6-32 Oracle Fusion Middleware Security and Administrators Guide for Web Services 6. For ADF and WebCenter applications, restart the Web service application. You do not need to restart a SOA composite. For more information about these WLST commands and their arguments, see Web Services Custom WLST Commands in WebLogic Scripting Tool Command Reference. 7 Managing Web Service Policies 7-1 7 Managing Web Service Policies This chapter includes the following sections: ■ Overview of Web Services Policy Management ■ Viewing Available Web Services Policies ■ Viewing a Web Service Policy ■ Searching for Web Service Policies ■ Creating Web Service Policies ■ Managing Policy Assertion Templates ■ Validating Web Services Policies ■ Editing Web Service Policies ■ Versioning Web Service Policies ■ Exporting Web Service Policies ■ Deleting Web Service Policies ■ Generating Client Policies ■ Enabling or Disabling a Policy for a Single Policy Subject ■ Enabling or Disabling a Policy for All Subjects ■ Enabling or Disabling Assertions Within a Policy ■ Analyzing Policy Usage ■ Policy Advertisement Overview of Web Services Policy Management For information about Web services policies and how Oracle Fusion Middleware uses policies to manage Quality of Service QoS for Web services, see Understanding Oracle WSM Policy Framework on page 3-1. Viewing Available Web Services Policies You can use both Fusion Middleware Control and the WebLogic Scripting Tool WLST to view the Web service polices in your domain. In Fusion Middleware Control, you view the policies using the Web Services Policies page. Use the procedures in the following sections to view a list of the policies. 7-2 Oracle Fusion Middleware Security and Administrators Guide for Web Services Navigating to the Web Services Policies Page in Fusion Middleware Control You manage the Web services policies in your farm from the Web Services Policies page. From this page, you can view, create, edit, and delete Web services policies.

1. In the navigator pane, expand WebLogic Domain to show the domain for which

you want to see the policies. Select the domain.

2. Using Fusion Middleware Control, click WebLogic Domain, then Web Services

and then Policies. The Web Services Policies page is displayed Figure 7–1 . Figure 7–1 Web Services Policy Page Displaying a List of the Available Policies Using WLST To display a list of the available policies using WLST:

1. Connect to the running instance of WebLogic Server for which you want to view

the Web services as described in Accessing the Web Services Custom WLST Commands on page 1-6.

2. Use the listAvailableWebServicePolicies WLST command to display a

list of the Web services. listAvailableWebServicePolicies[category],[subject] For example: wls:base_domaindomainRuntime listAvailableWebServicePolicies List of available OWSM policy - total : 58 security : oraclebinding_authorization_denyall_policy security : oraclebinding_authorization_permitall_policy security : oraclebinding_permission_authorization_policy security : oraclecomponent_authorization_denyall_policy security : oraclecomponent_authorization_permitall_policy security : oraclecomponent_permission_authorization_policy management : oraclelog_policy addressing : oraclewsaddr_policy mtom : oraclewsmtom_policy wsrm : oraclewsrm10_policy wsrm : oraclewsrm11_policy Managing Web Service Policies 7-3 3. Use the optional category and subject arguments to specify the policy category, such as security or management, and the policy subject type, such as server or client. For example: wls:base_domaindomainRuntime listAvailableWebServicePoliciessecurity,server List of available OWSM policy - total : 39 security : oraclewss_saml_or_username_token_service_policy security : oraclewss10_username_token_with_message_protection_service_policy security : oraclewss10_x509_token_with_message_protection_service_policy security : oracleno_messageprotection_service_policy security : oraclewss_saml_or_username_token_over_ssl_service_policy security : oraclewss10_username_token_with_message_protection_ski_basic256_ service_policy security : oraclewss11_saml20_token_with_message_protection_service_policy security : oraclewss_sts_issued_saml_bearer_token_over_ssl_service_policy security : oraclewss11_sts_issued_saml_hok_with_message_protection_service_ policy security : oraclewss11_kerberos_token_service_policy Viewing a Web Service Policy Follow the procedure below to view the policy details in read-only mode. To view a Web service policy 1. Navigate to the Web Services Policy page, as described in Navigating to the Web Services Policies Page in Fusion Middleware Control on page 7-2. 2. From the Web Services Policies page, select a policy from the Policies table and click View.

3. When you are done viewing the policy, click Return to Web Services Policies.

Searching for Web Service Policies In the Web Services Policies page, you can narrow down the number of policies that are returned by specifying criteria in the Search Filter Figure 7–2 . The wildcard character asterisk in the Name field matches any characters. Figure 7–2 Search Filter Criteria The policies that are returned are those that match the criteria specified in the Category, Applies To, and Name fields Table 7–1 . 7-4 Oracle Fusion Middleware Security and Administrators Guide for Web Services For example, if Security is selected in the Category field, and Service Endpoints is selected in the Applies To field, and the Name field is left blank, then the policies returned are those security policies that can be attached to Web service endpoints. Creating Web Service Policies You can create a Web service policy in one of the following ways: ■ Creating a new policy using assertion templates ■ Creating a policy from an existing policy ■ Importing a policy from a file ■ Creating custom policies The sections that follow describe how to create policies using each of these methods. Creating a New Web Service Policy Follow the procedure below to create a new policy using one or more assertion templates. Table 7–1 Search Filter Criteria Field Description Category Category to which the Web service policy belongs. The options are: ■ All ■ Security ■ MTOM Attachments ■ Reliable Messaging ■ WS-Addressing ■ Management Applies To Policy subject to which the policy can be attached. The options are: ■ All – All means that the policy is targeted for any type of endpoint. All refers to the policies that can be applied to Service Endpoints, or Service Clients, or SOA Components. ■ Service Endpoints – Policies that can be attached to Web services. See Types of Web Services and Clients in Oracle Fusion Middleware Introducing Web Services. ■ Service Clients – Policies that can be attached to Web service clients. See Types of Web Services and Clients in Oracle Fusion Middleware Introducing Web Services. ■ SOA Components – Policies that can be attached to SOA components SOA Web services are categorized as Service Endpoints, and SOA references are categorized as Service Clients. Name Name of the policy. You can enter the complete name or part of policy name. For example, if you enter http, any policy with http in any part of its name is returned.