Manage policy set attachments using wsadmin
Use wsadmin to manage the policy set attachment configurations. Use the Jython or Jacl scripting language to list all attachments and attachment properties, add or remove resources for an existing attachment, and transfer attachments across policy sets.
When admin security is enabled, verify that you use the correct admin role, as the following table describes:
Table 1. Administrative roles
Administrative role Authorization Administrator The Administrator role must have cell-wide access to manage policy set attachments. If we have access to a specific resource only, we can manage policy set attachments for the resource for which we have access. Configurator The Configurator role must have cell-wide access to manage policy set attachments. If we have access to a specific resource only, we can manage policy set attachments for the resource for which we have access. Deployer The Deployer role with cell-wide or resource specific access can manage policy set attachments for application resources only. Operator The Operator role cannot manage policy set attachments. Monitor The Monitor role cannot manage policy set attachments.
Policy set attachments define how a policy set is attached to resources and binding configurations.
- List policy set attachments and attachment properties.
Before making configuration changes to the policy set attachments, use the listAttachmentsForPolicySet and getPolicySetAttachments commands to view current configuration information about the policy set attachments.
- Launch the wsadmin scripting tool using Jython.
- Use the listAttachmentsForPolicySet command to view all applications to which a specific policy set is attached...
AdminTask.listAttachmentsForPolicySet('[-policySet PolicySet1]')Use the -attachmentType parameter to narrow the query. We can query for provider or client attachments.For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns
- Use the getPolicySetAttachments command to view the properties for all policy set attachments in a specified application...
AdminTask.getPolicySetAttachments('[-applicationName application1]')Use the -attachmentType parameter to narrow the query. We can query for provider or client attachments.- Determine the assets to which a specific policy set is attached. Use the listAssetsAttachedToPolicySet command to display the assets that are attached to the policy set of interest...
AdminTask.listAssetsAttachedToPolicySet('[-policySet SecureConversation]')The command returns a list of properties that describe each asset. Each properties object contains the assetType property, which specifies the type of asset.
- Modify resources that apply to a policy set attachment.
- Launch the wsadmin scripting tool using Jython.
- Determine the resource of interest and review the command syntax for the updatePolicySetAttachment command.
For the commands in the PolicySetManagement group, the term resource refers to a Web service artifact. For application and service client.policy sets, the artifacts use the application hierarchy. The application hierarchy includes a Web service, module name, endpoint, or operation. Enter the value for the -resource parameter as a string, with a backslash ( / ) character as a delimiter.
When attempting to connect to a Web service from a thin client, verify that the resources you are specifying are valid before running the updatePolicySetAttachment command. No configuration changes are made if the requested resource does not match a resource in the attachment file for the application. Use the following format for application and client.policy set attachments:
- WebService:/
Attaches all artifacts in the application to the policy set.
- WebService:/webapp1.war:{http://www.ibm.com}myService
Attaches all artifacts within the Web service {http://www.ibm.com}myService to the policy set. You must provide a fully qualified name (QName) for the service.
- WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA
Attaches all operations for the endpointA endpoint to the policy set.
- WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA/operation1
Attaches only the operation1 operation to the policy set.
The format for the -resource string differs for system policy set attachments for the trust service. Use the following format for system policy set attachments:
- Trust.opName:/
The opName attribute can be issue, renew, cancel, or validate.
- Trust.opName:/url
The opName attribute can be issue, renew, cancel, or validate. We can specify any valid URL for the url attribute.
- Modify the attachment. For example, the policy set attachment is connected to the operation1 operation, which is a specific single operation. To attach the 124 attachment to all operations for the endpointA endpoint, enter the following command:
AdminTask.updatePolicySetAttachment('[-attachmentId 124 -resources "WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA" -applicationName application1]')The updatePolicySetAttachment command replaces all existing resources for an attachment with the resources specified in the command. You can also update the policy set attachments using addToPolicySetAttachment command to add resources to an existing attachment or the createPolicySetAttachment command to create an attachment for a specific resource. For more information about these commands reference the commands for the PolicySetManagement group for AdminTask.
- Save the configuration changes. Enter the following command to save the changes:
AdminConfig.save()- Remove resources that apply to a policy set attachment.
- Launch wsadmin using Jython
- Determine which resources to remove with the command. We can remove a resource for each Web service artifact, each operation for an endpoint, or for a specific operation. In the following example, the command removes the newAttach attachment from operation1, which is associated with the plantShop application.
AdminTask.removeFromPolicySetAttachment('[-attachmentId newAttach -resources "WebService:/webapp1.war:{http://www.ibm.com}myPlantService/endpointA/operation1" -applicationName plantShop]')The command returns a success or failure message.
- Save the configuration changes. Enter the following command to save the changes:
AdminConfig.save()- Transfer attachments from one policy set to another policy set. This command detaches each Web service from the source policy set and attaches those Web services to the destination policy set. The destination policy set must have the same set of enabled policy types as the source policy set.
- Enter the following command to transfer all attachments:
AdminTask.transferAttachmentsForPolicySet('[-sourcePolicySet PolicySet1 -destinationPolicySet PolicySet2]')The command returns a success or failure message.
- Save the configuration changes. Enter the following command to save the changes:
AdminConfig.save()
Related tasks
Set attachments for the trust service
Set application and system policy sets for Web services using scripting
Create policy set attachments using wsadmin
Manage policy set attachments using wsadmin
Remove policy set attachments using wsadmin
Manage policy sets
Related
Search attached applications collection
PolicySetManagement