WAS v8.5 > Script the application serving environment (wsadmin) > Welcome to scripting for web services > Configure web services applications using wsadmin.sh > Configure application and system policy sets for web services using wsadmin.sh

Add and remove policies using wsadmin.sh

We can use the Jython or Jacl scripting language and wsadmin to query, add, and remove policies for the policy sets.

Before using the commands in this topic, verify that you are using the most recent version of wsadmin. The policy set management commands that accept a properties object as the value for the attributes or bindingLocation parameters are not supported on previous versions of wsadmin. For example, the commands do not run on a v6.1.0.x node.

Additionally, if administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative roles. This table describes the administrative roles and associated authorization when administrative security is enabled.

Administrative role	Authorization
Administrator	The Administrator role must have cell-wide access to create and remove policies.
Configurator	The Configurator role cannot create or remove policies.
Deployer	The Deployer role cannot create or remove policies.
Operator	The Operator role cannot create or remove policies.
Monitor	The Monitor role cannot create or remove policies.

Policies define which Qualities of Service (QoS) to manage within a policy set. Policy definitions are based on the standards set by the Organization for the Advancement of Structured Information (OASIS) and Web Services Security specifications.

For application policy sets, we can add the following policies:

• WSSecurity
• WSReliableMessaging
• WSAddressing
• HTTPTransport
• SSLTransport
• WSTransaction
• JMSTransport
• CustomProperties

For system policy sets, we can add the following policies:

• WSSecurity
• WSAddressing
• HTTPTransport
• SSLTransport
• WS-MetadataExchange
• JMSTransport
• CustomProperties

Use the following steps to add or remove policy types from your policy set configurations:

• Add a policy to a policy set. Use this section to add a policy with default values to the specified policy set. We can create and enable or create and disable the policy.
  1. Launch the wsadmin scripting tool using the Jython scripting language. To learn more, see the starting the wsadmin scripting client information.
  2. List all policies for a specified policy set.

     Enter the following command and specify the policy set of interest to list all policies that have been added to the policy set:

     AdminTask.listPolicyTypes('[-policySet PolicySet1]')

     Enter the following command to list all the available policies:

     AdminTask.listPolicyTypes()

  3. Add the policy to your configuration.

     Enter the following command to add and enable a policy:

     AdminTask.addPolicyType('[-policySet PolicySet1 
     -policyType policyType_name]')

     Enter the following command to add and disable a policy. Your configuration changes are contained within the policy set, these changes do not effect the system if the -enabled parameter is set to false.

     AdminTask.addPolicyType('[-policySet PolicySet1 
     -policyType policyType_name -enabled false]')

  4. Enter the following command to save your changes:
     AdminConfig.save()

  5. For your configuration changes to take effect, restart all applications with attachments to the policy set.

  The command returns a success or failure message. Repeat this step to create additional policies for the configuration.

• Remove a policy from the policy set configuration. The deletePolicyType command removes the specified policy from the policy set. Applications with attachments to the policy set are not affected until the application restarts.
  1. Start the wsadmin scripting tool.
     

  2. Enter the following command to list all policies for the policy set of interest:
     AdminTask.listPolicyTypes('[-policySet PolicySet1]')

  3. Enter the following command to remove the policy:

     AdminTask.deletePolicyType('[-policySet PolicySet1 
     -policyType policyType_name]')

     The command returns a success or failure message.

  4. Save the configuration changes.

     Enter the following command to save your changes:

     AdminConfig.save()

  5. For your configuration changes to take effect, restart all applications with attachments to the policy set.

Use the validatePolicySet command to validate your policy set configurations after modifying attributes for policies. For example, enter the following command to validate the PolicySet1 policy set:

AdminTask.validatePolicySet('-policySet PolicySet1')

Related concepts:

Web services policies

Related

Edit policy configuration
Start the wsadmin scripting client using wsadmin.sh
Manage policy sets
Enable policies for policy sets
Create policy sets using wsadmin.sh
Add policies to policy sets
Manage policies in a policy set

Reference:

Policy configuration properties for all policies
PolicySetManagement command group for AdminTask

+

Search Tips   |   Advanced Search