2 Attaching Policies to Oracle Infrastructure Web Services

This chapter describes how to attach policies to Oracle Infrastructure Web services.

• What Are Policies?

• Oracle WSM Predefined Policies and Assertion Templates

• Attaching Policies to Web Services Using Annotations

• Attaching Policies Using Oracle JDeveloper

• Attaching Policies Using Oracle Enterprise Manager

What Are Policies?

Policies describe the capabilities and requirements of a Web service such as whether and how a message must be secured, whether and how a message must be delivered reliably, and so on.

Oracle Fusion Middleware 11g Release 1 (11.1.1) supports the types of policies defined in Table 2-1.

Table 2-1 Types of Policies

Policy	Description
WS-ReliableMessaging	Reliable messaging policies that implement the WS-ReliableMessaging standard describes a wire-level protocol that allows guaranteed delivery of SOAP messages, and can maintain the order of sequence in which a set of messages are delivered. The technology can be used to ensure that messages are delivered in the correct order. If a message is delivered out of order, the receiving system can be configured to guarantee that the messages will be processed in the correct order. The system can also be configured to deliver messages at least once, not more than once, or exactly once. If a message is lost, the sending system re-transmits the message until the receiving system acknowledges it receipt.
Management	Management policies that log request, response, and fault messages to a message log. Management policies may include custom policies.
WS-Addressing	WS-Addressing policies that verify that SOAP messages include WS-Addressing headers in conformance with the WS-Addressing specification. Transport-level data is included in the XML message rather than relying on the network-level transport to convey this information.
Security	Security policies that implement the WS-Security 1.0 and 1.1 standards. They enforce message protection (message integrity and message confidentiality), and authentication and authorization of Web service requesters and providers. The following token profiles are supported: username token, X.509 certificate, Kerberos ticket, and Security Assertion Markup Language (SAML) assertion. For more information about Web service security concepts and standards, see Security and Administrator's Guide for Web Services.
Message Transmission Optimization Mechanism (MTOM)	Binary content, such as an image in JPEG format, can be passed between the client and the Web service. In order to be passed, the binary content is typically inserted into an XML document as an xsd:base64Binary string. Transmitting the binary content in this format greatly increase the size of the message sent over the wire and is expensive in terms of the required processing space and time. Using Message Transmission Optimization Mechanism (MTOM), binary content can be sent as a MIME attachment, which reduces the transmission size on the wire. The binary content is semantically part of the XML document. Attaching an MTOM policy ensures that the message is converted to a MIME attachment before it is sent to the Web service or client.

Oracle WSM Predefined Policies and Assertion Templates

Oracle Web Services Manager (WSM) provides a policy framework to manage and secure Web services consistently across your organization. Oracle WSM can be used by both developers, at design time, and system administrators in production environments. For more information about the Oracle WSM policy framework, see "Understanding Oracle WSM Policy Framework" in Security and Administrator's Guide for Web Services.

There is a set of predefined Oracle WSM policies and assertion templates that are automatically available when you install Oracle Fusion Middleware. The predefined policies are based on common best practice policy patterns used in customer deployments.

You can immediately begin attaching these predefined policies to your Web services or clients. You can configure the predefined policies or create a new policy by making a copy of one of the predefined policies.

Predefined policies are constructed using assertions based on predefined assertion templates. You can create new assertion templates, as required.

For more information about the predefined Oracle WSM policies and assertion templates, see the following sections in Security and Administrator's Guide for Web Services:

• "Predefined Policies"

• "Predefined Assertion Templates"

Attaching Policies to Web Services Using Annotations

You can use annotations defined in Table 2-2 to attach policies to Web services. The annotations are included in the oracle.webservices.annotations and oracle.webservices.annotations.async packages.

For more information about the annotations available, see Oracle Fusion Middleware Java API Reference for Oracle Web Services. For more information about the predefined policies, see "Predefined Polices" in Security and Administrator's Guide for Web Services.

Table 2-2 Annotations for Attaching Policies to Web Services

Annotation	Description
@AddressingPolicy	Attaches a WS-Addressing policy to the Web service. For more information, see @AddressingPolicy Annotation.
@CallbackManagementPolicy	Attaches a management policy to the callback client of the asynchronous Web service that will connect to the callback service. For more information, see @CallbackManagementPolicy Annotation.
@CallbackMtomPolicy	Attaches an MTOM policy to the callback client of the asynchronous Web service that will connect to the callback service. For more information, see @CallbackMtomPolicy Annotation.
@CallbackSecurityPolicy	Attaches one or more security polices to the callback client of the asynchronous Web service that will connect to the callback service. By default, no security policies are attached. For more information, see @CallbackSecurityPolicy Annotation.
@ManagementPolicy	Attaches a management policy to the Web service. For more information, see @ManagementPolicy Annotation.
@MtomPolicy	Attaches an MTOM policy to the Web service. For more information, see @MtomPolicy Annotation.
@ReliabilityPolicy	Attaches a reliable messaging policy to the Web service. For more information, see @ReliabilityPolicy Annotation.
@SecurityPolicies	Specifies an array of @SecurityPolicy annotations. Use this annotation if you want to attach more than one WS-Policy files to a class. For more information, see @SecurityPolicies Annotation.
@SecurityPolicy	Attaches a security policy to the Web service. For more information, see @SecurityPolicy Annotation.

Attaching Policies Using Oracle JDeveloper

When creating an application using JDeveloper, you can take advantage of the wizards available to attach policies to Web services and clients.

For example, the following figure shows the Configure SOA WS Policies wizard that you can use to attach policies to SOA service or reference binding component quickly and easily.

Figure 2-1 Configure SOA WS Policies Wizard

For more information, see:

• "Managing Policies" and "Attaching Policies to Binding Components and Service Components" in Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite.

• "Securing Web Service Data Controls" in Oracle Application Development Framework Developer's Guide

• "Creating Web Service Proxies" in the JDeveloper Online Help.

Attaching Policies Using Oracle Enterprise Manager

After a Web service or client is deployed, you can attach policies using the Oracle Enterprise Manager.

For example, Figure 2-2 shows the Policies tab on the Web Service Endpoint page from which you can attach policies to a Web service endpoint.

Figure 2-2 Attaching Policies Using Oracle Enterprise Manager

Description of "Figure 2-2 Attaching Policies Using Oracle Enterprise Manager"

Complete details are provided in the following sections of Security and Administrator's Guide for Web Services:

• "Attaching a Policy to a Single Subject"

• "Attaching a Policy to Multiple Subjects (Bulk Attachment)"

• "Attaching Policies to Web Service Clients"