Enforcement of conditional policy attachments
First Claim
1. A method comprising:
- detecting, by a computer system, occurrence at a web service endpoint of a runtime event;
updating, by the computer system, a runtime context component maintained for the web service endpoint based on the runtime event prior to evaluating one or more policies with respect to the web service endpoint and the runtime event, the runtime context component specifying a set of data regarding a current context within a runtime environment of the web service endpoint that includes information relevant to the runtime event;
identifying, by the computer system, a web service policy whose metadata indicates attachment to the web service endpoint;
determining, by the computer system, whether the web service policy is to be attached to the web service endpoint using the runtime context component and a constraint expression associated with web service policy being dependent on one or more runtime values specified by the runtime context component, the determining comprising evaluating the constraint expression in view of the one or more runtime values specified by the runtime context component;
enforcing, by the computer system, the web service policy at the web service endpoint with respect to the detected runtime event when the web service policy is determined to be attached to the web service endpoint based on satisfying the constraint expression; and
ignoring, by the computer system, the metadata indicating attachment of the web service policy at the web service endpoint when the web service policy is determined not to be attached to the web service endpoint based on failing to satisfying the constraint expression.
1 Assignment
0 Petitions
Accused Products
Abstract
Framework for conditionally attaching web service policies to a policy subject (e.g., a web service client or service endpoint) at subject runtime. In one set of embodiments, a constraint expression can be defined that specifies one or more runtime conditions under which a policy should be attached to a policy subject. The constraint expression can be associated with the policy and the policy subject via policy attachment metadata. The constraint expression can then be evaluated at runtime of the policy subject to determine whether attachment of the policy to the policy subject should occur. If the evaluation indicates that the policy should be attached, the attached policy can be processed at the policy subject (e.g., enforced or advertised) as appropriate. Using these techniques, the policy subject can be configured to dynamically exhibit different behaviors based on its runtime context.
103 Citations
19 Claims
-
1. A method comprising:
-
detecting, by a computer system, occurrence at a web service endpoint of a runtime event; updating, by the computer system, a runtime context component maintained for the web service endpoint based on the runtime event prior to evaluating one or more policies with respect to the web service endpoint and the runtime event, the runtime context component specifying a set of data regarding a current context within a runtime environment of the web service endpoint that includes information relevant to the runtime event; identifying, by the computer system, a web service policy whose metadata indicates attachment to the web service endpoint; determining, by the computer system, whether the web service policy is to be attached to the web service endpoint using the runtime context component and a constraint expression associated with web service policy being dependent on one or more runtime values specified by the runtime context component, the determining comprising evaluating the constraint expression in view of the one or more runtime values specified by the runtime context component; enforcing, by the computer system, the web service policy at the web service endpoint with respect to the detected runtime event when the web service policy is determined to be attached to the web service endpoint based on satisfying the constraint expression; and ignoring, by the computer system, the metadata indicating attachment of the web service policy at the web service endpoint when the web service policy is determined not to be attached to the web service endpoint based on failing to satisfying the constraint expression. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable medium having stored thereon program code executable by a computer system, the program code comprising:
-
code that causes the computer system to detect occurrence at a web service endpoint of a runtime event; code that causes the computer system to update a runtime context component maintained for the web service endpoint based on the runtime event prior to evaluating one or more policies with respect to the web service endpoint and the runtime event, the runtime context component specifying a set of data regarding a current context within a runtime environment of the web service endpoint that includes information relevant to the runtime event; code that causes the computer system to identifying a web service policy whose metadata indicates attachment to the web service endpoint; code that causes the computer system to determine whether the web service policy is to be attached to the web service endpoint using the runtime context component and a constraint expression associated with web service policy being dependent on one or more runtime values specified by the runtime context component, the determining comprising evaluating the constraint expression in view of the one or more runtime values specified by the runtime context component; code that causes the computer system to enforce the web service policy at the web service endpoint with respect to the detected runtime event when the web service policy is determined to be attached to the web service endpoint based on satisfying the constraint expression; and code that causes the computer system to ignore the metadata indicating attachment of the web service policy at the web service endpoint when the web service policy is determined not to be attached to the web service endpoint based on failing to satisfying the constraint expression. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system comprising:
-
a hardware processor; and a non-transitory memory storing a set of instructions which when executed by the processor configure the processor to; detect occurrence at a web service endpoint of a runtime event; update a runtime context component maintained for the web service endpoint based on the runtime event prior to evaluating one or more policies with respect to the web service endpoint and the runtime event, the runtime context component specifying a set of data regarding a current context within a runtime environment of the web service endpoint that includes information relevant to the runtime event; identify a web service policy whose metadata indicates attachment to the web service endpoint; determine whether the web service policy is to be attached to the web service endpoint using the runtime context component and a constraint expression associated with web service policy being dependent on one or more runtime values specified by the runtime context component, the determining comprising evaluating the constraint expression in view of the one or more runtime values specified by the runtime context component; enforce the web service policy at the web service endpoint with respect to the detected runtime event when the web service policy is determined to be attached to the web service endpoint based on satisfying the constraint expression; and
ignore the metadata indicating attachment of the web service policy at the web service endpoint when the web service policy is determined not to be attached to the web service endpoint based on failing to satisfying the constraint expression.
-
Specification