Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)
SSLTransport policy and binding properties
Use the -attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the SSLTransport policy and policy set binding. Application and system policy sets can use the SSLTransport policy and binding.
Use the following commands and parameters in the PolicySetManagement group of the AdminTask object to customize your policy set configuration.
- Use the -attributes parameter for the getPolicyType and getBinding commands to view the properties for your policy and binding configuration.
To get an attribute, pass the property name to the getPolicyType or getBinding command.
- Use the -attributes parameter for the setPolicyType and setBinding commands to add, update, or remove properties from your policy and binding configurations.
To add or update an attribute, specify the property name and value. The setPolicyType and setBinding commands update the value if the attribute exists, or adds the attribute and value if the attribute does not exist.
To remove an attribute, specify the value as an empty string (""). The -attributes parameter accepts a properties object.
If a property name or value supplied with the -attributes parameter is not valid, then the setPolicyType and setBinding commands fail with an exception. The property that is not valid is logged as an error or warning in the SystemOut.log file. However, the command exception might not contain the detailed information for the property that caused the exception. When the setPolicyType and setBinding commands fail, examine the SystemOut.log file for any error and warning messages that indicate that the input for the -attributes parameter contains one or multiple properties that are not valid.
New feature: Beginning in WAS v8.0 you can configure the server to use the HPEL log and trace infrastructure instead of using SystemOut.log , SystemErr.log, trace.log, and activity.log files or native z/OS logging facilities. If you are using HPEL, you can access all of your log and trace information using the LogViewer command-line tool from your server profile bin directory. See the information about using HPEL to troubleshoot applications for more information on using HPEL.New feature:
For transitioning users: In WebSphere Application Server v7.0 and later, the security model was enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of the product. In the WAS v6.1 Feature Pack for Web Services, you can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In v7.0 and later, you can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, you can specify which of these bindings is the global default binding. You can also optionally specify general binding that are used as the default for an application server or a security domain. trns
To support a mixed-cell environment, WebSphere Application Server supports v7.0 and v6.1 bindings. General cell-level bindings are specific to v7.0 and later Application-specific bindings remain at the version that the application requires. When the user creates an application-specific binding, the application server determines the required binding version to use for application.
SSLTransport policy properties
Use the SSLTransport policy to ensure message security.
Configure the SSLTransport policy by specifying the following properties with the setPolicyType command:
outRequestSSLenabled
Whether to enable the SSL security transport for outbound service requests.
outAsyncResponseSSLenabled
Whether to enable the SSL security transport for asynchronous service responses.
inResponseSSLenabled
Whether to enable the SSL security transport for inbound service responses. The following setPolicyType command example sets values for all SSLTransport policy properties:
AdminTask.setPolicyType('[-policySet "WSHTTPS default" -policyType SSLTransport -attributes "[[inReponseSSLenabled yes][outAsyncResponseSSLenabled yes][outRequestSSLenabled yes]]"]')
SSLTransport binding properties
Use the SSLTransport policy type to ensure message security.
Configure the SSLTransport binding by specifying the following properties using the setBinding command:
outRequestwithSSL:configFile
outRequestwithSSL:configAlias
If you enable SSL outbound service requests, then these two attributes define the specific SSL security transport binding and location. The default value for the outRequestwithSSL:configFile attribute is the location of the ssl.client.props file. The default value for the outRequestwithSSL:configAlias attribute is NodeDefaultSSLSettings.
outAsyncResponsewithSSL:configFile
outAsyncResponsewithSSL:configAlias
If you enable SSL asynchronous service responses, then these two attributes define the specific SSL security transport binding and location. The default value for the outAsyncRequestwithSSL:configFile attribute is the location of the ssl.client.props file. The default value for the outAsyncRequestwithSSL:configAlias attribute is NodeDefaultSSLSettings.
inResponsewithSSL:configFile
inResponsewithSSL:configAlias
If you enable SSL inbound service responses, then these two attributes define the specific SSL security transport binding and location. The default value for the inResponsewithSSL:configFile attribute is the location of the ssl.client.props file. The default value for the inResponsewithSSL:configAlias property is NodeDefaultSSLSettings. The following setBinding command example sets values for all SSLTransport binding attributes:
AdminTask.setBinding('[-bindingLocation "" -bindingName cellWideBinding2 -policyType SSLTransport -attributes "[[inResponsewithSSL:configAlias NodeDefaultSSLSettings] [inResponsewithSSL:config properties_directory/ssl.client.props][outAsyncResponsewithSSL:configFile properties_directory/ssl.client.props] [outAsyncResponsewithSSL:configAlias NodeDefaultSSLSetings][outRequestwithSSL:configFile properties_directory/ssl.client.props][outRequestwithSSL:configAlias NodeDefaultSSLSettings]]"]')
WSHTTPS default policy set
Configure application and system policy sets for web services using wsadmin.sh
Use HPEL to troubleshoot applications
Related
PolicySetManagement command group