Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
3 replies Latest Post - ‏2012-11-26T22:14:43Z by Sri_XI50
SystemAdmin
SystemAdmin
6772 Posts
ACCEPTED ANSWER

Pinned topic What happens if you apply WS-Security to a WSProxy?

‏2009-04-06T23:32:21Z |
Hi,

I know that the later versions of the XI50 firmware have the capability to "attach" of "apply" policy templates to a WSProxy (e.g., requiring signing).

I was wondering, when this capability is enabled/used (e.g., if one of the canned policies on the XI50 are "applied"), and if an incoming message doesn't "meet" the requirements configured for a WSProxy, does the "Policy" (e.g., a AAA Policy) associated with the WSProxy still get processed?

Thanks,
Jim
Updated on 2012-11-26T22:14:43Z at 2012-11-26T22:14:43Z by Sri_XI50
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: What happens if you apply WS-Security to a WSProxy?

    ‏2009-04-07T11:41:38Z  in response to SystemAdmin
    Hi,

    For the record, I was able to configure a test setup that has a WS-Policy attachment on a WSProxy, and when the WS-Policy is set for "filter" (vs. "enforce"), it appears that the WSProxy rejects the message at that point, and processing does not proceed further (e.g., to a AAA Policy that I also had configured in the WSProxy.

    Jim
    • zachahuy83
      zachahuy83
      45 Posts
      ACCEPTED ANSWER

      Re: What happens if you apply WS-Security to a WSProxy?

      ‏2012-11-22T02:36:29Z  in response to SystemAdmin
      Hi,

      What firmware version are you using? I am currently using 4.0.2.6 and it setup to enforce, but it reject right away. Here is the log:

      0x00d30003 wsgw (WSP_COImmunization_WSPOLICYTest): Rejected by filter; SOAP fault sent
      0x80c00008 wsgw (WSP_COImmunization_WSPOLICYTest): rule (WSP_COImmunization_WSPOLICYTest_default_request-rule): implied action Calling rule var://service/wspolicy/service/configname with input INPUT and output INPUT failed: Rejected by policy.
      0x80c00009 wsgw (WSP_COImmunization_WSPOLICYTest): request service_38_2-req #2 filter: 'INPUT store:///dp/required-encrypted-element.xsl' failed: Rejected by policy.
      0x80c00078 wsgw (WSP_COImmunization_WSPOLICYTest): Rejected by filter 'service_38_2-1-check-original-msg-request-rule' of rule 'service_38_2-req'.
      0x80c00010 wsgw (WSP_COImmunization_WSPOLICYTest): Execution of 'store:///dp/required-encrypted-element.xsl' aborted: Rejected by policy.
      0x8060020d wsgw (WSP_COImmunization_WSPOLICYTest): Message is not encrypted
      0x80c0004e wsgw (WSP_COImmunization_WSPOLICYTest): Stylesheet URL to compile is 'store:///dp/required-encrypted-element.xsl'
      0x80c00002 wsgw (WSP_COImmunization_WSPOLICYTest): rule (service_38_2-req): #1 setvar: 'setting var://service/strict-error-mode in context INPUT to be 1' completed OK.
      • Sri_XI50
        Sri_XI50
        23 Posts
        ACCEPTED ANSWER

        Re: What happens if you apply WS-Security to a WSProxy?

        ‏2012-11-26T22:14:43Z  in response to zachahuy83
        Hi,

        I have one question on the message that gets rejected.

        Assume that the message didn't meet the criteria set in the policy and was set to reject. We can give some custom string to showup in the soap fault. But is there a way to control the soap fault ? I mean, if I want to return a soap fault with some name and code in it, can I do that ?

        Thanks.