Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)


PolicySetManagement command group

Use the Jython or Jacl scripting languages to manage policy set configurations with wsadmin.sh. Use the commands and parameters in the PolicySetManagement group to create, delete, and manage policy set, policy, and policy set attachment configurations.

Before you use the commands in this topic, verify that you are using the most recent version of wsadmin.sh. The policy set management commands that accept a properties object as the value for the attributes or bindingLocation parameters are not supported on previous versions of wsadmin.sh. For example, the commands do not run on a v6.1.0.x node.

Use the following commands to manage policy set configurations:

Use the following commands to manage policy settings:

Use the following commands to manage policy set attachments:

Use the following commands to manage policy set bindings:



listPolicySets

The listPolicySets command returns a list of all existing policy sets. If administrative security is enabled, each user role can use this command.

Target object None


Optional parameters

-policySetType

Type of policy set. Specify application to display application policy sets. Specify system to display system policy sets for trust service or WS-MetadataExchange attachments. Specify system/trust to display the policy sets for the trust service. Specify default to display the default policy sets. The default value for this parameter is application. (String, optional)

-fromDefaultRepository

Whether to use the default repository. (Boolean, optional)


Return value

The command returns a list of all existing policy sets. Each entry in the list is the name of a policy set.


Batch example...


Interactive example...



getPolicySet

The getPolicySet command returns general attributes, such as description and default indicator, for the specified policy set. If administrative security is enabled, each user role can use this command.

Target object None

Required parameters

-policySet

Policy set name. For a list of all policy set names, use the listPolicySets command. (String, required)


Optional parameters

-isDefaultPolicySet

Whether to display a default policy set. The default value is false. (Boolean, optional)

-fromDefaultRepository

Whether to use the default repository. (Boolean, optional)


Return value

The command returns a list of attributes for the specified policy set name.


Batch example...


Interactive example...



createPolicySet

The createPolicySet command creates a new policy set. Policies are not created with the policy set. The default indicator is set to false.

If administrative security is enabled, use the Administrator role to create policy sets.

Target object None


Required parameters

-policySet

Name of the policy set. (String, required)


Optional parameters

-description

Adds a description for the policy set. (String, required)

-policySetType

Type of policy set. When the value is application, the command creates application policy sets. When the value is system, the command creates a policy set that you can use for trust service or WS-MetadataExchange attachments. When the value is system/trust, the command creates a policy set for the trust service. The default value for this parameter is application. (String, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



copyPolicySet

The copyPolicySet command creates a copy of an existing policy set. By default, the policy set attachments are transferred to the new policy set.

If administrative security is enabled, use the Administrator role to copy policy sets.

Target object None


Required parameters

-sourcePolicySet

Name of the existing policy set to copy. (String, required)

-newPolicySet

Name of the new policy set you are creating. (String, required)

-newDescription

Specifies a description for the new policy set. (String, required)


Optional parameters

-transferAttachments

If this parameter is set to true, all attachments transfer from the source policy set to the new policy set. The default value is false. (Boolean, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



deletePolicySet

The deletePolicySet command deletes the specified policy set. If attachments exist for the policy set, the command returns a failure message.

If administrative security is enabled, use the Administrator role to delete policy sets.

Target object None


Required parameters

-policySet

Name of the policy set to delete. (String, required)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



updatePolicySet

The updatePolicySet command enables you to input an attribute list to update the policy set. We can use this command to update all attributes for the policy set, or a subset of attributes.

If administrative security is enabled, use the Administrator role to update policy set configurations.

Target object None


Required parameters

-policySet

Name of the policy set to update. (String, required)

-attributes

Specifies a properties object that contains the attributes to update for the specified policy set. (Properties, required)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



addPolicyType

The addPolicyType command adds a policy with default values for the specified policy set. We must indicate whether to enable or disable the added policy.

If administrative security is enabled, use the Administrator role to add policies.

Target object None


Required parameters

-policySet

Name of the policy set to update. (String, required)

-policyType

Name of the policy to add to the policy set. (String, required)

-enabled

If this parameter is set to true, new policy is enabled in the policy set. If this parameter is set to false, the configuration is contained within the policy set but the configuration does not have an effect on the system. (Boolean, required)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



deletePolicyType

The deletePolicyType command deletes a policy from a policy set.

If administrative security is enabled, use the Administrator role to remove policies from the configuration.

