A WebSphere® Application Server service
provider can share its current policy configuration through its Web
Service Description Language (WSDL). The policy configuration is in
standard WSDL WS-PolicyAttachment format so that it can be shared
with other clients, service registries, or services that support the
Web Services Policy (WS-Policy) specification.
You can make the policy configuration of a Java API for XML-Based Web Services (JAX-WS)
service endpoint available to share in two ways:
- Include the policy configuration of the service provider in the
WSDL. The WSDL is then available to publish, or to obtain by using
an HTTP Get request.
- Enable the Web Services Metadata Exchange (WS-MetadataExchange)
protocol so that the policy configuration of the service provider
is included in the WSDL and is available to a WS-MetadataExchange
GetMetadata request. An advantage of using the WS-MetadataExchange
protocol is that you can apply message-level security to WS-MetadataExchange
GetMetadata requests by using a suitable system policy set.
The policy configuration
in the WSDL is in the standard WS-PolicyAttachments format. Any WS-Policy
attachments that were in the WSDL previously are removed. Note that
policy configuration information becomes available in the WSDL to
publish, but it is not available if you just view the WSDL document
using the administrative console. Also, policy configuration information
is not available in WSDL that is published remotely by using an administrative
agent.
If
the service provider application uses multipart WSDL, all the WSDL
must be local to the Web service application. For more information
about multipart WSDL, see the topic about WSDL.
A service provider that is configured to
use Security Assertion Markup Language (SAML) can share policy for
use by a WebSphere Application Server client
or a service registry.
By default, the policy configuration of the service provider is
not included in the WSDL. To include the policy configuration of the
service provider in the WSDL, and specify how it is shared, you can
use the administrative console or wsadmin commands.
Application developers can specify that a service provider shares
its policy configuration, and how it is shared, by using Rational® Application Developer tools when a Web service
is generated. For more information, see the Rational Application Developer documentation.
Transport policy information is not included in the policy configuration
because transport policies such as HTTP, SSL, and JMS cannot be expressed
in WS-PolicyAttachment format.
Bootstrap policy information, for example, the policy to access
a WS-Trust service, can be included in the policy configuration if
the bootstrap policy is expressed in WS-PolicyAttachment format.
You can configure a service provider to share its policy configuration
at application or service level. The policy configuration that is
represented by the policy sets attached to any lower levels will also
be shared. Policy sets that are attached at lower levels override
the policy set configuration attached at a higher level.
Troubleshooting policy configuration sharing
A service provider might not be able to share
its policy configuration because the configuration cannot be expressed
in the standard WS-PolicyAttachments format. One reason might be because
multiple incompatible policies are defined for a particular attach
point. Another reason might be because there is not enough binding
information to generate the standard policy. Policy configuration
might include bootstrap policy, for example, the policy to access
a WS-Trust service, so the bootstrap policy must also be expressed
in WS-PolicyAttachments format.
If the
policy configuration cannot be shared, an error that describes the
problem is written to the service provider error log, and the following
policy is attached to the WSDL of the service provider:
<wsp:Policy>
<wsp:ExactlyOne>
</wsp:ExactlyOne>
</wsp:Policy>
This policy notifies the client that there
is no acceptable policy configuration for the service. Other aspects
of the WSDL are unaffected.