What’s New in Policy Management

In Mule 4, classloader isolation exists between the application, the runtime and the connectors, and policies.

Other changes to policies are:

  • All policies are non-blocking, which is described in Mule 4 documentation.

  • All policies except CORS, which is executed first, can be ordered.

  • Resource level policy support, which was restricted to RAML-based APIs, is extended to any HTTP API.

  • You can distribute policies outside of the runtime, which simplifies upgrades.

Mule 4 introduces changes to the packaging, size and scope of a policy.

Changes to MuleSoft-Provided Policies

Notable changes to policies for governing APIs are:

  • API Manager now provides two HTTP Basic Authentication policies, one based on the simplest technique for enforcing access control to web resources and the other on the LDAP configuration.

    If you upgrade APIs from the Jul 2017 to Nov 2017, the security manager setup information is no longer required. The policy incorporates the information.

  • Header propagation no longer occurs by default. You can configure header propagation for token enforcement and rate limiting policies by checking the Expose Headers checkbox.

  • You can configure the rate limiting policy to share the quota among the cluster nodes (default) or not.

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.