When working with policy sets in the administrative console,
you can customize policies to ensure message security. You can customize
the Hypertext Transfer Protocol (HTTP) transport policy configuration
or use the policy as it is provided with the default settings.
Before you begin
You can configure some settings for default policies for custom
policy sets. The provided default policy sets cannot be edited. To
customize a policy set, you must create a copy of the default policy
set or create a new policy set and specify the policies for the custom
policy set.
About this task
You can configure HTTP transport with the HTTP transport
policy. HTTP is an application-level protocol for distributed, collaborative,
hypermedia information systems. It is a generic, stateless, protocol
that can be used for many tasks beyond its use for hypertext, such
as name servers and distributed object management systems, through
extension of request methods, error codes and headers. A feature of
HTTP is the typing and negotiation of data representation, allowing
systems to be built independently of the data being transferred. HTTP
features and HTTP connections properties are applied to outbound messages
for both the service client and service provider.
You can only
configure a policy through a policy set. Therefore, before you can
configure the HTTP transport policy, a policy set must exist that
contains the HTTP transport policy. The provided default WSHTTPS policy
set is read only and it cannot be edited. To customize a policy set
that contains the HTTP transport policy, you must first create a copy
of the WSHTTPS default policy set or create a new policy set and add
the HTTP transport policy to the new policy set.
Avoid trouble: The WSHTTPS default policy set contains the HTTP
transport policy, the SSL transport policy and WS-Addressing policy.
If you do not require the SSL transport policy or the WS-Addressing
policy, you can customize your copy of the WSHTTPS default policy
set to delete the policies that you do not require.
gotcha
After
you have created a copy of the WSHTTPS default policy set or created
a new policy set with the HTTP transport policy added, you can customize
the HTTP transport policy. Use the HTTP transport policy settings
panel to customize the values of the HTTP transport policy properties
such as read or write timeout values. Your customized values for the
HTTP transport policy now apply for your policy set that contains
that custom HTTP transport policy. You can attach this policy set
containing your customized HTTP transport policy to your Java API
for XML-Based Web Services (JAX-WS) application, its services, endpoints,
or operations. This change affects all JAX-WS applications to which
that policy set is attached. To learn more about attaching policy
sets to applications, see the documentation for managing policy sets
for service providers and service clients at the application level.
For
example, if you have multiple policy sets, mypolicyset1 and mypolicyset2,
containing the HTTP transport policy, you can customize the HTTP transport
policy for each policy set to reflect different properties, such as
timeout values. Now, you can attach these customized policy sets to
one or more applications and these applications will use the HTTP
property values associated with the HTTP transport policy that is
contained within the attached policy set.
Procedure
- Create a policy set that contains the HTTP transport policy.
- Create a custom policy set.
From the administrative
console, click . From this panel
you can create a new policy set, copy an existing default policy set
such as WSHTTPS, import a copy of a policy set from the default repository
or you can import an existing policy set from your specified location.
- Add the HTTP transport policy to the policy set.
From the administrative console, click . In the policy collection, click . The HTTP transport window displays
options for configuring the HTTP settings for the transport policy.
- In the Protocol Version drop down list, click
the HTTP version to use. HTTP 1.1 is the default setting
but HTTP 1.0 is also available. Selecting HTTP 1.1 enables more of
the function on the rest of the HTTP transport window as some of the
options are not available for HTTP version 1.0.
- Complete the HTTP Features section. The following
check boxes determine which HTTP features are enabled for this transport:
- Session Enabled
- Whether the HTTP session is enabled when a message is sent.
- Enable chunked transfer encoding
- Whether chunked transfer encoding is enabled when a message is
sent. This option is only available if HTTP 1.1 is selected in the Protocol
version field (it is greyed out and disabled if HTTP 1.0 is selected).
- Send expect "100-request" header
- Displays whether the expect "100-request" header is enabled when
a message is sent. This option is only available if HTTP 1.1 is selected
in the Protocol version field (it is greyed out and disabled
if HTTP 1.0 is selected).
- Accept URL redirection automatically
- Displays whether the URL is automatically redirected when a message
is sent.
- Compress request content
- Displays whether the request content is compressed when a message
is sent.
- Compress response content
- Displays whether the response content is compressed when a message
is sent.
- Complete the HTTP Connections section. The
following fields determine how HTTP connections are configured for
this transport:
- Read timeout
- Displays the length of time, in seconds, for the read to time
out when a message is sent.
- Write timeout
- Displays the length of time, in seconds, for the write to time
out when a message is sent.
- Connection timeout
- Displays the length of time, in seconds, for the connection to
time out when a message is sent.
- Use persistent connection
- Displays whether a persistent connection is to be used when a
message is sent. This option is only available if HTTP 1.1 is selected
in the Protocol version field.
- Resend enabled
- Displays whether or not a message can be resent. Click this check
box to enable a message to be sent again.
- Customize the HTTP transport provider bindings.
- Navigate to the HTTP transport provider bindings.
From the administrative console, click .
The HTTP transport (bindings)
window displays options for configuring the HTTP transport bindings.
- Specify the properties for the Proxy for outbound asynchronous
service responses.
