Thanks Mayank. ________________________________
From: Mayank Mishra [mailto:[EMAIL PROTECTED] Sent: Thu 12/4/2008 2:14 PM To: [email protected] Subject: Re: WS-Policy configuration steps Johnbosco, Lawrence wrote: > Hello, > > Can anyone provide me a working example implementing WS-Policy embedded > within the WSDL in CXF? So far, I couldn't find any detailed material > regarding this. > > Hi, ** WS-Policy provides a way for the provider of a web service to convey conditions under which it provides the service. A invoker might use this policy to decide whether to use or not to use the service. WS-Policy just gives basic assertion support like, <wsp:All/>, <wsp:ExactlyOne/> to express one set of policy or alternatives too. Any conditions/requirements as assertions under <wsp:All/> become mandatory, where as assertions inside <wsp:ExactlyOne/> are considered as alternatives to each other.You can read more about various combinations/interactions/alternative in OASIS WS-Policy Specification[1]. You can specify these WS-Poilcy assertions either inside input , output, fault, operation, port, or in binding wsdl elements. You can either put them directly as child elements of them, or else you can refer them using <wsp:PolicyReference> element. WS-Security Policy, WS-RM assertions are build on top of WS-Policy for specifying security or reliable messaging requirements/constraints for a service. For example, specifying security requirements for outgoing message, I can write as, <wsp:Policy wsu:Id="Output_Policy"> <wsp:ExactlyOne> <wsp:All> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:SignedParts> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsu:Timestamp/> </sp:EncryptedParts> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> and I can refer this policy as, <wsdl:binding name="WebTransactionServiceSoapBinding" type="tns:CreditCard"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <!--wsp:PolicyReference URI="#Endpoint_Policy"/--> <wsdl:operation name="purchase"> <soap:operation soapAction="" style="document"/> <wsdl:input name="purchase"> <!--wsp:PolicyReference URI="#Input_Policy"/--> <soap:body use="literal"/> </wsdl:input> <wsdl:output name="purchaseResponse"> <wsp:PolicyReference URI="#Output_Policy"/> <soap:body use="literal"/> </wsdl:output> </wsdl:operation> </wsdl:binding> or specifying RM assertions as Embedded instead of referred can be, <wsdl:service name="CartSLSBBeanService"> <wsdl:port binding="ns1:CartSLSBBeanServiceSoapBinding" name="CartSLSBBeanPort"> <wswa:UsingAddressing xmlns:wswa="http://www.w3.org/2005/02/addressing/wsdl"/> <soap:address location=" http://localhost:8181/cart/cart"/> <wsp:Policy xmlns:wsp="http://www.w3.org/2006/07/ws-policy"; xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="RM"> <wsam:Addressing xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata";> <wsrmp:RMAssertion xmlns:wsrmp="http://schemas.xmlsoap.org/ws/2005/02/rm/policy";> <wsrmp:BaseRetransmissionInterval Milliseconds="10000"/> </wsrmp:RMAssertion> </wsp:Policy> </wsdl:port> </wsdl:service> You can read more about WS-SecurityPolicy[2] and WS RM[3] so as to understand what these assertions actually specify. I hope this helps [1]. http://www.w3.org/TR/ws-policy/ [2]. http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.2/ws-securitypolicy.html [3].http://docs.oasis-open.org/ws-rx/wsrmp/200608/wsrmp-1.1-spec-cd-04.html With Regards, Mayank > Thanks, > Lawrence > >
