Johnbosco, Lawrence wrote:
Hello,
Can anyone provide me a working example implementing WS-Policy embedded within the WSDL in CXF? So far, I couldn't find any detailed material regarding this.
Hi,
** WS-Policy provides a way for the provider of a web service to convey
conditions under which it provides the service. A invoker might use this
policy to decide whether to use or not to use the service.
WS-Policy just gives basic assertion support like, <wsp:All/>,
<wsp:ExactlyOne/> to express one set of policy or alternatives too. Any
conditions/requirements as assertions under <wsp:All/> become mandatory,
where as assertions inside <wsp:ExactlyOne/> are considered as
alternatives to each other.You can read more about various
combinations/interactions/alternative in OASIS WS-Policy Specification[1].
You can specify these WS-Poilcy assertions either inside input , output,
fault, operation, port, or in binding wsdl elements. You can either put
them directly as child elements of them, or else you can refer them
using <wsp:PolicyReference> element.
WS-Security Policy, WS-RM assertions are build on top of WS-Policy for
specifying security or reliable messaging requirements/constraints for a
service. For example, specifying security requirements for outgoing
message, I can write as,
<wsp:Policy wsu:Id="Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsu:Timestamp/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
and I can refer this policy as,
<wsdl:binding name="WebTransactionServiceSoapBinding"
type="tns:CreditCard">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<!--wsp:PolicyReference URI="#Endpoint_Policy"/-->
<wsdl:operation name="purchase">
<soap:operation soapAction="" style="document"/>
<wsdl:input name="purchase">
<!--wsp:PolicyReference URI="#Input_Policy"/-->
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output name="purchaseResponse">
<wsp:PolicyReference URI="#Output_Policy"/>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
or specifying RM assertions as Embedded instead of referred can be,
<wsdl:service name="CartSLSBBeanService">
<wsdl:port binding="ns1:CartSLSBBeanServiceSoapBinding"
name="CartSLSBBeanPort">
<wswa:UsingAddressing
xmlns:wswa="http://www.w3.org/2005/02/addressing/wsdl"/>
<soap:address location=" http://localhost:8181/cart/cart"/>
<wsp:Policy xmlns:wsp="http://www.w3.org/2006/07/ws-policy";
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="RM">
<wsam:Addressing
xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata";>
<wsrmp:RMAssertion
xmlns:wsrmp="http://schemas.xmlsoap.org/ws/2005/02/rm/policy";>
<wsrmp:BaseRetransmissionInterval Milliseconds="10000"/>
</wsrmp:RMAssertion>
</wsp:Policy>
</wsdl:port>
</wsdl:service>
You can read more about WS-SecurityPolicy[2] and WS RM[3] so as to
understand what these assertions actually specify.
I hope this helps
[1]. http://www.w3.org/TR/ws-policy/
[2].
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.2/ws-securitypolicy.html
[3].http://docs.oasis-open.org/ws-rx/wsrmp/200608/wsrmp-1.1-spec-cd-04.html
With Regards,
Mayank
Thanks,
Lawrence
