允许访问有限的 API 端点

我有一个自定义策略，它将限制对 Mule 中某些 API 端点的访问。下面给出了策略 template.xml 和 yaml 文件（免责声明：请注意，这可能不是一个很好的实现，因为我才刚刚开始）

<?xml version="1.0" encoding="UTF-8"?>
<mule
    xmlns="http://www.mulesoft.org/schema/mule/core"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:http-policy="http://www.mulesoft.org/schema/mule/http-policy"
    xmlns:http-transform="http://www.mulesoft.org/schema/mule/http-policy-transform"
    xsi:schemaLocation="http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
    http://www.mulesoft.org/schema/mule/http-policy http://www.mulesoft.org/schema/mule/http-policy/current/mule-http-policy.xsd
    http://www.mulesoft.org/schema/mule/http-policy-transform http://www.mulesoft.org/schema/mule/http-policy-transform/current/mule-http-policy-transform.xsd">
    <http-policy:proxy name="{{{policyId}}}-custom-policy">
        <http-policy:source>
            <try>
                <choice>
                    {{#clientID}}             
                    <when expression="#['{{{.}}}'!={{{clientIdExpression}}}]">
                        <logger level="INFO" message="Route Found"/>
                    </when>
                    {{/clientID}}                
                    <otherwise>
                        <raise-error type="CUSTOM:NOT_ALLOWED" 
                            description="#['Access Denied for this API resource']"/>
                    </otherwise>
                </choice>
                <error-handler>
                    <on-error-propagate type="CUSTOM:NOT_ALLOWED">
                        <http-transform:set-response statusCode="403">
                            <http-transform:body>#[
                                output application/json
                                ---
                                {"error": "Access Forbidden"}]
                            </http-transform:body>
                        </http-transform:set-response>
                    </on-error-propagate>
                </error-handler>
            </try>
            <http-policy:execute-next/>
        </http-policy:source>
    </http-policy:proxy>
</mule>

YAML 文件

#YAML File
id: Test
name: Test
description: Custom Policy used to restrict client access at API EndPoint level. This is designed to use with OpenId Connect access token enforcement policy.
category: Custom
type: custom
violationCategory: authentication
resourceLevelSupported: true
encryptionSupported: false
standalone: true
requiredCharacteristics: []
providedCharacteristics: []
configuration:  
  - propertyName: clientIdExpression
    name: Client ID Expression
    description: Mule Expression to be used to extract the Client ID from API requests
    type: string
    defaultValue: "authentication.properties.userProperties.client_id"
    optional: false
    sensitive: false
    allowMultiple: false
  - propertyName: clientName
    name: Client Name
    description: Name of the external client that uses this policy
    type: string
    defaultValue: []
    optional: false
    sensitive: false
    allowMultiple: false 
  - propertyName: clientID
    name: Client ID
    description: Client ID that needs to be restricted
    type: string
    optional: false
    sensitive: false
    allowMultiple: true
    defaultValue: []

根据下面的屏幕截图（这是策略配置），它将限制对端点 /api/endpoint-1 和 /api/endpoint-2 的访问，对于 client_id：fbcfa238-2071-42c6-8e16-c9f8890249df .

如果我需要反转该行为（即仅允许访问端点 /api/endpoint-1 和 /api/endpoint-2，对于 client_id：fbcfa238-2071-42c6-8e16-c9f8890249df），可以进行哪些更改在定制政策中制定？非常感谢任何见解。