Target object None


Required parameters

-policySet

Name of the policy set to update. (String, required)

-policyType

Name of the policy to remove from the policy set. (String, required)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



validatePolicySet

The validatePolicySet command validates the policy set configuration.

If administrative security is enabled, use the Administrator role to validate policy sets.

Target object None


Required parameters

-policySet

Policy set to update. (String, required)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



exportPolicySet

The exportPolicySet command exports a policy set as an archive that can be copied onto a client environment.

If administrative security is enabled, use the Administrator role to export policy sets.

Target object None


Required parameters

-policySet

Policy set to export. (String, required)

-pathName

Path name of the archive file to create. (String, required)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



importPolicySet

The importPolicySet command imports a policy set from a compressed archive file or from a selection of default policy sets onto the server environment.

If administrative security is enabled, use the Administrator role to import policy sets.

Target object None


Optional parameters

-importFile

Path name of the archive file to import. (String, optional)

-defaultPolicySet

Name of the default policy set to import. (String, optional)

-policySet

Name to assign to the new policy set. If you do not specify this parameter, the system uses the original name of the policy set. (String, optional)

-verifyPolicySetType

Specifies that the policy set type to import matches a specific type. Specify system or system/trust to verify that the policy set to import is a type of system policy set, including trust service policy sets. Specify application to verify that the policy set is an application policy set. (String, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



listPolicyTypes

The listPolicyTypes command returns a list of the names of the policies configured on the system. The input parameters allow you to list each policy type configured in the system, the policy types configured in a policy set, or the policy types in a binding.

If administrative security is enabled, each administrative role can list policy types.

Target object None


Optional parameters

-policySet

Name of the policy set to query for policies. If the policy set is not specified, the command lists all policies defined in the configuration. (String, optional)

-bindingLocation

Location of the binding. This value is cell-wide default binding, server-specific default binding, or attachment-specific binding. Specify the bindingLocation parameter as a properties object following these guidelines:

  • For cell-wide default binding, use a null or empty properties.

  • For server-specific default binding, specify the node and server names in the properties. The property names are node and server. Server-specific default bindings are deprecated.

  • For attachment-specific binding, specify the application name and attachment ID in the properties. The property names are application and attachmentId.

  • For system/trust bindings, set the systemType property as trustService.

  • For trust client bindings, specify the systemType property as trustClient. In addition, specify the attachment ID. If the bindings are for a specific application, also specify the application property.

  • For WSNClient binding, specify the bus name, service name, and attachment ID in the properties. The property names are bus, WSNService, and attachmentId.

(Properties, optional)

-attachmentType

Whether the attachment type is an application binding, client binding, trust service binding, trust client binding, or WS-Notification client binding. (String, optional)

For transitioning users: Even though you can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-bindingName

Specifies a specific general binding. If you specify this parameter, the system displays policy types in the specific binding. (String, optional)

-fromDefaultRepository

Whether to use the default repository. (Boolean, optional)


Return value

The command returns a list of policy types.


Batch example...


Interactive example...



getPolicyType

The getPolicyType command returns the attributes for a specified policy.

If administrative security is enabled, each administrative role can query attributes for policies.

Target object None


Required parameters

-policySet

Name of the policy set to query. (String, required)

-policyType

Name of the policy of interest. (String, required)


Optional parameters

-attributes

Specific attributes to display. If this parameter is not used, the command returns all attributes for the specified policy. (String[], optional)

-fromDefaultRepository

Whether to use the default repository. (Boolean, optional)


Return value

The command returns a properties object containing the policy attributes.


Batch example...


Interactive example...



setPolicyType

The setPolicyType command updates the attributes of a specified policy. The admin console command assistance provides incorrect Jython syntax for the setPolicyType command. The XPath expression for the response message part protection of the Username WSSecurity policy set contains single quotes (') within each XPath property value, which Jython does not support.

To fix the command from the admin console command assistance, add a backslash character (\) before each single quote to escape the single quote.

Also, if you are using a Jython script to update the attributes, the brackets should not be included to get a list of elements and not a list of strings.

If administrative security is enabled, use the Administrator role to configure policies.

