Use the -attributes parameter for the setPolicyType and
setBinding commands to specify additional configuration information
for the SSLTransport policy and policy set binding. Application and
system policy sets can use the SSLTransport policy and binding.
Use the following commands and parameters
in the PolicySetManagement group of the AdminTask object to customize
your policy set configuration.
- Use the attributes parameter for the getPolicyType and
getBinding commands to view the properties for your policy and binding
configuration. To get an attribute, pass the property name to the
getPolicyType or getBinding command.
- Use the attributes parameter for the setPolicyType and
setBinding commands to add, update, or remove properties from your
policy and binding configurations. To add or update an attribute,
specify the property name and value. The setPolicyType and setBinding
commands update the value if the attribute exists, or adds the attribute
and value if the attribute does not exist. To remove an attribute,
specify the value as an empty string (""). The attributes parameter
accepts a properties object.
Note: If a property name or value supplied with the attributes parameter
is not valid, then the setPolicyType and setBinding commands fail
with an exception. The property that is not valid is logged as an
error or warning in the SystemOut.log file. However, the
command exception might not contain the detailed information for the
property that caused the exception. When the setPolicyType and setBinding
commands fail, examine the SystemOut.log file for any error
and warning messages that indicate that the input for the attributes parameter
contains one or multiple properties that are not valid.
For transitioning users: In WebSphere Application
Server Version 7.0, the security model is enhanced to a domain-centric
security model instead of a server-based security model. The configuration
of the default global security (cell) level and default server level
bindings has also changed in this version of the product. In the WebSphere
Application Server Version 6.1 Feature Pack for Web Services, you
can configure one set of default bindings for the cell and optionally
configure one set of default bindings for each server. In Version
7.0, you can configure one or more general service provider bindings
and one or more general service client bindings. After you have configured
general bindings, you can specify which of these bindings is the global
default binding. You can also optionally specify general binding that
are used as the default for an application server or a security domain.
trns
To support a mixed-cell environment, WebSphere
Application Server supports Version 7.0 and Version 6.1 bindings.
General cell-level bindings are specific to Version 7.0 Application-specific
bindings remain at the version that the application requires. When
the user creates an application-specific binding, the application
server determines the required binding version to use for application.
SSLTransport policy properties
Use
the SSLTransport policy to ensure message security.
Configure
the SSLTransport policy by specifying the following properties with
the setPolicyType command:
- outRequestSSLenabled
- Specifies whether to enable the SSL security transport for outbound
service requests.
- outAsyncResponseSSLenabled
- Specifies whether to enable the SSL security transport for asynchronous
service responses.
- inResponseSSLenabled
- Specifies whether to enable the SSL security transport for inbound
service responses.
The following setPolicyType command example
sets values for all SSLTransport policy properties:
AdminTask.setPolicyType('[-policySet "WSHTTPS default" -policyType SSLTransport
-attributes "[[inReponseSSLenabled yes][outAsyncResponseSSLenabled yes][outRequestSSLenabled
yes]]"]')
SSLTransport binding properties
Use
the SSLTransport policy type to ensure message security.
Configure
the SSLTransport binding by specifying the following properties using
the setBinding command:
- outRequestwithSSL:configFile
- outRequestwithSSL:configAlias
- If you enable SSL outbound service requests, then these two attributes
define the specific SSL security transport binding and location. The
default value for the outRequestwithSSL:configFile attribute is the
location of the ssl.client.props file. The default value for the outRequestwithSSL:configAlias
attribute is NodeDefaultSSLSettings.
- outAsyncResponsewithSSL:configFile
- outAsyncResponsewithSSL:configAlias
-
- If you enable SSL asynchronous service responses, then these two
attributes define the specific SSL security transport binding and
location. The default value for the outAsyncRequestwithSSL:configFile
attribute is the location of the ssl.client.props file. The default
value for the outAsyncRequestwithSSL:configAlias attribute is NodeDefaultSSLSettings.
- inResponsewithSSL:configFile
- inResponsewithSSL:configAlias
-
- If you enable SSL inbound service responses, then these two attributes
define the specific SSL security transport binding and location. The
default value for the inResponsewithSSL:configFile attribute is the
location of the ssl.client.props file. The default value for the
inResponsewithSSL:configAlias property is NodeDefaultSSLSettings.
The following setBinding command example sets values
for all SSLTransport binding attributes:
AdminTask.setBinding('[-bindingLocation "" -bindingName cellWideBinding2 -policyType
SSLTransport -attributes "[[inResponsewithSSL:configAlias NodeDefaultSSLSettings] [inResponsewithSSL:config
properties_directory/ssl.client.props][outAsyncResponsewithSSL:configFile properties_directory/ssl.client.props]
[outAsyncResponsewithSSL:configAlias NodeDefaultSSLSetings][outRequestwithSSL:configFile
properties_directory/ssl.client.props][outRequestwithSSL:configAlias NodeDefaultSSLSettings]]"]')