7-30 Oracle Fusion Middleware Security and Administrators Guide for Web Services 8 Attaching Policies to Web Services 8-1 8 Attaching Policies to Web Services This chapter includes the following sections: ■ Viewing the Policies That are Attached to a Web Service ■ Attaching Policies to Web Services ■ Attaching Policies to Web Service Clients ■ Attaching Web Service Policies Permitting Overrides ■ Attaching Client Policies Permitting Overrides ■ Configuring User-Defined Client- or Server-Side Override Properties Viewing the Policies That are Attached to a Web Service The following sections describe how to view the policies that are attached to a Web service using Fusion Middleware Control and the WebLogic Scripting Tool WLST. Using Fusion Middleware Control To view the policies that are attached to a Web service: 1. Navigate to the home page for the Web service, as described in Navigating to the Web Services Summary Page for an Application on page 6-4. 2. In the Web Service Details section of the page, click on the plus + for the Web service to display the Web service endpoints if they are not already displayed. 3. Click the name of a endpoint to navigate to the Web Service Endpoints page for a particular Web service.

4. Click the OWSM Policies tab.

Figure 8–1 shows the screen display for an Oracle Infrastructure Web service endpoint that has both a globally attached and a directly attached policy. Only policies in effect for the endpoint are displayed. For details about effective policies for an endpoint, see Calculating the Effective Set of Policies on page 9-22. 8-2 Oracle Fusion Middleware Security and Administrators Guide for Web Services Figure 8–1 Policies Attached to an Oracle Infrastructure Web Service Endpoint Figure 8–2 shows the screen display for a WebLogic Java EE endpoint. Only policies that are directly attached to an endpoint are displayed. Globally attached policies are not available. Figure 8–2 Policies Attached to a WebLogic Java EE Web Service Endpoint Using WLST Use the following procedure to view the policies that are attached to a Web service: 1. Connect to the running instance of WebLogic Server to which the application is deployed as described in Accessing the Web Services Custom WLST Commands on page 1-6. 2. Use the listWebServices WLST command to display a list of the Web services in your application as described in Viewing the Web Services in Your Application on page 6-5. Note: This procedure applies to Oracle Infrastructure Web services only. Attaching Policies to Web Services 8-3 3. Use the listWebServicePorts command to display the port name and endpoint URL for a Web service. listWebServicePortsapplication,moduleOrCompName,moduleType,serviceName For example, to display the port for the WsdlConcreteService: wls:wls-domainserverConfig listWebServicePortswls-domainAdminServerjaxwsejb30ws, jaxwsejb,web,WsdlConcreteService WsdlConcretePort http:host.us.oracle.com:7001jaxwsejbWsdlAbstract 4. Use the listWebServicePolicies command to view the policies that are attached to a Web service port. listWebServicePoliciesapplication,moduleOrCompName,moduleType,serviceName,subj ectName For example, to view the policies attached to the WsdlConcretePort port and any policy override settings: wls:wls_domainserverConfig listWebServicePolicieswls_ domainAdminServerjaxwsejb30ws, jaxwsejb,web,WsdlConcreteService,WsdlConcretePort WsdlConcretePort : addressing : oraclewsaddr_policy , enabled=true management : oraclelog_policy , enabled=true security : oraclewss_username_token_service_policy, enabled=true Attached policy or policies are valid; endpoint is secure. Attaching Policies to Web Services The following sections describe how to attach policies to a single subject, to multiple subjects bulk attachment, and to validate the subject once policies are attached: ■ Attaching a Policy to a Single Subject on page 8-3 ■ Attaching a Policy to Multiple Subjects Bulk Attachment on page 8-8 ■ Validating Policy Subjects on page 8-10 Attaching a Policy to a Single Subject A subject is an entity to which a policy can be associated. You can attach one or more policies to a subject. The order in which policies are attached to a subject or appear in the list of attached polices does not determine the order in which policies are executed. As a message is passed between the client and the Web service, the order of the interceptors in the policy interceptor chain determines the order in which the policies are executed. See How Policies are Executed on page 3-8 for more information. Note: Policy attachment is not synchronized automatically for SOA, ADF, and WebCenter services in a cluster. When using SOA, ADF, and WebCenter services in a cluster, you must attach andor detach policies to each instance of the cluster. This issue does not apply to WebLogic Java EE Web services and SOA composite services.