content/docs/ws-policy-framework-overview.html - cxf-site - Git at Google


 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--

     Licensed to the Apache Software Foundation (ASF) under one or more
     contributor license agreements.  See the NOTICE file distributed with
     this work for additional information regarding copyright ownership.
     The ASF licenses this file to You under the Apache License, Version 2.0
     (the "License"); you may not use this file except in compliance with
     the License.  You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     See the License for the specific language governing permissions and
     limitations under the License.
 -->
 <html>
   <head>

 <link type="text/css" rel="stylesheet" href="/resources/site.css">
 <script src='/resources/space.js'></script>

 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - WS-Policy Framework Overview">


 <link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shCoreCXF.css">
 <link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shThemeCXF.css">

 <script src='/resources/highlighter/scripts/shCore.js'></script>
 <script src='/resources/highlighter/scripts/shBrushXml.js'></script>
 <script src='/resources/highlighter/scripts/shBrushJava.js'></script>
 <script>
   SyntaxHighlighter.defaults['toolbar'] = false;
   SyntaxHighlighter.all();
 </script>


     <title>
 Apache CXF -- WS-Policy Framework Overview
     </title>
   </head>
 <body onload="init()">


 <table width="100%" cellpadding="0" cellspacing="0">
   <tr>
     <td id="cell-0-0" colspan="2">&nbsp;</td>
     <td id="cell-0-1">&nbsp;</td>
     <td id="cell-0-2" colspan="2">&nbsp;</td>
   </tr>
   <tr>
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
       <!-- Banner -->
 <div class="banner" id="banner"><div><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
 </td></tr></table></div></div>
       <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
             <td>
               <div align="left">
                 <!-- Breadcrumbs -->
 <a href="index.html">Index</a>&nbsp;&gt;&nbsp;<a href="ws-support.html">WS-* Support</a>&nbsp;&gt;&nbsp;<a href="ws-policy.html">WS-Policy</a>&nbsp;&gt;&nbsp;<a href="ws-policy-framework-overview.html">WS-Policy Framework Overview</a>
                 <!-- Breadcrumbs -->
               </div>
             </td>
             <td>
               <div align="right">
                 <!-- Quicklinks -->
 <div id="quicklinks"><p><a shape="rect" href="http://cxf.apache.org/download.html">Download</a> | <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
                 <!-- Quicklinks -->
               </div>
             </td>
           </tr>
         </table>
       </div>
     </td>
     <td id="cell-1-3">&nbsp;</td>
     <td id="cell-1-4">&nbsp;</td>
   </tr>
   <tr>
     <td id="cell-2-0" colspan="2">&nbsp;</td>
     <td id="cell-2-1">
       <table>
         <tr valign="top">
           <td height="100%">
             <div id="wrapper-menu-page-right">
               <div id="wrapper-menu-page-top">
                 <div id="wrapper-menu-page-bottom">
                   <div id="menu-page">
                     <!-- NavigationBar -->
 <div id="navigation"><ul class="alternate"><li><a shape="rect" href="overview.html">Overview</a></li><li><a shape="rect" href="how-tos.html">How-Tos</a></li><li><a shape="rect" href="frontends.html">Frontends</a></li><li><a shape="rect" href="databindings.html">DataBindings</a></li><li><a shape="rect" href="transports.html">Transports</a></li><li><a shape="rect" href="configuration.html">Configuration</a></li><li><a shape="rect" href="debugging-and-logging.html">Debugging and Logging</a></li><li><a shape="rect" href="tools.html">Tools</a></li><li><a shape="rect" href="restful-services.html">RESTful Services</a></li><li><a shape="rect" href="wsdl-bindings.html">WSDL Bindings</a></li><li><a shape="rect" href="service-routing.html">Service Routing</a></li><li><a shape="rect" href="dynamic-languages.html">Dynamic Languages</a></li><li><a shape="rect" href="ws-support.html">WS-* Support</a></li><li><a shape="rect" href="advanced-integration.html">Advanced Integration</a></li><li><a shape="rect" href="deployment.html">Deployment</a></li><li><a shape="rect" href="schemas-and-namespaces.html">Use of Schemas and Namespaces</a></li></ul><hr><ul class="alternate"><li><p>Search</p></li></ul><form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
   <div>
     <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
     <input type="hidden" name="ie" value="UTF-8">
     <input type="text" name="q" size="21">
     <input type="submit" name="sa" value="Search">
   </div>
 </form>
 <script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script><hr><ul class="alternate"><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest/">API 3.2.x (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest-3.1.x/">API 3.1.x (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/">CXF Website</a></li></ul><p>&#160;</p><p><a shape="rect" class="external-link" href="http://www.apache.org/events/current-event.html"><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image confluence-external-resource" src="http://www.apache.org/events/current-event-125x125.png" data-image-src="http://www.apache.org/events/current-event-125x125.png"></span></a></p></div>
                     <!-- NavigationBar -->
                   </div>
               </div>
             </div>
           </div>
          </td>
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p>The WS-Policy framework provides infrastructure and APIs that allow CXF users and developers to use WS-Policy. </p>

 <p>It is compliant with the <a shape="rect" class="external-link" href="http://www.w3.org/TR/2007/REC-ws-policy-20070904/" rel="nofollow">Web Services Policy 1.5 - Framework</a> and <br clear="none">
 <a shape="rect" class="external-link" href="http://www.w3.org/TR/2007/REC-ws-policy-attach-20070904/" rel="nofollow">Web Services Policy 1.5 - Attachment</a> specifications.</p>

 <p>The framework consists of a core runtime and APIs that allow developers to plug in support for their own domain assertions:</p>

 <h2 id="WSPolicyFrameworkOverview-Core">Core</h2>

 <p>The core is responsible for:</p>

 <ul><li>retrieval of policies from different sources (wsdl documents, external documents)</li><li>computation of effective policies for service, endpoint, operation and message objects</li><li>on-the-fly provision of interceptors based on the effective policies for a particular message</li><li>verification that one of the effective policy's alternatives is indeed supported.</li></ul>


 <p>Policy operations such as merge, normalisation, and intersection are based on <a shape="rect" class="external-link" href="http://ws.apache.org/commons/neethi/index.html">Apache Neethi</a>.</p>

 <h2 id="WSPolicyFrameworkOverview-APIs">APIs</h2>

 <h3 id="WSPolicyFrameworkOverview-AssertionBuilder">AssertionBuilder</h3>

 <p>The AssertionBuilder API is an interface from Neethi.</p>

 <p>AssertionBuilder implementations are loaded dynamically and are automatically registered with the AssertionBuilderRegistry, which is available as a Bus extension. Currently, CXF supports AssertionBuilder and Assertion implementations for the following assertion types:</p>
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">
 {http://schemas.xmlsoap.org/ws/2005/02/rm/policy}RMAssertion
 {http://www.w3.org/2007/01/addressing/metadata}Addressing
 {http://www.w3.org/2007/01/addressing/metadata}AnonymousResponses
 {http://www.w3.org/2007/01/addressing/metadata}NonAnonymousResponses
 {http://cxf.apache.org/transports/http/configuration}client
 {http://cxf.apache.org/transports/http/configuration}server
 </pre>
 </div></div>
 <p>along with the <a shape="rect" href="ws-securitypolicy.html">WS-SecurityPolicy</a> defined assertions.</p>

 <p>They are all based on generic Assertion implementations (PrimitiveAssertion, NestedPrimitiveAssertion, JaxbAssertion) that developers can parameterize or extend when developing their own assertions, see <a shape="rect" href="developing-assertions.html">Developing Assertions</a>.</p>

 <h3 id="WSPolicyFrameworkOverview-PolicyInterceptorProvider">PolicyInterceptorProvider</h3>

 <p>This API is used to automatically engage interceptors required to support domain specific assertions at runtime, thus simplifying interceptor configuration a lot.</p>
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">
 public interface PolicyInterceptorProvider extends InterceptorProvider {
   // return the schema types of the asssertions that can be supported
   Collection&lt;QName&gt; getAssertionTypes()
 }
 </pre>
 </div></div>
 <p>Currently, CXF supports PolicyInterceptorProvider implementations for the following assertion types:</p>
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">
 {http://schemas.xmlsoap.org/ws/2005/02/rm/policy}RMAssertion
 {http://www.w3.org/2007/01/addressing/metadata}Addressing
 {http://www.w3.org/2007/01/addressing/metadata}AnonymousResponses
 {http://www.w3.org/2007/01/addressing/metadata}NonAnonymousResponses
 </pre>
 </div></div>
 <p>along with the <a shape="rect" href="ws-securitypolicy.html">WS-SecurityPolicy</a> defined assertions.</p>

 <p>In addition, the framework offers an API to refine domain expression(s) (xml elements describing policy subjects within a policy scope) in policy attachments. There is currently only one implementation for EndpointReferenceType domain expressions (matching over the address). Another implementation, using XPath expressions, is in work.</p>

 <h2 id="WSPolicyFrameworkOverview-InteractionwiththeFramework">Interaction with the Framework</h2>

 <p>Components interact with the policy framework mainly in order to:</p>
 <ol><li>retrieve the assertions pertaining to the underlying message (at least the ones known to the component) so the component can operate on the message accordingly</li><li>confirm that the assertions pertaining to the underlying message are indeed supported.</li></ol>


 <p>Like most other CXF features, the policy framework is itself largely interceptor based. Thus, most interaction with the framework is indirect through the Message object: Policy interceptors make AssertionInfo objects (stateful representations of assertions) available to subsequently executing, policy-aware interceptors by inserting them into the Message object. Extracting the AssertionInfo objects from the Message allows interceptors to perform steps 1. and 2. above: </p>
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">
 import org.apache.neethi.Assertion;

 public class AssertionInfo {
   ...
   public boolean isAsserted() {...}
   public void setAsserted(boolean asserted) {...}
   public Assertion getAssertion() {...}
 }
 </pre>
 </div></div>

 <p>The WS-Addressing and WS-RM interceptors are examples for this style of intercation.  </p>

 <p>Somtimes, Conduits and destinations also want to assert their capabilities. But they cannot normally wait for Assertion information being made available to them via the Message object: <br clear="none">
 Conduits may exhibit message specific behaviour (for example, apply message specific receive timeouts), but decisions made during the initialisation phase may limit their capability to do so. <br clear="none">
 And Destinations cannot normally exhibit message or operation specific behaviour at all. But both may still be able to support assertions in the effective endpoint's policy.</p>

 <p>Their interaction with the policy framework therefore typically involves the PolicyEngine through which they obtain the effective policy for the underlying endpoint (for step 1.):</p>
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">
 public interface PolicyEngine {
     ...
     EndpointPolicy getClientEndpointPolicy(EndpointInfo ei,
         Conduit conduit);
     EndpointPolicy getServerEndpointPolicy(EndpointInfo ei,
         Destination destination);
 }

 public interface EndpointPolicy {
     ...
     Policy getPolicy();
     Collection&lt;Assertion&gt; getChosenAlternative();
 }
 </pre>
 </div></div>

 <p>To perform step 2. they implement the Assertor interface (namely its assertMessage method):</p>
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">
 public class Assertor {
   ...
   public boolean canAssert(QName name);
   public void assertMessage(Message message);
 }
 </pre>
 </div></div>

 <p>An example for policy aware conduits and destinations in CXF are the HTTP conduit and destination. They do support assertions of element type HTTPClientPolicy and HTTPServerPolicy respectively.</p></div>
            </div>
            <!-- Content -->
          </td>
         </tr>
       </table>
    </td>
    <td id="cell-2-2" colspan="2">&nbsp;</td>
   </tr>
   <tr>
    <td id="cell-3-0">&nbsp;</td>
    <td id="cell-3-1">&nbsp;</td>
    <td id="cell-3-2">
      <div id="footer">
        <!-- Footer -->
        <div id="site-footer">
          <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a> -
          (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=51291">edit page</a>)
 	 (<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=51291&amp;showComments=true&amp;showCommentArea=true#addcomment">add comment</a>)<br>
 	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
         All other marks mentioned may be trademarks or registered trademarks of their respective owners.
        </div>
        <!-- Footer -->
      </div>
    </td>
    <td id="cell-3-3">&nbsp;</td>
    <td id="cell-3-4">&nbsp;</td>
   </tr>
   <tr>
     <td id="cell-4-0" colspan="2">&nbsp;</td>
     <td id="cell-4-1">&nbsp;</td>
     <td id="cell-4-2" colspan="2">&nbsp;</td>
   </tr>
 </table>

 <script type="text/javascript">
 var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
 document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
 </script>
 <script type="text/javascript">
 try {
 var pageTracker = _gat._getTracker("UA-4458903-1");
 pageTracker._trackPageview();
 } catch(err) {}</script>

 </body>
 </html>

	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
	<!--

	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<html>
	<head>

	<link type="text/css" rel="stylesheet" href="/resources/site.css">
	<script src='/resources/space.js'></script>

	<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
	<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
	<meta name="description" content="Apache CXF, Services Framework - WS-Policy Framework Overview">


	<link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shCoreCXF.css">
	<link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shThemeCXF.css">

	<script src='/resources/highlighter/scripts/shCore.js'></script>
	<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
	<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
	<script>
	SyntaxHighlighter.defaults['toolbar'] = false;
	SyntaxHighlighter.all();
	</script>


	<title>
	Apache CXF -- WS-Policy Framework Overview
	</title>
	</head>
	<body onload="init()">


	<table width="100%" cellpadding="0" cellspacing="0">
	<tr>
	<td id="cell-0-0" colspan="2"> </td>
	<td id="cell-0-1"> </td>
	<td id="cell-0-2" colspan="2"> </td>
	</tr>
	<tr>
	<td id="cell-1-0"> </td>
	<td id="cell-1-1"> </td>
	<td id="cell-1-2">
	<!-- Banner -->
	<div class="banner" id="banner"><div><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
	<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
	</td><td align="right" colspan="1" nowrap>
	<a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
	</td></tr></table></div></div>
	<!-- Banner -->
	<div id="top-menu">
	<table border="0" cellpadding="1" cellspacing="0" width="100%">
	<tr>
	<td>
	<div align="left">
	<!-- Breadcrumbs -->
	<a href="index.html">Index</a> > <a href="ws-support.html">WS-* Support</a> > <a href="ws-policy.html">WS-Policy</a> > <a href="ws-policy-framework-overview.html">WS-Policy Framework Overview</a>
	<!-- Breadcrumbs -->
	</div>
	</td>
	<td>
	<div align="right">
	<!-- Quicklinks -->
	<div id="quicklinks"><p><a shape="rect" href="http://cxf.apache.org/download.html">Download</a> \| <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
	<!-- Quicklinks -->
	</div>
	</td>
	</tr>
	</table>
	</div>
	</td>
	<td id="cell-1-3"> </td>
	<td id="cell-1-4"> </td>
	</tr>
	<tr>
	<td id="cell-2-0" colspan="2"> </td>
	<td id="cell-2-1">
	<table>
	<tr valign="top">
	<td height="100%">
	<div id="wrapper-menu-page-right">
	<div id="wrapper-menu-page-top">
	<div id="wrapper-menu-page-bottom">
	<div id="menu-page">
	<!-- NavigationBar -->
	<div id="navigation"><ul class="alternate"><li><a shape="rect" href="overview.html">Overview</a></li><li><a shape="rect" href="how-tos.html">How-Tos</a></li><li><a shape="rect" href="frontends.html">Frontends</a></li><li><a shape="rect" href="databindings.html">DataBindings</a></li><li><a shape="rect" href="transports.html">Transports</a></li><li><a shape="rect" href="configuration.html">Configuration</a></li><li><a shape="rect" href="debugging-and-logging.html">Debugging and Logging</a></li><li><a shape="rect" href="tools.html">Tools</a></li><li><a shape="rect" href="restful-services.html">RESTful Services</a></li><li><a shape="rect" href="wsdl-bindings.html">WSDL Bindings</a></li><li><a shape="rect" href="service-routing.html">Service Routing</a></li><li><a shape="rect" href="dynamic-languages.html">Dynamic Languages</a></li><li><a shape="rect" href="ws-support.html">WS-* Support</a></li><li><a shape="rect" href="advanced-integration.html">Advanced Integration</a></li><li><a shape="rect" href="deployment.html">Deployment</a></li><li><a shape="rect" href="schemas-and-namespaces.html">Use of Schemas and Namespaces</a></li></ul><hr><ul class="alternate"><li><p>Search</p></li></ul><form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
	<div>
	<input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
	<input type="hidden" name="ie" value="UTF-8">
	<input type="text" name="q" size="21">
	<input type="submit" name="sa" value="Search">
	</div>
	</form>
	<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script><hr><ul class="alternate"><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest/">API 3.2.x (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest-3.1.x/">API 3.1.x (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/">CXF Website</a></li></ul><p> </p><p><a shape="rect" class="external-link" href="http://www.apache.org/events/current-event.html"><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image confluence-external-resource" src="http://www.apache.org/events/current-event-125x125.png" data-image-src="http://www.apache.org/events/current-event-125x125.png"></span></a></p></div>
	<!-- NavigationBar -->
	</div>
	</div>
	</div>
	</div>
	</td>
	<td height="100%">
	<!-- Content -->
	<div class="wiki-content">
	<div id="ConfluenceContent"><p>The WS-Policy framework provides infrastructure and APIs that allow CXF users and developers to use WS-Policy. </p>

	<p>It is compliant with the <a shape="rect" class="external-link" href="http://www.w3.org/TR/2007/REC-ws-policy-20070904/" rel="nofollow">Web Services Policy 1.5 - Framework</a> and <br clear="none">
	<a shape="rect" class="external-link" href="http://www.w3.org/TR/2007/REC-ws-policy-attach-20070904/" rel="nofollow">Web Services Policy 1.5 - Attachment</a> specifications.</p>

	<p>The framework consists of a core runtime and APIs that allow developers to plug in support for their own domain assertions:</p>

	<h2 id="WSPolicyFrameworkOverview-Core">Core</h2>

	<p>The core is responsible for:</p>

	<ul><li>retrieval of policies from different sources (wsdl documents, external documents)</li><li>computation of effective policies for service, endpoint, operation and message objects</li><li>on-the-fly provision of interceptors based on the effective policies for a particular message</li><li>verification that one of the effective policy's alternatives is indeed supported.</li></ul>


	<p>Policy operations such as merge, normalisation, and intersection are based on <a shape="rect" class="external-link" href="http://ws.apache.org/commons/neethi/index.html">Apache Neethi</a>.</p>

	<h2 id="WSPolicyFrameworkOverview-APIs">APIs</h2>

	<h3 id="WSPolicyFrameworkOverview-AssertionBuilder">AssertionBuilder</h3>

	<p>The AssertionBuilder API is an interface from Neethi.</p>

	<p>AssertionBuilder implementations are loaded dynamically and are automatically registered with the AssertionBuilderRegistry, which is available as a Bus extension. Currently, CXF supports AssertionBuilder and Assertion implementations for the following assertion types:</p>
	<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<pre class="brush: java; gutter: false; theme: Default">
	{http://schemas.xmlsoap.org/ws/2005/02/rm/policy}RMAssertion
	{http://www.w3.org/2007/01/addressing/metadata}Addressing
	{http://www.w3.org/2007/01/addressing/metadata}AnonymousResponses
	{http://www.w3.org/2007/01/addressing/metadata}NonAnonymousResponses
	{http://cxf.apache.org/transports/http/configuration}client
	{http://cxf.apache.org/transports/http/configuration}server
	</pre>
	</div></div>
	<p>along with the <a shape="rect" href="ws-securitypolicy.html">WS-SecurityPolicy</a> defined assertions.</p>

	<p>They are all based on generic Assertion implementations (PrimitiveAssertion, NestedPrimitiveAssertion, JaxbAssertion) that developers can parameterize or extend when developing their own assertions, see <a shape="rect" href="developing-assertions.html">Developing Assertions</a>.</p>

	<h3 id="WSPolicyFrameworkOverview-PolicyInterceptorProvider">PolicyInterceptorProvider</h3>

	<p>This API is used to automatically engage interceptors required to support domain specific assertions at runtime, thus simplifying interceptor configuration a lot.</p>
	<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<pre class="brush: java; gutter: false; theme: Default">
	public interface PolicyInterceptorProvider extends InterceptorProvider {
	// return the schema types of the asssertions that can be supported
	Collection<QName> getAssertionTypes()
	}
	</pre>
	</div></div>
	<p>Currently, CXF supports PolicyInterceptorProvider implementations for the following assertion types:</p>
	<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<pre class="brush: java; gutter: false; theme: Default">
	{http://schemas.xmlsoap.org/ws/2005/02/rm/policy}RMAssertion
	{http://www.w3.org/2007/01/addressing/metadata}Addressing
	{http://www.w3.org/2007/01/addressing/metadata}AnonymousResponses
	{http://www.w3.org/2007/01/addressing/metadata}NonAnonymousResponses
	</pre>
	</div></div>
	<p>along with the <a shape="rect" href="ws-securitypolicy.html">WS-SecurityPolicy</a> defined assertions.</p>

	<p>In addition, the framework offers an API to refine domain expression(s) (xml elements describing policy subjects within a policy scope) in policy attachments. There is currently only one implementation for EndpointReferenceType domain expressions (matching over the address). Another implementation, using XPath expressions, is in work.</p>

	<h2 id="WSPolicyFrameworkOverview-InteractionwiththeFramework">Interaction with the Framework</h2>

	<p>Components interact with the policy framework mainly in order to:</p>
	<ol><li>retrieve the assertions pertaining to the underlying message (at least the ones known to the component) so the component can operate on the message accordingly</li><li>confirm that the assertions pertaining to the underlying message are indeed supported.</li></ol>


	<p>Like most other CXF features, the policy framework is itself largely interceptor based. Thus, most interaction with the framework is indirect through the Message object: Policy interceptors make AssertionInfo objects (stateful representations of assertions) available to subsequently executing, policy-aware interceptors by inserting them into the Message object. Extracting the AssertionInfo objects from the Message allows interceptors to perform steps 1. and 2. above: </p>
	<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<pre class="brush: java; gutter: false; theme: Default">
	import org.apache.neethi.Assertion;

	public class AssertionInfo {
	...
	public boolean isAsserted() {...}
	public void setAsserted(boolean asserted) {...}
	public Assertion getAssertion() {...}
	}
	</pre>
	</div></div>

	<p>The WS-Addressing and WS-RM interceptors are examples for this style of intercation. </p>

	<p>Somtimes, Conduits and destinations also want to assert their capabilities. But they cannot normally wait for Assertion information being made available to them via the Message object: <br clear="none">
	Conduits may exhibit message specific behaviour (for example, apply message specific receive timeouts), but decisions made during the initialisation phase may limit their capability to do so. <br clear="none">
	And Destinations cannot normally exhibit message or operation specific behaviour at all. But both may still be able to support assertions in the effective endpoint's policy.</p>

	<p>Their interaction with the policy framework therefore typically involves the PolicyEngine through which they obtain the effective policy for the underlying endpoint (for step 1.):</p>
	<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<pre class="brush: java; gutter: false; theme: Default">
	public interface PolicyEngine {
	...
	EndpointPolicy getClientEndpointPolicy(EndpointInfo ei,
	Conduit conduit);
	EndpointPolicy getServerEndpointPolicy(EndpointInfo ei,
	Destination destination);
	}

	public interface EndpointPolicy {
	...
	Policy getPolicy();
	Collection<Assertion> getChosenAlternative();
	}
	</pre>
	</div></div>

	<p>To perform step 2. they implement the Assertor interface (namely its assertMessage method):</p>
	<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<pre class="brush: java; gutter: false; theme: Default">
	public class Assertor {
	...
	public boolean canAssert(QName name);
	public void assertMessage(Message message);
	}
	</pre>
	</div></div>

	<p>An example for policy aware conduits and destinations in CXF are the HTTP conduit and destination. They do support assertions of element type HTTPClientPolicy and HTTPServerPolicy respectively.</p></div>
	</div>
	<!-- Content -->
	</td>
	</tr>
	</table>
	</td>
	<td id="cell-2-2" colspan="2"> </td>
	</tr>
	<tr>
	<td id="cell-3-0"> </td>
	<td id="cell-3-1"> </td>
	<td id="cell-3-2">
	<div id="footer">
	<!-- Footer -->
	<div id="site-footer">
	<a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a> -
	(<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=51291">edit page</a>)
	(<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=51291&showComments=true&showCommentArea=true#addcomment">add comment</a>)<br>
	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
	All other marks mentioned may be trademarks or registered trademarks of their respective owners.
	</div>
	<!-- Footer -->
	</div>
	</td>
	<td id="cell-3-3"> </td>
	<td id="cell-3-4"> </td>
	</tr>
	<tr>
	<td id="cell-4-0" colspan="2"> </td>
	<td id="cell-4-1"> </td>
	<td id="cell-4-2" colspan="2"> </td>
	</tr>
	</table>

	<script type="text/javascript">
	var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
	document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
	</script>
	<script type="text/javascript">
	try {
	var pageTracker = _gat._getTracker("UA-4458903-1");
	pageTracker._trackPageview();
	} catch(err) {}</script>

	</body>
	</html>