hi, i am now using JBossWS with JBoss 4.0.4 GA(still downloading.....)

i have a quick glance at the jbossWS user guide, but i have not read anything about WS-Policy except in the feature list of the beginning.

my question is, where is the place for WS-Policy?

it seems that all the WS-Security work is done on the "jboss-wsse-server.xml" configue file.
and in the jboss-wsse-server.xml, we specify the security policy.

will WS-Policy and jboss-wsse-server.xml replace each other or
complement with each other?

i now want to complete the following steps with some extent of policy enabled.

steps are as below:

1. develop a SEI
2. generate the WSDL files with WStools
3. add the security policy assertions in WSDL file manually,
such as something as stated in WS-PolicyAttachment standards

<wsp:Policy
<wsp:Policy wsu:Id="X509EndpointPolicy" >
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
</wsp:Policy>

if needed, add jboss-wsse-server.xml file???

4. package all the files in war or ear
5. register the web service to the uddi
6. search UDDI for the registered service and get wsdlURL info from registry
now we do not have any idea about the policy of the web service, so we will not use wsdl and WStools to generate the static stubs.
7. fetch the wsdl file and parse it
8. get the security policy info
9. further ..... based from the security policy info, invoke the web service
(now work fine with dynamic proxy. Why we can not use static stub is stated in 7. But if policy is included, how can i specify the security principals in dynamic proxy way?)


i can now finish step 1,2,4,5, 6, 7 and maybe
8(parse an extensible point of wsdl is feasible with wsdl4j).

now i am wondering, with the help of JBossWS 1.0.0 (or 1.0.1)
what can we do about the other steps? especially about WS-Policy part?

best regards

itomer