The following fields determine proxy
specifications for outbound asynchronous service responses:
- Host
- Displays the host name for the outbound asynchronous service responses
proxy.
- Port
- Displays the port number for the outbound asynchronous service
responses proxy. You can enter or edit the port number.
- User name
- Displays the user name for the outbound asynchronous service responses
proxy.
- Password
- Displays a placeholder for the password for the outbound asynchronous
service responses proxy. You can enter or edit the password. The actual
password is masked.
- Confirm password
- Displays a placeholder for the password for the outbound asynchronous
service responses proxy that must match the one in the Password field.
The actual password is masked.
- Specify the properties for the Basic authentication
for outbound asynchronous responses.
The following
fields determine authentication specifications for outbound asynchronous
responses:
- User name
- Displays the user name for basic authentication of outbound asynchronous
responses.
- Password
- Displays a placeholder for the password for basic authentication
of outbound asynchronous responses. The actual password is masked.
- Confirm password
- Displays a placeholder for the password for basic authentication
of outbound asynchronous responses that must match the one in the Password field.
The actual password is masked.
- Customize the HTTP transport client bindings.
- Navigate to the HTTP transport client bindings.
From the administrative console, click .
The HTTP transport (bindings)
window displays options for configuring the HTTP transport bindings.
- Specify the properties for the Proxy for outbound service
requests. The following fields determine proxy specifications
for outbound service requests:
- Host
- Displays the host name for the outbound service request proxy.
- Port
- Displays the port number for the outbound service request proxy.
- User name
- Displays the user name for the outbound service request proxy.
- Password
- Displays a placeholder for the password for the outbound service
request proxy. The actual password is masked.
- Confirm password
- Displays a placeholder for the password for the outbound service
request proxy that must match the one in the Password field.
The actual password is masked.
- Specify the properties for Basic authentication for
outbound service requests. The following fields determine
authentication specifications for outbound service requests:
- User name
- Displays the user name for basic authentication of outbound service
requests.
- Password
- Displays a placeholder for the password for basic authentication
of outbound service requests. The actual password is masked.
- Confirm password
- Displays a placeholder for the password for basic authentication
of outbound service requests that must match the one in the Password field.
The actual password is masked.
Results
After you have customized the HTTP transport policy, the associated
policy set uses this policy to protect message transmission.
Example
You can attach policy sets to an application, its services,
endpoints, or operations. In this example scenario, suppose you have
two different JAX-WS service clients for your application, but you
want to use different HTTP transport property values for each service
client. Specifically, you want to configure a different read or write
timeout value for each service client. To modify the HTTP timeout
values, you can edit the values of the HTTP transport policy that
is contained within the policy set that is attached to your application
or in this case, your service client. This change affects all applications
to which the policy set containing the custom HTTP transport policy
is attached.
This example describes the steps for configuring
different read, write, and connection timeout values for service clients
deployed in the same application server. This example makes the following
assumptions:
- There are two JAX-WS service clients, ServiceClient1 and ServiceClient2,
that are deployed in the application server.
- The HTTP transport policy has not been previously attached to
these applications.
- Create two new policy sets and add the HTTP transport policy to
them. For example: HTTPServiceClient1Policy and HTTPServiceClient2Policy
- Click .
- Enter the name of the new application policy set, HTTPServiceClient1Policy.
- From the Policies collection, click .
- Click and to save your changes to
the master configuration.
- Repeat these steps to create the HTTPServiceClient2Policy.
- Customize the HTTP transport policy settings for the newly created
HTTPServiceClient1Policy and HTTPServiceClient2Policy policy sets.
For example, customize the read and write timeout values for the HTTP
transport policy contained in the HTTPServiceClient1Policy policy
set and the connection timeout value for the HTTP transport policy
contained in the HTTPServiceClient2Policy policy set.
- Click HTTPServiceClient1Policy .
- From the Policies collection, click .
- From the HTTP transport policy configuration panel, change the
HTTP connection read and write timeout values to 500 seconds.
- Click and to save your changes to
the master configuration.
- Click HTTPServiceClient2Policy .
- From the Policies collection, click .
- From the HTTP transport policy configuration panel, change the
HTTP connection timeout value to 360 seconds.
- Click and to save your changes to
the master configuration.
- Attach the custom HTTP transport policy, HTTPServiceClient1Policy,
to your application, ServiceClient1. Similarly, attach the custom
HTTP transport policy, HTTPServiceClient2Policy, to ServiceClient2.
- Click ServiceClient1.
- From the Policy set attachments collection, select the service, ServiceClient1.
- Click and click on HTTPServiceClient1Policy.
- Click to
save your changes to the master configuration.
- Click ServiceClient2.
- From the Policy set attachments collection, select the service, ServiceClient2.
- Click and click on HTTPServiceClient2Policy.
- Click to
save your changes to the master configuration.
As a result, the ServiceClient1 application now has the
HTTPServiceClient1Policy attached and the HTTP sessions will use a
read and write timeout value of 500 seconds. The ServiceClient2 application
has the HTTPServiceClient2Policy attached and the HTTP sessions will
use a connection timeout value of 360 seconds.
What to do next
You can customize policies to ensure message security by
configuring the SSL transport policy.