By defining a custom policy set or defining assertions
about how services are defined, you can configure Web services security.
You can use the administrative console to manage custom policy sets.
Before you begin
A policy set specifies a set of common message policy assertions
that can be specified within a policy. For example, a policy set can
define general security policy assertions that apply to other protocols,
such as Web Services Security (WS-Security), SOAP messages, Web Services
Secure Conversation (WS-Secure Conversation) and Web Services Trust
(WS-Trust).
There are two main types of policy sets; application
policy sets and system policy sets. Application policy sets are used
for business-related assertions. These assertions are related to the
business operations that are defined in the Web Services Description
Language (WSDL) file. System policy sets, on the other hand, are used
for non-business-related system messages. These messages are defined
in other specifications which apply qualities of service (QoS). Examples
of QoS are the request security token (RST) messages that are defined
in WS-Trust, the create sequence messages that are defined in WS-Reliable
Messaging, and the metadata exchange messages defined by WS-MetadataExchange.
Important: Use system policy sets with the trust service, or
Web Services MetadataExhange (WS-MEX). The requestor (client) must
utilize Java API for XML-Based Web Services
(JAX-WS) only. Requestors which use Java API
for XML-based remote procedure calls (JAX-RPC) are incompatible with
the policy set QOS.
Depending on your assigned security role
when security is enabled, you might not have access to text entry
fields or buttons to create or edit configuration data. Review the
administrative roles documentation to learn more about the valid roles
for the application server.
About this task
Only custom policy sets can be modified. Default system policy
sets are read only and cannot be changed.
Procedure
- To define system policy sets, click Services > Policy
sets > System policy sets.
- Click one of the following actions to work with the system
policy set configurations:
- New
- To create a system policy set configuration. Enter a unique name
for the system policy set configuration in the Name field. For example,
you might specify EcommerceTrustServiceSecurity.
- Delete
- To delete an existing configuration. Select the check box next
to an existing policy set name, and click Delete.
- Copy
- To copy an existing configuration. Select the check box next to
an existing policy set name, and click Copy.
- Import
- To import an existing configuration. Select the check box next
to an existing policy set name, and click Import. For more
information, read about importing policy sets using the administrative
console.
- Export
- To export an existing configuration. Select the check box next
to an existing policy set name, and click Export. For more
information, read about exporting policy sets using the administrative
console.
- To edit the settings of an existing policy set configuration,
click the link for the existing custom system policy set that you
want to change. Use the administrative console to modify existing
custom policy sets that have been created.
- Optional: If creating a policy set, enter a
short description for the new policy set. Default policy
sets can only be viewed. For a custom policy set, edit the brief description
of the policy set in the Description field. This description displays
in the list on the System policy sets panel. The description should
be meaningful to you and other potential users of this policy set.
- If creating a new policy set, click Apply. The
policy set name must be applied before you can add policy types to
the new policy set.
- Optional: If needed, add the policy type information,
or change the policy types for an existing system policy set.
You can add, delete, enable, or disable policy types for the
selected policy set. You can add any valid policy types to the policy
set collection. The following are available policy types for system
policy sets:
- HTTP transport - for HTTP transport policies
- SSL transport - for HTTPS transport policies
- WS-Addressing - for endpoint addressing policies
- WS-Security - for secure SOAP messages policies
- Click OK and then click Save to save the
information directly to the master configuration.
Results
You have provided the basic information to create a system
policy set. You can also create a new or update an existing system
policy set for the WebSphere® Application Server
trust service, or Web Services MetadataExhange (WS-MEX), using the
wsadmin tool. The wsadmin tool examples are written in the Jython
scripting language.
What to do next
After creating a system policy set and adding the policy
types, attach the system policy set to a trust service operation for
an endpoint, or attach it to one of the trust service default operations.