Configuring IBM z/OS Connect policies

How to configure IBM z/OS Connect policies.

Before you begin

Ensure that you have at least one rule set defined by completing the task Defining a rule set.

About this task

Follow these steps to configure IBM z/OS Connect to apply policies to incoming requests. You can configure multiple policies in the server.xml configuration file, but the maximum number that can be active is one policy per configured API plus one global policy. IBM z/OS Connect attempts to load the rule set file for each policy and writes a confirmation message if the file is loaded successfully or an error message if problems were found. If you configure multiple policies, a message is written to the log for each rule set. These messages can be found in the file messages.log.
Note: The attribute name that is defined in header element of a rule must be added to allowedHeaders in the cors element to test the API from Swagger UI.

Procedure

  1. Add a zosconnect_policy element in the server.xml configuration file.
    This element defines the location and name of the rule set. You can declare any number of policy elements but they become active only when referenced by the zosconnect_zosConnectAPIs or zosConnectAPI elements. Only one nested ruleset element for each policy is allowed.
    For example,
    
    <zosconnect_policy id="production" location="/var/zosconnect/rules/">
        <ruleset file="rulefile1.xml"/>
    </zosconnect_policy>
    Note: The default location is ${server.config.dir}/resources/zosconnect/rules, but you can define another location in the zosconnect_policy element. The location must be a fully qualified path.
  2. Choose whether this policy is to be used as a global or specific policy.
    1. To use the policy that was defined in step 1 as a global policy, define it in the policyRef attribute of the zosconnect_zosConnectAPIs element. 
      
<zosconnect_zosConnectAPIs policyRef="production"/>
      The policy production is applied to all APIs.
    2. To define a specific policy, edit the zosConnectAPI element to add a policyRef attribute that references the zosconnect_policy element.
      In this example, a second zosconnect_policy element is defined with an ID of specialPolicy.
      
<zosconnect_zosConnectAPIs policyRef="production">
     <zosConnectAPI name="mySpecialAPI" policyRef="specialPolicy"/>
</zosconnect_zosConnectAPIs>
      In this example, two policies are configured, but specialPolicy is applied only to mySpecialAPI. The global policy production is applied to all other APIs.
    Note: If a specific policy is defined for an API element, the global policy is not applied to that API even if the specific policy is not available.

What to do next

IBM z/OS Connect is now configured to apply your policies to incoming API requests. You must now create your rule set file and store it in the location you defined. See Defining a rule set.