Policy sets are assertions about how services are defined.
They are used to simplify the quality of service configuration for
web services.
About this task
Policy sets combine configuration settings, including those
for transport and message level configuration, such as WS-Addressing,
WS-ReliableMessaging, and WS-Security. There are two main types of
policy sets; application policy sets and system policy sets. Application
policy sets are used for business-related assertions. These assertions
are related to the business operations that are defined in the Web
Services Description Language (WSDL) file. System policy sets, on
the other hand, are used for non-business-related system messages.
These messages are not related to the business operations that are
defined in the WSDL, but instead refer to messages that are defined
in other specifications which apply qualities of service (QoS). Such
QoS are the request security token (RST) messages that are defined
in WS-Trust, or create sequence messages that are defined in WS-Reliable
Messaging metadata exchange messages of the WS-MetadataExchange.Note: You
can use policy sets only with Java™ API for XML-Based Web Services
(JAX-WS) or Service Component Architecture (SCA) applications. You
cannot use policy sets with Java™ API
for XML-based RPC (JAX-RPC) applications.
Policies are defined
based on a quality of service. Policy definition is typically based
on WS-Policy standard language, for example, the WS-Security policy
is based on the current WS-SecurityPolicy from the Organization for
the Advancement of Structured Information Standards (OASIS) standards.
Policy
sets do not include environment or platform-specific information,
such as keys for signing, keystore information, or persistent store
information. This type of information is defined in the binding. A
policy set attachment defines how a policy set is attached to service
resources and bindings. The attachment definition is outside the policy
set definition and is defined as meta-data associated with application
data.
To secure JAX-WS web services with message-level security
using policy sets, follow these steps: