WS-Policy is an interoperability standard used to describe and communicate the policies of a web service so that service providers can export policy requirements in a standard format. Clients can combine the service provider requirements with their own capabilities to establish the policies required for a specific interaction.
WebSphere Application Server conforms to the web services Policy Framework (WS-Policy) specification. Use the WS-Policy protocol to exchange policies in standard format. A policy represents the capabilities and requirements of a web service, for example whether a message is secure and how to secure it, and whether a message is delivered reliably and how this is achieved. We can communicate the policy configuration to any other client, service registry, or service that supports the WS-Policy specification, including non-WAS products in a heterogeneous environment.
For a service provider, the policy configuration can be shared in published Web Services Description Language (WSDL), in WSDL that is obtained by a client using an HTTP GET request, or using the Web Services Metadata Exchange (WS-MetadataExchange) protocol. The WSDL is in the standard WS-PolicyAttachments format.
For a client, the client can obtain the policy of the service provider in the standard WS-PolicyAttachments format and use this information to establish a configuration that is acceptable to both the client and the service provider. In other words, the client can be configured dynamically, based on the policies supported by its service provider. The provider policy can be attached at the application or service or service reference level.
The following features were introduced in the JAX-WS 2.2 specification, which WAS supports from v8:
- We can specify transport level security on client WSDL acquisition. Attach a system policy set to either an HTTP GET request or a WS-MetadataExchange request when obtaining provider policy. See the Configure the client policy to use a service provider policy topic for further information.
- We can specify a policy set and binding for a service reference that is different from the policy set attachment for the service. By default, service references inherit their policy set and WS-Policy configuration from their parent service, however, if desired, the policy set and WS-Policy configuration can be overwritten. See the Use WS-Policy to exchange policies in a standard format topic and its child topics for further details.
- We can enable and configure WS-Addressing support on a client or service provider by adding WS-Policy assertions into the WSDL document. WAS will now process WS-Addressing information held within the WS-Policy aspect of an application's WSDL document and use it in the configuration of that application. See the Enable Web Services Addressing support for JAX-WS applications using WS-Policy topic for further information.
- We can publish policy configuration relating to WS-Addressing based on JSR109 deployment descriptors or JAX-WS 2.2 features or annotations, as well as information based on policy sets. This ensures that the policy information published matches the run time behavior of the service. See the Web service providers and policy configuration sharing topic for further information.
The WS-Policy assertion specifications supported in this version of WAS are:
- WS-Policy. See Web Services Policy 1.5
- WS-Addressing. See Web Services Addressing 1.0 - Metadata.
- WS-AtomicTransaction. See Web Services Atomic Transaction Version 1.0, Web Services Atomic Transaction Version 1.1 and Web Services Atomic Transaction Version 1.2.
- WS-ReliableMessaging. See Web Services Reliable Messaging Policy Assertion Version 1.0 and Web Services Reliable Messaging Policy Assertion Version 1.1.
- WS-SecurityPolicy. See WS-SecurityPolicy 1.2.
For details of the WS-Policy domains supported, see the following topics:
- WS-Addressing policy settings
- WS-ReliableMessaging settings
- WS-Security policy settings
- WS-Transaction policy settings
- Web service providers and policy configuration sharing
- Web service clients and policy configuration to use the service provider policy
- WS-MetadataExchange requests
WS-Addressing policy settings WS-ReliableMessaging settings WS-Security policy settings WS-Transaction policy settings Web Services Policy 1.5 Web Services Policy 1.5 - Attachment Web Services Addressing 1.0 - Metadata Web Services Atomic Transaction Version 1.0 Web Services Atomic Transaction Version 1.1 Web Services Atomic Transaction Version 1.2 Web Services Reliable Messaging Policy Assertion Version 1.0 Web Services Reliable Messaging Policy Assertion Version 1.1 WS-SecurityPolicy 1.2 JAX-WS API v2.2