Show TOC

Applying an Authentication Policy in Composed ServicesLocate this document in the navigation structure

Prerequisites

You work in the Service Composer perspective of the SAP NetWeaver Developer Studio.

Context

To apply an authentication policy on your composed service, the policy details must be added directly in the WSDL file. In case you want to compose a service, you have to add a policy in the back-end service that you want to compose. Note, that in a composed service:

  • If you use JAX-WS generation, the resulting composed service will have no configured end point at all.

  • If you use SDO generation, the resulting service has an enabled end point with basic authentication by default.

If you simplify services, then you can add the policy to the simplified service later on.

For more information about adding a policy in a WSDL, see http://www.w3.org/TR/ws-policy/Information published on non-SAP site and http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.pdfInformation published on non-SAP site.

Procedure

  1. Import the WSDL file that you are going to use for composition in your project.

    The WSDL file appears in the src/wsdl folder. You can directly open it for editing.

  2. Open the file for editing
  3. Add and modify according to your needs the following tag in the port type section:
                      <wsdl:portType name="SalesArrangementSimpleByCustomerIDQueryResponse_In">
        <PolicyReference xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
                URI="#P1" />
  4. Add and modify according to your needs the following tags in the global part of the WSDL:
                      <UsingPolicy xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy" />
        <Policy xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
                xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                wsu:Id="P1">
                <ExactlyOne>
                        <All>
                                <sapsession:Session
                                        xmlns:sapsession="http://www.sap.com/webas/630/soap/features/session/">
                                        <sapsession:enableSession>true</sapsession:enableSession>
                                </sapsession:Session>
                                <al:AuthenticationLevel
                                        xmlns:al="http://www.sap.com/webas/630/soap/features/authentication/">None</al:AuthenticationLevel>
                                <l:Level
                                        xmlns:l="http://www.sap.com/webas/630/soap/features/transportguarantee/">Both</l:Level>
                        </All>
                </ExactlyOne>
        </Policy>
               
                      <Policy xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
                xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                wsu:Id="P2">
                <ExactlyOne>
                        <All>
                                <sapsession:Session
                                        xmlns:sapsession="http://www.sap.com/webas/630/soap/features/session/">
                                        <sapsession:SessionMethod>httpCookies
                                        </sapsession:SessionMethod>
                                </sapsession:Session>
                                <wsp:ExactlyOne xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
                                        <wsp:All>
                                                <sp:TransportBinding
                                                        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                                                        <wsp:Policy>
                                                                <sp:TransportToken>
                                                                        <wsp:Policy>
                                                                                <sp:HttpsToken>
                                                                                        <wsp:Policy>
                                                                                                <sp:HttpBasicAuthentication />
                                                                                        </wsp:Policy>
                                                                                </sp:HttpsToken>
                                                                        </wsp:Policy>
                                                                </sp:TransportToken>
                                                                <sp:AlgorithmSuite>
                                                                        <wsp:Policy>
                                                                                <sp:TripleDesRsa15 />
                                                                        </wsp:Policy>
                                                                </sp:AlgorithmSuite>
                                                                <sp:Layout>
                                                                        <wsp:Policy>
                                                                                <sp:Strict />
                                                                        </wsp:Policy>
                                                                </sp:Layout>
                                                        </wsp:Policy>
                                                </sp:TransportBinding>
                                        </wsp:All>
                                </wsp:ExactlyOne>
                        </All>
                </ExactlyOne>
        </Policy>
        <UsingPolicy xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy" />
  5. Add and modify according to your needs the following tag in the binding section:
                      <wsdl:binding
                name="SalesArrangementSimpleByCustomerIDQueryResponse_InSoapBinding"
                type="tns:SalesArrangementSimpleByCustomerIDQueryResponse_In">
                <PolicyReference xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
                        URI="#P2" />
  6. Compose the service as normal. After you deploy the composed service, you have to configure its behavior at runtime.

Next Steps

Configuring Web Services