WS-Policy is used for configuring WS-Security, WS-Reliable Messaging, caching, and throttling. The WS-Policy Attachment specification defines a set of policy subjects that can be used to attach or apply security policies. You can apply WS-Policy to your services at different levels such as service, service operation, service operation message, binding, binding operation, binding operation message, etc. To apply a security policy, when viewing the service details in the management console, click Policies, and then apply policies at the service or binding level.
| Info |
|---|
Further information about WS-Policy can be found at: |
The rest of this page further describes how to define policies in more detail in the following sections.
| Table of Contents | |||||||
|---|---|---|---|---|---|---|---|
|
Defining Policies at Service Level
The WSO2 ESB has the ability to apply policies at the service hierarchy. Policies applied at the service level are applicable to all the bindings. You can apply policies at three different policy subjects the following levels in the service hierarchy. They are:
Service level:
- Service operation level
- Service message level
...
Defining Policies at Bindings
The WSO2 ESB has the ability to apply policies at the binding hierarchy. You can apply policies at three different policy subjects the following levels in the binding hierarchy. They are:
- Binding level
- Binding operation level
- Binding message level
...
Out Message should be selected if you want the security policy to be applicable only for the outgoing messages of the ESB relating to the selected binding.
A policy to SOAP 1.1 and SOAP 1.2 bindings at Binding level can defined in the services.xml by adding the following code (see also The WS-Policy Editor):
...
Policy
...
For the Binding Operation level the <wsp:AppliesTo> element is used to define the scope of the policy.
The XML snippet is as follows:
| Code Block |
|---|
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:AppliesTo>
<policy-subject identifier="binding:soap11/operation:Echo" />
<policy-subject identifier="binding:soap12/operation:Echo" />
</wsp:AppliesTo>
<wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
</wsp:Policy>
</wsp:PolicyAttachment>
|
The configuration is similar for the Binding Message level for the out message. The identifier attribute of the <policy-subject/> element in <wsp:AppliesTo> changes to binding:soap11/operation:echo/out.
The XML snippet is as follows:
| Code Block |
|---|
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:AppliesTo>
<policy-subject identifier="binding:soap11/operation:secureEcho/in" />
<policy-subject identifier="binding:soap12/operation:secureEcho/in" />
</wsp:AppliesTo>
<wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
</wsp:Policy>
</wsp:PolicyAttachment>
|
| Info | ||
|---|---|---|
| ||
Further details can be found at: |
Policy Selection
When you click Policies in the management console, the following will be displayed.
- To apply a security policy at service level, click Edit Policy in the Service StockQuoteProxy row under Service Hierarchy.
- To apply a security policy at the service operation level, select the required operation in the first Operation row under Service Hierarchy. Then click Edit Policy in the same row.
- To apply a security policy at the service operation message level, select the required operation in the second Operation row under Service Hierarchy. Select In Message or Out Message depending on whether the policy should be applicable to incoming messages or outgoing messages. Then click Edit Policy in the same row.
- To apply a security policy at binding level, click Edit Policy in the Binding echoSoap11Binding row or the Binding echoSoap12Binding row (depending on your requirement) underBinding Hierarchy.
- To apply a security policy at binding operation level, select the required operation in the first Operation row under Binding echoSoap11Binding or Binding echoSoap12Binding. Then click Edit Policy in the same row.
- To apply a security policy at binding operation message level, select the required operation in the second Operation row under Binding echoSoap11Binding or Binding echoSoap12Binding. Select In Message or Out Message depending on whether the policy should be applicable to incoming messages or outgoing messages. Then click Edit Policy in the same row.
| Excerpt | ||
|---|---|---|
| ||
Instructions on how to manage policies for services in WSO2 ESB. |