Target object None


Required parameters

-policySet

Name of the policy set of interest. (String, required)

-policyType

Name of the policy of interest. (String, required)

-attributes

Specific attributes to be updated. The properties could include all of the policy attributes or a subset of attributes. (Properties, required)


Optional parameters

-replace

Indicates whether the new attributes provided from the command replace the existing policy attributes. For policies with complex data, you can remove optional parts of the configuration when necessary. Use this parameter to get all attributes, perform edits, and replace the binding configuration with the edited data. The default value is false. (Boolean, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



getPolicyTypeAttribute

The getPolicyTypeAttribute command returns the value for the specified policy attribute.

If administrative security is enabled, each administrative role can query policy type attribute values.

Target object None

Required parameters

-policySet

Name of the policy set of interest. (String, required)

-policyType

Name of the policy of interest. (String, required)

-attributeName

Name of the attribute of interest. (String, required)

-fromDefaultRepository

Whether to use the default repository. (Boolean, optional)


Optional parameters

-fromDefaultRepository

Whether to use the default repository. (Boolean, optional)


Return value

The command returns a string that contains the value of the specified attribute.


Batch example...


Interactive example...



setPolicyTypeAttribute

The setPolicyTypeAttribute command sets the value for the specified policy attribute.

If administrative security is enabled, use the Administrator role to configure policy attributes.

Target object None

Required parameters

-policySet

Name of the policy set of interest. (String, required)

-policyType

Name of the policy of interest. (String, required)

-attributeName

Name of the attribute of interest. (String, required)

-attributeValue

Value of the attribute of interest. (String, required)


Return value

If the attribute is successfully added to the policy, the command returns the true string value.


Batch example...


Interactive example...



getPolicySetAttachments

The getPolicySetAttachments command lists the properties for all policy set attachments configured in a specified application.

If administrative security is enabled, each administrative role can query for policy set attachments.

Target object None


Optional parameters

-applicationName

Name of the application to query for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required to query for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though you can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-expandResources

Provides expanded information that details the attachment properties for each resource. If you set this parameter to the name of the service, only the resources for that web service are returned. If you specify an asterisk ( * ) character, expanded information for all your Web services is returned. This parameter is valid if the value for the -attachmentType parameter is set to provider or client. (String, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)

-serviceRef

Name of the service reference for which the attachments are returned. If specified, only attachments for the service reference are returned. This parameter is only valid when the expandResources parameter value is the name of your service and when the attachmentType parameter is set to client. (String, optional)


Return value

The command returns a list of properties for each attachment in the application, including the policy set name, attachment ID, and resource list. If you specify the expandResources parameter, the command returns the resource, attachmentId, policySet, binding, and directAttachment properties. If a resource is not attached to a policy set, then the system only displays the resource property. The binding property only exists if the attachment contains a custom binding.


Batch example...

The following examples return policy set attachments information for the specified service reference, myServiceRef. The examples return detailed resource information for the logical endpoints or operations for each service reference because the -expandResource parameter is specified.


Interactive example...



createPolicySetAttachment

The createPolicySetAttachment command creates a new policy set attachment for an application.

When administrative security is enabled, verify that you use the correct administrative role:

Administrative roles. This table describes the administrative roles and associated authorization when administrative security is enabled.

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to create policy set attachments. If we have access to a specific resource only, you can create policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to create policy set attachments. If we have access to a specific resource only, you can create policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can create policy set attachments for application resources only.
Operator The Operator role cannot create policy set attachments.
Monitor The Monitor role cannot create policy set attachments.

Target object None


Required parameters

-resources

Name of the application resources to attach to the policy set. (String[], required)


Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though you can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-dynamicClient

Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)

-inheritFromService

Whether the resources for the service reference inherit the policy set attachments of the associated service. Use this parameter for service reference attachments only. The default value for this parameter is true. (Boolean, optional)

-policySet

Name of the policy set to attach. This parameter is required unless the resource specifies a service reference and the inheritFromService parameter is specified. If the policySet parameter is not specified and the inheritFromService parameter isfalse, all attachments for the service reference are removed, and the service reference does not have a policy set attachment. If the policySet parameter is not specified and the inheritFromService parameter is true, all attachments for the service reference are removed, and the service reference inherits the policy of the service. (String, optional)


Return value

The command returns a string with the ID of the new attachment.


Batch example...


Interactive example...

Mixed-version environment: In a mixed cell environment, not create service reference attachments or resource attachments specified in name-value pair format for applications that are deployed on an application server that is prior to WAS Version 8. Service reference attachments are only supported on WAS V8 and later.

