Network Deployment (Distributed operating systems), v8.0 > Develop and deploying applications > Develop web services - Addressing (WS-Addressing) > Enable Web Services Addressing support for JAX-WS applications > Enable Web Services Addressing support for JAX-WS applications using policy sets > Configure the client.policy to use a service provider policy
Configure client.policy to use a service provider policy from a registry
Overview
Web service client applications can obtain the policy configuration of a web service provider from a registry, such as WebSphere Service Registry and Repository (WSRR). The WSDL for the policy of the service provider, and its corresponding policies and policy attachments, are stored in WSRR using the WS-PolicyAttachments format.
The registry must support the use of HTTP GET requests to publish WSDL that contains WS-Policy attachments, for example WSRR v6.2 or later.
We can administer the client to configure itself dynamically at run time, based on the policy of a service provider held in a registry. By default, endpoints and operations inherit their policy configuration from the relevant service. However, it is possible to configure a service reference to override the service, in which case the endpoints and operations inherit their policy configuration from the service reference. You cannot administer the client to apply dynamically the provider policy that it obtains from a registry at the application level.
Configure client.policy to use a registry-based service provider policy
- From the navigation pane of the administrative console, click...
Applications | Application Types | WebSphere enterprise applications | web service client application | [Web services properties] Service client policy sets and bindings
- In the row for the service where to apply the policy, click the link in the Policies Applied column.
You cannot apply the policy at application level. The Policies Applied pane is displayed.
- Select one of the following options from the drop-down list:
- Provider policy only.
Configure the client based solely on the policy of the service provider. This option is available when a client.policy set is not attached.
- Client and provider policy.
Configure the client based on both the client.policy set and the policy of the service provider. This option is available when a client.policy set is attached.
The other options in the list do not apply to this task.
- Click HTTP GET request.
- Click Specify request target, then enter the URL for the location of the provider policy in the field, that is, the address in the repository for the WSDL and policy.
The following example shows a typical URL:
s://www.wsrr.host/WSRR/6.2/PolicyService/WSDL?bsrURI=3b9b493b-278f-4f64.ba3f.dabd30da3f7e
- Click OK.
- Optional: If there is a secure connection that uses the SSL protocol between the client and the registry, ensure that trust is established between the application server and the registry server. To access the registry, the client uses the SSL transport policy that is part of its service-level application policy. For example, for WSRR, you can enter the URL for the WSRR server in a browser window. If the WSRR server is not already trusted, a message is displayed stating that the security certificate is not trusted.
To establish trust, use the following steps:
- Retrieve and store the X509 certificate from the WSRR server.
Use the options on the message to view details of the certificate and save those details to a file, using distinguished encoding rules (DER) encoded binary format.
- Find out the key store that the client uses, that is, the key store that is shown by the SSL security transport bindings of the client application policy set.
- Add the signer certificate to the key store that the client uses.
Optional: To access the registry, the client uses the transport policy that is part of its service-level application policy. If the registry requires authentication using the HTTP protocol, configure a valid user name and password as part of the application-level transport policy binding configuration. It is advisable to secure any authorization credentials, because they are used for interactions with both the web service endpoint and the registry.
- Ensure that the client has a policy set that contains the HTTP transport policy attached to the application or service level.
- Configure the HTTP transport client bindings for the binding named Client sample and enter the user name and password that the registry requires to authenticate outbound service requests.
- Save your changes to the master configuration.
Results
The web application client-side policy is calculated when it is required at run time, based either on the policy of the service provider, or on the client.policy set and the policy of the service provider, depending on which option you selected.
This calculated policy is known as the "effective policy" and is cached as a runtime configuration. The effective policy is used for subsequent outbound web service requests to the endpoint or operation for which the dynamic policy calculation was performed. The policy set configuration of the client does not change.
The provider policy that the client holds for a service is refreshed the first time that the web service is invoked after the application is loaded. After that, the provider policy is refreshed when the application restarts, or if the application explicitly invokes a refresh. When the provider policy is refreshed, the effective policy is recalculated.
- WS-Policy
- Web service clients and policy configuration to use the service provider policy
- Deploy web services applications onto application servers
- Configure the SSL transport policy
- Add a signer certificate to a keystore
- Manage policy sets and bindings for service clients at the application level
- Configure the HTTP transport policy
- Configure the client.policy to use a service provider policy using wsadmin.sh
- Configure a service provider to share its policy configuration
- Use WS-Policy to exchange policies in a standard format
- Policies applied settings
- Query and create objects in WebSphere Service Registry and Repository using XPath and REST.