WS-Policy Implementation
In general WS-Policy is used for configuring WS-Security, WS-Reliable Messaging, caching, and throttling. WS-Policy Attachment specification defines a set of policy subjects that can be used, when the user wants to attach or apply security policies. WSO2 Carbon based products have the power of Axis2 to apply WS-Policy for your services at different levels such as service, service operation, service operation message, binding, binding operation, binding operation message, etc.
The WS-Policy configuration functionality is provided by the Service Management feature of the WSO2 feature repository.
Defining Policies at Bindings
Policies can be applied at the binding hierarchy, at three different policy subjects such as:
Binding level
Binding operation level
Binding message level
A policy to SOAP 1.1 and SOAP 1.2 bindings at Binding level can defined in the services.xml by adding the following code (see also The WS-Policy Editor). Â
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:AppliesTo> <policy-subject identifier="binding:soap11" /> <policy-subject identifier="binding:soap12" /> </wsp:AppliesTo> <wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> </wsp:Policy> </wsp:PolicyAttachment>
For the Binding Operation level, the <wsp:AppliesTo> element is used to define the scope of the policy.
The XML snippet is as follows:
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:AppliesTo> <policy-subject identifier="binding:soap11/operation:Echo" /> <policy-subject identifier="binding:soap12/operation:Echo" /> </wsp:AppliesTo> <wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> </wsp:Policy> </wsp:PolicyAttachment>
The configuration is similar for the Binding Message level for the out message. The identifier attribute of the <policy-subject/> element in <wsp:AppliesTo> changes to binding:soap11/operation:echo/out.
The XML snippet is as follows:
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:AppliesTo> <policy-subject identifier="binding:soap11/operation:secureEcho/in" /> <policy-subject identifier="binding:soap12/operation:secureEcho/in" /> </wsp:AppliesTo> <wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> </wsp:Policy> </wsp:PolicyAttachment>
Note Further details can be found in these articles hosted on WSO2 Oxygen Tank: |
The WS-Policy Editor Â
The WS-Policy Editor allows to edit WS-Policy documents using either a graphical editor or a plain text editor. Given a Service or a Module, it will generate a graphical tree view (the "Policy" tree) representing the document along with the plain text (Raw Policy) representation. The default view presented is the source view or the raw policy.
Â
Note: You will be editing the merged WS-Policy, which includes all the WS-Policy components attached to the particular level selected. |
For example,
The WS-Policy Editor also contains a "Design View," which provides a graphical representation of the WS-Policy in question. For example,
Using the Policy Editor
- Right-click on any node in the "Policy" tree - A shortcut menu appears. You can add new elements and delete existing ones. The plain text representation will be kept in sync with the changes done using the "Policy" tree, and vise versa.
- Selecting an element in the "Policy" tree - Allows to edit the attributes of that policy element. Similarly, when adding an element, you will be prompted to add data to the attributes relevant to that particular element.
- Save Policy - Once you have finished editing your policy document, click "Save Policy."
- Go Back - Click "Go Back" to go back to the previous page.