New feature: In a mixed cell environment, not create attachments to policy sets containing CustomProperties policy for applications that are deployed on an application server that is prior to WAS v8. The CustomProperties policy is only supported on WAS V8 and later. mixv


updatePolicySetAttachment

The updatePolicySetAttachment command updates the resources that apply to a policy set attachment.

When administrative security is enabled, verify that you use the correct administrative role:

Administrative roles. This table describes the administrative roles and associated authorization when administrative security is enabled.

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to configure policy set attachments. If we have access to a specific resource only, you can configure policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to configure policy set attachments. If we have access to a specific resource only, you can configure policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can configure policy set attachments for application resources only.
Operator The Operator role cannot configure policy set attachments.
Monitor The Monitor role cannot configure policy set attachments.

Target object None


Required parameters

-attachmentId

Name of the attachment to update. (String, required)

-resources

Names of the application resources to attach to the policy set. A resource for a service reference cannot be included in the same attachment as a resource for a service. (String, required)


Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though you can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-dynamicClient

Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...

Mixed-version environment: In a mixed cell environment, not create service reference attachments or resource attachments specified in name-value pair format for applications that are deployed on an application server that is prior to v8.0. Service reference attachments are only supported on v8.0 and later.

New feature: In a mixed cell environment, not create attachments to policy sets containing CustomProperties policy for applications that are deployed on an application server that is prior to WAS v8. The CustomProperties policy is only supported on WAS V8 and later. mixv


addToPolicySetAttachment

The addToPolicySetAttachment command adds additional resources that apply to a policy set attachment.

When administrative security is enabled, verify that you use the correct administrative role:

Administrative roles. This table describes the administrative roles and associated authorization when administrative security is enabled.

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to add resources to policy set attachments. If we have access to a specific resource only, you can add resources to policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to add resources to policy set attachments. If we have access to a specific resource only, you can add resources to policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can add resources to policy set attachments for application resources only.
Operator The Operator role cannot add resources to policy set attachments.
Monitor The Monitor role cannot add resources to policy set attachments.

Target object None


Required parameters

-attachmentId

Name of the attachment to update. (String, required)

-resources

Names of the application resources to attach to the policy set. A resource for a service reference cannot be included in the same attachment as a resource for a service. (String, required)


Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though you can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-dynamicClient

Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...

Mixed-version environment: In a mixed cell environment, not create service reference attachments or resource attachments specified in name-value pair format for applications that are deployed on an application server that is prior to v8.0. Service reference attachments are only supported on v8.0 and later.

New feature: In a mixed cell environment, not create attachments to policy sets containing CustomProperties policy for applications that are deployed on an application server that is prior to WAS v8. The CustomProperties policy is only supported on WAS V8 and later. mixv


removeFromPolicySetAttachment

The removeFromPolicySetAttachment command removes resources that apply to a policy set attachment.

When administrative security is enabled, verify that you use the correct administrative role:

Administrative roles. This table describes the administrative roles and associated authorization when administrative security is enabled.

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to remove resources from policy set attachments. If we have access to a specific resource only, you can remove resources for which you have access.
Configurator The Configurator role must have cell-wide access to remove resources from policy set attachments. If we have access to a specific resource only, you can remove the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can remove resources from policy set attachments for application resources only.
Operator The Operator role cannot remove resources from policy set attachments.
Monitor The Monitor role cannot remove resources from policy set attachments.

Target object None


Required parameters

-attachmentId

Name of the attachment to remove. (String, required)

-resources

Names of the application resources to attach to the policy set. (String, required)


Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though you can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



deletePolicySetAttachment

The deletePolicySetAttachment command removes a policy set attachment from an application.

When administrative security is enabled, verify that you use the correct administrative role:

Administrative roles. This table describes the administrative roles and associated authorization when administrative security is enabled.

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, you can delete policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, you can delete policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can delete policy set attachments for application resources only.
Operator The Operator role cannot delete policy set attachments.
Monitor The Monitor role cannot delete policy set attachments.

Target object None


Required parameters

-attachmentId

Name of the attachment to delete. (String, required)


Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though you can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



listAssetsAttachedToPolicySet

The listAssetsAttachedToPolicySet command lists the applications or WS-Notification service clients to which a specific policy set is attached.

