This document provides an overview and summary of custom API policies on the Oracle Cloud. It discusses using Groovy and Java to create custom policies, the key elements of custom Java policies, demoing the tooling, and how UI elements are linked together. It also compares Groovy and Java for custom policies and provides several useful Oracle Cloud resources.

1. Phil Wilkins
Phil.Wilkins@capgemini.com
uk.linkedin.com/in/philWilkins
@PhilAtCapgemini /
@MP3Monster
Oracle-integration.cloud /
APIPlatform.cloud /
Blog.mp3monster.org
Secrets of Custom API
Policies on the Oracle Cloud

2. ‹#›© 2018 Capgemini. All rights reserved.
1
3
Custom Policies with Groovy
Today ....
How do I with Groovy?
4
Custom Java Policies and their
Key Elements
2 Groovy Constraints
5 Demo the tooling
6 How UI Elements Link together
7
Groovy vs Java for custom
Policies

3. Capgemini is One of the World's Largest Consulting,
Technology, and Outsourcing Firms & a global “full
service” business transformation provider
Group Workforce: 200,000+ Globally
Asia Pacific
Latin America
Canada
United States
Mexico
Brazil
Argentina
Europe
Morocco
Australia
People’s Republic of China
India
Chile
Guatemala
Russia
Singapore
Hong Kong
North
America
UK & Ireland
Nordics
Benelux
“It is the quality of our people, and their
capacity to deliver fitting solutions, with you
and for you, that drive real business results.”
Across 40+ countries, 100 nationalities
5Businesses
Revenue
12,8
Billion EUR (2017)
Central Europe
Morocco
Net Profit
€1,18B
 Targeting Value
 Mitigating Risk
 Optimising
Capabilities
 Aligning the
Organisation
Elements to
successful
collaboration
Application Services
Infrastructure
Services
Business Process
Outsourcing
Consulting
(Capgemini Consulting)
Local Professional
4

4. Cloud Premier Partner
Oracle Diamond Partner
Oracle Cloud Managed Service
Provider (*New!) partner – only a
handful of SI’s
Only Global SI to be accredited as
Oracle Authorized Education Center
Part of Beta programmes for:
Cotainer Native & Microservices
Inteligent Chatbot
API platform
Integration cloud
Process cloud
Oracle Self-Service Automation
Oracle IoT Cloud
Oracle Mobile Cloud
 Continuous investments in cloud
accelerators
 5 Oracle Aces: 2 Directors, 3 Aces
 Real experts and thought leaders including
several books:
 2013: Oracle SOA Governance
Implementation
 2015: Oracle API Management
Implementation
 2016: Oracle Case Management
Solutions
 2017: Implementing Cloud service
 Oracle API Platform CS
Implementation
 Enterprise API Management
 Several publications in OTN, Oracle
Magazine, Oracle Scene & Other
 2018 –Global Excellence Award for Extend and Connect
 2018 –Silver Awards for Managed Services, Middleware &
infrastructure Services - UKOUG Partner of the Year
 2018 – PaaS & API Community Awards
 2017 – Gold & Silver UKOUG Partner of the Year Awards
 2017 – API 2017 – Global Excellence Award for Extend and
Connect
 & PaaS Community Award
 2017 – Chatbot PaaS Community Award
 2016 – Oracle Specialized Partner of the Year: Industry
 2016 – Oracle University Partner of the Year
 2016 – BPM and Cloud community awards
 2015 – Oracle Customer Support Services Partner of the Year
 2011 – Global Partner of the Year Award for Oracle
Applications
 2012 – Fusion Middleware partner of the year
 2010 – Partner of the year for Oracle Fusion Middleware
 2010 – 2010 EMEA Industry Partner of the Year
 2010 – Oracle Customer Services Partner of The Year
 2009 – Oracle Customer Services Partner of The Year
 2008 – Oracle Customer Services Partner of The Year
Alliance and Strategic Partnership Awards & Recognitions Thought Leadership
Article – June 17
Article – June 17
Podcast – August 17
Capgemini & Oracle

5. • Technical Enterprise Architect specializing in
Integration, APIs and PaaS.
• Started out as a developer working on Radar systems
• Moved into integration space – using Open Source
Tech e.g. JBoss App Server & Fuse, Apache Camel etc.
• Worked with Oracle middleware & PaaS >9yrs
• Worked in end user companies, ISVs & consultancy.
• Oracle Ace
About: Phil Wilkins
Peer technical
review on a variety
of books published
by
Thomas Erl
(Prentice Hall),
Packt etc
Articles published
in a range of
Journals
Co-Author 1st
Oracle iPaaS Book
Implementing
Oracle Integration
Cloud - Jan, 2017
Co-Author of
Implementing
Oracle API
Platform - Mar, 2018
TOGAF 9 Certified
2013
• Co-authored books on API Platform CS & Oracle Integration Cloud
• contributing to development of more than a dozen other titles ranging from Apache Camel to
Cloud Computing Design
• Articles published in a range of journals on Cloud Strategy, PaaS, Integration & APIs.

