Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Welcome to scripting for web services > Configure web services applications using wsadmin.sh > Configure application and system policy sets for web services using wsadmin.sh

Create policy sets using wsadmin.sh

Create policy sets to centrally manage policies that are customized for your web services. Use wsadmin.sh, which supports the Jython and Jacl scripting languages, to create new policy sets, copy existing policy sets, or import a policy set configuration. You can also query for an existing policy set and respective attributes.

In order to complete this task, use the Administrator role with cell-wide access when administrative security is enabled.

There are three ways to create a new policy set using wsadmin.sh. We can create a new policy set and its configuration, copy an existing policy set, or import a policy set.

When you create a new policy set, add policies. If you copy an existing policy set, you can transfer the policies and attachments that are configured on the existing policy set. The command examples in this topic use batch mode syntax. We can use the -interactive option with all commands in the PolicySetManagement group.

Procedure

• Create a new policy set using the Jython scripting language.

  1. Start wsadmin.sh.
  2. Determine the policy requirements for your web services.

  3. Enter the command syntax to create a new policy set with a given name.

     Based on the configuration, there are two types of policy sets to create. We can use both application and system policy sets with JAX-WS applications. Use the -policySetType parameter to specify the type of policy set.

     To create an application policy set, specify application for the value of the -policySetType parameter.

     To create a policy set for the trust service, specify system or system/trust for the -policySetType parameter. For WS-MetadataExchange attachments, specify system for the -policySetType parameter. The -policySetType parameter is optional. The wsadmin tool creates an application policy set if the -policySetType parameter is not specified.

     Enter the following command to create an application policy set:

     AdminTask.createPolicySet('[-policySet PolicySet1 -description policySet_description]')
     

     Enter the following command to create a policy set for the trust service:

     AdminTask.createPolicySet('[-policySet PolicySet1 -description policySet_description -policySetType system]')
     

     The command returns a success or failure message.

  4. Add policies for your new policy set. Use this step to add a policy with default values for the specified policy set.

     Enter the following command to add and enable a policy:

     AdminTask.addPolicyType('[-policySet PolicySet1 -policyType policyType_name]')
     

     Enter the following command to add and disable a policy. Your configuration changes are contained within the policy set, but will have no effect on the system if the -enabled parameter is set to false.

     AdminTask.addPolicyType('[-policySet PolicySet1 -policyType policyType_name -enabled false]')
     

     The command returns a success or failure message. Repeat this step to create additional policies for the configuration.

  5. Save the configuration changes.

     Enter the following command to save your changes:

     AdminConfig.save()
     

• Copy an existing policy set using the Jython scripting language.

  1. Start wsadmin.sh.
  2. Determine the policy requirements for your web services.

  3. Enter the command syntax to copy an existing policy set:

     Set the -transferAttachments parameter to true to transfer the attachments from the existing policy set to the new policy set. The default value for the -transferAttachments parameter is false.

     Enter the following command to create the new policy set and to transfer the attachments of the existing policy set:

     AdminTask.copyPolicySet('[-sourcePolicySet existingPolicySet_name -newPolicySet PolicySet1
     -newDescription PolicySet1_description -transferAttachments true]')
     

     The command returns a success or failure message.

  4. Save the configuration changes.

     Enter the following command to save your changes:

     AdminConfig.save()
     

• Import a policy set from an archive file or import a default policy set using Jython.

  1. Start wsadmin.sh.
  2. Determine the policy requirements for your web services.
  3. Import a policy set.

     Use the importPolicySet command to import the archive file containing the policy set configuration of interest to the destination environment. Specify the verifyPolicySetType parameter to verify that the policy set to import matches a specific type. Set the value as application, system, or system/trust to specify the policy set type. We cannot import a policy set onto a server or client environment if the policy set already exists in the destination environment.

     For example, the following command creates a customSecureConversation policy set from the customSC.zip archive file:

     (Windows)

     AdminTask.importPolicySet('[-importFile C:\IBM\WebSphere\AppServer\bin\customSC.zip
     -verifyPolicySetType system/trust]')
     

     (AIX) (Solaris)

     AdminTask.importPolicySet('[-importFile /IBM/WebSphere/AppServer/bin/customSC.zip -verifyPolicySetType
      system/trust]')
     

     Additionally, you can also use the importPolicySet command to import a default policy set onto a server environment:

     AdminTask.importPolicySet('[-defaultPolicySet SecureConversation -policySet copyOfdefaultSC
      -verifyPolicySetType system]')
     

     The command returns a success or failure message.

  4. Save the configuration changes.

     Enter the following command to save your changes:

     AdminConfig.save()
     

Results

If you receive a success message after entering the commands, you can now manage a policy set that is customized for your web services applications. We can further configure the policy set and policies.

What to do next

Use the validatePolicySet command to validate your policy set configurations after modifying attributes for policies. For example, run to validate the PolicySet1 policy set:

AdminTask.validatePolicySet('-policySet PolicySet1')

Web services policy sets
Update policy set attributes using wsadmin.sh
Delete policy sets using wsadmin.sh
Add and remove policies using wsadmin.sh
Create policy sets

Related

PolicySetManagement command group

+

Search Tips   |   Advanced Search