WS-Policy
WS-Policy allows service providers to export policy requirements in a standard format. Clients combine the requirements with their own capabilities to establish policies required for a specific interaction.
WebSphere Application Server conforms to the web services Policy Framework (WS-Policy) specification. We can use the WS-Policy protocol to exchange policies in standard format. A policy represents the capabilities and requirements of a web service, for example whether a message is secure and how to secure it, and whether a message is delivered reliably and how this is achieved. We can communicate the policy configuration to any other client, service registry, or service that supports the WS-Policy specification, including non-WebSphere Application Server products in a heterogeneous environment.
For a service provider, the policy configuration can be shared in published WSDL, in WSDL that is obtained by a client by using an HTTP GET request, or using the Web Services Metadata Exchange (WS-MetadataExchange) protocol. The WSDL is in the standard WS-PolicyAttachments format.
For a client, the client can obtain the policy of the service provider in the standard WS-PolicyAttachments format and use this information to establish a configuration that is acceptable to both the client and the service provider. In other words, the client can be configured dynamically, based on the policies supported by its service provider. The provider policy can be attached at the application or service or service reference level.
The following features were introduced in the JAX-WS 2.2 specification, which WebSphere Application Server supports from Version 8:
- We can specify transport level security on client WSDL acquisition. We can attach a system policy set to either an HTTP GET request or a WS-MetadataExchange request when obtaining provider policy. See the "Configuring the client policy to use a service provider policy" topic for further information.
- We can specify a policy set and binding for a service reference that is different from the policy set attachment for the service. By default, service references inherit their policy set and WS-Policy configuration from their parent service, however, if desired, the policy set and WS-Policy configuration can be overwritten. See the "Using WS-Policy to exchange policies in a standard format" topic and its child topics for further details.
- We can enable and configure WS-Addressing support on a client or service provider by adding WS-Policy assertions into the WSDL document. WebSphere Application Server will now process WS-Addressing information held within the WS-Policy aspect of an application's WSDL document and use it in the configuration of that application. See the "Enable Web Services Addressing support for JAX-WS applications using WS-Policy" topic for further information.
- We can publish policy configuration relating to WS-Addressing based on JSR109 deployment descriptors or JAX-WS 2.2 features or annotations, as well as information based on policy sets. This ensures that the policy information published matches the run time behavior of the service. See the "Web service providers and policy configuration sharing" topic for further information.
The WS-Policy assertion specifications that are supported in this version of WAS are:
- WS-Policy. See Web Services Policy 1.5
- WS-Addressing. See Web Services Addressing 1.0 - Metadata.
- WS-AtomicTransaction. See Web Services Atomic Transaction Version 1.0, Web Services Atomic Transaction Version 1.1 and Web Services Atomic Transaction Version 1.2.
- WS-ReliableMessaging. See Web Services Reliable Messaging Policy Assertion Version 1.0 and Web Services Reliable Messaging Policy Assertion Version 1.1.
- WS-SecurityPolicy. See WS-SecurityPolicy 1.2.
For details of the WS-Policy domains that are supported, see the following topics:
- WS-Addressing policy settings
- WS-ReliableMessaging settings
- WS-Security policy settings
- WS-Transaction policy settings
Subtopics
- Web service providers and policy configuration sharing
A WebSphere Application Server service provider can share its current policy configuration through its Web Service Description Language (WSDL). The policy configuration is in standard WSDL WS-PolicyAttachment format so that it can be shared with other clients, service registries, or services that support the Web Services Policy (WS-Policy) specification.
- Web service clients and policy configuration to use the service provider policy
If a service provider publishes its policy in its WSDL, the policy configuration of a WAS service client can be configured dynamically, based on the policies supported by its service provider.
- WS-MetadataExchange requests
We can use the Web Services Metadata Exchange (WS-MetadataExchange) GetMetadata request to exchange WSDL that is annotated with WS-Policy information. A service provider can use a WS-MetadataExchange request to share its policies, and a service client can use a WS-MetadataExchange request to apply the policies of a provider. We can secure WS-MetadataExchange requests by using transport-level or message-level security.
WS-Addressing policy settings WS-ReliableMessaging settings WS-Security policy settings WS-Transaction policy settings
Related information:
Web Services Policy 1.5
Web Services Policy 1.5 - Attachment
Web Services Addressing 1.0 - Metadata
Web Services Atomic Transaction Version 1.0
Web Services Atomic Transaction Version 1.1
Web Services Atomic Transaction Version 1.2
Web Services Reliable Messaging Policy Assertion Version 1.0
Web Services Reliable Messaging Policy Assertion Version 1.1
WS-SecurityPolicy 1.2
JAX-WS API Version 2.2