WS-Policy Implementation
In general, WS-Policy is used for configuring WS-Security, WS-Reliable Messaging, caching, and throttling. WS-Policy attachment specification defines a set of policy subjects that can be used when the user wants to attach or apply security policies. WSO2 products have the capability of Axis2 to apply WS-Policy to services at different levels such as service, service operation, service operation message, binding, binding operation, binding operation message, etc.
Defining policies at bindings
Policies can be applied at the binding hierarchy in three different policy subjects such as:
Binding level
Binding operation level
Binding message level
A policy to SOAP 1.1 and SOAP 1.2 bindings at binding level can be defined in services.xml by adding the following code (see also The WS-Policy Editor below).
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:AppliesTo> <policy-subject identifier="binding:soap11" /> <policy-subject identifier="binding:soap12" /> </wsp:AppliesTo> <wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> </wsp:Policy> </wsp:PolicyAttachment>
For the Binding Operation level, the <wsp:AppliesTo> element is used to define the scope of the policy. An XML snippet is as follows:
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:AppliesTo> <policy-subject identifier="binding:soap11/operation:Echo" /> <policy-subject identifier="binding:soap12/operation:Echo" /> </wsp:AppliesTo> <wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> </wsp:Policy> </wsp:PolicyAttachment>
The configuration is similar for the Binding Message level for the out message. The identifier attribute of the <policy-subject/>
element in <wsp:AppliesTo>
changes to binding:soap11/operation:echo/out.
The XML snippet is as follows:
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:AppliesTo> <policy-subject identifier="binding:soap11/operation:secureEcho/in" /> <policy-subject identifier="binding:soap12/operation:secureEcho/in" /> </wsp:AppliesTo> <wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> </wsp:Policy> </wsp:PolicyAttachment>
Infor: For more information on WS-Policy, see
WS-Policy editor
You can use either the graphical or text WS-Policy editor to edit your policy documents. Given a service or a module, it generates a graphical tree view (the Policy tree) representing the document along with the plain text (raw policy) representation. The default view presented is the source view or the raw policy. You will be editing the merged WS-Policy, which includes all the WS-Policy components attached to the particular level selected.
The WS-Policy Editor also contains a design view, which is a graphical representation of the WS-Policy in being edited.
Here are few tips to use the policy editor:
- Right-click on any node in the Policy tree - A shortcut menu appears. You can add new elements and delete existing ones. The plain text representation will be kept in sync with the changes done using the Policy tree, and vise versa.
- Selecting an element in the Policy tree - Allows to edit the attributes of that policy element. Similarly, when adding an element, you will be prompted to add data to the attributes relevant to that particular element.
- Save Policy - Once you have finished editing your policy document, click Save Policy.
- Go Back - Click Go Back to go back to the previous page.