.0" encoding="UTF-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <orders:submitOrder xmlns:orders="urn:switchyard-quickstart-demo:orders:1.0"> <order> <orderId>1</orderId> <itemId>BUTTER</itemId> <quantity>100</quantity> <customer>Fred</customer> </order> </orders:submitOrder> </soap:Body> </soap:Envelope>
The message can be sent using an appropriate SOAP client (e.g. SOAP-UI) or by running the test client available with the Switchyard application, by running the following command from the $\{rtgov\}/samples/ordermgmt/app folder:
mvn exec:java -Dreq=order1
This will result in the following response, indicating that the purchase was successful, as well as identifying the total cost of the purchase (i.e. 125).
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <orders:submitOrderResponse xmlns:orders="urn:switchyard-quickstart-demo:orders:1.0"> <orderAck> <orderId>1</orderId> <accepted>true</accepted> <status>Order Accepted</status> <customer>Fred</customer> <total>125.0</total> </orderAck> </orders:submitOrderResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
You may recall from the overview above that if the customer’s debt exceeds the threshold of 150 then the customer would be suspended. Therefore if the same request is issued again, resulting in another total of 125, then the overall exposure regarding this customer is now 250.
If we then attempt to issue the same request a third time, this time we will receive a SOAP fault from the server. This is due to the fact that the PolicyEnforcer has intercepted the request, and detected that the customer is now suspended.
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Server</faultcode> <faultstring>Customer 'Fred' has been suspended</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
If we now send a "makePayment" request as follows to the same URL:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:switchyard-quickstart-demo:orders:1.0"> <soapenv:Header/> <soapenv:Body> <urn:makePayment> <payment> <customer>Fred</customer> <amount>200</amount> </payment> </urn:makePayment> </soapenv:Body> </soapenv:Envelope>
This can be sent using a suitable SOAP client (e.g. SOAP-UI) or the test client in the order management app:
mvn exec:java -Dreq=fredpay
This will result in the customer being unsuspended, as it removes 200 from their current exposure (leaving 50). To confirm this, try sending the "submitOrder" request again.
This quickstart example demonstrates how a policy enforcement mechanism can be provided using a combination of the Runtime Governance infrastructure and platform specific interceptors.
This particular example uses an asynchronous approach to evaluate the business policies, only enforcing the policy based on a summary result from the decision making process. The benefit of this approach is that it can be more efficient, and reduce the performance impact on the business transaction being policed. The disadvantage is that decisions are made after the fact, so leaves a tiny window of opportunity for invalid transactions to be performed.