Define a new system policy set using the administrative console
Use policy sets, or assertions, to define system service operations, for our Web Services Security configuration. Whenever we create a new policy set, we must add policy types to the policy set. We can add HTTP Transport, WS-Addressing, WS-Security, and SSL Transport policy types to the system policy set collection.
A policy set specifies a set of common message policy assertions that can be specified within a policy. For example, a policy set can define general security policy assertions that apply to other protocols such as Web Services Security (WS-Security), SOAP messages, Web Services Trust (WS-Trust), and Web Services Secure Conversation (WS-SecureConversation).
Use system policy sets with the trust service only. The requester (client) must use JAX-WS only. Requesters which use Java API for XML-based remote procedure calls (JAX-RPC) are incompatible with the policy set QOS.
Use the system policy sets to configure access to the WebSphere Application Server trust service. Create and define a custom system policy set.
Tasks
- Use the administrative console, click Services > Policy sets > System policy sets .
- To create a system policy set and add a policy type, click New.
- Enter a name for the policy set in the Name field. The name must be unique for the new system policy set. For example: EcommerceTrustServiceSecurity
- Enter a brief description of the policy set in the Description field. This description displays in the System Policy Sets collection. The description should be descriptive enough for you and other potential users to identify the policy set.
- Click Apply to apply the name and description information.
- Click Add to add a trust policy by selecting one from the policies listed. The following policies are available to use for system policy sets:
- HTTP transport - for HTTP transport policies
- SSL transport - for HTTPS transport policies
- WS-Addressing - for endpoint addressing policies
- WS-Security - for secure SOAP messages policies
- Click Save to save directly to the master configuration.
You have provided the basic information to create or modify a policy set. We can also create a new or update an existing policy set for the WAS trust service using the wsadmin tool. The wsadmin tool examples are written in the Jython scripting language.
What to do next
After creating or modifying a system policy set and adding the policy types, attach the policy set to an endpoint operation or attach it to one of the trust service default operations.
Configure attachments for the trust service Create policy sets System policy set settings System policy set collection