WS-Policy Configuration Class Details
For reference, this topic contains details on the configuration class that InterSystems IRIS uses to store WS-Policy information.
Configuration Class Basics
To create a WS-Policy configuration class manually, create a subclass of %SOAP.ConfigurationOpens in a new tab. In this class, add an XData block as follows:
XData service
{
<cfg:configuration xmlns:cfg="http://www.intersystems.com/configuration" name="service">
...
The XData block has the following general structure:
XData service
{
<cfg:configuration ...>
<service ...>
<method ...>
<request ...>
<response ...>
...
The elements <service>, <method>, <request>, and <response> can each include policy information that applies at that level. The <service> element is required, but the other elements are optional.
The policy information, if included, is either a policy expression (that is, an <wsp:Policy> element) or a policy reference (that is, a <wsp:PolicyReference> element that points to a policy contained in another XData block in the same configuration class). The following sections provide more details.
Note that <PolicyReference> is supported only in two locations: in place of a <Policy> element within a configuration element or as the only child of a <Policy> element.
Adding InterSystems Extension Attributes
In addition to the cfg:wsdlElement attribute (previously discussed), you may need to add InterSystems extension attributes in the following elements within your policy elements:
-
<sp:X509Token> (within <sp:InitiatorToken> or <sp:RecipientToken>)
In this element, specify a value for the cfg:FindField and cfg:FindValue attributes, which specify the InterSystems IRIS credential set to use for this token.
-
The cfg:FindField attribute specifies the name of the field by which to search. Typically this is Alias.
-
the cfg:FindValue attribute specifies the value of that field. If cfg:FindField is Alias, then this is the name of the InterSystems IRIS credential set.
For example:
<sp:X509Token IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never" cfg:FindField="Alias" cfg:FindValue="servercred"> <wsp:Policy> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token>
-
-
<sp:HttpsToken>
In this element, specify a value for the cfg:SSLConfiguration attribute. This should equal the name of an InterSystems IRIS SSL/TLS configuration. For example:
<sp:HttpsToken cfg:SSLConfiguration="mysslconfig"> <wsp:Policy/> </sp:HttpsToken>
Specify this attribute only for the web client.
-
<sp:SecureConversationToken>
In this element, you can specify the cfg:Lifetime attribute. This should equal the lifetime for the secure conversation, in hours or fractional hours. The default lifetime is 5 minutes. Suppose that we want to specify that the lifetime is 15 minutes. To do so, we edit <sp"SecureConversationToken> as follows.
<sp:SecureConversationToken cfg:Lifetime=".25" sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:MustNotSendAmend/> <sp:MustNotSendRenew/> ... </wsp:Policy> </sp:SecureConversationToken>
Specify this attribute only for the web client.
For information on the prefix cfg, see the next section.
If you generate a configuration class while generating a web client or service, you may need to edit these attributes.
Details for the Configuration XData Block
This section describes the contents of the XData block of a web service or client configuration class.
The <configuration>, <service>, <method>, <request>, and <response> elements must all be in the following namespace:
"http://www.intersystems.com/configuration"
In this topic, the prefix cfg refers to that namespace.
Also see InterSystems Extension Attributes.
<configuration>
The <configuration> element is the root element in the XData block. This element includes the following items:
Attribute or Element | Purpose |
---|---|
name | (Optional) Name of this configuration. If specified, this must match the name of the XData block. |
<service> | (Optional) Associates a policy with an InterSystems IRIS web service or web client. |
<service>
The <service> element associates a policy with an InterSystems IRIS web service or web client. This element includes the following items:
Attribute or Element | Purpose |
---|---|
classname | (Required) Full package and class name of an InterSystems IRIS web service or client. |
<wsp:Policy> | (Include 0 or 1) Specifies the policy to apply to this web service or client (at the binding level). Specify a WS-Policy 1.2 or WS-Policy 1.5 policy expression.
Specify <wsp:Policy>, <wsp:PolicyReference>, or neither. |
<wsp:PolicyReference> | (Include 0 or 1) Specifies the policy reference to apply to this web service or client (at the binding level). If you specify this, the policyID attribute must be a reference to a local policy defined in a different XData block in the same configuration class. For an example, see Configuration with PolicyReference.
Specify <wsp:Policy>, <wsp:PolicyReference>, or neither. |
<method> | (Include 0 or more) Associates a policy with a specific web method in the given web service or client (to apply at the operation level). The <service> element can include any number of <method> elements. |
For example:
<cfg:configuration
xmlns:cfg="http://www.intersystems.com/configuration"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wsap="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsp="http://www.w3.org/ns/ws-policy"
name="service">
<cfg:service classname="DemoPolicies.NoSecurity">
<wsp:Policy>
<wsap:UsingAddressing/>
</wsp:Policy>
</cfg:service>
</cfg:configuration>
Within the <wsp:Policy> or <wsp:PolicyReference> child of <service>, you can specify the cfg:wsdlElement attribute, which specifies the part of the WSDL to which to attach this policy element. In this context, this attribute can have any of the following values:
-
"service" — Attach this policy element to the WSDL <service> element.
-
"port" — Attach this policy element to the WSDL <port> element.
-
"binding" (the default) — Attach this policy element to the WSDL <binding> element.
-
"portType" — Attach this policy element to the WSDL <portType> element.
<method>
The <method> element associates a policy with a specific web method within the web service or client specified by the parent <service> element. The <method> element includes the following items:
Attribute or Element | Purpose |
---|---|
name | Name of a web method. |
<wsp:Policy> | (Include 0 or 1) Specifies the policy to apply to this web service or client (at the operation level). Specify a WS-Policy 1.2 or WS-Policy 1.5 policy expression.
