Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Welcome to scripting for web services > Configure web services applications using wsadmin.sh > Configure application and system policy sets for web services using wsadmin.sh
Manage policy set attachments for service references using wsadmin.sh
Use wsadmin.sh to manage your policy set attachment configurations for services and service references. Use the Jython or Jacl scripting language to list all attachments and attachment properties, add or remove resources for an existing attachment, and transfer attachments across policy sets.
When administrative security is enabled, verify that you use the correct administrative role:
Administrative roles. The administrative role determines if you can manage policy set attachments.
Administrative role Authorization Administrator The Administrator role must have cell-wide access to manage policy set attachments. If we have access to a specific resource only, you can manage policy set attachments for the resource for which we have access. Configurator The Configurator role must have cell-wide access to manage policy set attachments. If we have access to a specific resource only, you can manage policy set attachments for the resource for which we have access. Deployer The Deployer role with cell-wide or resource-specific access can manage policy set attachments for application resources only. Operator The Operator role cannot manage policy set attachments. Monitor The Monitor role cannot manage policy set attachments. Policy set attachments define how a policy set is attached to resources and binding configurations.
Application components including application clients, web modules, and EJB modules, can define references to external web services by using logical names called web service references. Before v8, web service references always inherited the policy set attachment of the web service.
New feature: In v8, you can specify a policy set and binding for a service reference that is different from the policy set attachment for the service. In addition, you can indicate to not attach a policy set to a service reference, even if a policy set is attached to the service. The default behavior is that a service reference, as well as its endpoints and operations, inherits the policy set attachment of the corresponding resources of the service. Service references are only valid for the client attachment type.New feature:
Mixed-version environment: In a mixed cell environment, the following limitations apply to service reference attachments or resource attachments specified in name-value pair format:
- We must not create these types of attachments for applications that are deployed on an application server that is prior to WebSphere Application Server v8. Service reference attachments are only supported on WAS V8 and later.
- An application that contains these types of attachments must not be deployed on an application server that is prior to WAS v8.
- If an application that is deployed in a cluster environment contains these types of attachments, not add a member application server that is prior to WAS v8 to the cluster.
mixv
Procedure
- Query the configuration for policy set attachments and attachment properties.
Before making configuration changes to your policy set attachments, use the listAttachmentsForPolicySet and getPolicySetAttachments commands to view current configuration information about your policy set attachments.
- Start wsadmin.sh.
- Use the listAttachmentsForPolicySet command to view all applications to which a specific policy set is attached; for example:
AdminTask.listAttachmentsForPolicySet('[-policySet PolicySet1 –attachmentType client]')- Use the getPolicySetAttachments command to view the properties for all policy set attachments in a specified application; for example:
AdminTask.getPolicySetAttachments('[-applicationName application1 –attachmentType client]')
- Determine the assets to which a specific policy set is attached.
Use the listAssetsAttachedToPolicySet command to display the assets that are attached to the policy set of interest, as the following example demonstrates:
AdminTask.listAssetsAttachedToPolicySet('[-policySet SecureConversation]')The command returns a list of properties that describe each asset. Each properties object contains the assetType property, which specifies the type of asset.
- Use the createPolicySetAttachment command to create the policy set attachment.
For the commands in the PolicySetManagement group, the term, resource, refers to a web service artifact. For service references, use name-value pairs to specify the resource name. We can also use this format instead of the application hierarchy format to specify service resources.
The following format for application and client.policy set attachments is required for service reference resources. For resources that are not service references, you can use either this format or the format specified in the managing policy set attachments using wsadmin documentation. Use the following format for application and client.policy set attachments:
- type=WebService:/
Attaches all artifacts in the application to the policy set.
- type=WebService:/,module=myModule.war,service={ http://www.mynamespace.com}myService
Attaches all artifacts within the web service, {http://www.mynamespace.com}myService, to the policy set. We must provide a fully qualified name (QName) for the service.
- type=WebService:/,module=myModule.war,service={ http://www.mynamespace.com }myService,serviceRef=myServiceRef
Attaches all artifacts within the web service reference, myServiceRef, to the policy set.
- type=WebService:/,module=myModule.war,service={namespace}myService,serviceRef=myServiceRef,endpoint=endpointA
Attaches all operations for the service reference, endpointA, endpoint in the service reference, myServiceRef, to the policy set.
