SSLTransport policy and binding properties
Use the -attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the SSLTransport policy and policy set binding. Application and system policy sets can use the SSLTransport policy and binding.
Use the following commands in the PolicySetManagement group of the AdminTask object to customize your policy set configuration.
- Use the -attributes parameter for the getPolicyType and getBinding commands to view the properties for our policy and binding configuration. To get an attribute, pass the property name to the getPolicyType or getBinding command.
- Use the -attributes parameter for the setPolicyType and setBinding commands to add, update, or remove properties from your policy and binding configurations. To add or update an attribute, specify the property name and value. The setPolicyType and setBinding commands update the value if the attribute exists, or adds the attribute and value if the attribute does not exist. To remove an attribute, specify the value as an empty string (""). The -attributes parameter accepts a properties object.
If a property name or value supplied with the -attributes parameter is not valid, then the setPolicyType and setBinding commands fail with an exception. The property that is not valid is logged as an error or warning in the SystemOut.log file. However, the command exception might not contain the detailed information for the property that caused the exception. When the setPolicyType and setBinding commands fail, examine the SystemOut.log file for any error and warning messages that indicate that the input for the -attributes parameter contains one or multiple properties that are not valid.
IBM recommends using the High Performance Extensible Logging (HPEL) log and trace infrastructure . We view HPEL log and trace information using the logViewer .
For transitioning users: In WAS v7.0 and later, the security model was enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of the product. In the WAS v6.1 Feature Pack for Web Services, we can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In v7.0 and later, we can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, we can specify which of these bindings is the global default binding. We can also optionally specify general binding used as the default for an application server or a security domain. trns
To support a mixed-cell environment, WAS supports v7.0 and v6.1 bindings. General cell-level bindings are specific to v7.0 and later Application-specific bindings remain at the version that the application requires. When the user creates an application-specific binding, the application server determines the required binding version to use for application.
SSLTransport policy properties
Use the SSLTransport policy to ensure message security.
Configure the SSLTransport policy by specifying the following properties with the setPolicyType command:
- outRequestSSLenabled
- Enable the SSL security transport for outbound service requests.
- outAsyncResponseSSLenabled
- Enable the SSL security transport for asynchronous service responses.
- inResponseSSLenabled
- Enable the SSL security transport for inbound service responses.
The following setPolicyType command example sets values for all SSLTransport policy properties:
AdminTask.setPolicyType('[-policySet "WSHTTPS default" -policyType SSLTransport -attributes "[[inReponseSSLenabled yes][outAsyncResponseSSLenabled yes][outRequestSSLenabled yes]]"]')
SSLTransport binding properties
Use the SSLTransport policy type to ensure message security.
Configure the SSLTransport binding by specifying the following properties using the setBinding command:
- outRequestwithSSL:configFile
- outRequestwithSSL:configAlias
- If we enable SSL outbound service requests, then these two attributes define the specific SSL security transport binding and location. The default value for the outRequestwithSSL:configFile attribute is the location of the ssl.client.props file. The default value for the outRequestwithSSL:configAlias attribute is NodeDefaultSSLSettings.
- outAsyncResponsewithSSL:configFile
- outAsyncResponsewithSSL:configAlias
- If we enable SSL asynchronous service responses, then these two attributes define the specific SSL security transport binding and location. The default value for the outAsyncRequestwithSSL:configFile attribute is the location of the ssl.client.props file. The default value for the outAsyncRequestwithSSL:configAlias attribute is NodeDefaultSSLSettings.
- inResponsewithSSL:configFile
- inResponsewithSSL:configAlias
- If we enable SSL inbound service responses, then these two attributes define the specific SSL security transport binding and location. The default value for the inResponsewithSSL:configFile attribute is the location of the ssl.client.props file. The default value for the inResponsewithSSL:configAlias property is NodeDefaultSSLSettings.
The following setBinding command example sets values for all SSLTransport binding attributes:
AdminTask.setBinding('[-bindingLocation "" -bindingName cellWideBinding2 -policyType SSLTransport -attributes "[[inResponsewithSSL:configAlias NodeDefaultSSLSettings] [inResponsewithSSL:config properties_directory/ssl.client.props][outAsyncResponsewithSSL:configFile properties_directory/ssl.client.props] [outAsyncResponsewithSSL:configAlias NodeDefaultSSLSetings][outRequestwithSSL:configFile properties_directory/ssl.client.props][outRequestwithSSL:configAlias NodeDefaultSSLSettings]]"]')
Related:
WSHTTPS default policy set Configure application and system policy sets for web services Use High Performance Extensible Logging to troubleshoot applications PolicySetManagement