Use the wsadmin tool, which supports the Jython and Jacl scripting
languages, to define the policy set configuration for your Web services applications.
You can attach policy sets to an application, Web service, endpoint, or specific
operation.
Before you begin
You must create a policy set and add policies before attaching the
policy set to an application.
Before you use the commands in this topic, verify that
you are using the most recent version of the wsadmin tool. The policy set
management commands that accept a properties object as the value for the attributes or bindingLocation parameters
are not supported on previous versions of the wsadmin tool. For example, the
commands do not run on a Version 6.1.0.x node.
About this task
To use a new policy set to manage policies for your application,
you must attach the policy set to an application artifact or artifacts. When
the application restarts, the application uses the policies from the newly
attached policy set.
Procedure
- Launch a scripting
command.
- Select an application with Web services to update. Use
the listWebServices command to list all Web services and the associated
applications. Enter the following command to list all Web services and attributes:
AdminTask.listWebServices()
For each Web service, the command returns the associated application
name, module name, service name, and service type. For example, the following
information is returned:'[ [service {http://www.ibm.com}service1] [client false] [application
application1] [module webapp1.war] [type JAX-WS] ]'
- Create a policy set attachment for an application.
For
the commands in the PolicySetManagement group, the term resource refers
to a Web service artifact. For application and service client policy sets,
the artifacts use the application hierarchy. The application hierarchy includes
a Web service, module name, endpoint, or operation. Enter the value for the
-resource parameter as a string, with a backslash ( / ) character as a delimiter.
Note: When
attempting to connect to a Web service from a thin client, verify that the
resources you are specifying are valid before running the updatePolicySetAttachment command.
No configuration changes are made if the requested resource does not match
a resource in the attachment file for the application.
Use the following
format for application and client policy set attachments:
- WebService:/
Attaches all artifacts in the application to the
policy set.
- WebService:/webapp1.war:{http://www.ibm.com}myService
Attaches
all artifacts within the Web service {http://www.ibm.com}myService to
the policy set. You must provide a fully qualified name (QName) for the service.
- WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA
Attaches
all operations for the endpointA endpoint to the policy set.
- WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA/operation1
Attaches
only the operation1 operation to the policy set.
The format for the -resource string differs for system policy
set attachments for the trust service. Use the following format for system
policy set attachments:
- Trust.opName:/
The opName attribute can be issue,
renew, cancel, or validate.
- Trust.opName:/url
The opName attribute can be issue,
renew, cancel, or validate. You can specify any valid URL for the url attribute.
- Enter the command to attach the policy set to the application.
This command attaches the application policy set policyset1 to all
artifacts in the WebService application.
The following
command creates the attachment to a Web service application because the application value
is specified for the -attachmentType parameter. To attach a policy set to
a service client application, specify the client value for the -attachmentType
parameter. To create an attachment for a system policy set, specify the system/trust value
for the -attachmentType parameter, as the following example demonstrates:
AdminTask.createPolicySetAttachment('[-policySet policyset1 -resources
"WebService:/" -applicationName WebService -attachmentType application]')
This command returns an attachment ID number that you must use
to reference this attachment. In the next step, use the attachment ID number
to set the binding configuration. For this example, the attachment ID number
is 124.
- Execute the command to set the binding. This example
shows how to set the timestamp expiration attribute on the SecureConversation123binding binding
for the WSSecurity policy, on the WebService Web service
application. To attach a policy set to a Web services client application,
specify the client value for the -attachmentType parameter.
AdminTask.setBinding('-policyType WSSecurity -bindingLocation
"[ [application WebService] [attachmentId 124] ]" -attachmentType application
-bindingName SecureConversation123binding -attributes
"[application.securityoutboundbindingconfig.timestampexpires.expires 5]"')
- Save the configuration changes.
Enter the following
command to save your changes:
AdminConfig.save()
Results
Your have attached the policy set to the application artifact or artifacts
specified. Restart your application to use the policies from the newly attached
policy set.
What to do next
Manage and update your attachments.