If administrative security is enabled, each administrative role can list applications that are attached to policy sets.

Target object None


Required parameters

-policySet

Name of the policy set of interest. (String, required)


Optional parameters

-attachmentType

Type of policy set attachments. The value for this parameter must be provider, client, WSNClient, WSMex, cuProvider, cuClient, binding or all. The default value is all. (String, optional)


Return value

The command returns a list of properties that describe each asset. Each properties object contains the assetType property, which specifies the type of asset.

Batch mode example usage


Interactive example...



listAttachmentsForPolicySet

The listAttachmentsForPolicySet command lists the applications to which a specific policy set is attached.

If administrative security is enabled, each administrative role can query for policy set attachments.

Target object None

Required parameters

-policySet

Name of the policy set of interest. (String, required)


Optional parameters

-attachmentType

Type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)


Return value

The command returns a list of application names.


Batch example...


Interactive example...



deleteAttachmentsForPolicySet

The deleteAttachmentsForPolicySet command removes all attachments for a specific policy set.

When administrative security is enabled, verify that you use the correct administrative role:

Administrative roles. This table describes the administrative roles and associated authorization when administrative security is enabled.

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, you can delete policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, you can delete policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can delete policy set attachments for application resources only.
Operator The Operator role cannot delete policy set attachments.
Monitor The Monitor role cannot delete policy set attachments.

Target object None


Required parameters

-policySet

Name of the policy set from which to remove the attachments. (String, required)


Optional parameters

-applicationName

Name of the application of interest. The command only deletes attachments for the application of interest if you specify this parameter. (String, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. We can specify values for the bus and WSNService properties. (Properties, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



transferAttachmentsForPolicySet

The transferAttachmentsForPolicySet command transfers all attachments from one policy set to another policy set.

When administrative security is enabled, verify that you use the correct administrative role:

Administrative roles. This table describes the administrative roles and associated authorization when administrative security is enabled.

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to transfer policy set attachments. If we have access to a specific resource only, you can transfer policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to transfer policy set attachments. If we have access to a specific resource only, you can transfer policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can transfer policy set attachments for application resources only.
Operator The Operator role cannot transfer policy set attachments.
Monitor The Monitor role cannot transfer policy set attachments.

Target object None


Required parameters

-sourcePolicySet

Source policy set from which to copy attachments. (String, required)

-destinationPolicySet

Name of the policy set to which the attachments are copied. (String, required)


Optional parameters

-applicationName

Name of the application of interest. The command only transfers attachments for the application of interest if you specify this parameter. (String, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. We can specify values for the bus and WSNService properties. (Properties, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



listSupportedPolicySets

The listSupportedPolicySets command returns a list of supported policy sets to attach to your web services resources. If administrative security is enabled, each user role can use this command.

Target object None


Required parameters

-assetProps

Name of the asset of interest. Specify the name of the application as the value for the application property. (Properties, required)

Supported property and value pairs for the parameter are:

Property Value
application Application name, such as myApplication
WS-Notification service client:

  • bus

  • WSNService

Service client names:

  • Bus name, such as: bus1

  • Service name, such as service1

Trust service resource:

  • systemType

Service resoure name:

  • trustService

SCA business-level application resource:

  • blaName

  • cuName

Resource names:

  • business-level application name, such as myBLA

  • composition unit name, such as compositionUnit1


Return value

The command returns a list of supported policy sets. Each entry in the list is the name of a policy set.


Batch example...


Interactive example...



getBinding

The getBinding command returns the binding configuration for a specified policy and scope. We can use the getBinding command to return a list of available custom bindings, which includes bindings that are and are not referenced by attachments.

If administrative security is enabled, each administrative role can query for binding configuration information.

For transitioning users: In WebSphere Application Server v7.0 and later, the security model was enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of the product. In the WAS v6.1 Feature Pack for Web Services, you can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In v7.0 and later, you can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, you can specify which of these bindings is the global default binding. You can also optionally specify general binding that are used as the default for an application server or a security domain. trns

To support a mixed-cell environment, WebSphere Application Server supports v7.0 and v6.1 bindings. General cell-level bindings are specific to v7.0 and later Application-specific bindings remain at the version that the application requires. When the user creates an application-specific binding, the application server determines the required binding version to use for application.

