Configuring Message-Level Security 2-89

2.21.2 Configuring Smart Policy Selection

You can configure multiple policy alternatives for a single Web service by creating a custom policy, as shown in Example 2–22 . You then configure the Web service client to make a policy selection preference. In this release of WebLogic Server, you can configure the policy selection preferences for the Web service client by using the WebLogic Server Administration Console, and via stubs. The following preferences are supported: ■ Security ■ Performance ■ Compatibility

2.21.2.1 How the Policy Preference is Determined

The Web services runtime uses your policy selection preference to examine the policy alternatives and select the best choice. If there are multiple policy choices, the system uses the configured preference list, the availability of the credential, and setting of the optional function to determine the best selection policy. If multiple policy alternatives exist for a client, the following selection rules are used: ■ If the preference is not set, the first policy alternative will be picked, except if the policy alternative is defined as wsp:optional=true. ■ If the preference is set to security first, then the policy that has the most security features is selected. ■ If the preference is set to compatibilityinterop first, then the policy that has the lowest version is selected. ■ If the preference is set to performance first, then the policy with the fewest security features is selected. For the optional policy assertions, the following selection rules are used: ■ If the default policy selection preference is set, then the optional attribute on any assertion is ignored. ■ If the Compatibility or Performance preference is set, then any assertion with an optional attribute is ignored; therefore the assertion is ignored. ■ If the security policy selection preference is set, optional assertions are included and alternative assertions are never generated.

2.21.2.2 Configuring Smart Policy Selection in the Console

Perform the following steps to configure smart policy selection in the Console: 1. If you do not already have a functional Web services security configuration, create a Web services security configuration as described in the Oracle WebLogic Server Administration Console Help. 2. Edit the Web services security configuration. On the General tab, set the Policy Selection Preference. The following values are supported: ■ None default ■ Security then Compatibility then Performance SCP 2-90 Securing WebLogic Web Services for Oracle WebLogic Server ■ Security then Performance then Compatibility SPC ■ Compatibility then Security then Performance CSP ■ Compatibility then Performance then Security CPS ■ Performance then Compatibility then Security PCS ■ Performance then Security then Compatibility PSC 3. Save and activate your changes.

2.21.2.3 Understanding Body Encryption in Smart Policy