API Management 10.4 | Using CentraSite | Runtime Governance | Run-Time Policy Management | Actions that Run-Time Policies Can Execute
 
Actions that Run-Time Policies Can Execute
A run-time action is a single task that is included in a run-time policy and is evaluated by webMethods Mediator. Actions in run-time policies perform tasks such as identifying and validating consumers, traffic management and logging transaction activity. You specify actions when you define the policy.
CentraSite provides run-time action templates. A run-time action template is a definition of an action that can be used in a run-time policy. Most action templates specify a set of parameters associated with a particular policy action. For example, when you configure the Evaluate WSS Username Token action you use an identifier (for example, a WSS username token) to identify and validate the consumers who are trying to access the APIs. You can include multiple actions in a single policy.
Built-in Actions
CentraSite includes many built-in actions that you can use to compose run-time policies.
CentraSite Business UI
Built-in run-time actions are provided in the following categories:
Category
Description
Logging and Monitoring actions
Actions that monitor and collect information about the number of messages that were processed successfully or failed, the average execution time of message processing, and the number of alerts associated with an API.
Security actions
Actions that enforce identification and validation of the consumers who are trying the access the API.
Traffic management actions
Actions that limit the number of service invocations allowed during a specified time interval, and send alerts to a specified destination when the performance conditions are violated.
Validation
Actions that validate all XML request and response messages against an XML schema referenced in the WSDL.
CentraSite Control
Built-in run-time actions are provided in the following categories:
Category
Description
WS-SecurityPolicy 1.2 actions
Mediator provides two kinds of actions that support WS-SecurityPolicy 1.2: authentication actions and XML security actions.
*You use the authentication actions to verify that the service consumer has the proper credentials to access a virtual service. You can authenticate consumers by their WSS X.509 certificates, WSS Username tokens, or WSS SAML tokens.
*You use the XML security actions to provide confidentiality (through encryption) and integrity (through signatures) for request and response messages.
Monitoring actions
Mediator provides the following run-time monitoring actions:
*The Monitor Service Performance action that monitors a user-specified set of run-time performance conditions for a virtual service and sends alerts to a specified destination when these conditions are violated.
*The Monitor Service Level Agreement action that provides the same functionality as Monitor Service Performance, but this action is different because it enables you to monitor a virtual service's run-time performance for particular consumers. You configure this action to define a Service Level Agreement (SLA) that is set of conditions that defines the level of performance that a specified consumer should expect from a service.
*The Throttling Traffic Optimization action (not available in Mediator versions below 9.0) that limits the number of service invocations allowed during a specified time interval and sends alerts to a specified destination when the performance conditions are violated. You can use this action to avoid overloading the back-end services and their infrastructure, limit specific consumers in terms of resource usage, and so on.
Additional actions
Mediator provides the following actions, which you can use in conjunction with the actions above:
*Identify Consumer, used in conjunction with an authentication action (Require WSS Username Token, Require WSS X.509 Token, or Require HTTP Basic Authentication). Alternatively, you can use this action alone to identify consumers only by host name or IP address.
*Require HTTP Basic Authentication that uses HTTP basic authentication to verify the consumer's authentication credentials contained in the request's Authorization header against the Integration Server.
*Authorize User that authorizes consumers against a list of users and a list of groups registered in the Integration Server on which Mediator is running. You use this action in conjunction with an authentication action (Require WSS Username Token, Require WSS SAML Token, or Require HTTP Basic Authentication).
*Authorize Against Registered Consumers that authorizes consumer applications against all Application assets that are registered in CentraSite as consumers for the service.
*Log Invocation that logs request or response payloads to a destination you specify.
*Validate Schema that validates all XML request and response messages against an XML schema referenced in the WSDL.
Custom Actions
If you need to execute a task that is not provided by a built-in action, you can create a custom action to perform the work. CentraSite offers the functionality to implement custom computed actions with your own algorithms using the GWT framework.

Copyright © 2015- 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release