19.10. WS-CM Policies Attribute

While the section WS-CM Management Clients on management clients showed how to implement a JMX client, it does not detail the format of the policies input attribute. We will first explain the basic format.

19.10.1. External Policy Attachments

WS-PolicyAttachment defines a format for external policy attachments that fulfills our requirements without adding any superfluous information. It allows to communicate multiple policies at once. It identifies the policy subject to which a policy is attached. Here is an example:

<wsp:PolicyAttachment>
    <wsp:AppliesTo>
      <wsp:URI>http://test.ws.xml.sun.com/NewWebServiceService?wsdl#wsdl11.binding(NewWebServicePortBinding)</wsp:URI>
    </wsp:AppliesTo>
    <wsp:PolicyReference URI="#NewWebServicePortBindingPolicy"/>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment>
    <wsp:AppliesTo>
      <wsp:URI>http://test.ws.xml.sun.com/NewWebServiceService?wsdl#wsdl11.bindingOperation.input(NewWebServicePortBinding/echo)</wsp:URI>
    </wsp:AppliesTo>
    <wsp:PolicyReference URI="#NewWebServicePortBinding_echo_Input_Policy"/>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment>
    <wsp:AppliesTo>
      <wsp:URI>http://test.ws.xml.sun.com/NewWebServiceService?wsdl#wsdl11.bindingOperation.output(NewWebServicePortBinding/echo)</wsp:URI>
    </wsp:AppliesTo>
    <wsp:PolicyReference URI="#NewWebServicePortBinding_echo_Output_Policy"/>
</wsp:PolicyAttachment>

The above still allows for references to external policies. It is possible to directly include a policy by using the <wsp:Policy> element instead of <wsp:PolicyReference>.

19.10.2. WSDL 1.1 Element Identifiers

The external attachments in section External Policy Attachments contain URIs that point to the attachment element. The format for these URIs that is used are WSDL 1.1 element identifiers.

Here is an example input document with inlined policies:

<Policies>
    <wsp:PolicyAttachment>
      <wsp:AppliesTo>
         <wsp:URI>http://test.ws.xml.sun.com/NewWebServiceService?wsdl#wsdl11.binding(NewWebServicePortBinding)</wsp:URI>
      </wsp:AppliesTo>
      <wsp:Policy>...</wsp:Policy>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment>
      <wsp:AppliesTo>
         <wsp:URI>http://test.ws.xml.sun.com/NewWebServiceService?wsdl#wsdl11.bindingOperation.input(NewWebServicePortBinding/echo)</wsp:URI>
      </wsp:AppliesTo>
      <wsp:Policy>...</wsp:Policy>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment>
      <wsp:AppliesTo>
         <wsp:URI>http://test.ws.xml.sun.com/NewWebServiceService?wsdl#wsdl11.bindingOperation.output(NewWebServicePortBinding/echo)</wsp:URI>
      </wsp:AppliesTo>
      <wsp:Policy>...</wsp:Policy>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment>
      <wsp:AppliesTo>
         <wsp:URI>http://test.ws.xml.sun.com/NewWebServiceService?wsdl#wsdl11.bindingOperation.fault(NewWebServicePortBinding/fault)</wsp:URI>
      </wsp:AppliesTo>
      <wsp:Policy>...</wsp:Policy>
    </wsp:PolicyAttachment>
</Policies>

19.10.3. Pseudo Attachment Points

In practice, management applications may not know the exact WSDL element names. Therefore, we are using synthetic URNs to identify WSDL attachment points without having to know their WSDL element names. We need to identify the following five WSDL elements:

  • binding
  • binding/operation
  • binding/operation/input
  • binding/operation/output
  • binding/operation/fault

We always use the same five URNs to denote the five allowed attachment points. The URNs are constructed from UUIDs. We are using the following URNs:

binding
urn:uuid:c9bef600-0d7a-11de-abc1-0002a5d5c51b
binding/operation
urn:uuid:62e66b60-0d7b-11de-a1a2-0002a5d5c51b
binding/operation/input
urn:uuid:730d8d20-0d7b-11de-84e9-0002a5d5c51b
binding/operation/output
urn:uuid:85b0f980-0d7b-11de-8e9d-0002a5d5c51b
binding/operation/fault
urn:uuid:917cb060-0d7b-11de-9e80-0002a5d5c51b

19.10.4. Root Element

The document that is used as input needs to have a valid XML root element because WS-PolicyAttachment does not provide any. The namespace is the same we use for the Metro configuration file with the term management appended: http://java.sun.com/xml/ns/metro/management.

The fully qualified root element is: <Policies xmlns:sunman="http://java.sun.com/xml/ns/metro/management">.

19.10.5. Example Document

<?xml version="1.0" encoding="UTF-8"?>
<sunman:Policies xmlns:sunman="http://java.sun.com/xml/ns/metro/management" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:PolicyAttachment>
      <wsp:AppliesTo>
         <wsp:URI>urn:uuid:c9bef600-0d7a-11de-abc1-0002a5d5c51b</wsp:URI>
      </wsp:AppliesTo>
      <wsp:Policy wsu:Id="binding-policy">...</wsp:Policy>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment>
      <wsp:AppliesTo>
         <wsp:URI>urn:uuid:62e66b60-0d7b-11de-a1a2-0002a5d5c51b</wsp:URI>
      </wsp:AppliesTo>
      <wsp:Policy wsu:Id="operation-policy">...</wsp:Policy>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment>
      <wsp:AppliesTo>
         <wsp:URI>urn:uuid:730d8d20-0d7b-11de-84e9-0002a5d5c51b</wsp:URI>
      </wsp:AppliesTo>
      <wsp:Policy wsu:Id="input-policy">...</wsp:Policy>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment>
      <wsp:AppliesTo>
         <wsp:URI>urn:uuid:85b0f980-0d7b-11de-8e9d-0002a5d5c51b</wsp:URI>
      </wsp:AppliesTo>
      <wsp:Policy wsu:Id="output-policy">...</wsp:Policy>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment>
      <wsp:AppliesTo>
         <wsp:URI>urn:uuid:917cb060-0d7b-11de-9e80-0002a5d5c51b</wsp:URI>
      </wsp:AppliesTo>
      <wsp:Policy wsu:Id="fault-policy">...</wsp:Policy>
    </wsp:PolicyAttachment>
</sunman:Policies>

The wsu:Id of the wsp:Policy element is optional but should be defined whenever possible so that policies can easily be identified. If it is not omitted, it must be a unique ID within the document.


Terms of Use; Privacy Policy; Copyright ©2013-2014 (revision 20140418.2d69abc)
 
 
Close
loading
Please Confirm
Close