Use IBM Rational Application Developer Version 7.5 Web Service Policy Framework to share policy configurations

Share your policy configurations between Web service providers and clients

This article briefly explains the concept of Web Services Policy Framework and walks you through an example of how you can leverage IBM® Rational® Application Developer V7.5 to configure Web services policies. You can easily follow the sample to tailor it to your organization's needs.

Rakan Khalid (rkhalid@ca.ibm.com), Solution Architect, IBM

Rakan KhalidRakan Khalid is a Cognos Solution Architect at the IBM Software Group. Rakan holds a BSc in Computer Science with First Class Honours from York University. He has worked on a broad spectrum of IBM software products including DB2 Database Management System, WebSphere Application Server, and Rational Application Developer as the Web Services Function Test Lead. In his current role as a Cognos Solution Architect, Rakan is responsible to strategise and build competitive technological and business solutions to win clients in the business intelligence software landscape.



14 April 2009

The Web Services Policy Framework (WS-Policy) provides a standard mechanism to express the capabilities, requirements, and general characteristics of a Web service as policies. A service provider uses a policy to convey conditions under which it provides services to a Web service client. The information shared by the Web service through a policy can be used by the client to determine how to communicate with the Web service.

IBM® Rational® Application Developer Version 7.5 enables a Web service provider that uses IBM® WebSphere® Application Server V7.0 to share the policy configuration with the client in two ways:

  • Share Policy Configuration in a published WSDL (Web Services Description Language) file or a WSDL file acquired through an HTTP GET request.
  • Share Policy Configuration in a WSDL file acquired via WS-MetadataExchange GetMetadata request.

The WS-MetadataExchange

A Web service uses metadata, such as WSDL, an XML schema, and WS-Policy, to describe what a Web service client needs to interact with the Web service. To communicate effectively with a Web service, it is important for a Web service client to retrieve the metadata. WS-MetadataExchange, a Web service specification, defines a standard way to encapsulate the metadata of a Web service. It also specifies mechanisms for the retrieval of metadata (for example: GetMetdata).

The advantage of using WS-MetadataExchange over an HTTP GET request is the ability to securely share policy configuration with the Web service client. To learn more about WS-MetadataExchange, see the WS-MetadataExchange specification, which is cited in the Resources section.


The policy set

A policy set is a collection of policies that provides qualities of protection for Web services. For example, the WebSphere Application Server V7.0 WS-I (RSP Reliable Secure Profile) policy set (see Resources) consists of WS-Security, WS-Addressing, and WS-ReliableMessaging policy types. These policy types (in combination or on their own) provide the following qualities of protection:

  • Reliable message delivery to the intended receiver in the presence of software, system, or network failure by enabling WS-ReliableMessaging.
  • Message confidentiality through encryption that includes encrypting the message body and signature elements using WS-Security and WS-SecureConversation (an extension of WS-Security).
  • Message integrity (ensuring that messages have originated from an appropriate sender and were not modified during transmission) through digital signature that includes signing the message body, time stamp, WS-Addressing and WS-ReliableMessaging headers using WS-Security and WS-SecureConversation. The WS-Addressing headers allow uniform addressing of messages to and from the Web service in a transport-independent way.

WebSphere Application Server V7.0 provides several policy set templates that you can tailor to your requirements. This article demonstrates using the WS-Policy support in Rational Application Developer V7.5 by applying WS-I RSP policy set to a Web service provider and client.

The details of WS-Policy and the various policy specifications are beyond the scope of this article. However, see Resources for a link to further details.


Benefits of Web services framework (WS-Policy)

WS-Policy enables a Web service client to communicate with the Web service provider yet minimizes out-of-band information. This information (such as paper notes and e-mail exchanges between software developers) is required for applications to communicate with each other under actual business conditions, such as security and reliability. Consider the following example in the absence of WS-Policy.

The WS-I RSP policy set enables secure and reliable message transmission between a Web service provider and client. The IT department of a multinational bank wants to host a Web service from its global headquarters in New York. Due to the sensitive data that a banking business transmits, the Web service provider in New York equips the Web service with the WS-I RSP policy set. Each of the bank's regional headquarters runs a Web service client that is configured to communicate with the Web service hosted in New York.

If the Web service in New York is altered to use a different policy set, then the Web service application provider in New York has to send a notice containing configuration information to each of its clients. However, if the Web service provider and the client were to use the WS-Policy framework, they would not have to exchange policy configuration information through manual means such as e-mail exchanges, because the new policy configuration would have been shared by the Web service provider automatically using the WS-Policy framework.


