Annotation Security

It is possible to implement custom WS-Policy support using inbuilt annotation support on individual Inbound Web Service definitions. This allows the policies to be implemented within the product and allows for backward compatibility for sites using XML Application Integration (XAI).

The product supports custom WS-Policy files using the following method:

• The WS-Policy formatted XML file containing the policy definition is installed in the $SPLEBASE/splapp/iws/resources/policies directory (or %SPLEBASE%\splapp\iws\resources\policies directory on Windows).

• A Web Service Annotation of type F1POLICY is defined using the Web Service Annotation maintenance function. In that Annotation entry the following should be configured:

• uri: The name of the policy XML file located in the policies directory in the format "policy:<policyname>" where <policyname> is the name of the file containing the policy. For example: "policy:UsernameToken.xml".

• attachToWsdl: Whether the WS-Policy file is attached to the WSDL (for SOAP Web Services only).

• direction: Specifies when to apply the policy as per weblogic.jws.Policy.Direction. For example: Direction.both

• The annotation is attached to the relevant Inbound Web Services to implement the policy using the Inbound Web Services maintenance function.

Note: Multiple policies can be added as documented in Support for Multiple Policies.