WAS v8.5 > Secure applications > Secure web services > Secure web services > Administer Web Services Security > Administer message-level security for JAX-WS web services > Secure requests to the trust service using system policy sets > Configure system policy setsDefine a new system policy set
Use policy sets, or assertions, to define system service operations, for the Web Services Security configuration. Whenever you create a new policy set, add policy types to the policy set. We can add HTTP Transport, WS-Addressing, WS-Security, and SSL Transport policy types to the system policy set collection.
A policy set specifies a set of common message policy assertions that can be specified within a policy. For example, a policy set can define general security policy assertions that apply to other protocols such as WS-Security, SOAP messages, Web Services Trust (WS-Trust), and Web Services Secure Conversation (WS-SecureConversation).
Use system policy sets with the trust service only. The requestor (client) must utilize JAX-WS only. Requestors which use Java API for XML-based remote procedure calls (JAX-RPC) are incompatible with the policy set QOS. Use the system policy sets to configure access to the WebSphere Application Server trust service. We can create and define a custom system policy set.
- Using the dmgr console, click Services > Policy sets > System policy sets .
- To create a system policy set and add a policy type, click New.
- Enter a name for the policy set in the Name field. The name must be unique for the new system policy set. For example: EcommerceTrustServiceSecurity
- Enter a brief description of the policy set in the Description field. This description displays in the System Policy Sets collection. The description should be descriptive enough for you and other potential users to identify the policy set.
- Click Apply to apply the name and description information.
- Click Add to add a trust policy by selecting one from the policies listed. The following policies are available to use for system policy sets:
- HTTP transport - for HTTP transport policies
- SSL transport - for HTTPS transport policies
- WS-Addressing - for endpoint addressing policies
- WS-Security - for secure SOAP messages policies
- Click Save to save directly to the master configuration.
Results
You have provided the basic information to create or modify a policy set. We can also create a new or update an existing policy set for the WAS trust service using wsadmin. The wsadmin tool examples are written in the Jython scripting language.
After creating or modifying a system policy set and adding the policy types, attach the policy set to an endpoint operation or attach it to one of the trust service default operations.
Related
Configure attachments for the trust service
Create policy sets using wsadmin.sh
Reference:
System policy set settings
System policy set page