6. Phil Wilkins
Phil.Wilkins@capgemini.com
uk.linkedin.com/in/philWilkins
@PhilAtCapgemini /
@MP3Monster
Oracle-integration.cloud /
APIPlatform.cloud /
Blog.mp3monster.org
{ developer }
Luis Weir
Luis.Weir@capgemini.com
uk.linkedin.com/in/lweir
@luisw19
Soa4u.co.uk /
APIPlatform.cloud
LONDON
#OracleDeveloperMeetup
https://www.meetup.com/Oracle-Developer-Meetup-London/
http://bit.ly/OracleDevMeetup

7. The Book …
https://apiplatform.cloud
https://www.packtpub.com/virtualization-and-
cloud/oracle-api-platform-cloud-service

8. Custom Policies with
Groovy
1.How it appears
2.Foundation principles for both
3.What happens when it deploys
4.Debugging live
5.Setting up the IDE to make it easier to test

9. API Policy Cycle
Policy
Development
• Groovy Policy doesn’t provide any syntax awareness – so worth using a Groovy aware Editor
• Content of an API call can be accessed in the same way for both Java & Groovy
• Positioning of the Groovy policy in the sequence of policies is important. All policies get executed
• Recommend in the Policy description you describe the purpose of the script
Deploy API
• Operates in the same basic manner as any other policy, except …
• Groovy is Transcoded to Java and compiled to Byte code – if this fails the deployment will fail
API Policies
Execute
• Will behave like any other policy because …
• Cross compiled code is executed as method at runtime – with the constraints that brings
• Remember every time you make a call out / OS operation to get values it happens on every API call
– nothing is retained between executions!
Retire
• Just remove the policy from the API or delete the API

10. 10© 2018 Capgemini. All rights reserved.10
API Platform
represents each
API Call like
this
API gateway
APIConsumer
API Apps
API
App
API
App
API
App
API
App
API
App
API
App
2
34
Incoming Message
Service
Request
ApiRequest
ApiRuntimeContext
APIResponse
Outgoing Message
Service
Response
1
Service
Request
Execution sequence
Immutable API Object
Mutable API Object
Key
ApiRequest
1
API call inbound details are accessed via
API Request interface
1
2
To change or manipulate what is passed
to the back end content is set in the
Service Request
3 The backend response is held accessed
via the Service Response Interface
4
API Response interface represents what
is returned
The step you’re in will dictate which
entities you need to interact with

12. Interaction with
the inbound
header
Context is the
predefined &
reserved entity to
accessing API
Platform data
structure
Set the backend
bound vaue
This Groovy policy
implements Zipkin
based Open
Tracing

13. 13© 2018 Capgemini. All rights reserved.13
Limitations of
Groovy API
Policies
1. There are pre-existing variables and ‘reserved words’ so don’t create
anything with names such as – headers, queries, payload,
msgProperties
2. Because of the way the cross compilation works, you can’t …
• Use Import statements – if you want to refer to a class you need to use
the full path name e.g.
java.util.HashMap
• Define named classes – only anonymous inner calls can be used e.g.
def customMap = new java.util.Map(<String> <Object>) {
@Override public String getKey() throws IllegalStateException {
return null;} } println customMap}
• As a custom ClassLoader is used to ensure that the policy can’t be
malicious, don’t try to use any classes that aren’t standard Java or
Javax
3. Although the Gateway is on Java 8 or higher, don’t try to use Java
Lambda expressions as Groovy doesn’t recognize the ‘->’ operator
4. The Groovy code is passed through an expression checker to try
pickup and prohibit behaviors that could be malicious or adversly
impact the Gateway, this includes:
• Runnable, Threads and Classloader
• Groovy shell features
• Groovy IO including network
• Manipulating the environment e.g. setProperty()
http://www.ateam-oracle.com/everything-you-should-know-about-the-apip-groovy-policy/

14. 14© 2018 Capgemini. All rights reserved.14
Understanding
Groovy Deploy
failures
• Groovy errors will show up in the log files
• The 1st error reported isn’t necessarily the cause –
mismatched braces or brackets can result in the wrong
line being identified
• Remember Groovy is cross compiled to Java, so is less
type tolerant

15. 15© 2018 Capgemini. All rights reserved.15
How Do I /
What Shouldn’t
I?
• How do I Reject/Fail an API call?
• Throw a PolicyProcessingException
• Interact with JSON and XML?
• Use of JsonSlurper and XmlSlurper for
payload to object
• Use of JsonBuilder for creating payloads
from objects
• Can I incorporate application Logic into the Groovy Policy?
• Is Groovy the only way to implement integration tasks?
• Whilst it is technical possible to achieve both of these goals,
the constraints will likely lead to inelegant code
• The Gateway was never designed to be a new type of ESB,
you’re better off loading this work using a callout or invoking
a middleware platform or microservices
• Remember, because the way the gateway handles Groovy
policies it is going to be difficult to tune resources e.g.
ensure the policy has enough heap for example