Target object None


Required parameters

-policyType

Policy of interest. (String, required)

-bindingLocation

Location of the binding. (Properties, required)

Specify the bindingLocation parameter as a properties object following these guidelines:

  • For WAS Version 7.0 and later server default bindings, specify a null or empty properties. Use the bindingName parameter to identify the binding location.

  • For attachment-specific bindings, specify the application name and attachment ID in the properties. The property names are application and attachmentId.

  • For WSNClient bindings, specify the bus name, service name, and attachment ID in the properties. The property names are bus, WSNService, and attachmentId. If you specify an asterisk character (*) as the attachment ID, then the command returns the list of binding names that corresponds to the attachment type of interest.

  • For system/trust bindings, specify the systemType property as trustService.


Optional parameters

-attachmentType

Type of policy set attachment. Use this parameter to distinguish between types of attachment custom bindings. (String, optional)

For transitioning users: Even though you can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attributes

Names of the attributes to return. If this parameter is not specified, the command returns all attributes. (String, optional)

-bindingName

Binding name of interest. Specify this parameter to display a general cell-level binding or a custom attachment binding. (String, optional)


Return value

The command returns a properties object that contains the requested configuration attributes for the policy binding.


Batch example...


Interactive example...



setBinding

The setBinding command updates the binding configuration for a specified policy. Use this command to add a server-specific binding, update an attachment to use a custom binding, edit binding attributes, or to remove a binding configuration.

When administrative security is enabled, verify that you use the correct administrative role:

Administrative roles. This table describes the administrative roles and associated authorization when administrative security is enabled.

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to configure bindings. If we have access to a specific resource only, you can configure custom bindings for the resource for which we have access. The Administrator role is the only role that can modify binding configurations.
Configurator The Configurator role must have cell-wide access to assign and unassign bindings. If we have access to a specific resource only, you can assign and unassign bindings for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can assign or unassign bindings for application resources only.
Operator The Operator role cannot configure bindings.
Monitor The Monitor role cannot configure bindings.

For transitioning users: In WebSphere Application Server v7.0 and later, the security model was enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of the product. In the WAS v6.1 Feature Pack for Web Services, you can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In v7.0 and later, you can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, you can specify which of these bindings is the global default binding. You can also optionally specify general binding that are used as the default for an application server or a security domain. trns

To support a mixed-cell environment, WebSphere Application Server supports v7.0 and v6.1 bindings. General cell-level bindings are specific to v7.0 and later Application-specific bindings remain at the version that the application requires. When the user creates an application-specific binding, the application server determines the required binding version to use for application.

Target object None


Required parameters

-bindingLocation

Location of the binding. (Properties, required)

Specify the bindingLocation parameter as a properties object following these guidelines:

  • For WAS Version 7.0 and later server default bindings, specify a null or empty properties. Use the bindingName parameter to identify the binding location.

  • For attachment-specific, specify the application name and attachment ID in the properties. The property names are application and attachmentId.

  • For WSNClient bindings, specify the bus name, service name, and attachment ID in the properties. The property names are bus, WSNService, and attachmentId. If you specify an asterisk character (*) as the attachment ID, then the command returns the list of binding names that corresponds to the attachment type of interest.

  • For system/trust bindings, set the systemType property as trustService.

-policyType

Policy of interest. (String, required)


Optional parameters

-attachmentType

Type of policy set attachment. Use this parameter to distinguish between types of attachment custom bindings. (String, optional)

For transitioning users: Even though you can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attributes

Attribute values to update. This parameter can include all binding attributes for the policy or a subset to update. If the attributes parameter is not specified, the command only updates the binding location used by the specified attachment. (Properties, optional)

-bindingName

Name for the binding. Specify this parameter to assign a new name to an attachment binding or cell-level binding. A name is generated if it is not specified. (String, optional)

-domainName

Domain name for the binding. This parameter is required when using the command to create and scope a binding to a specific domain other than the administrative security domain. The default value is global. (String, optional)

-replace

Whether to replace all of the existing binding attributes with the attributes specified in the command. Use this parameter to remove optional parts of the configuration for policies with complex data. The default value is false. (Boolean, optional)

-remove

Whether to remove a server-specific default binding or to remove a custom binding from an attachment. We cannot remove cell-level default binding. The default value is false. (Boolean, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



getDefaultBindings

The getDefaultBindings command displays the provider and client default bindings if the bindings are set. If the command does not return output, then the system default binding is the current default.

