Creating policy set attachments using the wsadmin tool

Use the wsadmin tool, which supports the Jython and Jacl scripting languages, to define the policy set configuration for your Web services applications. You can attach policy sets to an application, Web service, endpoint, or specific operation.

Before you begin

You must create a policy set and add policies before attaching the policy set to an application.

Before you use the commands in this topic, verify that you are using the most recent version of the wsadmin tool. The policy set management commands that accept a properties object as the value for the attributes or bindingLocation parameters are not supported on previous versions of the wsadmin tool. For example, the commands do not run on a Version 6.1.0.x node.

About this task

To use a new policy set to manage policies for your application, you must attach the policy set to an application artifact or artifacts. When the application restarts, the application uses the policies from the newly attached policy set.

Procedure

  1. Launch a scripting command.
  2. Select an application with Web services to update. Use the listWebServices command to list all Web services and the associated applications. Enter the following command to list all Web services and attributes:
    AdminTask.listWebServices()
    For each Web service, the command returns the associated application name, module name, service name, and service type. For example, the following information is returned:
    '[ [service {http://www.ibm.com}service1] [client false] [application 
    application1] [module webapp1.war] [type JAX-WS] ]'
  3. Create a policy set attachment for an application.

    For the commands in the PolicySetManagement group, the term resource refers to a Web service artifact. For application and service client policy sets, the artifacts use the application hierarchy. The application hierarchy includes a Web service, module name, endpoint, or operation. Enter the value for the -resource parameter as a string, with a backslash ( / ) character as a delimiter.

    Note: When attempting to connect to a Web service from a thin client, verify that the resources you are specifying are valid before running the updatePolicySetAttachment command. No configuration changes are made if the requested resource does not match a resource in the attachment file for the application.
    Use the following format for application and client policy set attachments:
    • WebService:/

      Attaches all artifacts in the application to the policy set.

    • WebService:/webapp1.war:{http://www.ibm.com}myService

      Attaches all artifacts within the Web service {http://www.ibm.com}myService to the policy set. You must provide a fully qualified name (QName) for the service.

    • WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA

      Attaches all operations for the endpointA endpoint to the policy set.

    • WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA/operation1

      Attaches only the operation1 operation to the policy set.

    The format for the -resource string differs for system policy set attachments for the trust service. Use the following format for system policy set attachments:
    • Trust.opName:/

      The opName attribute can be issue, renew, cancel, or validate.

    • Trust.opName:/url

      The opName attribute can be issue, renew, cancel, or validate. You can specify any valid URL for the url attribute.

    1. Enter the command to attach the policy set to the application. This command attaches the application policy set policyset1 to all artifacts in the WebService application.

      The following command creates the attachment to a Web service application because the application value is specified for the -attachmentType parameter. To attach a policy set to a service client application, specify the client value for the -attachmentType parameter. To create an attachment for a system policy set, specify the system/trust value for the -attachmentType parameter, as the following example demonstrates:

      AdminTask.createPolicySetAttachment('[-policySet policyset1 -resources 
      "WebService:/" -applicationName WebService -attachmentType application]')
      This command returns an attachment ID number that you must use to reference this attachment. In the next step, use the attachment ID number to set the binding configuration. For this example, the attachment ID number is 124.
  4. Execute the command to set the binding. This example shows how to set the timestamp expiration attribute on the SecureConversation123binding binding for the WSSecurity policy, on the WebService Web service application. To attach a policy set to a Web services client application, specify the client value for the -attachmentType parameter.
    AdminTask.setBinding('-policyType WSSecurity -bindingLocation 
    "[ [application WebService] [attachmentId 124] ]" -attachmentType application
     -bindingName SecureConversation123binding -attributes 
    "[application.securityoutboundbindingconfig.timestampexpires.expires 5]"')
  5. Save the configuration changes.
    Enter the following command to save your changes:
    AdminConfig.save()

Results

Your have attached the policy set to the application artifact or artifacts specified. Restart your application to use the policies from the newly attached policy set.

What to do next

Manage and update your attachments.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=txml_wsfpcreateattach
File name: txml_wsfpcreateattach.html