Comparison of Mule 3 and Mule 4 Policies

Policies in Mule versions 3 and 4 differ based on how they are implemented and the level of support provided.

Feature	Mule 3	Mule 4
Default expression language	Uses MEL expressions	Uses DataWeave 2.0
Resources	External dependencies, such as libraries or resources cannot be included in the policy and must be available in the runtime	Policies can package resources, eliminating the dependency with the runtime.
Performance	Partial non-blocking processing	Full non-blocking processing
Versioning	Not supported	Fully supported and enforced
Execution order	Throttling, Rate Limiting, and CORS executed first. Other policies can be reordered	All policies, except CORS, can be reordered
Resource-level support	Restricted to RAML-based APIs	Support extended to HTTP-based APIs and RAML-based APIs
Class loader isolation	Not supported	Supported between application libraries, extensions, and runtime libraries
Policy addition	Throttling	Spike Control
Authentication support	HTTP Basic Authentication based on the Simple Security Manager or LDAP Security Manager policies	Simple Basic Authentication and LDAP Basic Authentication policies, including Security Manager configuration
Rate Limiting support	Non-configurable quota shared between nodes and configured clusters.	Configurable quota, including: Ability to expose headers Ability to clusterize the quota
Configuration	Header propagation occurs by default	Header propagation does not occur by default, but can be configured for Token Enforcement, Rate Limiting, and other default policies
Customization	Support to build custom policy templates based on XML schema language	Powerful engine for building custom policies, using the XML schema language Improved error handling Support for all MuleSoft components Isolation between policies and application Can be applied to outbound requests, coming back from the backend services Can package additional libraries Versioning support provided for policies when uploaded to Exchange.

Feature

Mule 3

Mule 4

Default expression language

Uses MEL expressions

Uses DataWeave 2.0

Resources

External dependencies, such as libraries or resources cannot be included in the policy and must be available in the runtime

Policies can package resources, eliminating the dependency with the runtime.

Performance

Partial non-blocking processing

Full non-blocking processing

Versioning

Not supported

Fully supported and enforced

Execution order

Throttling, Rate Limiting, and CORS executed first. Other policies can be reordered

All policies, except CORS, can be reordered

Resource-level support

Restricted to RAML-based APIs

Support extended to HTTP-based APIs and RAML-based APIs

Class loader isolation

Not supported

Supported between application libraries, extensions, and runtime libraries

Policy addition

Throttling

Spike Control

Authentication support

HTTP Basic Authentication based on the Simple Security Manager or LDAP Security Manager policies

Simple Basic Authentication and LDAP Basic Authentication policies, including Security Manager configuration

Rate Limiting support

Non-configurable quota shared between nodes and configured clusters.

Configurable quota, including:
- Ability to expose headers
- Ability to clusterize the quota

Configuration

Header propagation occurs by default

Header propagation does not occur by default, but can be configured for Token Enforcement, Rate Limiting, and other default policies

Customization

Support to build custom policy templates based on XML schema language

Powerful engine for building custom policies, using the XML schema language
Improved error handling
Support for all MuleSoft components
Isolation between policies and application
Can be applied to outbound requests, coming back from the backend services
Can package additional libraries
Versioning support provided for policies when uploaded to Exchange.

The implementation and user experience for custom policies differs considerably in versions Mule 3 and Mule 4. For more information about custom policies for your Mule version, see the respective Custom policies section.

Comparison of Mule 3 and Mule 4 Policies

See Also