What’s New in Policy Management (Nov 2017)
In Mule 4, classloader isolation exists between the application, the runtime and the connectors, and policies.
Other changes to policies are:
All policies are non-blocking, which is described in Mule 4 documentation.
All policies except CORS, which is executed first, can be ordered.
Resource level policy support, which was restricted to RAML-based APIs, is extended to any HTTP API.
You can distribute policies outside of the runtime, which simplifies upgrades.
Mule 4 introduces changes to the packaging, size and scope of a policy.
Notable changes to policies for governing APIs are:
API Manager now provides two HTTP Basic Authentication policies, one based on the simplest technique for enforcing access control to web resources and the other on the LDAP configuration.
If you upgrade APIs from Jul 2017 to Nov 2017, the security manager setup information required the Jul 2017 release is no longer required. The policy incorporates the information.
Header propagation no longer occurs by default. You can configure header propagation for token enforcement and rate limiting policies by checking the Expose Headers checkbox.
You can configure the rate limiting policy to share the quota among the cluster nodes (default) or not.