Enabling or disabling a WS-Security Policy subject using the Enabled Subjects

Technote (FAQ)


How do I use the WebGUI WS-Policy 'Enabled Subjects' option to enable or disable a policy subject when using the Web Service Proxy (WS-Proxy) on the IBM WebSphere DataPower appliance?


The WebGUI WS-Policy 'Enabled Subjects' option can be used to enable or disable a policy at the specific level the policy has been attached. In order words, the 'Enabled Subjects' option cannot be used to enable or disable a subject (such as Service, Endpoint, Operation, Message Input, and Message Output Subject) that does not have a WS-Policy attached to it.

If you take a configuration that has the WS-Policy attached, through configuration, at the WSDL service level, the only applicable 'Enabled Subjects' option will be 'Service Subject'. This means that, the WS-Policy at the service level can be enabled or disabled at any level of the WSDL. If you enable a policy subject at a higher WSDL level, the policy enforcement will be propagated all the way down to the lower level (message input and output). If you disable a policy subject at a lower level, the policy will not be enforced starting from that lower level all the way down to the message input and output.

Also, since the policy has been attached at the service level of the WSDL, it can be enabled or disabled starting from the Web Service Proxy (WS-Proxy) WSDL level down to the operation level. If you disable the policy attached to the Service subject at the WSDL level by unchecking 'Service Subject', that will disable the policy at every level. Also, if you wish to not enforce the Service subject policy only at an operation level, you will have to go down to that operation level and then uncheck 'Service Subject'. If you uncheck 'Operation Subject' at the Service level, this will not disable the Service subject policy enforcement at the operation level but rather, it will disable any policy attached at the operation level. This implies that, the policy attached at the service level will still be enforced at that operation level.

At the moment, the lowest WSDL level that the WebGUI task template allows you to access is the operation level. This means that, in order for you to disable the 'Message Input Subject' and/or 'Message Output Subject', the WS-Security Policy will have to be defined and referenced at the input and/or output subject in the WSDL. Then from the WebGUI, can you use the 'Message Input Subject' and 'Message Output Subject' to disable the policy.

Rate this page:

(0 users)Average rating

Document information

More support for:

IBM DataPower Gateways

Software version:

4.0.2, 5.0.0, 6.0.0, 6.0.1

Operating system(s):


Reference #:


Modified date:


Translate my page

Machine Translation

Content navigation