This documentation is for WSO2 ESB version 4.0.2. View documentation for the latest release.

Policies for Service

In general WS-Policy is used for configuring WS-Security, WS-Reliable Messaging, caching, and throttling.

WS-Policy Attachment specification defines a set of policy subjects that can be used, when the user wants to attach or apply security policies.

WSO2 Carbon has the power of Axis2 to apply WS-Policy for your services at different levels such as service, service operation, service operation message, binding, binding operation, binding operation message, etc..

Defining Policies at Bindings

The WSO2 Carbon has the ability to apply policies at the binding hierarchy. You can apply policies at three different policy subjects in the binding hierarchy. They are:

  • Binding level
  • Binding operation level
  • Binding message level

A policy to SOAP 1.1 and SOAP 1.2 bindings at Binding level can defined in the services.xml by adding the following code (see also The WS-Policy Editor):

<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:AppliesTo>
<policy-subject identifier="binding:soap11" />
<policy-subject identifier="binding:soap12" />
</wsp:AppliesTo>
<wsp:Policy wsu:Id="binding_level_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
</wsp:Policy>
</wsp:PolicyAttachment>

For the Binding Operation level the <wsp:AppliesTo> element is used to define the scope of the policy.

The XML snippet is as follows:

<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:AppliesTo>
<policy-subject identifier="binding:soap11/operation:Echo" />
<policy-subject identifier="binding:soap12/operation:Echo" />
</wsp:AppliesTo>
<wsp:Policy wsu:Id="binding_level_policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
</wsp:Policy>
</wsp:PolicyAttachment>

The configuration is similar for the Binding Message level for the out message. The identifier attribute of the <policy-subject/> element in <wsp:AppliesTo> changes to binding:soap11/operation:echo/out.

The XML snippet is as follows:

<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsp:AppliesTo>
<policy-subject identifier="binding:soap11/operation:secureEcho/in" />
<policy-subject identifier="binding:soap12/operation:secureEcho/in" />
</wsp:AppliesTo>
<wsp:Policy wsu:Id="binding_level_policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
</wsp:Policy>
</wsp:PolicyAttachment>

The WS-Policy Editor

The WS-Policy Editor allows to edit WS-Policy documents using either a graphical editor or a plain text editor. Given a Service or a Module, it will generate a graphical tree view (the "Policy" tree) representing the document along with the plain text (Raw Policy) representation. The default view presented is the source view or the raw policy.

The WS-Policy Editor also contains "Design View," which provides a graphical representation of the WS-Policy in question.

Using the Policy Editor
  • Right-click on any node in the "Policy" tree - A shortcut menu appears. You can add new elements and delete existing ones. The plain text representation will be kept in sync with the changes done using the "Policy" tree, and vise versa.
  • Selecting an element in the "Policy" tree - Allows to edit the attributes of that policy element. Similarly, when adding an element, you will be prompted to add data to the attributes relevant to that particular element.
  • Save Policy - Once you have finished editing your policy document, click "Save Policy."
  • Go Back - Click "Go Back" to go back to the previous page.