Defining web service policy via policy attachment

In Liberty, you can define your web service policy (WS-Policy) for a web service application either within a policy attachment or a Web Services Description Language (WSDL) file. When a WSDL file is not packaged in your application, you can use the policy attachment to configure the WS-Policy for your web service application.

About this task

WS-Policy is an interoperability standard that is used to describe and communicate the policies of a web service so that service providers can export policy requirements in a standard format. Clients can combine the service provider requirements with their own capabilities to establish the policies required for a specific interaction.

The policy attachment feature is enabled automatically for your web service application package when you enable the Java API for XML Web Services 2.2 feature (jaws-2.2) or the Jakarta XML Web Services 3.0 feature (xmlWS-3.0) . You need to configure both the web services client and provider sides to define the application WS-Policy attachment file.

WS-Policy support is an implementation of the following specifications on the application server. These specifications provide details about the different kinds of resources that can be associated with a policy and the domain expressions that are used to identify these resources.
  • WS-Policy is a specification for web services to use XML to advertise their policies on security, quality of service. This specification also defines how web service consumers can specify their policy requirements. For more information, see Web Services Policy 1.5 - Framework.
  • The WS-Policy Attachment specification defines two general-purpose mechanisms for associating policies, as defined in Web Services Policy Framework, with the subjects to which they apply. For more information, see Web Services Policy 1.2 - Attachment.

Web service providers can advertise their policies in a policy-attachments-server.xml file. Web service clients can specify their requirements in a policy-attachments-client.xml file.

Procedure

  1. Create a policy-attachments-client.xml file or a policy-attachments-server.xml file.

    The following example shows you how to define the attributes in the policy-attachments-client.xml file or policy-attachments-server.xml file.

    <attachments
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:PolicyAttachment wsdlNamespace="http://example_tempuri.org/AreaService/">
	<wsp:AppliesTo>
	   <wsp:URI>http://example_tempuri.org/AreaService/#wsdl11.service(AreaService)</wsp:URI>
	</wsp:AppliesTo>
	<wsp:Policy wsu:Id="UsernameTokenwithPasswordHashoverSSL">
	   <wsp:ExactlyOne>
	       <wsp:All>
		   <sp:SupportingTokens>
			<wsp:Policy>
		          <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
			      <wsp:Policy>
				  <sp:WssUsernameToken10 />
				  <sp:HashPassword />
			      </wsp:Policy>
			   </sp:UsernameToken>
			</wsp:Policy>
		   </sp:SupportingTokens>
		</wsp:All>
	   </wsp:ExactlyOne>
	</wsp:Policy>
</wsp:PolicyAttachment>
</attachments>
    The previous example binds the policy to a URI by using the <wsp:URI> domain expression. Alternatively, you can specify a web service URL directly by using the <wsa:EndpointReference> endpoint domain expression, as shown in the following example. 
    <wsp:AppliesTo>
   <wsa:EndpointReference>
       <wsa:Address>http://localhost:8091/wsatApp/HelloImplService</wsa:Address>
   </wsa:EndpointReference>
</wsp:AppliesTo>

    The following table lists the WSDL elements and their identifier expressions that can be specified in the <wsp:URI> domain expression in the policy attachment file.

    Table 1. <wsp:URI> Expression list
    WSDL Element Identifier Expression (Omit targetNamespace)
    Definitions wsdl11.definitions()
    Message wsdl11.message(message)
    Message/part wsdl11.messagePart(message / part)
    portType wsdl11.portType(portType)
    portType/operation wsdl11.portTypeOperation(portType/operation)
    portType/operation/input wsdl11.portTypeOperation.input(portType/operation)
    portType/operation/output wsdl11.portTypeOperation.output(portType/operation)
    portType/operation/fault wsdl11.portTypeOperation.fault(portType/operation/fault)
    Binding wsdl11.binding(binding)
    Binding/operation wsdl11.bindingOperation(binding/operation)
    Binding/operation/input wsdl11.bindingOperation.input(binding/operation)
    Binding/operation/output wsdl11.bindingOperation.output(binding/operation)
    Binding/operation/fault wsdl11.bindingOperation.fault(binding/operation/fault)
    Service wsdl11.service(service)
    port wsdl11.port(service/port)
  2. Put the policy-attachments-client.xml file or policy-attachments-server.xml file into your application WEB-INF or META-INF folder.
    • Put policy-attachments-client.xml into your application WEB-INF or META-INF folder for a web service client's WS-Policy.
    • Put policy-attachments-server.xml into your application WEB-INF or META-INF folder for a web service provider's WS-Policy.

Results

The WS-Policy for your application is now defined by using policy attachment files that can be maintained independently from your WSDL file.