Create policy sets to centrally manage policies that are
customized for your Web services. Use the wsadmin tool, which supports
the Jython and Jacl scripting languages, to create new policy sets,
copy existing policy sets, or import a policy set configuration. You
can also query for an existing policy set and respective attributes.
Before you begin
In order to complete this task, you must use the Administrator
role with cell-wide access when administrative security is enabled.
About this task
There are three ways to create a new policy set using
the wsadmin tool. You can create a new policy set and its configuration,
copy an existing policy set, or import a policy set.
When you
create a new policy set, you must add policies. If you copy an existing
policy set, you can transfer the policies and attachments that are
configured on the existing policy set. The command examples in this
topic use batch mode syntax. You can use the -interactive option with
all commands in the PolicySetManagement group.
Procedure
- Create a new policy set using the Jython scripting
language.
- Start the wsadmin scripting tool.
- Determine the policy requirements for your Web services.
- Enter the command syntax to create a new policy set
with a given name.
Based on your configuration, there
are two types of policy sets to create. You can use both application
and system policy sets with Java API for XML-Based Web Services (JAX-WS)
applications. Use the -policySetType parameter to specify the type
of policy set. To create an application policy set, specify application for
the value of the -policySetType parameter. To create a policy set
for the trust service, specify system or system/trust for
the -policySetType parameter. For WS-MetadataExchange attachments,
specify system for the -policySetType parameter. The -policySetType
parameter is optional. The wsadmin tool creates an application policy
set if the -policySetType parameter is not specified.
Enter
the following command to create an application policy set:
AdminTask.createPolicySet('[-policySet PolicySet1 -description policySet_description]')
Enter
the following command to create a policy set for the trust service:
AdminTask.createPolicySet('[-policySet PolicySet1 -description policySet_description -policySetType system]')
The command returns a success or failure message.
- Add policies for your new policy set. Use
this step to add a policy with default values for the specified policy
set.
Enter the following command to add and enable a policy:
AdminTask.addPolicyType('[-policySet PolicySet1 -policyType policyType_name]')
Enter the following command to add
and disable a policy. Your configuration changes are contained within
the policy set, but will have no effect on the system if the -enabled
parameter is set to
false.
AdminTask.addPolicyType('[-policySet PolicySet1 -policyType policyType_name -enabled false]')
The command returns a success or failure message. Repeat
this step to create additional policies for your configuration.
- Save the configuration changes.
Enter
the following command to save your changes:
AdminConfig.save()
- Copy an existing policy set using the Jython
scripting language.
- Start the wsadmin scripting tool.
- Determine the policy requirements for your Web services.
- Enter the command syntax to copy an existing policy
set:
Set the -transferAttachments parameter to true to
transfer the attachments from the existing policy set to the new policy
set. The default value for the -transferAttachments parameter is false.
Enter
the following command to create the new policy set and to transfer
the attachments of the existing policy set:
AdminTask.copyPolicySet('[-sourcePolicySet existingPolicySet_name -newPolicySet PolicySet1 -newDescription PolicySet1_description -transferAttachments true]')
The command returns a success or failure message.
- Save the configuration changes.
Enter
the following command to save your changes:
AdminConfig.save()
- Import a policy set from an archive file or
import a default policy set using the Jython scripting language.
- Start the wsadmin scripting tool.
- Determine the policy requirements for your Web services.
- Import a policy set.
Use the importPolicySet
command to import the archive file containing the policy set configuration
of interest to the destination environment. Specify the verifyPolicySetType
parameter to verify that the policy set to import matches a specific
type. Set the value as application, system, or system/trust to
specify the policy set type. You cannot import a policy set onto a
server or client environment if the policy set already exists in the
destination environment.
For example, the following command
creates a customSecureConversation policy set from the customSC.zip
archive file:
AdminTask.importPolicySet('[-importFile C:\IBM\WebSphere\AppServer\bin\customSC.zip -verifyPolicySetType system/trust]')
AdminTask.importPolicySet('[-importFile /IBM/WebSphere/AppServer/bin/customSC.zip -verifyPolicySetType system/trust]')
Additionally,
you can also use the importPolicySet command to import a default policy
set onto a server environment, as the following example demonstrates:
AdminTask.importPolicySet('[-defaultPolicySet SecureConversation -policySet copyOfdefaultSC -verifyPolicySetType system]')
The command returns a success or failure message.
- Save the configuration changes.
Enter
the following command to save your changes:
AdminConfig.save()
Results
If you receive a success message after entering the commands,
you can now manage a policy set that is customized for your Web services
applications. You can further configure the policy set and policies.
What to do next
Use the
validatePolicySet command to validate your
policy set configurations after modifying attributes for policies.
For example, enter the following command to validate the
PolicySet1 policy
set:
AdminTask.validatePolicySet('-policySet PolicySet1')