50 Managing Policies

This chapter describes how to manage policies during design-time in SOA composite applications.

This chapter includes the following sections:

50.1 Introduction to Policies

Oracle Fusion Middleware uses a policy-based model to manage and secure Web services across an organization. Policies apply security to the delivery of messages. Policies can be managed by both developers in a design time environment and system administrators in a runtime environment.

Policies are comprised of one or more assertions. A policy assertion is the smallest unit of a policy that performs a specific action. Policy assertions are executed on the request message and the response message, and the same set of assertions is executed on both types of messages. The assertions are executed in the order in which they appear in the policy.

Table 50-1 describes the supported policy categories.

Table 50-1 Supported Policy Categories

Category Description

Message Transmission Optimization Mechanism (MTOM)

Ensures that attachments are in MTOM format. This format enables binary data to be sent to and from web services. This reduces the transmission size on the wire.

Reliability

Supports the WS-Reliable Messaging protocol. This guarantees the end-to-end delivery of messages.

Addressing

Verifies that simple object access protocol (SOAP) messages include WS-Addressing headers in conformance with the WS-Addressing specification. Transport-level data is included in the XML message rather than relying on the network-level transport to convey this information.

Security

Implements the WS-Security 1.0 and 1.1 standards. They enforce authentication and authorization of users. identity propagation, and message protection (message integrity and message confidentiality).

Management

Logs request, response, and fault messages to a message log. Management policies can also include custom policies.

Within each category there are one or more policy types that you can attach. For example, if you select the reliability category, the following types are available for selection:

  • oracle/wsrm10_policy

    Supports version 1.0 of the Web Services Reliable Messaging protocol.

  • oracle/wsrm11_policy

    Supports version 1.1 of the Web Services Reliable Messaging protocol.

For more information about available policies and details about which ones to use in your environment, see Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

50.2 Attaching Policies to Binding Components and Service Components

You can attach or detach policies to and from service binding components, service components, and reference binding components in a SOA composite application. Use Oracle JDeveloper to attach policies for testing security in a design-time environment. When your application is ready for deployment to a production environment, you can attach or detach runtime policies in Oracle Enterprise Manager Fusion Middleware Control Console.

For more information about runtime management of policies, see Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite.

50.2.1 How to Attach Policies to Binding Components and Service Components

To attach a policy to a service or reference binding component:

  1. In the SOA Composite Editor, right-click a service binding component or reference binding component.

  2. Select Configure WS-Policies.

    Depending upon the interface definition of your SOA composite application, you may be prompted with an additional menu of options.

    • If the selected service or reference is interfacing with a synchronous BPEL process or Oracle Mediator service component, a single policy is used for both request and response messages. The Configure SOA WS Policies dialog immediately appears. Go to Step 4.

    • If the service or reference is interfacing with an asynchronous BPEL process or Oracle Mediator service component, the policies must be configured separately for request and response messages. The policy at the callback is used for the response sent from service to client. An additional menu is displayed. Go to Step 3.

  3. Select the type of binding to use:

    • For Request:

      Select the request binding for the service component with which to bind. You can only select a single request binding. This action enables communication between the binding component and the service component.

      When request binding is configured for a service in the Exposed Services swimlane, the service acts as the server. When request binding is configured for a reference in the External References swimlane, the reference acts as the client.

    • For Callback: (only for interactions with asynchronous processes)

      Select the callback binding for the service component with which to bind. This action enables message communication between the binding component and the service component. You can only select a single callback binding.

      When callback binding is configured for a service in the Exposed Services swimlane, the service acts as the client. When callback binding is configured for a reference in the External References swimlane, the reference acts as the server.

    The Configure SOA WS Policies dialog shown in Figure 50-1 appears. For this example, the For Request option was selected for a service binding component. The same types of policy categories are also available if you select For Callback.

    Figure 50-1 Configure SOA WS Policies Dialog

    Description of Figure 50-1 follows
    Description of "Figure 50-1 Configure SOA WS Policies Dialog"

  4. Click the Add icon to display the following categories of polices. For this example, Security is selected for attachment.

    • MTOM

    • Reliability

    • Addressing

    • Security

    • Management

    The dialog shown in Figure 50-2 is displayed.

    Figure 50-2 Security Policies

    Description of Figure 50-2 follows
    Description of "Figure 50-2 Security Policies"

  5. Place your cursor over a policy name to display a description of policy capabilities.

  6. Select the type of policy to attach.

  7. Click OK.

    You are returned to the Configure SOA WS Policies dialog shown in Figure 50-3. The attached security policy displays in the Security section.

    Figure 50-3 Attached Security Policy

    Description of Figure 50-3 follows
    Description of "Figure 50-3 Attached Security Policy"

  8. If necessary, add additional policies.

    You can temporarily disable a policy by deselecting the checkbox to the left of the name of the attached policy. This action does not detach the policy.

  9. To detach a policy, click the Delete icon.

  10. When complete, click OK on the Configure SOA WS Policies dialog.

    You are returned to the SOA Composite Editor.

To attach a policy to a service component:

  1. Right-click a service component.

  2. Select Configure Component WS Policies.

    The Configure SOA WS Policies dialog shown in Figure 50-4 appears.

    Figure 50-4 Configure SOA WS Policies Dialog

    Description of Figure 50-4 follows
    Description of "Figure 50-4 Configure SOA WS Policies Dialog"

  3. Click the Add icon for the type of policy to attach.

    • Security

    • Management

    The dialog for your selection appears.

  4. Select the type of policy to attach.

  5. Click OK.

  6. If necessary, add additional policies.

  7. When complete, click OK on the Configure SOA WS Policies dialog.

For information about attaching policies during runtime in Oracle Enterprise Manager Fusion Middleware Control Console, see Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite.