Configuration Guides › Policy Server Configuration Guide › Configure Security Policies Using Policy Domains and Policy Domain Objects › How to Identify a Web Service Resource by Agent, Realm, and Rule › Resource Identification Policy Examples

Resource Identification Policy Examples

Coarse-Grain Resource Identification Over HTTP Example

Say you want to protect a resource with the following properties.

• The resource is hosted on an IIS web server on host soap in domain example.com that is protected by a SOA agent called MySoaAgent.
• MyIISSoaAgent is configured to provide coarse-grain resource identification
• The resource is accessible over HTTP transport
• Web service URL is services/soap2.
• Web service name is ExampleSearchService.
• ExampleSearchService provides two operations:
  • KeywordSearchRequest
  • PowerSearchRequest

To protect ExampleSearchService, configure the following:

• A realm for ExampleSearchService with Resource Filter value "/services/soap2/ExampleSearchService"
• A single rule in the ExampleSearchService realm with Resource value "*"

Fine-Grain Resource Identification Over HTTP Example

Say you want to protect a resource with the following properties.

• The resource is hosted on an IBM WebSphere Application Server on host soap in domain example.com that is protected by a SOA agent called MyWSSoaAgent.
• MyWSSoaAgent provides fine-grain resource identification
• The resource is accessible over HTTP transport
• Web service URL is services/soap2.
• Web service name is ExampleSearchService.
• ExampleSearchService provides two operations:
  • KeywordSearchRequest
  • PowerSearchRequest

To protect ExampleSearchService, configure the following:

• A realm for ExampleSearchService with Resource Filter value "/services/soap2/ExampleSearchService"
• One rule in the ExampleSearchService realm for each operation:
  • A rule for the KeywordSearchRequest operation with Resource value "/KeywordSearchRequest"
  • A rule for the PowerSearchRequest operation with Resource value "/PowerSearchRequest"

Fine-Grain Resource Identification Over JMS Example

Say you want to protect a resource with the following properties.

• The resource is hosted on BEA WebLogic Server on host soap in domain example.com that is protected by a SOA agent called MyWebLogicSoaAgent.
• MyWebLogicSoaAgent provides fine-grain resource identification
• The resource is accessible over JMS transport
• JMS queue name is ExampleQueue
• Web service name is ExampleSearchService.
• ExampleSearchService provides two operations:
  • KeywordSearchRequest
  • PowerSearchRequest

To protect ExampleSearchService, configure the following:

• A realm for ExampleSearchService with Resource Filter value "/ExampleQueue"
• One rule in the ExampleSearchService realm for each operation:
  • A rule for the KeywordSearchRequest operation with Resource value "/KeywordSearchRequest"
  • A rule for the PowerSearchRequest operation with Resource value "/PowerSearchRequest"