SSLTransport policy and binding properties

SSLTransport policy and binding properties

Use the -attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the SSLTransport policy and policy set binding. Application and system policy sets can use the SSLTransport policy and binding.
Use the following commands and parameters in the PolicySetManagement group of AdminTask to customize the policy set configuration.

Use the attributes parameter for the getPolicyType and getBinding commands to view the properties for the policy and binding configuration. To get an attribute, pass the property name to the getPolicyType or getBinding command.
Use the attributes parameter for the setPolicyType and setBinding commands to add, update, or remove properties from the policy and binding configurations. To add or update an attribute, specify the property name and value. The setPolicyType and setBinding commands update the value if the attribute exists, or adds the attribute and value if the attribute does not exist. To remove an attribute, specify the value as an empty string (""). The attributes parameter accepts a properties object.

If a property name or value supplied with the attributes parameter is not valid, then the setPolicyType and setBinding commands fail with an exception. The property not valid is logged as an error or warning in SystemOut.log. However, the command exception might not contain the detailed information for the property that caused the exception. When the setPolicyType and setBinding commands fail, examine SystemOut.log for any error and warning messages that indicate that the input for the attributes parameter contains one or multiple properties that are not valid.
For transitioning users: In WAS Version 7.0, the security model is enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of WAS ND. In the WAS V 6.1 Feature Pack for Web Services, we can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In V7.0, we can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, we can specify which of these bindings is the global default binding. We can also optionally specify general binding that are used as the default for an appserver or a security domain. trns
To support a mixed-cell environment, WAS supports V7.0 and V6.1 bindings. General cell-level bindings are specific to V7.0 Application-specific bindings remain at the version that the application requires. When the user creates an application-specific binding, the appserver determines the required binding version to use for application.

SSLTransport policy properties

Use the SSLTransport policy to ensure message security. Configure the SSLTransport policy by specifying the following properties with the setPolicyType command:

outRequestSSLenabled

Specifies whether to enable the SSL security transport for outbound service requests.

outAsyncResponseSSLenabled

Specifies whether to enable the SSL security transport for asynchronous service responses.

inResponseSSLenabled

Specifies whether to enable the SSL security transport for inbound service responses.

The following setPolicyType command example sets values for all SSLTransport policy properties:
AdminTask.setPolicyType('[-policySet "WSHTTPS default" -policyType SSLTransport -attributes "[[inReponseSSLenabled yes][outAsyncResponseSSLenabled yes][outRequestSSLenabled yes]]"]')

SSLTransport binding properties

Use the SSLTransport policy type to ensure message security.
Configure the SSLTransport binding by specifying the following properties using the setBinding command:

outRequestwithSSL:configFile

outRequestwithSSL:configAlias

If we enable SSL outbound service requests, then these two attributes define the specific SSL security transport binding and location. The default value for the outRequestwithSSL:configFile attribute is the location of the ssl.client.props file. The default value for the outRequestwithSSL:configAlias attribute is NodeDefaultSSLSettings.

outAsyncResponsewithSSL:configFile

outAsyncResponsewithSSL:configAlias

If we enable SSL asynchronous service responses, then these two attributes define the specific SSL security transport binding and location. The default value for the outAsyncRequestwithSSL:configFile attribute is the location of the ssl.client.props file. The default value for the outAsyncRequestwithSSL:configAlias attribute is NodeDefaultSSLSettings.

inResponsewithSSL:configFile

inResponsewithSSL:configAlias

If we enable SSL inbound service responses, then these two attributes define the specific SSL security transport binding and location. The default value for the inResponsewithSSL:configFile attribute is the location of the ssl.client.props file. The default value for the inResponsewithSSL:configAlias property is NodeDefaultSSLSettings.

The following setBinding command example sets values for all SSLTransport binding attributes:
AdminTask.setBinding('[-bindingLocation "" -bindingName cellWideBinding2 -policyType SSLTransport -attributes "[[inResponsewithSSL:configAlias NodeDefaultSSLSettings] [inResponsewithSSL:config properties_directory/ssl.client.props][outAsyncResponsewithSSL:configFile properties_directory/ssl.client.props] [outAsyncResponsewithSSL:configAlias NodeDefaultSSLSetings][outRequestwithSSL:configFile properties_directory/ssl.client.props][outRequestwithSSL:configAlias NodeDefaultSSLSettings]]"]')

Related concepts

WSHTTPS default policy set

Related tasks

Set application and system policy sets for Web services using scripting

Related

PolicySetManagement