An application that is a web service client can obtain the
policy configuration of a web service provider and use this information to establish a policy
configuration that is acceptable to both the client and the service provider.
Before you begin
You have developed a web service client that contains all the necessary
artifacts, and deployed your web services application into your application server instance. If you
require them, you have attached the policy sets and managed the associated bindings. The service
provider must publish its policy in its Web Services Description Language (WSDL) and that policy
must contain its policy configuration at run time in WS-PolicyAttachments format. The client must be
able to support those provider policies.
For a list of WS-Policy assertion specifications and
WS-Policy domains that are supported, see the WS-Policy topic.
About this task
You can administer the client to configure itself dynamically at run time,
based on the policy of the service provider in the standard WS-PolicyAttachments format. You can
administer the client to apply dynamically the provider policy at the application or service or
service reference level. By default, endpoints and operations inherit their policy configuration
from the relevant service. However, it is possible to configure a service reference to override the
service, in which case the endpoints and operations inherit their policy configuration from the
service reference.
If the provider policy uses multipart WSDL, you can use an HTTP GET request to
obtain the policy of the provider, but you cannot use the WS-MetadataExchange protocol. For more
information about multipart WSDL, see the topic about WSDL.
Policy intersection is the comparison of a client policy and a provider
policy to determine whether they are compatible, and the calculation of a new policy, known as the
effective policy, that complies with both their requirements and capabilities.
This topic describes how to configure the client policy to use a service provider policy by using
the administrative console. You can also configure the client policy to use a service provider
policy by using wsadmin commands.
Procedure
- From the navigation panel of the administrative console, click
.
- In the row for the application or service where you want to apply the policy, click the
link in the Policies Applied column.
The Policies Applied panel is displayed.
- Select one of the following options from the drop-down list:
- Provider policy only. Configure the client based solely on the policy of the service
provider. This option is available when a client policy set is not attached.
- Client and provider policy. Configure the client based on both the client policy set and the
policy of the service provider. This option is available when a client policy set is
attached.
The other options in the list do not apply to this task.
- Use the radio buttons to select which method to employ to obtain the provider policy: an
HTTP GET request (see step 5) or a WS-MetadataExchange request (see step 6).
- Optional: To obtain the provider policy by using an HTTP GET request, click
HTTP GET request.
By default, the HTTP GET request is targeted at the URL for the service endpoint followed by
?WSDL. For example:
http://myhost:9080/WSSampleSei/EchoService?WSDL
When the
policy set attach point is at the application level you cannot change this value.
- Optional: If you are applying a policy to a service and the provider
policy is located at the service endpoint, ensure that Use the default request
target is selected.
- Optional: If you are applying a policy to a service and the provider
policy is not located at the service endpoint, click Specify request target,
then enter the URL for the location of the provider policy in the field.
For example, you
might change the target of the HTTP GET request if the provider policy is located in a
repository.
- Optional: If you select HTTP GET request as the
method to be used to obtain the provider policy and if you select Specify request
target and you want to configure transport-level security, select Attach a
system policy set to the HTTP GET request, then select a suitable policy set and binding
from the drop-down lists. Select the policy set you require from the Policy set list to provide
transport-level security for the HTTP GET request. Select from system policy sets that contain
solely HTTP transport policies, solely SSL transport policies, or both; the policy set cannot
contain other policy types. Select the binding you require from the Binding list for the HTTP GET
request. You can select from general bindings that are scoped to the global domain or scoped to the
security domain of this service.
- Optional: To obtain the provider policy by using a Web Services Metadata
Exchange (WS-MetadataExchange) GetMetadata request, click WS-MetadataExchange
request.
- Optional: If you select WS-MetadataExchange request
and want to use message-level security, select Attach a system policy set to the
WS-MetadataExchange request, then select a suitable policy set and binding from the
drop-down lists.
- Click OK.
- Save your changes to the master configuration.
Results
The web application client-side policy is calculated when it is required
at run time, based either on the policy of the service provider, or on the client policy set and the
policy of the service provider, depending on which option you selected. This calculated policy is
known as the effective policy
and is cached as a runtime configuration. The effective policy
is used for subsequent outbound web service requests to the endpoint or operation for which the
dynamic policy calculation was performed. The policy set configuration of the client does not
change.The provider policy that the client holds for a service is refreshed the first time that
the web service is invoked after the application is loaded. After that, the provider policy is
refreshed when the application restarts, or if the application explicitly invokes a refresh. When
the provider policy is refreshed, the effective policy is recalculated.