This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Applying Security Policies

WS-Policy is used for configuring WS-Security, WS-Reliable Messagingcaching, and throttling. The WS-Policy Attachment specification defines a set of policy subjects that can be used to attach or apply security policies. You can apply WS-Policy to your services at different levels such as service, service operation, service operation message, binding, binding operation, binding operation message, etc. To apply a security policy, when viewing the service details in the management console, click Policies, and then apply policies at the service or binding level.

The rest of this page further describes how to define policies in more detail in the following sections.

Defining Policies at Service Level

The WSO2 ESB has the ability to apply policies at the service hierarchy. Policies applied at the service level are applicable to all the bindings. You can apply policies at the following levels in the service hierarchy:

  • Service level

  • Service operation level
  • Service message level

Service level

A security policy defined at the service level is applicable to both in and out messages generated by all the operations of the selected service.

Service operation level

A security policy defined at the service operation level is applicable to both in and out messages generated by a specific operation of the selected service. 

Service operation message level

A service policy defined at the service operation message level is applicable to either in or out messages generated by a specific operation of the selected service. 

In Message should be selected if you want the security policy to be applicable only for the incoming messages of the ESB relating to the selected service.

Out Message should be selected if you want the security policy to be applicable only for the outgoing messages of the ESB relating to the selected service.

Defining Policies at Bindings

You can apply policies at the following levels in the binding hierarchy:

  • Binding level
  • Binding operation level
  • Binding message level

Binding level

A security policy defined at the binding level is applicable to both in and out messages generated by all the operations connected to the selected binding.

Binding operation level

A security policy defined at the binding operation level is applicable to both in and out messages generated by a specific operation connected to the selected binding.

Binding operation message level

A security policy defined at the binding operation message level is applicable to either in or out messages generated by a specific operation connected to the selected binding. 

In Message should be selected if you want the security policy to be applicable only for the incoming messages of the ESB relating to the selected binding.

Out Message should be selected if you want the security policy to be applicable only for the outgoing messages of the ESB relating to the selected binding.

Policy Selection

When you click Policies in the management console, the following will be displayed. 

  • To apply a security policy at service level, click Edit Policy in the Service StockQuoteProxy row under Service Hierarchy.
  • To apply a security policy at the service operation level, select the required operation in the first Operation row under Service Hierarchy. Then click Edit Policy in the same row.
  • To apply a security policy at the service operation message level, select the required operation in the second Operation row under Service Hierarchy. Select In Message or Out Message depending on whether the policy should be applicable to incoming messages or outgoing messages. Then click Edit Policy in the same row.
  • To apply a security policy at binding level, click Edit Policy in the Binding echoSoap11Binding row or the Binding echoSoap12Binding row (depending on your requirement) underBinding Hierarchy.
  • To apply a security policy at binding operation level, select the required operation  in the first Operation row under Binding echoSoap11Binding or Binding echoSoap12Binding. Then click Edit Policy in the same row.
  • To apply a security policy at binding operation message level, select the required operation in the second Operation row under Binding echoSoap11Binding or Binding echoSoap12Binding. Select In Message or Out Message depending on whether the policy should be applicable to incoming messages or outgoing messages. Then click Edit Policy in the same row.