In Liberty, you can define your
web service policy (WS-Policy) for a web service application either within a policy attachment or a
Web Services Description Language (WSDL) file. When a WSDL file is not packaged in your application,
you can use the policy attachment to configure the WS-Policy for your web service
application.
About this task
WS-Policy is an interoperability standard that is used to describe and communicate the policies
of a web service so that service providers can export policy requirements in a standard format.
Clients can combine the service provider requirements with their own capabilities to establish the
policies required for a specific interaction.
The policy attachment feature is enabled automatically for your web service application package
when you enable the Java API for XML Web Services 2.2 feature (jaws-2.2)
or the
Jakarta XML Web Services 3.0 feature (xmlWS-3.0
) . You need to configure both the
web services client and provider sides to define the application WS-Policy attachment file.
WS-Policy support is an implementation of the following specifications on the application server.
These specifications provide details about the different kinds of resources that can be associated
with a policy and the domain expressions that are used to identify these resources.
- WS-Policy is a specification for web services to use XML to advertise their policies on
security, quality of service. This specification also defines how web service consumers can specify
their policy requirements. For more information, see Web Services Policy
1.5 - Framework.
- The WS-Policy Attachment specification defines two general-purpose mechanisms for associating
policies, as defined in Web Services Policy Framework, with the subjects to which they apply. For
more information, see Web Services Policy 1.2 - Attachment.
Web service providers can advertise their policies in a
policy-attachments-server.xml file. Web service clients can specify their
requirements in a policy-attachments-client.xml file.
Procedure
-
Create a policy-attachments-client.xml file or a
policy-attachments-server.xml file.
The following example shows you how to define the attributes in the
policy-attachments-client.xml file or
policy-attachments-server.xml file.
<attachments
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:PolicyAttachment wsdlNamespace="http://example_tempuri.org/AreaService/">
<wsp:AppliesTo>
<wsp:URI>http://example_tempuri.org/AreaService/#wsdl11.service(AreaService)</wsp:URI>
</wsp:AppliesTo>
<wsp:Policy wsu:Id="UsernameTokenwithPasswordHashoverSSL">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10 />
<sp:HashPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsp:PolicyAttachment>
</attachments>
The previous example binds the policy to a URI by using the
<wsp:URI>
domain
expression. Alternatively, you can specify a web service URL directly by using the
<wsa:EndpointReference>
endpoint domain expression, as shown in the following
example.
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://localhost:8091/wsatApp/HelloImplService</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
The following table lists the WSDL elements and their identifier expressions that can be
specified in the <wsp:URI>
domain expression in the policy attachment file.
Table 1. <wsp:URI> Expression list
WSDL Element |
Identifier Expression (Omit targetNamespace) |
Definitions |
wsdl11.definitions() |
Message |
wsdl11.message(message) |
Message/part |
wsdl11.messagePart(message / part) |
portType |
wsdl11.portType(portType) |
portType/operation |
wsdl11.portTypeOperation(portType/operation) |
portType/operation/input |
wsdl11.portTypeOperation.input(portType/operation) |
portType/operation/output |
wsdl11.portTypeOperation.output(portType/operation) |
portType/operation/fault |
wsdl11.portTypeOperation.fault(portType/operation/fault) |
Binding |
wsdl11.binding(binding) |
Binding/operation |
wsdl11.bindingOperation(binding/operation) |
Binding/operation/input |
wsdl11.bindingOperation.input(binding/operation) |
Binding/operation/output |
wsdl11.bindingOperation.output(binding/operation) |
Binding/operation/fault |
wsdl11.bindingOperation.fault(binding/operation/fault) |
Service |
wsdl11.service(service) |
port |
wsdl11.port(service/port) |
- Put the policy-attachments-client.xml file or
policy-attachments-server.xml file into your application
WEB-INF or META-INF folder.
- Put policy-attachments-client.xml into your application
WEB-INF or META-INF folder for a web service client's
WS-Policy.
- Put policy-attachments-server.xml into your application
WEB-INF or META-INF folder for a web service provider's
WS-Policy.
Results
The WS-Policy for your application is now defined by using policy attachment files that can be
maintained independently from your WSDL file.