WAS v8.5 > Administer applications and their environment > Administer web services (generally applicable)

Manage policy sets

We can use policy sets, or assertions that define services, to simplify the web services configuration because policy sets group security and other web services settings into reusable units. We can use the dmgr console to create, modify, and delete custom policy sets.

Before creating policy sets, first identify the security and other requirements of the web service.

We can only use policy sets with JAX-WS applications that run on the Axis2 web service engine. We cannot use policy sets for JAX-RPC applications. We can use the dmgr console to view and manage policy sets. From the dmgr console, click Services > Policy sets > Application policy sets or Services > Policy sets > System policy sets. The Application policy sets collection displays a listing of the custom (if we have created custom policy sets) and default policy sets. Use the Application or System policy sets collection page to create, copy, delete, export, and import policy sets.

The following policy sets are ready for you to use as is.

• LTPA WSSecurity Default
• Kerberos V5 HTTPS default
• SSL WSTransaction

• Username SecureConversation

• Username WSSecurity default
• WS-Addressing default
• WSHTTPS default
• WS-I RSP ND
• WS-ReliableMessaging persistent

Depending on your assigned security role when security is enabled, you might not have access to text entry fields or buttons to create or edit configuration data. Review the administrative roles documentation to learn more about the valid roles for the application server.

• View policy sets .

  This topic describes the process of viewing and evaluating policy sets.

• Create policy sets .

  This topic describes two ways to create policy sets: creating new policy sets or copying and renaming policy set templates.

• Modify policy sets .

  This topic describes how to edit custom policy sets we have created.

• Importing policy sets .

  This topic describes how to import policy sets from the default repository or from a selected location.

• Export policy sets .

  This topic describes how to export policy sets.

• Delete policy sets .

  This topic describes how to delete custom policy sets. We can delete policy set templates and re-import them if needed.

• Manage policies in a policy set
  

  This topic describes how we can define policies with policy sets to secure messages.

• Define and managing policy set bindings
  

  This topic describes configuring custom binding configurations.

Results

Use these tasks, we can determine how to create a new policy set and verify whether we can reuse an existing policy set. We can configure a policy set, and define policies for that policy set.

Depending on how you are using policy sets, you might want to revisit some of the tasks listed in this topic to tweak the configuration for the policy set. We can also proceed to configure bindings for the policy set. See Defining binding information for policy sets.

Subtopics

• View policy sets
  We can use the dmgr console to view lists of policy sets. Policy sets can either be default policy sets that we cannot edit or custom policy sets that we have created and can edit. We can use policy sets, or assertions that define services, to simplify the web services configuration because policy sets group security and other web services settings into reusable units.
• Create policy sets
  We can use the dmgr console to either create a policy set by specifying all the necessary information or by copying an existing policy set that you rename. We can use policy sets, or assertions that define services, to simplify the web services configuration because policy sets group security and other web services settings into reusable units.
• Importing policy sets
  We can import predefined policy sets or import policy sets from a selected location using the dmgr console.
• Modify policy sets
  We can use the dmgr console to modify existing custom policy sets that we have created. If we have copied an existing default policy set or created a policy set yourself, we can always go back and make changes to them to make them better suit the changing needs of your business.
• Delete policy sets
  We can use the dmgr console to delete the default policy sets or the application specific policy sets that we have created.
• Define and managing policy set bindings
  Policy set bindings contain platform specific information, like keystore, authentication information or persistent information, required by a policy set attachment. Use this task to create and manage bindings.
• Attaching a policy set to a service artifact
  Attach a policy set to a service artifact, such as an application, service, endpoint or operation, to define the quality of services that are supported. Policy sets can define the policies for WS-Addressing, WS-Security, WS-ReliableMessaging, WS-Transaction, HTTP transport, Java Messaging Service (JMS) transport, and SSL transport.
• Attached deployed assets page
  Use this page to view assets that are attached to a policy set, detach or replace a policy set.
• Manage policies in a policy set
  When working with policy sets in the dmgr console, we can customize the included policies to ensure message security. We can enable, disable, customize, add, or delete policies from a policy set. With your policy sets, we can define policies for WS-Addressing, WS-Security, WS-ReliableMessaging, WS-Transaction, HTTP transport, Java Messaging Service (JMS) transport, and SSL transport. The policies for all but WS-Security are relatively straightforward to define.
• Export policy sets
  We can export policy sets between a client and a provider or between servers using the dmgr console.
• Implement policy sets for unmanaged clients
  Policy sets can simplify your quality of service configuration for web services by combining configuration settings for services like addressing, messaging, and security. To use policy sets in an unmanaged client, structure the policy sets in a way that is consumable by the client on the command-line invocation.
• Application policy sets page
  Use this page to manage policy sets. We can create, copy, export, and import policy sets. We can also view or delete existing policy sets. We can use policy sets, or assertions that define services, to simplify the web services configuration because policy sets group security and other web services settings into reusable units.
• Application policy set settings
  Use this page to view, create, enable or disable your policy sets. We can use policies, or assertions that define services, to simplify the web services configuration.
• Search attached applications page
  Use this page to search for applications and other resources that are attached to a specific policy set or to search for applications and other resources that have attached service resources.
• Map SCA abstract intents and managing policy sets
  Use this task topic to specify abstract intents that represent a quality of service (QoS) for a service or reference that uses the SCA web service binding. Most intents must be mapped to policy sets that can satisfy those intents during deployment to achieve the QoS required.
• Web services policy sets
  Policy sets are assertions about how services are defined. They are used to simplify your quality of service configuration for web services.
• Overview of migrating policy sets and bindings
  Policy sets are migrated during the product migration from v6.1 Feature Pack for Web Services or v7.0 to v8.0. This topic describes the different rules that apply to migrating policy sets and bindings. For information about migrating the version of the product that you are running, see migrating and coexisting.

Related

View service providers at the cell level
View the detail of a service provider and managing policy sets
Use WS-Policy to exchange policies in a standard format
Configure application and system policy sets for web services using wsadmin.sh
Create policy sets using wsadmin.sh
Create policy set attachments using wsadmin
Remove policy set attachments using wsadmin
Manage policy set attachments using wsadmin

Reference:

System policy set page
Service providers collection at the cell level
Service provider settings
Administrative roles

+

Search Tips   |   Advanced Search