Archive for September, 2010
DataPower Deployment Policies and XPath
Deployment policy in IBM DataPower appliance is a very nice concept. Deployment policies allow for "tweaking" device and domain configuration for different environments. Let's face it, there are always differences between environments. Sometimes, these differences are small, such as different back-end hosts, and in other cases these differences could be significant, such as different security policies. It is commendable that IBM recognized this fact and implemented a mechanism for dealing with this very common problem directly in their product.
Deployment policies do a decent job of dealing with differences between environments. Deployment policies support changing, adding and deleting configuration, so it is possible to implement fairly complex transformations.
However, dealing with deployment policies could be confusing. Deployment policy's match rules utilize xpath, but the syntax of the rules is not pure xpath (note -- I'm using 3.7 firmware. The syntax might be different in 3.8). Consider this simple deployment policy match rule:
*/*/protocol/http?Name=personSreviceHTTP&Property=LocalPort
The part before "?" looks like xpath. But what schema is this xpath based on? There is no "protocol" element in the DataPower XML management schema. The part after "?" that uses name-value parameters is even more odd. Why use this instead of proper xpath? After all, DataPower has an XML-processing engine with full xpath support, so it would certainly be more logical to rely on XML standards.
The bottom line is that while deployment policies are useful, they have limitations. They have to be developed using Deployment Policy builder in WebGUI. They can only be applied to configuration elements supported in WebGUI. For example, creating a deployment policy that updates RemoteEndpointPort of a Web Services Proxy proves to be a non-trivial task.
This is why we added support for "plain" xpath-based overrides in our DPBuddy DataPower management tool. Instead of dealing with the obscure syntax of deployment policies, developers can simply look at the configuration export file and specify an xpath expression against this file. "dp:setConfig" task of DPBuddy will update the matching element of this expression with the new value. For example, to update RemoteEndpointPort, one can define the following task:
<dp:setConfig>
<configFile file="dpconfigs/config-wsproxy.xml">
<override xpath="//RemoteEndpointPort" value="${endpoint.port}"/>
</configFile>
</dp:setConfig>
It is not possible to add or remove configuration using "dp:setConfig"; deployment policies still have to be used for this kind of config changes. However, from our experience, majority of environment differences can be dealt with the xpath-based override mechanism.
MyArch, Inc. offers paid support for dpbuddy, including implementing custom enhancements. If you're interested, please contact us as info at myarch.com.
Most Popular Posts
Recent Posts
- Configuring Message Reliability in WebSphere Application Server
- What is the Best Tool to Replace Ant With?
- Update on DPBuddy Release 3.0
- DataPower Virtual Machines are Coming
- Using Eclipse for DataPower Development
- Using Auto-complete in Eclipse Ant Editor for DPBuddy Tasks
- DataPower Buddy 2.3.2 Bug Fix Release
- Managing DataPower Using Maven
- DPBuddy Roadmap for Release 3.0
- DataPower Buddy 2.3 Release
- Security Hardening of WebSphere Application Server Installations
- DataPower Secure Backup with DPBuddy
Blog Categories
- Ant (14)
- BPEL (4)
- Building software (21)
- DataPower (13)
- Developer productivity (4)
- dpbuddy (14)
- Dynamic languages (2)
- ESB (10)
- gradle (1)
- IT operations (5)
- Java EE (2)
- JAX-WS (2)
- JMS (1)
- PAnt (8)
- SCA (3)
- SOA (29)
- SOA Appliances (1)
- Troubleshooting (1)
- Uncategorized (1)
- Web services (27)
- Web Services Registry (1)
- WebSphere (23)
- WebSphere Application Server Administration (18)
- XML (9)
- XML Appliances (7)
- XML Schema (1)
