Edit policy configurations using wsadmin
Use wsadmin, which supports the Jython and Jacl scripting languages, to edit policy configurations for the policy sets.
Before you use the commands in this topic, verify that we are using the most recent version of wsadmin. The policy set management commands that accept a properties object as the value for the attributes or bindingLocation parameters are not supported on previous versions of wsadmin. For example, the commands do not run on a V6.1.0.x node. When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:
Table 1. Administrative roles
Administrative role Authorization Administrator The Administrator role must have cell-wide access to modify policies. Configurator The Configurator role cannot modify policies. Deployer The Deployer role cannot modify policies. Operator The Operator role cannot modify policies. Monitor The Monitor role cannot modify policies.
Policies define the type of policy to manage within a policy set. Policies are based on the Quality of Services (QoS), such as WS-Security and Web Services Addressing (WS-Addressing). Policy definitions are based on the standards set by the Organization for the Advancement of Structured Information (OASIS) and WS-Security specifications.
Use the following steps to edit existing policies in the policy set configurations:
- Launch the wsadmin scripting tool using Jython.
- Determine which policy set to edit. To view a list of policies on a policy set, enter the listPolicyTypes command, specifying the policy set of interest.
AdminTask.listPolicyTypes('[-policySet PolicySet1]')Enter the listPolicyTypes command without the policySet parameter to view a list of available policies for all policy sets in the configuration:
AdminTask.listPolicyTypes()- Review the policy attributes to edit. Enter the getPolicyType command, specifying the policy and associated policy set of interest.
AdminTask.getPolicyType('[-policySet PolicySet1 -policyType myPolicyType]')- Modify the policy attributes.
Use the setPolicyType command to update the policy configuration. Update one or multiple attributes by passing a properties object for the -attributes parameter. The properties for the -attributes parameter are dependent on the policy type specified in the -policyType parameter.
The following example modifies the enabled and provides properties:
AdminTask.setPolicyType('[-policySet PolicySet1 -policyType myPolicyType -attributes "[[enabled true][provides security]]"')- Save the configuration changes. Enter the following command to save the changes:
AdminConfig.save()- For the configuration changes to take effect, restart all applications with attachments to the policy set.
What to do next
Use the validatePolicySet to validate the policy set configurations after modifying attributes for policies. For example, enter the following command to validate the PolicySet1 policy set:AdminTask.validatePolicySet('-policySet PolicySet1')
Related tasks
Modify policies
Add and remove policies using wsadmin
Create policy sets using wsadmin
Manage policy sets
Enable policies for policy sets
Add policies to policy sets
Manage policies in a policy set
Related
Policy configuration properties for all policies
PolicySetManagement