Associate a WS-Policy file with a Web Service

Before you begin

You must install a Web Service before you can associate a WS-Policy file with it. See Install a Web Service.

A Web Service can have zero or more WS-Policy files associated with it. WS-Policy files follow the guidelines of the WS-Policy specification. WebLogic Server uses them to specify the details of the message-level security (digital signatures and encryption) and reliable SOAP messaging capabilities of a Web Service.

You can associate a WS-Policy file at the Web Service endpoint-level, which means that the policy assertions apply to all the operations of a Web Service port. You can also associate a WS-Policy file at the operation-level, which means that the policy assertions apply only to the specific operation to which you associate it.

In addition, you can associate a WS-Policy file with either the inbound or outbound SOAP message, or both. For example, if a WS-Policy file that specifies encryption for the body of a SOAP message is associated with just the inbound message of a particular operation, only the SOAP request needs to be encrypted.

Programmers, when creating the Web Service, can use the Java Web Service (JWS) annotation @Policy inside the implementation Java file of the Web Service to specify an associated WS-Policy file; administrators cannot change this association using the Administration Console. Administrators can, however, associate additional WS-Policy files at runtime using the Administration Console, as described in the this procedure.

WebLogic Server includes the following pre-packaged WS-Policy files that you can use for configuring message-level security and reliable messaging; these files are static and you cannot change them:

DefaultReliability.xml : Configures reliable SOAP messaging. Specifies typical values for the reliable SOAP messaging policy assertions, such as activity timeout of 10 minutes, acknowledgement interval of 200 milliseconds, and base retransmisstion interval of 3 seconds.
LongRunningReliability.xml : Configures reliable SOAP messaging. Similar to the preceding default reliable messaging WS-Policy file, except that it specifies a much longer activity timeout interval (24 hours.)
Auth.xml : Configures message-level security. Specifies that the client application invoking the Web Service must authenticate itself with a username and password.
Encrypt.xml : Configures message-level security. Specifies that the entire body of the SOAP message be encrypted.
Sign.xml : Configures message-level security. Specifies that the body and WebLogic-specific system headers of the SOAP message be digitally signed. Also specifies that the SOAP message include a Timestamp, which is also digitally signed.

If the programmer who created the Web Service included additional WS-Policy files in the J2EE module or application in which the service is packaged, or a shared J2EE library has been deployed that contains additional WS-Policy files, then you can also associate them to your Web Service.

After you have associated a WS-Policy file to a Web Service endpoint or operation, the assistant updates the application's deployment plan. If the application does not currently have a configured deployment plan, the assistant creates one for you in the location you specify.

Caution:

The Administration Console allows you to associate as many WS-Policy files as you want to a Web Service and its operations, even if the policy assertions in the files contradict each other. It is up to you to ensure that mulitple associated WS-Policy files work together. If any contradictions do exist, WebLogic Server will return a runtime error when a client application invokes the Web Service.

To associate a WS-Policy file with a Web Service:

If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
In the left pane of the Administration Console, select Deployments.
In the right pane, navigate within the Deployments table until you find the Web Service for which you want to configure a WS-Policy file.
Note: Web Services are deployed as part of an Enterprise Application, Web Application or EJB. To understand how Web Services are displayed in the Administration Console, see View installed Web Services.
In the Deployments table, click the name of the Web Service.
Select Configuration -> WS-Policy.
The table lists the WS-Policy files that are currently associated with the Web service. The top level lists all the ports of the Web Service. Click the + next to a Web Service port to see its operations and associated WS-Policy files.
If you want to associate a WS-Policy file with a particular Web Service operation, go to the next step. To associate a WS-Policy file with an entire Web Service port (endpoint-level):
1. Click on the name of the Web Service port. A page appears which includes two windows: one labelled Available Endpoint Policies that lists the names of the WS-Policy files that you can associate with a Web Service endpoint and one labelled Chosen Endpoint Policies that lists the WS-Policy files that are currently configured for this endpoint.
2. Use the arrows to move WS-Policy files between the available and chosen windows. The WS-Policy files that are in the Chosen window are the ones that are applied to the Web Service endpoint.
3. Click OK. If your Web Service already has a deployment plan associated to it, then the newly associated WS-Policy files are displayed in the Policies column in the table.
4. If the J2EE module of which the Web Service is a part does not currently have a deployment plan associated with it, the assistant asks you for the directory that should contain the deployment plan. Use the navigation tree to specify a directory, then click Finish.
To associate a WS-Policy file with one of its operations:
1. Click on the name of the operation. A page appears which includes two windows: one labelled Available Inbound Message Policies that lists the names of the WS-Policy files that are available to associate with the inbound (request) SOAP message of the operation invoke and one labelled Chosen Inbound Message Policies that lists the WS-Policy files that are currently associated with the inbound (request) SOAP message of the operation invoke.
2. Use the arrows to move WS-Policy files between the available and chosen windows. The WS-Policy files that are in the Chosen window are the ones that are applied to the inbound (request) SOAP message when this operation is invoked by a client application.
3. Click Next.
4. Click on the name of the operation. A page appears which includes two windows: one labelled Available Outbound Message Policies that lists the names of the WS-Policy files that are available to associate with the outbound (response) SOAP message of the operation invoke and one labelled Chosen Outbound Message Policies that lists the WS-Policy files that are currently associated with the outbound (response) SOAP message of the operation invoke.
5. Use the arrows to move WS-Policy files between the available and chosen windows. The WS-Policy files that are in the Chosen window are the ones that are applied to the outbound (response) SOAP message when this operation is invoked by a client application.
6. Click Finish. If your Web Service already has a deployment plan associated with it, the newly associated WS-Policy files are displayed in the Policies column in the table.
7. If the J2EE module of which the Web Service is a part does not currently have a deployment plan associated with it, the assistant asks you for the directory that should contain the deployment plan. Use the navigation tree to specify a directory, then click Finish.
To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
Not all changes take effect immediately—some require a restart (see Use the Change Center).

Administration Console Online Help

Associate a WS-Policy file with a Web Service