A Custom Assertions Schema Reference

You can use the XML schema in this appendix as a reference when creating a WS-Policy file that contains custom web service assertions.

This appendix includes the following topics:

Understanding the Element Hierarchy of Custom Assertions in a WS-Policy File
Overview of Custom Assertion Elements

Understanding the Element Hierarchy of Custom Assertions in a WS-Policy File

The following figure illustrates the element hierarchy of the custom assertions in the WS-Policy file.

Figure A-1 Element Hierarchy of Custom Assertion

Description of ''Figure A-1 Element Hierarchy of Custom Assertion''

Overview of Custom Assertion Elements

A custom assertion contains the following elements:

wsp:Policy Element
orasp:Assertion Element
orawsp:bindings Element
orawsp:Implementation Element
orawsp:Config Element
orawsp:PropertySet Element
orawsp:Property Element
orawsp:Description Element
orawsp:Value Element

wsp:Policy Element

The <wsp:Policy> element groups nested policy assertions.

wsp:Policy Attributes

The following table summarizes the Oracle extensions to the WS-Policy attributes.

Table A-1 Oracle Extensions to WS-Policy Attributes

Attribute	Description
attachTo	Policy subjects to which the policy can be attached. Valid values include:binding.client, binding.server, binding.any.
category	Category of the policy. Valid values include: security and management.
description	Description of the policy.
status	Status of the policy reference. Valid values include: enabled and disabled.

wsp:Policy Example

The following example illustrates the <wsp:Policy> element:

<wsp:Policy xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:orasp="http://schemas.oracle.com/ws/2006/01/securitypolicy" 
  orawsp:status="enabled"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-util
ity-1.0.xsd" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  orawsp:category="security" 
  orawsp:attachTo="binding.server" 
  wsu:Id="ip_assertion_policy" 
  xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy" 
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
  wsp:Name="oracle/ip_assertion_policy">

orasp:Assertion Element

The <orasp:Assertion> element is the main element of the custom assertion.

orasp:Assertion Attributes

The following table summarizes the attributes of the <orasp:Assertion> element.

Table A-2 Attributes of <orasp:Assertion> Element

Attribute	Description
Optional	Flag that specifies whether the assertion is optional or required.
Silent	Flag that specifies whether the assertion is advertised. If set to true, the assertion is not advertised.
Enforced	Flag that specifies whether the assertion is currently enabled.
name	Name of the assertion.
description	Description of the assertion.
category	Category to which the assertion applies. Valid values include: security/authentication, security/msg-protection, security/authorization, security/logging and management.
provides	Web service endpoint type to which this policy can be attached. Note: This attribute is required for RESTful endpoints. For example, to specify RESTful web services: orawsp:provides="{http://schemas.oracle.com/ws/2006/01/policy}REST_HTTP"

orasp:Assertion Example

The following example illustrates the <orasp:Assertion> element:

<orasp:ipAssertion orawsp:Silent="true" orawsp:Enforced="true"
orawsp:name="WSSecurity IpAssertion Validator"
orawsp:category="security/authentication"
orawsp:provides="{http://schemas.oracle.com/ws/2006/01/policy}REST_HTTP">
...
</orasp:ipAssertion>

orawsp:bindings Element

The <oraswsp:bindings> element defines the bindings in the custom assertion.

orawsp:bindings Example

The following example illustrates the <oraswsp:bindings> element:

<orawsp:bindings>
...
</orawsp:bindings>

orawsp:Implementation Element

The <oraswsp:Implementation> element defines the custom assertion implementation class.

orawsp:Implementation Example

The following example illustrates the <oraswsp:Implementation> element:

<orawsp:Implementation>sampleassertion.IpAssertionExecutor</orawsp
:Implementation>

orawsp:Config Element

The <oraswsp:Config> element defines the configuration for the custom assertion.

orawsp:Config Attributes

The following table summarizes the attributes of the <orawsp:Config> element.

Table A-3 Attributes of <orawsp:Config> Element

Attribute	Description
name	Name of the configuration.
type	Category to which the configuration applies.
configType	Configuration type. Valid values include: declarative and programmatic. declarative—Use deployment descriptors and configuration files to describe authentication and authorization requirements. programmatic—Embed security enforcement within the application.

Attribute

Description

name

Name of the configuration.

type

Category to which the configuration applies.

configType

Configuration type. Valid values include: declarative and programmatic.

declarative—Use deployment descriptors and configuration files to describe authentication and authorization requirements.
programmatic—Embed security enforcement within the application.

orawsp:Config Example

The following example illustrates the <oraswsp:Config> element:

<orawsp:Config orawsp:name="ipassertion" orawsp:configType="declarative">

orawsp:PropertySet Element

The <oraswsp:PropertySet> element groups nested properties.

orawsp:PropertySet Attributes

The following table summarizes the attributes of the <orawsp:PropertySet> element.

Table A-4 Attributes of <orawsp:PropertySet> Element

Attribute	Description
name	Name of the property set.

orawsp:PropertySet Example

The following example illustrates the <oraswsp:PropertySet> element:

<orawsp:PropertySet orawsp:name="valid_ips">

orawsp:Property Element

The <oraswsp:Property> element defines a single property.

orawsp:Property Attributes

The following table summarizes the attributes of the <orawsp:Property> element.

Table A-5 Attributes of <orawsp:Property> Element

Attribute	Description
name	Name of the property.
type	Type of the property. For example, string.
contentType	Specifies whether the property is required and can be overridden. Valid values include: constant—Property is a constant value and cannot be overridden. required—Property is required and can be overridden. optional—Property is optional and can be overridden. For information about overriding policies, see "Overriding Policy Configuration Overrides" in Administering Web Services.

Attribute

Description

name

Name of the property.

type

Type of the property. For example, string.

contentType

Specifies whether the property is required and can be overridden. Valid values include:

constant—Property is a constant value and cannot be overridden.
required—Property is required and can be overridden.
optional—Property is optional and can be overridden.

For information about overriding policies, see "Overriding Policy Configuration Overrides" in Administering Web Services.

orawsp:Property Example

The following example illustrates the <orawsp:Property> element:

<orawsp:Property orawsp:name="valid_ips" orawsp:type="string"
 orawsp:contentType="constant">

orawsp:Description Element

The <oraswsp:Description> element provides a description of the property.

orawsp:Description Example

The following example illustrates the <oraswsp:Description> element:

<orawsp:Description>Valid IP Values</orawsp:Description>

orawsp:Value Element

The <oraswsp:Value> element provides a list of valid values for the property.

orawsp:Value Example

The following example illustrates the <oraswsp:Value> element:

<orawsp:Value>140.87.6.143,10.178.93.107</orawsp:Value>