Add the WS-I RSP policy set to the JAX-WS Web service

Prerequisite:To follow the example in this article, you need Rational Application Developer V7.5 installed with at least the WebSphere V7.0 test server.

Import the project

  1. Download the simpleProject.zip file from the Downloads section into your file system. This file is a project interchange file that contains a simple Web service and a Web service client.
  2. Launch Rational Application Developer by selecting Programs > IBM Software Delivery Platform > IBM Rational Application Developer 7.5 > IBM Rational Application Developer from the start menu.
  3. Import the project into Rational Application Developer as shown in Figures 1, 2, and 3 by clicking File > Import > other > Project Interchange.
Figure 1. Import
File menu showing import command
Figure 2. Import the Project Interchange file
Import dialog showing import sources tree
  1. In the From zip file text box, enter the name of the file that you want to import, as shown in Figure 3. This will be the absolute path of the simpleProject.zip file that you downloaded in Step 1.
Figure 3. Import Projects dialog
Import projects dialog showing select all button
  1. Click Select All and then click Finish.
  2. This previous operation imports a Web service, a Web service client, and the corresponding EAR (enterprise archive) files that hold the service project and client project.

Deploy projects to WebSphere Application Server V7.0

  1. Start the WebSphere Application Server V7.0 by right-clicking WebSphere Application Server V7.0 at localhost in the server editor and selecting Start, as shown in Figure 4.
Figure 4. Start the server
Server list pop-up menu commands
  1. Add the Web service and Web service client projects to the WebSphere Application Server V7.0 by right clicking WebSphere Application Server V7.0 at localhost in the server editor and selecting Add and Remove Projects, as shown in Figure 5.
Figure 5. Add and Remove Projects command
Server list pop-up menu commands
  1. Select Add All and click Finish, as shown in Figure 6. This will deploy the Web service and Web service client on the WebSphere Application Server V7.0
Figure 6. Add All projects
Add and Remove Projects dialog showing two panes

Attach the WS-I RSP policy set to the Web service provider

  1. Click the Services Tab, which is adjacent to the Enterprise Explorer tab, as Figure 7 shows.
Figure 7. Services view
Tree view showing children items of JAX-WS
  1. Right-click HelloWorldService under the JAX-WS (the Java API for XML Web Services) node and select Manage Policy Set Attachment (Figure 8).
Figure 8. Manage Policy Set Attachment command
Services tree showing item pop-up menu
  1. The application table will be empty (as shown in Figure 9) indicating that the simpleWebServiceProjectEAR application does not have any policy set attached to it. Click the Add button to add a policy set to the Web service contained in the simpleWebServiceProjectEAR application.
Figure 9. Service Side Policy Set Attachment view
Add Policy dialog
  1. Ensure that the settings shown in Figure 10 are set in your endpoint definition dialog:
    • Service Name: simpleWebServiceProject.war:{http://test/}HelloWorldService
    • Endpoint: <all endpoints>
    • Policy Set: WS-I RSP
    • Binding: Provider sample

Policy set options

Notice that, in this example, you apply the WS-I RSP Policy set to <all endpoints> of HelloWorldService. This will implicitly apply WS-I RSP policy set to all operations of HelloWorldService as well. However, you can select a different policy set from the list of policy sets presented in the Policy Set drop-down menu. Moreover, you can choose to apply a policy set at the Web service level, endpoint level (port), or operation level.

Figure 10. End Point Definition Dialog window
End Point Dialog showing policy set selected
  1. Click OK and then click Ignore All on the warning dialog. The WS-I RSP policy set is now attached to simpleWebServiceProjectEAR's HelloWorldService, as indicated in the Add Policy Set Attachment to Service page. The settings that you selected previously are now visible in the table, as shown in Figure 11.
Figure 11. Add Policy Set Attachment to Service dialog
Add Policy dialog showing application added to list

The WS-I RSP policy set that you attached to the HelloWorldService must be shared with the Web service client. You will do this by following Steps 16 through 20.

  1. Click the Next button to move to the Configure Policy Sharing page.
  2. Click the Configure button on Configure Policy Sharing dialog, as shown in Figure 12.
Figure 12. Service Side Policy Set – Configure Policy Sharing dialog
Service Side configuration dialog
  1. You will be presented with two options for sharing the policy configuration. For this exercise, select the option to Share Policy Information via WSDL (Figure 13). This option allows a service to share policy configuration in a WSDL file acquired through an HTTP GET request.
Figure 13. Configure Policy Sharing dialog
Configure Policy Sharing dialog
  1. Click OK. The configure policy sharing dialog should indicate that the HelloWorldService is sharing the policy.
  2. Click Finish. You have now configured the Web service provider to share the policy set configuration in a WSDL file acquired through an HTTP GET request. To fully exploit the WS-Policy feature, you need to enable the Web service client to acquire the Web service provider policy set configuration. You will do that in Steps 1-5.

