An application that is a web
service client can obtain the policy configuration of a web service
provider and use this information to establish a policy configuration
that is acceptable to both the client and the service provider.
Before you begin
You have developed a web service client
that contains all the necessary artifacts, and deployed your web services
application into your application server instance. If you require
them, you have attached the policy sets and managed the associated
bindings.
The service provider must publish its policy in its Web
Services Description Language (WSDL) and that policy must contain
its policy configuration at run time in WS-PolicyAttachments format.
The client must be able to support those provider policies.
For
a list of WS-Policy assertion specifications and WS-Policy domains
that are supported, see the WS-Policy topic.
About this task
You can administer the client to configure itself
dynamically at run time, based on the policy of the service provider
in the standard WS-PolicyAttachments format. You can administer the
client to apply dynamically the provider policy at the application
or service or service reference
level. By default, endpoints and operations inherit their policy configuration
from the relevant service. However, it
is possible to configure a service reference to override the service,
in which case the endpoints and operations inherit their policy configuration
from the service reference.
If
the provider policy uses multipart WSDL, you can use an HTTP GET request
to obtain the policy of the provider, but you cannot use the WS-MetadataExchange
protocol. For more information about multipart WSDL, see the topic
about WSDL.
Policy intersection is the comparison of a client
policy and a provider policy to determine whether they are compatible,
and the calculation of a new policy, known as the effective policy,
that complies with both their requirements and capabilities.
This
topic describes how to configure the client policy to use a service
provider policy by using the administrative console. You can also
configure the client policy to use a service provider policy by using
wsadmin commands.
Procedure
- From the navigation panel of the administrative console,
click .
- In the row for the application or service where you want
to apply the policy, click the link in the Policies Applied column. The Policies Applied panel is displayed.
- Select one of the following options from the drop-down
list:
- Provider policy only. Configure the client based solely on
the policy of the service provider. This option is available when
a client policy set is not attached.
- Client and provider policy. Configure the client based on
both the client policy set and the policy of the service provider.
This option is available when a client policy set is attached.
The other options in the list do not apply to this task.
- Use the radio buttons to select which method to employ
to obtain the provider policy: an HTTP GET request (see step 5) or
a WS-MetadataExchange request (see step 6).
- Optional: To obtain the provider policy by
using an HTTP GET request, click HTTP GET request. By default, the HTTP GET request is targeted at the URL for
the service endpoint followed by ?WSDL. For
example:
http://myhost:9080/WSSampleSei/EchoService?WSDL
When
the policy set attach point is at the application level you cannot
change this value.
- Optional: If you are applying a policy to
a service and the provider policy is located at the service endpoint,
ensure that Use the default request target is
selected.
- Optional: If you are applying a policy to
a service and the provider policy is not located at the service endpoint,
click Specify request target, then enter the
URL for the location of the provider policy in the field. For
example, you might change the target of the HTTP GET request if the
provider policy is located in a repository.
- Optional: If you select HTTP
GET request as the method to be used to obtain the provider
policy and if you select Specify request target and
you want to configure transport-level security, select Attach
a system policy set to the HTTP GET request, then select
a suitable policy set and binding from the drop-down lists. Select
the policy set you require from the Policy set list to provide transport-level
security for the HTTP GET request. Select from system policy sets
that contain solely HTTP transport policies, solely SSL transport
policies, or both; the policy set cannot contain other policy types.
Select the binding you require from the Binding list for the HTTP
GET request. You can select from general bindings that are scoped
to the global domain or scoped to the security domain of this service.
- Optional: To obtain the provider policy by
using a Web Services Metadata Exchange (WS-MetadataExchange) GetMetadata
request, click WS-MetadataExchange request.
- Optional: If you select WS-MetadataExchange
request and want to use message-level security, select Attach
a system policy set to the WS-MetadataExchange request,
then select a suitable policy set and binding from the drop-down lists. See Configuring security for a WS-MetadataExchange request.
- Click OK.
- 將您所做的變更儲存到主要配置.
Results
The web application client-side policy
is calculated when it is required at run time, based either on the
policy of the service provider, or on the client policy set and the
policy of the service provider, depending on which option you selected.
This calculated policy is known as the
"effective policy" and
is cached as a runtime configuration. The effective policy is used
for subsequent outbound web service requests to the endpoint or operation
for which the dynamic policy calculation was performed. The policy
set configuration of the client does not change.
The provider policy
that the client holds for a service is refreshed the first time that
the web service is invoked after the application is loaded. After
that, the provider policy is refreshed when the application restarts,
or if the application explicitly invokes a refresh. When the provider
policy is refreshed, the effective policy is recalculated.