What does "ArrayElementCount" in JSON Threat Protection Policy means?
Can I use "ArrayElementCount" to determine how many employees are there in a department?
Here is my JSON:
{
"dept": "Dev",
"Employees": [{
"empName": "Name1",
"id": 123
}, {
"empName": "Name2",
"id": 456
}]
}
I want to basically limit the number of employees in a department to 1. Over here, we have 2 employees for the dept. Can i use JSON threat protection to implement this?
Best Answer
Answer by Dino
·
May 28, 2015 at 06:10 PM
Hi Mohit, thanks for the question .
When testing this myself, I see that it's not behaving as I would expect. In other words when I pass in an array that has a length greater than the limit specified in the policy, the policy does not trigger a fault.
I think this may be a bug in the implementation of the policy.
As a workaround, you could build a custom JS callout to check this. If you need help with that let me know, and I'll work up some code for you. or look here
Thanks Dino. I do have a JS workaround for it. I just wanted to know if we could implement this via JSON threat Protection.
Is there some log that is being released everytime after APIGEE fixes the bug? It would be good to know the bug fixes provided by APIGEE after every release.
@Mohit Rupani check out this page http://apigee.com/docs/release-notes/content/apigee-release-notes . This page provides release notes for Apigee Edge cloud and on-premises products. It also includes release notes archives.
@Dino : Since we are on this topic, can you guide me as to how to use JSON threat protection properly? Is there some link I can look into to understand its usage better?
@Mohit Rupani - Just the documentation. I think maybe you've already seen this: http://apigee.com/docs/api-services/reference/json-threat-protection-policy If this page isn't clear enough, let me know, and I'll try to make it better.
Make sure the header Content-Type: application/json is set, otherwise the policy won't check it because it doesn't know the payload is JSON.
