Database Reference
In-Depth Information
•
WS-Addressing:
These policies verify that SOAP messages include ad-
dressing headers to propagate conversation tokens. Transport level data is
included in the SOAP header rather than relying on the network level trans-
port to convey this information.
•
Security:
Security policies implement WS-Security 1.0 and 1.1 standards
by enforcing message protection (message integrity and confidentiality), au-
thentication, and authorization of service requesters and providers. They
also support a range of token profiles including but not limited to username
tokens, X.509 certificates, Kerberos tickets, and SAML-based assertions.
•
Message Transmission Optimization Mechanism (MTOM)
: These
policies enable binary and streamed content, such as an image in JPEG
format to be passed between clients and services.
Policy interceptor
OWSM uses a pipeline interceptor to execute different categories of policies in
a predefined order for the request and response messages. The order of execu-
tion depends on whether the policy is being implemented at the client side or the
service side. The screenshot under the
Putting it all together
section, discussed
later in this chapter, describes a typical web service client making a request to
a web service provider through an intermediate interception by an OWSM agent
that executes the pipeline policies. There is a central
Policy Manager
applic-
ation embedded in an application server to distribute policy enforcement tasks
to OWSM agents. If the policy assertions are successful, the web service client
and the invoked service are allowed to communicate.
Policy assertions
OWSM policies are made up of one or multiple policy assertions. For example,
a security policy can be made up of a Log assertion and a WS-Security as-
sertion. Policy assertions are executed in the order they are listed within a
policy. An existing OWSM policy with
oracle/
wss11_username_token_with_message_protection_service_policy
is
shown in the following screenshot. Here, the Log assertion is executed first (log-
