Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

In general WS-Policy is used for configuring WS-Security, WS-Reliable Messaging, caching, and throttling.

WS-Policy Attachment specification defines a set of policy subjects that can be used, when the user wants to attach or apply security policies.

WSO2 Carbon has the power of Axis2 to apply WS-Policy for your services at different levels such as service, service operation, service operation message, binding, binding operation, binding operation message, etc.

Defining Policies at Bindings

The WSO2 Carbon has the ability to apply policies at the binding hierarchy. You can apply policies at three different policy subjects in the binding hierarchy. They are:

  • Binding level
  • Binding operation level
  • Binding message level

A policy to SOAP 1.1 and SOAP 1.2 bindings at Binding level can defined in the services.xml by adding the following code (also refer to The WS-Policy Editor):

Code Block
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
   <wsp:AppliesTo>
      <policy-subject identifier="binding:soap11" />
      <policy-subject identifier="binding:soap12" />
   </wsp:AppliesTo>

   <wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   </wsp:Policy>
</wsp:PolicyAttachment>

For the Binding Operation level the <wsp:AppliesTo> element is used to define the scope of the policy.

The XML snippet is as follows:

Code Block
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
   <wsp:AppliesTo>
      <policy-subject identifier="binding:soap11/operation:Echo" />
      <policy-subject identifier="binding:soap12/operation:Echo" />
   </wsp:AppliesTo>
   <wsp:Policy wsu:Id="binding_level_policy"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   </wsp:Policy>
</wsp:PolicyAttachment>

The configuration is similar for the Binding Message level for the out message. The identifier attribute of the <policy-subject/> element in <wsp:AppliesTo> changes to binding:soap11/operation:echo/out.

The XML snippet is as follows:

Code Block
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
   <wsp:AppliesTo>
      <policy-subject identifier="binding:soap11/operation:secureEcho/in" />
      <policy-subject identifier="binding:soap12/operation:secureEcho/in" />
   </wsp:AppliesTo>

   <wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   </wsp:Policy>
</wsp:PolicyAttachment>
Info
titleNote

Further details can be found at:

...