Managing Web Service Policies 7-23

6. Select a generated policy from the table and click Edit.

7. In the Edit Policy page, edit the policy as necessary.

8. Click Validate to validate your changes.

9. Click Save to save the changes to your policy.

10. You are returned to the Generated Client Policies page. Edit the other policies as needed. Once the policy is saved, you can navigate to the Web Services Management page and find the policy in the Policies table. Enabling or Disabling a Policy for a Single Policy Subject When a policy is attached to a Web service, it is enabled by default. You may temporarily disable a policy for a single endpoint without disassociating it from the Web service. When the policy is disabled for an endpoint, it is not enforced for that endpoint. Using Fusion Middleware Control Policies must be individually enabled or disabled for the endpoint; you cannot enable or disable multiple policies at the same time. To enable or disable a policy attachment:

1. From the Web Service Endpoint page, click the OWSM Policies tab.

2. Select the policy you want to enable or disable.

For Oracle Infrastructure Web services, select a policy from the Directly Attached Policies table.

3. Select Enable or Disable to enable or disable the policy, respectively, and confirm

your selection. See Figure 7–15 . Figure 7–15 Enabling or Disabling a Policy Attachment 7-24 Oracle Fusion Middleware Security and Administrators Guide for Web Services Using WLST To enable or disable a policy or multiple policies attached to an endpoint port:

1. Connect to the running instance of WebLogic Server for which you want to view

the Web services as described in Accessing the Web Services Custom WLST Commands on page 1-6.

2. Use the listWebServicePolicies WLST command to display a list of the Web

service policies attached to the desired port. listWebServicePoliciesapplication,moduleOrCompName,moduleType,serviceName, subjectName For example, to see a list of the policies attached to the WsdlConcretePort, use the following command: wls:base_domaindomainRuntime listWebServicePoliciesbase_domainsoa_ server1jaxwsejb30ws, jaxwsejb,web,WsdlConcreteService,WsdlConcretePort WsdlConcretePort : security : oraclebinding_authorization_denyall_policy , enabled=true security : oraclewss_username_token_service_policy , enabled=true

3. Enable or disable a single policy using the enableWebServicePolicy

command and setting the enable argument to true or false, respectively. enableWebServicePolicyapplication, moduleOrCompName, moduleType, serviceName, subjectName, policyURI,[enable], [subjectType=None] For example, to disable the oraclebinding_authorization_denyall_ policy, enter the following command: wls:base_domaindomainRuntime enableWebServicePolicybase_domainsoa_ server1jaxwsejb30ws, jaxwsejb,web,WsdlConcreteService,WsdlConcretePort,oraclebinding_ authorization_denyall_policy,false

4. Enable or disable multiple policies attached to a port using the

enableWebServicePolicies command and setting the enable argument to true or false, respectively. enableWebServicePoliciesapplication, moduleOrCompName, moduleType, serviceName, subjectName, policyURIs,[enable],[subjectType=None] For example: wls:base_domaindomainRuntime enableWebServicePoliciesbase_domainsoa_ server1jaxwsejb30ws, jaxwsejb,web,WsdlConcreteService,WsdlConcretePort, [oraclebinding_authorization_denyall_policy,oraclewss_username_token_ service_policy],false Note: The procedure described in this section applies to Oracle Infrastructure Web services only. Managing Web Service Policies 7-25 5. For ADF and WebCenter applications, restart the Web service application. You do not need to restart a SOA composite. For more information about these WLST commands and their arguments, see Web Services Custom WLST Commands in WebLogic Scripting Tool Command Reference. Enabling or Disabling a Policy for All Subjects When a policy is created, it is enabled by default unless it has validation errors. A policy can be globally enabled or disabled from the Edit Policy page. You can enable or disable the policy from one central location, and it will be enabled or disabled for any policy subject to which it is attached. When you disable a policy from the Edit Policy page, the policy continues to be attached to the policy subjects, but the policy is not enforced. You may want to temporarily disable a policy if you discover that there is a problem with the policy that is causing all requests to a Web service to fail. Once the problem is corrected, you can globally enable the policy. Before disabling a policy, you may want to click Usage Analysis Link see Analyzing Policy Usage on page 7-26 to see the policy subjects to which the policy is attached. The change to the policy takes effect at the next polling interval for policy changes. You may also selectively enable or disable a policy for a specific policy subject rather than for all policy subjects. See Enabling or Disabling a Policy for a Single Policy Subject on page 7-23 for more information. To enable or disable a Web service policy for all policy subjects: 1. Navigate to the Web Services Policy page, as described in Navigating to the Web Services Policies Page in Fusion Middleware Control on page 7-2.

2. Select a policy from the Policies table and click Edit.

3. In the Policy Information section of the Edit Policy page, select or deselect the Enabled box to enable or disable the policy, respectively see Figure 7–16 . Figure 7–16 Enabled Box on the Edit Policy Page

4. Click Save.

Enabling or Disabling Assertions Within a Policy Rather than enable or disable an entire policy, you may wish to enable or disable one or more of the assertions that are contained within a policy. This provides a more fine-grained level of control over the assertions that are executed.