WAS v8.5 > Script the application serving environment (wsadmin) > Welcome to scripting for web services > Configure web services applications using wsadmin.sh

Configure application and system policy sets for web services using wsadmin.sh

Use wsadmin, which supports the Jython and Jacl scripting languages, to configure application or system policy sets for web services. We can manage the policies for the Quality of Service (QoS) by creating policy sets and managing associated policies.

Develop a web services application. For additional information, see the web services applications topics in the information center.

If you develop an application that uses a custom policy set, the custom policy set configuration is not included in the application EAR file. Install the application and import the custom policy set separately.

The commands in the PolicySetManagement group for AdminTask configure both application and system policy sets. Use the following tasks to manage policy sets for the web services.

For transitioning users: In WAS v7.0 and later, the security model was enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of the product. In the WAS v6.1 Feature Pack for Web Services, we can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In v7.0 and later, we can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, we can specify which of these bindings is the global default binding. We can also optionally specify general binding used as the default for an application server or a security domain. trns

To support a mixed-cell environment, WAS supports v7.0 and v6.1 bindings. General cell-level bindings are specific to v7.0 and later Application-specific bindings remain at the version the application requires. When the user creates an application-specific binding, the application server determines the required binding version to use for application.

Use the following guidelines to manage bindings in the environment:

• To display or modify default v6.1 bindings, v7.0 and trust service bindings, or to reference bindings by attachment for an application, specify the attachmentId and bindingLocation parameters with the getBinding or setBinding commands.
• To use or modify general v7.0 and later bindings, specify the bindingName parameter with the getBinding or setBinding commands.
• To display the version of a specific binding, specify the version attribute for the getBinding command.

Use a v6.1 binding for an application in a v7.0 and later environment if:

• The module in the application is installed on at least one Web Services Feature Pack server.
• The application contains at least one v6.1 application-specific binding. The application server does not assign general bindings to resource attachments for applications that are installed on a Web Services Feature Pack server. All application-specific bindings for an application must be at the same level.

General service provider and client bindings are not linked to a particular policy set and they provide configuration information that we can reuse across multiple applications. We can create and manage general provider and client policy set bindings and then select one of each binding type to use as the default for an application server. Setting the server default bindings is useful if you want the services deployed to a server to share binding configuration. We can also accomplish this sharing of binding configuration by assigning the binding to each application deployed to the server or by setting default bindings for a security domain and assigning the security domain to one or more servers. We can specify default bindings for the service provider or client used at the global security (cell) level, for a security domain, for a particular server. The default bindings are used in the absence of an overriding binding specified at a lower scope. The order of precedence from lowest to highest the application server uses to determine which default bindings to use is as follows:

1. Server level default
2. Security domain level default
3. Global security (cell) default

The sample general bindings provided with the product are initially set as the global security (cell) default bindings. The default service provider binding and the default service client bindings are used when no application specific bindings or trust service bindings are assigned to a policy set attachment. For trust service attachments, the default bindings are used when no trust specific bindings are assigned. If we do not want to use the provided Provider sample as the default service provider binding, we can select an existing general provider binding or create a new general provider binding to meet your business needs. Likewise, if we do not want to use the provided Client sample as the default service client binding, we can select an existing general client binding or create a new general client binding.

• Use the PolicySetManagement group of commands to configure application and client policy sets:
  • Create a new policy set or copy an existing policy set.
  • Add policies to your policy set.
  • Attach your policy set to an application, web service, endpoint, or operation.
  • Customize cell-wide, server-specific, or application binding configurations.
  • Manage and edit your policy set configurations.
    • Edit, enable, disable, or remove policies.
    • Add, edit, or remove policy set attachments.
    • Export and import policy sets.
    • Delete policy sets.

• Use the PolicySetManagement group of commands to configure system policy sets.
  • Create a new system policy set or copy an existing system policy set.
  • Add policy types for the policy set.
  • Add trust service attachments.
  • Customize binding configurations.
  • Manage and edit your policy set configurations.
    • Edit, enable, disable or remove policies.
    • Add, edit, or remove policy set attachments.
    • Export and import policy sets.
    • Delete policy sets.

