Associating Security Policies with Web Services
The Security Policy Association shared configuration resource allows you to associate a security policy with a web service. A security policy can either be associated with individual SOAP resources (SOAP Event Source, SOAP Request Reply, and so on), or it can be associated with each operation in a Service resource. You must create a Security Policy Association resource for each SOAP resource or Service operation to which you wish to apply a security policy.
When you associate a policy with a Service operation, the policy applies to all regular or fault inbound and outbound messages for the operation. When you associate a policy with a specific SOAP Resource, the appropriate security policies are applied to the messages sent or received by the resource. For example, a SOAP Event Source can only receive messages, therefore a security policy can only be applied to incoming messages. A SOAP Request Reply activity can send and receive messages, and it may also receive a fault message. Therefore, you can associate a security policy for the inbound, outbound, and inbound fault messages.
- You can create more than one Security Policy Association resource for the same SOAP or Service resource in your project. This is not recommended because only the first policy association for the resource is used. All other policy associations are ignored.
- To run a project with security policy associations successfully, ensure that all the policy associations in the project are valid. Any invalid associations must be removed from the project before running the project.