Create policy sets using wsadmin.sh
Create policy sets to centrally manage policies that are customized for our web services. Use the wsadmin tool, which supports the Jython and Jacl scripting languages, to create new policy sets, copy existing policy sets, or import a policy set configuration. We can also query for an existing policy set and respective attributes.
In order to complete this task, use the Administrator role with cell-wide access when administrative security is enabled.
There are three ways to create a new policy set using the wsadmin tool. Create a new policy set and its configuration, copy an existing policy set, or import a policy set.
When we create a new policy set, we must add policies. If we copy an existing policy set, we can transfer the policies and attachments that are configured on the existing policy set. The command examples in this topic use batch mode syntax. Use the -interactive option with all commands in the PolicySetManagement group.
Tasks
- Create a new policy set using the Jython scripting language.
- Start the wsadmin scripting tool.
- Determine the policy requirements for our web services.
- Enter the command syntax to create a new policy set with a given name.
Based on the configuration, there are two types of policy sets to create. Use both application and system policy sets with JAX-WS applications. Use the -policySetType parameter to specify the type of policy set. To create an application policy set, specify application for the value of the -policySetType parameter. To create a policy set for the trust service, specify system or system/trust for the -policySetType parameter. For WS-MetadataExchange attachments, specify system for the -policySetType parameter. The -policySetType parameter is optional. The wsadmin tool creates an application policy set if the -policySetType parameter is not specified.
Enter the following command to create an application policy set:
AdminTask.createPolicySet('[-policySet PolicySet1 -description policySet_description]')
Enter the following command to create a policy set for the trust service:
AdminTask.createPolicySet('[-policySet PolicySet1 -description policySet_description -policySetType system]')
The command returns a success or failure message.- Add policies for our new policy set. Use this step to add a policy with default values for the specified policy set.
Enter the following command to add and enable a policy:
AdminTask.addPolicyType('[-policySet PolicySet1 -policyType policyType_name]')
Enter the following command to add and disable a policy. Your configuration changes are contained within the policy set, but will have no effect on the system if the -enabled parameter is set to false.
AdminTask.addPolicyType('[-policySet PolicySet1 -policyType policyType_name -enabled false]')
The command returns a success or failure message. Repeat this step to create additional policies for our configuration.- Save the configuration changes.
Enter the following command to save the changes:
AdminConfig.save()
- Copy an existing policy set using the Jython scripting language.
- Start the wsadmin scripting tool.
- Determine the policy requirements for our web services.
- Enter the command syntax to copy an existing policy set:
Set the -transferAttachments parameter to true to transfer the attachments from the existing policy set to the new policy set. The default value for the -transferAttachments parameter is false.
Enter the following command to create the new policy set and to transfer the attachments of the existing policy set:
AdminTask.copyPolicySet('[-sourcePolicySet existingPolicySet_name -newPolicySet PolicySet1 -newDescription PolicySet1_description -transferAttachments true]')
The command returns a success or failure message.- Save the configuration changes.
Enter the following command to save the changes:
AdminConfig.save()
- Import a policy set from an archive file or import a default policy set using the Jython scripting language.
- Start the wsadmin scripting tool.
- Determine the policy requirements for our web services.
- Import a policy set.
Use the importPolicySet command to import the archive file containing the policy set configuration of interest to the destination environment. Specify the verifyPolicySetType parameter to verify that the policy set to import matches a specific type. Set the value as application, system, or system/trust to specify the policy set type. We cannot import a policy set onto a server or client environment if the policy set already exists in the destination environment.
For example, the following command creates a customSecureConversation policy set from the customSC.zip archive file:
AdminTask.importPolicySet('[-importFile C:\IBM\WebSphere\AppServer\bin\customSC.zip -verifyPolicySetType system/trust]')
Additionally, we can also use the importPolicySet command to import a default policy set onto a server environment:
AdminTask.importPolicySet('[-defaultPolicySet SecureConversation -policySet copyOfdefaultSC -verifyPolicySetType system]')
The command returns a success or failure message.
- Save the configuration changes.
Enter the following command to save the changes:
AdminConfig.save()
If we receive a success message after entering the commands, we can now manage a policy set that is customized for our web services applications. We can further configure the policy set and policies.
What to do next
Use the validatePolicySet command to validate your policy set configurations after modifying attributes for policies. For example, enter to validate the PolicySet1 policy set:
AdminTask.validatePolicySet('-policySet PolicySet1')
Related:
Web services policy sets Update policy set attributes Deleting policy sets Add and remove policies Create policy sets PolicySetManagement