Subtopics

• Create policy sets using wsadmin.sh
  Create policy sets to centrally manage policies that are customized for the web services. Use wsadmin, which supports the Jython and Jacl scripting languages, to create new policy sets, copy existing policy sets, or import a policy set configuration. We can also query for an existing policy set and respective attributes.
• Update policy set attributes using wsadmin.sh
  Use policy sets to centrally manage policies that are customized for the web services. Use the Jython or Jacl scripting language with the wsadmin tool to update policy set attributes. We can also query the configuration for an existing policy set and respective attributes.
• Add and remove policies using wsadmin.sh
  We can use the Jython or Jacl scripting language and wsadmin to query, add, and remove policies for the policy sets.
• Edit policy configuration
  Use wsadmin, which supports the Jython and Jacl scripting languages, to edit policy configurations for the policy sets.
• Enable secure conversation using wsadmin.sh
  Use this topic and the commands in the SecureConversation group of AdminTask to enable secure conversation client cache by creating a new policy set and bindings to attach to the applications.
• Manage WS-Security distributed cache configuration
  The distributed cache stores tokens on the client. Use this topic and the commands in the WSSCacheManagement group of AdminTask to query, update, and remove custom and non-custom properties for the distributed cache configuration.
• Configure custom policies and bindings for security tokens using wsadmin.sh
  Use the setPolicyType and setBinding commands for the AdminTask object to specify security tokens for custom policy and binding configurations.
• Create policy set attachments using wsadmin
  Use wsadmin, which supports the Jython and Jacl scripting languages, to define the policy set configuration for the web services applications.
• List policy sets available for attachment using wsadmin
  Use wsadmin to list the supported policy sets available to attach to a web services resource. We can attach policy sets to an application, web service, endpoint, or specific operation.
• Manage policy set attachments using wsadmin
  Use wsadmin to manage your policy set attachment configurations. We can use the Jython or Jacl scripting language to list all attachments and attachment properties, add or remove resources for an existing attachment, and transfer attachments across policy sets.
• Manage policy set attachments for service references using wsadmin
  Use wsadmin to manage your policy set attachment configurations for services and service references. We can use the Jython or Jacl scripting language to list all attachments and attachment properties, add or remove resources for an existing attachment, and transfer attachments across policy sets.
• Configure general, cell-wide bindings for policies using wsadmin.sh
  We can use the Jython or Jacl scripting language to customize your cell-wide default binding configuration. Create multiple cell-wide general bindings that we can attach to applications.
• Configure v6.1 server-specific default bindings for policies using wsadmin.sh
  We can use the Jython or Jacl scripting language to customize WebSphere Application Server v6.1 server-specific default bindings for policies to match your installation environment or requirements.
• Configure application-specific and system bindings using wsadmin.sh
  Use the Jython or Jacl scripting language to edit custom application bindings and system bindings for policies to match your installation environment or system requirements.
• Create application-specific and trust service-specific bindings using wsadmin
  We can use the Jython or Jacl scripting language to create application-specific and trust service-specific bindings to match your installation environment or requirements.
• Delete application-specific bindings from your configuration using wsadmin.sh
  We can use the Jython or Jacl scripting language to delete a custom application or system policy set binding from your configuration. We cannot delete cell-level default bindings.
• Importing and exporting policy sets to client or server environments using wsadmin.sh
  Use wsadmin, which supports the Jython and Jacl scripting languages, to export and import application or system policy sets for web services. The exportPolicySet command creates an archive file based on the policy set configuration, and the importPolicySet command imports a default policy set or policy set from an archive file.
• Remove policy set bindings using wsadmin.sh
  We can use the Jython or Jacl scripting language to remove binding configurations for policies and resources to match your installation environment or requirements.
• Remove policy set attachments using wsadmin
  We can use the Jython or Jacl scripting language to remove and transfer policy sets from application artifacts. We can also remove resources that apply to a policy set attachment without deleting the policy set attachment.
• Delete policy sets using wsadmin.sh
  Use the Jython or Jacl scripting language to delete policy sets from your configuration with wsadmin. You must remove all policy set attachments before removing the policy set.
• Refreshing policy set configuration
  Use wsadmin to refresh the policy set configuration data. After refreshing the policy set configuration, the changes apply after restarting the application.
• Policy configuration properties for all policies
  We can use the attributes parameter with the setPolicyType and setBinding commands to specify various properties for each quality of service (QoS) within a policy set. We can use the properties in this topic with each QoS within application and system policy sets.
• WSSecurity policy and binding properties
  Use the attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the WSSecurity policy and binding configurations. Application and system policy sets can use the WSSecurity policy and binding configuration.
• WSReliableMessaging policy and binding properties
  Use the attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the ReliableMessaging policy and policy set binding. The WSReliableMessaging quality of service (QoS) is only available for application policy sets.
• WSAddressing policy and binding properties
  Use the -attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the WSAddressing policy and policy set binding. Application and system policy sets use the WSAddressing policy and binding.
• SSLTransport policy and binding properties
  Use the -attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the SSLTransport policy and policy set binding. Application and system policy sets can use the SSLTransport policy and binding.
• HTTPTransport policy and binding properties
  Use the -attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the HTTPTransport policy and policy set binding. Application and system policy sets can use the HTTPTransport policy and binding.
• JMSTransport policy and binding properties
  Use the -attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the JMSTransport policy and policy set binding. Application policy sets can use the JMSTransport policy and binding.
• CustomProperties policy and binding properties
  Use the -attributes parameter for the setBinding command to specify additional configuration information for the CustomProperties policy set binding. Application and system policy sets can use the CustomProperties policy and binding.
• SecureConversation command group for AdminTask (Deprecated)
  Use this topic as a reference for the commands for the SecureConversation group of AdminTask. Use these commands with your administrative scripts to query, update, and remove secure conversation client cache configuration data.
• WSSCacheManagement command group for AdminTask
  Use this topic as a reference for the commands for the WSSCacheManagement group of AdminTask. Use these commands with your administrative scripts to query, update, and remove distributed cache configuration data.
• PolicySetManagement command group for AdminTask
  We can use the Jython or Jacl scripting languages to manage policy set configurations with wsadmin. Use the commands and parameters in the PolicySetManagement group to create, delete, and manage policy set, policy, and policy set attachment configurations.
• WS-Policy commands for AdminTask
  We can manage WS-Policy settings for web service resources using wsadmin.sh. We can view or manage how a service provider shares its policies, and how a service client obtains and applies the policies of a service provider.

Related

Manage policy sets

+

Search Tips   |   Advanced Search