Specify <wsp:Policy>, <wsp:PolicyReference>, or neither. |
<wsp:PolicyReference> | (Include 0 or 1) Specifies an optional reference WS-Policy 1.2 or WS-Policy 1.5 policy expression for this web method. The policyID attribute is a reference to a local policy defined in a different XData block in the same configuration class. For an example, see Configuration with PolicyReference.
Specify <wsp:Policy>, <wsp:PolicyReference>, or neither. |
<request> | (Include 0 or 1) Associates a policy with the request message for the web method. |
<response> | (Include 0 or 1) Associates a policy with the response message for the web method. |
Within the <wsp:Policy> or <wsp:PolicyReference> child of <method>, you can specify the cfg:wsdlElement attribute, which specifies the part of the WSDL to which to attach this policy element. In this context, this attribute can have any of the following values:
-
"binding" (the default) — Attach this policy element to the WSDL <binding> element.
-
"portType" — Attach this policy element to the WSDL <portType> element.
<request>
The <request> element associates a policy with the request message for the web method to which the parent <method> element refers. The <request> element includes the following items:
Attribute or Element | Purpose |
---|---|
<wsp:Policy> | (Include 0 or 1) Specifies the policy to apply to the request message. Specify a WS-Policy 1.2 or WS-Policy 1.5 policy expression.
Specify <wsp:Policy>, <wsp:PolicyReference>, or neither. |
<wsp:PolicyReference> | (Include 0 or 1) Specifies an optional reference WS-Policy 1.2 or WS-Policy 1.5 policy expression for the request message. The policyID attribute is a reference to a local policy defined in a different XData block in the same configuration class. For an example, see Configuration with PolicyReference.
Specify <wsp:Policy>, <wsp:PolicyReference>, or neither. |
Within the <wsp:Policy> or <wsp:PolicyReference> child of <request>, you can specify the cfg:wsdlElement attribute, which specifies the part of the WSDL to which to attach this policy element. In this context, this attribute can have any of the following values:
-
"binding" (the default) — Attach this policy element to the WSDL <binding> element.
-
"portType" — Attach this policy element to the WSDL <portType> element.
-
"message" — Attach this policy element to the WSDL <message> element.
<response>
The <response> element associates a policy with the response message for the web method to which the parent <method> element refers. The <response> element includes the following items:
Attribute or Element | Purpose |
---|---|
<wsp:Policy> | (Include 0 or 1) Specifies the policy to apply to the response message. Specify a WS-Policy 1.2 or WS-Policy 1.5 policy expression.
Specify <wsp:Policy>, <wsp:PolicyReference>, or neither. |
<wsp:PolicyReference> | (Include 0 or 1) Specifies an optional reference WS-Policy 1.2 or WS-Policy 1.5 policy expression for the response message. The policyID attribute is a reference to a local policy defined in a different XData block in the same configuration class. For an example, see Configuration with PolicyReference.
Specify <wsp:Policy>, <wsp:PolicyReference>, or neither. |
Within the <wsp:Policy> or <wsp:PolicyReference> child of <response>, you can specify the cfg:wsdlElement attribute, which specifies the part of the WSDL to which to attach this policy element. In this context, this attribute can have any of the following values:
-
"binding" (the default) — Attach this policy element to the WSDL <binding> element.
-
"portType" — Attach this policy element to the WSDL <portType> element.
-
"message" — Attach this policy element to the WSDL <message> element.
Example Custom Configurations
This section provides examples of some custom configuration classes.
Configuration with Policy Alternatives
The following configuration class includes two policy alternatives: either use WS-Addressing headers or do not.
/// PolicyAlternatives.DivideWSConfig
Class PolicyAlternatives.DivideWSConfig Extends %SOAP.Configuration
{
XData service
{
<cfg:configuration xmlns:cfg="http://www.intersystems.com/configuration"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wsap="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsp="http://www.w3.org/ns/ws-policy"
name="service">
<cfg:service classname="PolicyAlternatives.DivideWS">
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsap:UsingAddressing/>
</wsp:All>
<wsp:All>
<wsp:Policy/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</cfg:service>
</cfg:configuration>
}
}
When used with a web client whose attached policy requires WS-Addressing, this web service responds with a message that has WS-Addressing headers. When used with a client whose policy does not use WS-Addressing, this web service responds with messages without WS-Addressing headers.
Another scenario would be for one policy to require SSL/TLS and an alternative policy to use message encryption.
Configuration with Policy Reference
The following configuration class contains two XData blocks. One contains a policy whose ID attribute is mypolicy. The other contains a configuration for a web service; this configuration refers to the policy contained in the other XData block:
Class DemoPolicies.WithReferenceConfig Extends %SOAP.Configuration
{
XData service
{
<cfg:configuration
xmlns:cfg="http://www.intersystems.com/configuration"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wsp="http://www.w3.org/ns/ws-policy"
name="service">
<cfg:service classname="DemoPolicies.WithReference">
<wsp:PolicyReference URI="#mypolicy">
</wsp:PolicyReference>
</cfg:service>
</cfg:configuration>
}
XData Policy1
{
<wsp:Policy
xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility"
xmlns:wsap="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsoma="http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization"
wsu:Id="mypolicy">
<wsap:UsingAddressing/>
<wsoma:OptimizedMimeSerialization/>
</wsp:Policy>
}
}
In this example, the policy expression is contained in an XData block named Policy1. The name of this block has no effect on the WSDL or on any SOAP operations.