- type=WebService:/,module=myModule.war,service={namespace}myService,serviceRef=myServiceRef,endpoint=endpointA,operation=operation1
Attaches only the operation1 operation in the service reference,
myServiceRef, to the policy set.
Use the inheritFromService parameter and specify either true or false to indicate whether to inherit the policy set attachment from the service.
- If you specify a service reference resource with inheritFromService=false and no policySet parameter, all attachments for the service reference are removed and the service reference does not inherit the policy set attachments of the service.
- If you specify a service reference resource with inheritFromService=false and policySet= <policySetName>, an attachment for the service reference resource to the policy set is created. If you create an attachment to attach a service reference to a policy set, the service reference does not inherit the policy set of the service.
- If you specify a service reference resource with inheritFromService=true, the service reference inherits the attachments for the service. The inheritFromService parameter is only valid for service references. If no policySet parameter is specified, the inheritFromService parameter is only valid at the serviceRef level, not at the endpoint or operation level.
For example, to attach policy set PolicySet1 to all operations and endpoints for the service reference, run:
AdminTask.createPolicySetAttachment('[-resources "type=WebService:/,module=webapp1.war,service= {http://www.mynamespace.com}myService,serviceRef=myServiceRef" -applicationName application1 –attachmentType client -policySet PolicySet1 –inheritFromService false]')To specify that the service reference does not have a policy set attachment and does not inherit the policy set from the service, run:
AdminTask.createPolicySetAttachment('[-resources "type=WebService:/,module=webapp1.war,service= {http://www.mynamespace.com}myService,serviceRef=myServiceRef" -applicationName application1 –attachmentType client –inheritFromService false]')
- Modify resources that apply to a policy set attachment.
- Start wsadmin.sh.
- Determine the resource of interest, and review the command syntax for the updatePolicySetAttachment command.
- Modify the attachment.
For example, the policy set attachment is connected to the operation1 operation, which is a specific single operation.
To attach the 124 attachment to all operations for the endpointA endpoint in the service reference, run:
AdminTask.updatePolicySetAttachment('[-attachmentId 124 -resources "type=WebService:/,module=webapp1.war,service={http://www.mynamespace.com}myService,serviceRef=myServiceRef, endpoint=endpointA" -applicationName application1 –attachmentType client]')The updatePolicySetAttachment command replaces all existing resources for an attachment with the resources specified in the command. If you update an attachment to attach a service reference to a policy set, the service reference does not inherit the policy set of the service. We can also update your policy set attachments using the addToPolicySetAttachment command to add resources to an existing attachment, or you can also use the createPolicySetAttachment command to create an attachment for a specific resource. For more information about these commands reference the commands for the PolicySetManagement group . A resource for a service reference cannot be included in the same attachment as a resource for a service.
- Save the configuration changes.
Enter the following command to save your changes:
AdminConfig.save()
- Remove resources that apply to a policy set attachment.
- Start wsadmin.sh.
- Determine which resources to remove with the command. We can remove a resource for each web service artifact, each endpoint operation, or for a specific operation. In the following example, the command removes the newAttach attachment from operation1 in the service reference myPlantServiceRef, associated with the plantShop application and myPlantService service:
AdminTask.removeFromPolicySetAttachment('[-attachmentId newAttach -resources "type=WebService:/,module=webapp1.war,service={http://www.mynamespace.com}myPlantService, serviceRef=myPlantServiceRef,endpoint=endpointA,operation=operation1" -applicationName plantShop –attachmentType client]')The command returns a success or failure message.
- Save the configuration changes.
Enter the following command to save your changes:
AdminConfig.save()
- Transfer attachments from one policy set to another policy set. This command detaches each web service from the source policy set and attaches those web services to the destination policy set. The destination policy set must have the same set of enabled policy types as the source policy set.
- Enter the following command to transfer all attachments:
AdminTask.transferAttachmentsForPolicySet('[-sourcePolicySet PolicySet1 -destinationPolicySet PolicySet2]')The command returns a success or failure message.
- Save the configuration changes.
Enter the following command to save your changes:
AdminConfig.save()
Manage policy set attachments using wsadmin
Configure attachments for the trust service
Configure application and system policy sets for web services using wsadmin.sh
Create policy set attachments using wsadmin
Remove policy set attachments using wsadmin
Manage policy sets
Related
Search attached applications collection
PolicySetManagement command group