Managing Web Service Policies 7-5 To create a new Web service policy 1. Navigate to the Web Services Policy page, as described in Navigating to the Web Services Policies Page in Fusion Middleware Control on page 7-2.

2. From the Category menu, select the category to which this policy will belong and

click Create. 3. In the Create Policy page Figure 7–3 , enter the path, name, and brief description for your policy. All policies are identified by the directory in which the policy is located. Oracle recommends that you follow the policy naming conventions described in Recommended Naming Conventions for Policies on page 3-10. Figure 7–3 Create Policy Page

4. Set the Local Optimization control. See

Configuring Local Optimization for a Policy on page 11-101 for a description of the Local Optimization control. 5. By default, the policy is enabled. If you want to disable the policy, clear the Enabled box. A policy that is not enabled is not enforced at run time. 6. Specify the type of policy subjects the policy can be attached to by selecting from the Applies To menu. If you select Service Bindings, then specify whether the policy can be attached to Web service endpoints, Web service clients, or to both. Of the predefined assertions, only assertions which you add next of type securitylogging can be added under Service Category Both. If you plan to add other types of assertions, choose Service Endpoints or Service Clients. 7. To add a single assertion:

a. In the Assertions section, click Add.

Note: The Create button is available only for the Security and Management categories. Note: You cannot edit the name of a policy once the policy is created. To change the policy name, you will need to copy the policy and assign it a different name. 7-6 Oracle Fusion Middleware Security and Administrators Guide for Web Services b. In the Add Assertion box, enter a meaningful name for your assertion, and select an assertion template from the Assertion Template list. See Appendix C, Predefined Assertion Templates for information on the Oracle Fusion Middleware Web Services policy assertion templates.

c. Click OK.

8. To add an OR group, click Add OR Group. For more details, see

Adding an OR Group to a Policy on page 7-13. 9. In the Assertions section, select the assertion you just added. 10. In the Assertion Details section, enter a description for the assertion.

11. If active for the assertion category, on the Settings tab specify the properties for

the assertion. Click the Help icon for information on setting the properties. 12. If active for the assertion category, click the Configurations tab to set the configuration options. Click the Help icon for information on setting the properties. 13. Add additional assertions as needed.

14. When you have finished adding assertions, select the assertions and use the Up

and Down controls to order them as needed. Assertions are invoked in the order in which they appear in the list.

15. Click Validate to verify that the policy does not contain errors. For more

information on policy validation, see Validating Web Services Policies on page 7-15. If the policy is invalid, it is disabled as a precaution. After you correct the validation issues, you will have to enable the policy.

16. Click Save.

Creating a Web Service Policy from an Existing Policy You can take a Web service policy and use it as a base for creating another policy. By default, Oracle Fusion Middleware 11g Release 1 11.1.1 comes with predefined policies. You can create a copy of one of the predefined policies or you can create a copy of a policy that you have created. Once the policy is created, you can treat it like any other policy, adding or deleting assertions, and modifying existing assertions. To make a copy of a Web service policy 1. Navigate to the Web Services Policy page, as described in Navigating to the Web Services Policies Page in Fusion Middleware Control on page 7-2. 2. From the Web Services Policies page, select a policy from the Policies list and click Create Like. 3. In the Create Policy page, enter a name for the policy. The word Copy is appended to the name of the copied policy and, by default, this is the name assigned to the new policy. For example, if the policy being copied is named oraclewss10_username_token_service, then the default name of the copy is oraclewss10_username_token_service_Copy. It is recommended that you change the name of this new policy to be more meaningful in your environment. 4. Modify the policy as required, including the assertions. Managing Web Service Policies 7-7

5. Click Validate to verify that the policy does not contain errors. For more

information on policy validation, see Validating Web Services Policies on page 7-15.

6. Click Save.

Importing Web Service Policies Follow the procedure in this section to import a policy into the Oracle WSM repository. Once the policy is imported, you can attach it to Web services and make changes to it. To import a Web service policy 1. Navigate to the Web Services Policy page, as described in Navigating to the Web Services Policies Page in Fusion Middleware Control on page 7-2.

2. From the Web Services Policies page, click Import From File.

3. In the Create Policy From File box, enter the file path of the file in the Select Policy

File Box. Or, you can click on the Browse button and select the policy file.

4. Click OK.

Creating Custom Policies For information about creating custom Web service policies using custom assertions, see Creating Custom Assertions in Oracle Fusion Middleware Extensibility Guide for Oracle Web Services Manager. Managing Policy Assertion Templates Your Fusion Middleware installation includes predefined assertion templates that you can use to construct your policies or copy to create new policies. For additional information, see Building Policies Using Policy Assertions on page 3-5. You can add one or more assertions to a policy. The predefined assertions are described in Appendix C, Predefined Assertion Templates . Assertions are executed in the order in which they appear in the list. You can change the order of the assertions in the list by selecting the assertion and clicking the Up or Down arrow. The following sections provide more information about working with assertions: ■ Navigating to the Web Services Assertion Templates Page on page 7-8 ■ Naming Conventions for Assertion Templates on page 7-8 ■ Viewing an Assertion Template on page 7-9 ■ Searching for an Assertion Template on page 7-9 Note: The policy name you import must not already exist in the repository. Be aware that policy name and file name are different. The policy name is specified by the name attribute of the policy content; the file name is the name of the policy file. You might find it convenient for the two names to match, but it is not required. You cannot prefix the name of a policy with oracle_. Otherwise, you will receive exceptions when you try to use the policy.