Acquire the WSDL file with the policy configuration

  1. Select the Services Tab adjacent to the Enterprise Explorer tab (see Figure 7), and then right-click HelloWorldService under the JAX-WS node to select Show > WSDL Interface, as shown in Figure 14. The Show > WSDL Interface command acquires the WSDL file through the HTTP GET request mechanism that was discussed in the introduction to this article.
Figure 14. Show the WSDL interface
Pop-up menu showing WSDL Interface selection
  1. Click the Source tab at the bottom-left corner of the WSDL editor (see Figure 15).
Figure 15. WSDL editor Source tab
Screen fragment showing Source tab

The policy configuration is embedded in the <wsp:Policy> tags of the WSDL, which you should be able to see now.

Listing 1 shows a snippet of the WSDL that contains that <wsp:Policy> tags.

Listing 1. <wsp:Policy> tags in the WSDL code
<addressing:Addressing xmlns:addressing="http://www.w3.org/2007/05/addressing/metadata">
lt;wsp:Policy>
     <wsp:ExactlyOne>
         <wsp:All>
         </wsp:All>
     </wsp:ExactlyOne>
   </wsp:Policy>
</addressing:Addressing>

Attach the WS-I RSP policy set to the Web service client

  1. Go to the Services view, right-click the HelloWorldService client under the client node, and then select Manage Policy Set Attachment.
Figure 16. Services view
pop-up menu command
  1. Highlight <all services> and then select Use Provider Policy, as shown in Figure 17. Highlighting <all services> ensures that each of the service clients in the simpleWebClientEAR will be configured to acquire provider policy.

Two ways to acquire the policy set

You can choose either to acquire provider policy configuration (as in Step 2), or to select a policy set of your choice for the client. For this example (and to benefit from the provider policy-sharing feature), you will choose to configure the client so that it will always be in sync with the Web service provider's choice of policy set. This is accomplished through Step 2 previously.

Figure 17. Configure Policy Acquisition for Web Service Client dialog
Configure Policy dialog showing service and policy details
  1. Because you configured the Web service provider to share policy configuration in a WSDL file acquired through an HTTP GET request, the corresponding Web service client must be configured to use an HTTP GET request to receive the WSDL that contains the policy configuration from the provider. Therefore, select HTTP Get request targeted at, as Figure 18 shows.
Figure 18. Configure Provider Policy Acquisition dialog
Configure Policy Acquisition dialog
  1. Click OK.
  2. Click Finish. You have now configured the Web service client to acquire the policy configuration from the Web service provider.

Examine the policy control files

  1. In the Enterprise Explorer tab, expand simpleWebServiceProjectEAR > META-INF and simpleWebClientEAR > META-INF.
  2. Double-click the files highlighted in Figure 19 (wsPolicyServiceControl.xml and wsPolicyClientControl.xml).
Figure 19. Policy Client Control and Policy Service Control files
Tree view with two highlighted XML files

The wsPolicyServiceControl.xml file indicates that the policy configuration will be shared through WSDL acquired via an HTTP GET request, as shown in the following tag pair:

<ExportPolicySetConfigurationInWSDL>true</ExportPolicySetConfigurationInWSDL>

The wsPolicyClientControl.xml file indicates that the policy configuration will be acquired through WSDL by using an HTTP GET request, as shown in the following two tag pairs:

<ProviderPolicyAcquisition>
<PolicyAcquisitionClass>com.ibm.ws.wspolicy.acquisition.
		AcquireViaQWSDL</PolicyAcquisitionClass>
</ProviderPolicyAcquisition>

You now know how to use the functionality in Rational Application Developer to configure WebSphere Application Server V7.0 policy sets and share them by using the WS-Policy framework.


Acknowledgements

The author thanks Yen Lu and Zina Mostafia for their diligent review of this article.


Download

DescriptionNameSize
Simple ProjectsimpleProject.zip51KB

Resources

Learn

Get products and technologies

Discuss

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Rational software on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Rational
ArticleID=381120
ArticleTitle=Use IBM Rational Application Developer Version 7.5 Web Service Policy Framework to share policy configurations
publish-date=04142009