+

Search Tips   |   Advanced Search

Editing policy configurations using wsadmin.sh

Use the wsadmin tool, which supports the Jython and Jacl scripting languages, to edit policy configurations for our policy sets.

Before using the commands in this topic, verify that we are using the most recent version of the wsadmin tool. The policy set management commands that accept a properties object as the value for the attributes or bindingLocation parameters are not supported on previous versions of the wsadmin tool. For example, the commands do not run on a v6.1.0.x node.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to modify policies.
Configurator The Configurator role cannot modify policies.
Deployer The Deployer role cannot modify policies.
Operator The Operator role cannot modify policies.
Monitor The Monitor role cannot modify policies.

Policies define the type of policy to manage within a policy set. Policies are based on the Quality of Services (QoS), such as Web Services Security (WS-Security) and Web Services Addressing (WS-Addressing). Policy definitions are based on the standards set by the Organization for the Advancement of Structured Information (OASIS) and WS-Security specifications.

Use the following steps to edit existing policies in your policy set configurations:


Tasks

  1. Launch the wsadmin scripting tool using the Jython scripting language To learn more, see the starting the wsadmin scripting client information.

  2. Determine which policy set to edit.

    To view a list of policies on a policy set, enter the listPolicyTypes command, specifying the policy set of interest.

    AdminTask.listPolicyTypes('[-policySet PolicySet1]')
    

    Enter the listPolicyTypes command without the policySet parameter to view a list of available policies for all policy sets in the configuration:

    AdminTask.listPolicyTypes()
    

  3. Review the policy attributes to edit.

    Enter the getPolicyType command, specifying the policy and associated policy set of interest.

    AdminTask.getPolicyType('[-policySet PolicySet1 -policyType myPolicyType]')
    

  4. Modify the policy attributes.

    Use the setPolicyType command to update the policy configuration. Update one or multiple attributes by passing a properties object for the -attributes parameter. The properties for the -attributes parameter are dependent on the policy type specified in the -policyType parameter. The following example modifies the enabled and provides properties:

    AdminTask.setPolicyType('[-policySet PolicySet1 -policyType myPolicyType
     -attributes "[[enabled true][provides security]]"')
    

  5. Save the configuration changes.

    Enter the following command to save the changes:

    AdminConfig.save()
    

  6. For the configuration changes to take effect, restart all applications with attachments to the policy set.


What to do next

Use the validatePolicySet to validate your policy set configurations after modifying attributes for policies. For example, enter to validate the PolicySet1 policy set:

AdminTask.validatePolicySet('-policySet PolicySet1')


Related:

  • Web services policies
  • Start the wsadmin scripting client
  • Modifying policies
  • Add and remove policies
  • Create policy sets
  • Manage policy sets
  • Enable policies for policy sets
  • Add policies to policy sets
  • Manage policies in a policy set
  • Policy configuration properties for all policies
  • PolicySetManagement