If administrative security is enabled, each administrative role can query for default bindings.

Target object None


Optional parameters

-bindingLocation

Location of the binding. Specify the bindingLocation parameter as a properties object with values for the node and server properties. (Properties, optional)

-domainName

Domain name for the binding of interest. This parameter is required if the domain of interest is not in the global security domain and you did not specify the bindingLocation parameter. The bindingLocation and domainName parameters are mutually exclusive. The default value is global. (String, optional)


Return value

The command returns a properties object that contains the names of the provider and client default bindings, if the bindings are set.


Batch example...


Interactive example...



getRequiredBindingVersion

The getRequiredBindingVersion command displays the version number of the binding for a specific application.

Target object None


Optional parameters

-assetProps

Name of the application of interest. (Properties, optional)


Return value

The command returns the binding version number as a number, such as 7.0.0.0 or 6.1.0.0.


Batch example...


Interactive example...



setDefaultBindings

The setDefaultBindings command to set a binding as the default binding.

If administrative security is enabled, use the Administrator role with cell-wide access to configure bindings. If you use the Administrator role and do not have cell-wide access, you can only configure bindings on resources for which we have access.

Target object None


Required parameters

-defaultBindings

Names of the default bindings for the provider, client, or both. (Properties, required)


Optional parameters

-bindingLocation

Location of the binding. Specify the bindingLocation parameter as a properties object with values for the node and server properties. (Properties, optional)

-domainName

Domain name for the binding of interest. This parameter is required if the domain of interest is not in the global security domain and you did not specify the bindingLocation parameter. The bindingLocation and domainName parameters are mutually exclusive. The default value is global. (String, optional)


Return value

The command returns a value of true if the command successfully sets the default binding.


Batch example...


Interactive example...



exportBinding

The exportBinding command export a general, cell-level binding to an archive file. We can copy this file to a client environment or import the archive to a server environment.

If administrative security is enabled, use the Administrator role with cell-wide access to export bindings.

Target object None


Required parameters

-bindingName

Name of the binding to assign as the default binding. If not specified, the system specifies the system default as the default binding. (String, required)

-pathName

File path for the archive file to create. (String, required)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



importBinding

The importBinding command imports a general, cell-level binding from a compressed archive file to a server environment.

If administrative security is enabled, use the Administrator role with cell-wide access to import bindings.

Target object None


Required parameters

-pathName

File path for the archive file to import. (String, required)


Optional parameters

-bindingName

Name of the binding to assign as the imported binding. If not specified, the system specifies the binding name in the archive file. (String, optional)

-domainName

Specifies a new name of the domain of the binding to import. If not specified, uses the domain specified in the archive file. (String, optional)

-verifyBindingType

Verifies that the type of binding to import matches a specific binding type. Specify provider to verify that the binding to import is a provider binding, or specify client to verify that it is a client binding. (String, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



copyBinding

The copyBinding command creates a new general, cell-level binding from an existing binding.

If administrative security is enabled, use the Administrator role with cell-wide access to copy bindings.

Target object None


Required parameters

-sourceBinding

Name of the existing binding that the system uses to create the new binding. (String, required)

-newBinding

Name of the binding to create. (String, required)


Optional parameters

-newDescription

Description text for the new binding. (String, optional)

-domainName

Domain name for the binding. This parameter is only required if you scope the binding to a domain other than the domain of the source binding. (String, optional)


Return value

The command returns a success or failure message.


Batch example...


Interactive example...



upgradeBindings

The upgradeBindings command upgrades application bindings for a specific asset to the latest version.

If administrative security is enabled, you must use the Administrator role with cell-wide access to import bindings.

Target object None


Required parameters

-assetProps

Name of the asset of interest. Specify the name of the application as the value for the application property. (Properties, required)


Optional parameters None


Return value

The command returns a success or failure message.

Batch mode example usage


Interactive example...


Web services policy sets
Configure application and system policy sets for web services using wsadmin.sh
Create policy sets using wsadmin.sh
Add and remove policies using wsadmin.sh
Delete policy sets using wsadmin.sh
Create policy set attachments using wsadmin
Manage policy set attachments using wsadmin
Manage policy set attachments for service references using wsadmin
Remove policy set attachments using wsadmin


Related


Policy configuration properties for all policies

+

Search Tips   |   Advanced Search