Contact Us 1-800-596-4880
  1. Homepage
  2. Flex Gateway (1.11)
  3. Securing Flex Gateway Instances with Policies

  4. DataWeave Support

DataWeave Support in Flex Gateway Policies

DataWeave is the programming language designed by MuleSoft for data transformation. It enables you to build a simple solution for a common integration developer use case: read and parse data from one format, transform the data, and write it out as a different format.

Flex Gateway supports a subset of DataWeave in policy configuration expressions. DataWeave is only supported in included policies and custom policies created with PDK..

Available Types

  • Null

  • Boolean

  • String

  • Number (Driven as 64 bits floating points)

  • Array

  • Object (Repeated keys are not available)

Available Value Constructors for Types

Unavailable Value Constructors for Types

  • Object (Objects can not be defined as literals)

Available Flow Control Structures

Unavailable Flow Control Structures

Available Selectors

  • Array[Number]

  • Array[String]

  • Object[String]

  • String[Number]

Unavailable Selectors

  • Object[Number]

Available Equality and Relational Operators

Available Logical Operators

Available Default Operators

Available Functions

++

contains

lower

splitBy

sizeOf

trim

upper

uuid

dw::core::Strings::substringAfter

dw::core::Strings::substringAfterLast

dw::core::Strings::substringBefore

dw::core::Strings::substringBeforeLast

toBase64

fromBase64

Flex Gateway doesn’t support DataWeave expressions with binary type results. To use the dw::Binaries::fromBase64('dXNlcjpwYXNz') function, transform the result to a string. Transform the binary output to a string with the dw::util::Coercions::toString(binary: Binary, encoding: String): String function. For example, [dw::util::Coercions::toString(dw::core::Binaries::fromBase64('dXNlcjpwYXNz'), 'UTF-8')]. If using a different function that transforms the binary by default, such as [splitBy(dw::core::Binaries::fromBase64('dXNlcjpwYXNz'), ':')], you can skip manually transforming the binary.

toBinary

toString

Available Predefined Variables

  • attributes

    • attributes.headers

    • attributes.method (Only available in request context)

    • attributes.queryParams (Only available in request context)

    • attributes.queryString (Only available in request context)

    • attributes.requestPath (Only available in request context)

    • attributes.requestUri (Only available in request context)

    • attributes.localAddress (Only available in request context)

    • attributes.remoteAddress (Only available in request context)

    • attributes.scheme (Only available in request context)

    • attributes.version (Only available in request context)

    • attributes.statusCode (Only available in response context)

  • authentication

    • authentication.clientId

    • authentication.clientName

    • authentication.principal

    • authentication.properties

      To learn more about how to access the authentication object, see Access the Authentication Object.

  • payload

    • Fields depend on the current payload. For example, #[payload] returns the body of the message.

  • vars

    • Individual policies support different sets of variables. For information, refer to the policies listed in Inbound Policies Directory.

DataWeave Usage Examples

You can use DataWeave to extract different values from the request and response.

The Flex Gateway Policy Development Kit (PDK) provides the DataWeave example policy that you can use to test DataWeave expressions.

For example, use DataWeave expressions to:

  • Read a header:

    #[attributes.headers.'my-header']

  • Ensure a specific header is defined:

    #[attributes.headers.'my-header' != null]

  • Check if a request has basic authorization:

    #[lower(splitBy(attributes.headers.authorization default '', ' ')[0]) == 'basic']

  • Check if a request contains /some path:

    #[attributes.requestPath contains '/some']

  • Check if a request doesn’t contain /some path:

    #[not(attributes.requestPath contains '/some')]

  • Read the username from a Basic authorization header:

    #[splitBy(dw::core::Binaries::fromBase64(dw::core::Strings::substringAfter(attributes.headers.authorization default '', 'Basic')), ':')[0]]

  • Read the password from a Basic authorization header:

    #[splitBy(dw::core::Binaries::fromBase64(dw::core::Strings::substringAfter(attributes.headers.authorization default '', 'Basic ')), ':')[1]]

  • Read the first value of the x-forwarded-for header:

    #[trim(splitBy(attributes.headers.'x-forwarded-for', ',')[0])]

  • Read the last value of the x-forwarded-for header:

    #[trim(splitBy(attributes.headers.'x-forwarded-for', ',')[-1])]

  • Read the value from a Cookie:

    #[trim(dw::core::Strings::substringBefore(dw::core::Strings::substringAfter(attributes.headers.Cookie default '', 'myCookieName='), ';'))]

  • Check if a single value or space-separated header contains a specific value:

    #[splitBy(attributes.headers.scopes default '', ' ') contains 'read']

Access the Authentication Object

To access the authentication object, you must first configure an authentication policy that populates the object.

The authentication policy you apply affects the available authentication object properties:

After your policy populates the authentication object, you can access the object in policies ordered after the authentication policy using DataWeave expressions. For example:

  • Read a value from the authentication object:

    #[authentication.properties.claims.exp]

  • Check if a JSON array or a JSON string JWT claim contains a specific value:

    #[authentication.properties.claims.custom_claim contains 'read']