16. 17© 2018 Capgemini. All rights reserved.
Custom Java Policies
Design & Develop
using SDK
Apply metadata and
package
Upload to
Management Platform
•Auto Deploys to
registered gateway nodes
Apply to API and set
policy attributes
Deploy API
API Invocations
Retire by modifying
policy to do nothing

17. 18© 2018 Capgemini. All rights reserved.18
Java Policy is a lot more
complex than its Groovy
counterpart, made up of :
• UI building on Oracle JET (therefore JavaScript) with
two versions to:
• Define the policy attributes (i.e. Edit)
• Display the policy (i.e. Read Only for the deployed
policy views)
• Design time Java logic to provide values for drop
down menus, and validate input values before policies
are deployed
• Configuration to provide label text so localization
• Metadata defining policy versions which will dictate
custom policy deployment and execution
• Java Factory framework for Policy start-up (after
deployment or Gateway start-up)
• API Policy Java execution framework
• Tooling to package and deploy the custom Policy

18. 19© 2018 Capgemini. All rights reserved.19
Creation
Tooling

19. 20© 2018 Capgemini. All rights reserved.20
The UI is simply Oracle Jet
fragments. Any standard Oracle JET
building block can be used
Make Up of
Your Policy UI
Reference to
Oracle Jet Form
The artefact is
identified as HTML,
but it isn’t a
complete HTML page
Note that we need only
provide the policy specific
piece, the documentation
part of the policy UI is
provided as standard
This is how the UI
element is identified
so values can be
mapped into a JSON
Object
JavaScript
that links the
UI element to
our JSON
config object

20. 21© 2018 Capgemini. All rights reserved.21
The UI can be localized buy
referencing label in the JS and
defining the values in the I10n
bundle Json File
Localization
#helpInfo
policy.description
label.field.<field name>
e.g.
label.field.GeoFilename
policy.name
label.field.<field name>
e.g.
label.field.GeoFilename
label.field.<field name>
e.g.
label.field.GeoFilename
policy.name

21. 22© 2018 Capgemini. All rights reserved.22
Factory
mechanism
Factory class provided
by the SDK
The data provided in the
UI is captured into a
JSON Config object and
supplied here
The factory is used to
build the re-usable
objects. In this example
we’re loading up IP to
GeoLocation data
Pulling the configuration
values provided by the UI

22. 23© 2018 Capgemini. All rights reserved.23
I’m Code
Complete, Now
What?
Once Your Ready to start trying your policy for real …
1. Need to ensure that not only is the code ready, but also ..
1. Update the Build.properties to reference the API Platform management
server
2. Metadata file which describes the policy, the rules of when it can be
included in the policies, the UI elements etc
2. Ensure that any additional dependencies are in the extlibs folder
3. Use the ant build file to ..
1. Create the jar deployment artefact
2. Deploy the jar to the management server using the API
4. The management server if it recognises this as a new version of the
policy will push it out to the Gateways for you
5. Login into the Admin Portal, start working with an API – use your
policy!

23. 24© 2018 Capgemini. All rights reserved.24
+ If the logic is only for a single API
+ Logic is simple, quick and not dependent upon
additional libraries
+ Proving an idea to be later made a custom policy
- Debugging can be slow and difficult (redeploy API to
test very change, locate errors in log files determine
coding error)
- Coding constraints – code may end up being
inelegant
Comparison of
Policy Types
+ Logic needs to be used across multiple APIs
+ Needs to be configuration driven
+ Performance will significantly benefit by preparing
data in advance of all API calls e.g. load a lookup
table
- Recommend having a separate environment for
development, test & maintenance of custom policies
Groovy Java

24. 25© 2018 Capgemini. All rights reserved.25
Useful
Resources
• https://apiplatform.cloud
• https://docs.oracle.com/en/cloud/paas/api-platform-cloud/apfjd/index.html
• https://docs.oracle.com/en/cloud/paas/api-platform-cloud/apiplatform-
custompolicies/developing-custom-policies-oracle-autonomous-api-platform-cloud-service.pdf

26. With more than 190,000 people, Capgemini is present in over 40 countries and
celebrates its 50th Anniversary year in 2018. A global leader in consulting, technology
and outsourcing services, the Group reported 2016 global revenues of EUR 12.5 billion.
Together with its clients, Capgemini creates and delivers business, technology and
digital solutions that fit their needs, enabling them to achieve innovation and
competitiveness. A deeply multicultural organization, Capgemini has developed its own
way of working, the Collaborative Business Experience™, and draws on Rightshore®, its
worldwide delivery model.
About Capgemini
Learn more about us at
www.capgemini.com
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group.
Copyright © 2018 Capgemini. All rights reserved.
Rightshore® is a trademark belonging to Capgemini.
This message is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to
read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please
notify the sender immediately and delete all copies of this message.