WAS v8.5 > Script the application serving environment (wsadmin) > Welcome to scripting for web services > Configure web services applications using wsadmin.sh > Configure application and system policy sets for web services using wsadmin.sh

Create policy sets using wsadmin.sh

Create policy sets to centrally manage policies that are customized for the web services. Use wsadmin, which supports the Jython and Jacl scripting languages, to create new policy sets, copy existing policy sets, or import a policy set configuration. We can also query for an existing policy set and respective attributes.

To complete this task, use the Administrator role with cell-wide access when administrative security is enabled.

There are three ways to create a new policy set using wsadmin. We can create a new policy set and its configuration, copy an existing policy set, or import a policy set.

When creating a new policy set, add policies. If you copy an existing policy set, we can transfer the policies and attachments configured on the existing policy set. The command examples in this topic use batch mode syntax. We can use the -interactive option with all commands in the PolicySetManagement group.

• Create a new policy set using the Jython scripting language.
  1. Start the wsadmin scripting tool.
     

  2. Determine the policy requirements for the web services.

  3. Enter the command syntax to create a new policy set with a given name.

     Based on your configuration, there are two types of policy sets to create. We can use both application and system policy sets with JAX-WS applications. Use the -policySetType parameter to specify the type of policy set. To create an application policy set, specify application for the value of the -policySetType parameter. To create a policy set for the trust service, specify system or system/trust for the -policySetType parameter. For WS-MetadataExchange attachments, specify system for the -policySetType parameter. The -policySetType parameter is optional. The wsadmin tool creates an application policy set if the -policySetType parameter is not specified.

     Enter the following command to create an application policy set:

     AdminTask.createPolicySet('[-policySet PolicySet1 -description policySet_description]')

     Enter the following command to create a policy set for the trust service:

     AdminTask.createPolicySet('[-policySet PolicySet1 -description policySet_description -policySetType system]')

     The command returns a success or failure message.

  4. Add policies for the new policy set. Use this step to add a policy with default values for the specified policy set.

     Enter the following command to add and enable a policy:

     AdminTask.addPolicyType('[-policySet PolicySet1 -policyType policyType_name]')

     Enter the following command to add and disable a policy. Your configuration changes are contained within the policy set, but will have no effect on the system if the -enabled parameter is set to false.

     AdminTask.addPolicyType('[-policySet PolicySet1 -policyType policyType_name -enabled false]')

     The command returns a success or failure message. Repeat this step to create additional policies for the configuration.

  5. Save the configuration changes.

     Enter the following command to save your changes:

     AdminConfig.save()

• Copy an existing policy set using the Jython scripting language.
  1. Start the wsadmin scripting tool.
     

  2. Determine the policy requirements for the web services.

  3. Enter the command syntax to copy an existing policy set:

     Set the -transferAttachments parameter to true to transfer the attachments from the existing policy set to the new policy set. The default value for the -transferAttachments parameter is false.

     Enter the following command to create the new policy set and to transfer the attachments of the existing policy set:

     AdminTask.copyPolicySet('[-sourcePolicySet existingPolicySet_name -newPolicySet PolicySet1 
     -newDescription PolicySet1_description -transferAttachments true]')

     The command returns a success or failure message.

  4. Save the configuration changes.

     Enter the following command to save your changes:

     AdminConfig.save()

• Import a policy set from an archive file or import a default policy set using the Jython scripting language.
  1. Start the wsadmin scripting tool.
     

  2. Determine the policy requirements for the web services.
  3. Import a policy set.

     Use the importPolicySet command to import the archive file containing the policy set configuration of interest to the destination environment. Specify the verifyPolicySetType parameter to verify the policy set to import matches a specific type. Set the value as application, system, or system/trust to specify the policy set type. We cannot import a policy set onto a server or client environment if the policy set already exists in the destination environment.

     For example, the following command creates a customSecureConversation policy set from the customSC.zip archive file:

     

     AdminTask.importPolicySet('[-importFile C:\IBM\WebSphere\AppServer\bin\customSC.zip 
     -verifyPolicySetType system/trust]')

     

     AdminTask.importPolicySet('[-importFile /IBM/WebSphere/AppServer/bin/customSC.zip -verifyPolicySetType
      system/trust]')

     Additionally, we can also use the importPolicySet command to import a default policy set onto a server environment, as the following example demonstrates:

     AdminTask.importPolicySet('[-defaultPolicySet SecureConversation -policySet copyOfdefaultSC
      -verifyPolicySetType system]')

     The command returns a success or failure message.

  4. Save the configuration changes.

     Enter the following command to save your changes:

     AdminConfig.save()

Results

If you receive a success message after entering the commands, we can now manage a policy set that is customized for the web services applications. We can further configure the policy set and policies.

Use the validatePolicySet command to validate your policy set configurations after modifying attributes for policies. For example, enter the following command to validate the PolicySet1 policy set:

AdminTask.validatePolicySet('-policySet PolicySet1')

Related concepts:

Web services policy sets

Related

Update policy set attributes using wsadmin.sh
Delete policy sets using wsadmin.sh
Add and remove policies using wsadmin.sh
Create policy sets

Reference:

PolicySetManagement command group for AdminTask

+

Search Tips   |   Advanced Search