WSSecurity policy and binding properties

Use the attributes parameter for the setPolicyType and setBinding commands to specify additional configuration information for the WSSecurity policy and binding configurations. Application and system policy sets can use the WSSecurity policy and binding configuration.

이 주제의 명령을 사용하기 전에 최신 버전의 wsadmin 도구를 사용하고 있는지 확인하십시오. attributes 또는 bindingLocation 매개변수 값으로 특성 오브젝트를 허용하는 정책 세트 관리 명령은 이전 버전의 wsadmin 도구에서 지원되지 않습니다. 예를 들어, 이 명령은 버전 6.1.0.x 노드에서 실행되지 않습니다.

AdminTask 오브젝트의 PolicySetManagement 그룹에 있는 다음 명령 및 매개변수를 사용하여 정책 세트 구성을 사용자 정의하십시오.
  • getPolicyType 및 getBinding 명령에 -attributes 매개변수를 사용하여 정책 및 바인딩 구성에 대한 특성을 보십시오. 속성을 가져오려면 특성 이름을 getPolicyType 또는 getBinding 명령에 전달하십시오.
  • setPolicyType 및 setBinding 명령에 -attributes 매개변수를 사용하여 정책 및 바인딩 구성에서 특성을 추가, 업데이트 또는 제거하십시오. 속성을 추가하거나 업데이트하려면 특성 이름과 값을 지정하십시오. setPolicyType 및 setBinding 명령은 속성이 있는 경우 값을 업데이트하며, 속성이 없는 경우에는 속성 및 값을 추가합니다. 속성을 제거하려면 값을 빈 문자열("")로 지정하십시오. -attributes 매개변수는 특성 오브젝트를 허용합니다.
Note: -attributes 매개변수와 함께 제공된 특성 이름 또는 값이 유효하지 않으면, setPolicyType 및 setBinding 명령이 예외와 함께 실패합니다. 유효하지 않은 특성은 SystemOut.log 파일에 오류나 경고로 로그됩니다. 그러나 명령 예외는 예외의 원인이 된 특성에 대한 자세한 정보를 포함하지 않을 수도 있습니다. setPolicyType 및 setBinding 명령이 실패하면, SystemOut.log 파일에서 -attributes 매개변수 입력에 유효하지 않은 하나 이상의 특성이 포함되어 있음을 나타내는 오류 및 경고 메시지를 확인하십시오.
Note: 이 주제는 하나 이상의 애플리케이션 서버 로그 파일을 참조합니다. 권장되는 대안은 분배 및 IBM® i 시스템에서 SystemOut.log, SystemErr.log, trace.logactivity.log 파일을 사용하는 대신 HPEL(High Performance Extensible Logging) 로그를 사용하고 인프라를 추적하도록 서버를 구성하는 것입니다. 원시 z/OS® 로깅 기능과 연계하여 HPEL을 사용할 수도 있습니다. HPEL을 사용하는 경우 서버 프로파일 바이너리 디렉토리의 LogViewer 명령행 도구를 사용하여 모든 로그에 액세스하고 정보를 추적할 수 있습니다. HPEL 사용에 대한 자세한 정보는 HPEL을 사용한 애플리케이션 문제점 해결 정보를 참조하십시오.
전이 사용자용 전이 사용자용: WebSphere Application Server 버전 7.0 이상에서는 보안 모델이 서버 기반 보안 모델이 아닌 도메인 중심의 보안 모델로 향상되었습니다. 기본 글로벌 보안(셀) 레벨 및 기본 서버 레벨 바인딩 구성도 이 제품 버전에서 변경되었습니다. WebSphere Application Server 버전 6.1 Feature Pack for Web Services에서는 셀에 대한 기본 바인딩으로 한 개의 세트를 구성할 수 있으며, 선택적으로 각 서버에 대한 기본 바인딩으로 한 개의 세트를 구성할 수 있습니다. 버전 7.0 이상에서는 하나 이상의 일반 서비스 제공자 바인딩 및 하나 이상의 일반 서비스 클라이언트 바인딩을 구성할 수 있습니다. 일반 바인딩을 구성한 후에는 글로벌 기본 바인딩으로 사용할 바인딩을 이 중에서 지정할 수 있습니다. 또한 선택적으로 애플리케이션 서버 또는 보안 도메인에 대한 기본 바인딩으로 사용할 일반 바인딩을 지정할 수도 있습니다. trns

혼합 셀 환경을 지원하기 위해 WebSphere Application Server에서는 버전 7.0 및 버전 6.1 바인딩을 지원합니다. 일반 셀 레벨 바인딩은 버전 7.0 이상에만 적용되며, 애플리케이션별 바인딩은 애플리케이션에 필요한 버전에 남아 있습니다. 따라서 사용자가 애플리케이션별 바인딩을 작성하면 애플리케이션 서버에서 애플리케이션에 필요한 바인딩 버전을 판별합니다.

If the attributes parameter is not specified for the getPolicyType or getBinding command, the command returns all properties. If a partial property name is passed to the getPolicyType or getBinding command, the command returns all properties with names that start with the partial property name. For example, If SignatureProtection is passed to the getPolicyType command, the command returns all properties with names that start with "SignatureProtection", which might include:
SignatureProtection.response:
   int_body.SignedParts.Body,SignatureProtection.response:int_body.SignedParts.Header_0.Name
and
SignatureProtection.response:int_body.SignedParts.Header_0.Namespace
There are an extensive number of combinations of settings that are available to secure your web service applications. Because of the number of attributes and configuration options from the WS-Security Version 1.0 specification, all attributes are not defined in this topic. The following sections explain the hierarchy structure for the WSSecurity policy and binding attributes:

WSSecurity policy properties

Use the getPolicyType command to review a properties object with the properties that are configured in your current WSSecurity policy file. Security policy schemata define the security assertions. Because the elements in the schema have hierarchical relationship, the property names for security policy also have the similar hierarchy. The hierarchical relationship between property names in the security policy is represented by a period (.) between two levels, concatenating the parent and child attributes. Examples of the properties include, but are not limited to, IncludeToken, Name, Namespace, XPath, XPathVersion. The following list describes the top-level assertion policy property names for the WSSecurity policy file:
AsymmetricBinding
You can specify zero or one binding assertion.
SymmetricBinding
You can specify zero or one binding assertion. AsymmetricBinding and SymmetricBinding cannot co-exist in a security policy file.
Wss11
You can specify zero or one Wss11 assertion.
Wss10
You can specify zero or one Wss10 assertion.
Trust10
You can specify zero or one Trust10 assertion.
SignatureProtection
You can specify zero or any number of signature protection assertions.
EncryptionProtection
You can specify zero or any number of encryption protection assertions
SupportingTokens
You can specify zero or any number of supporting token assertions.
For example, the following policy file example displays an AsymmetricBinding assertion:
    <sp:AsymmetricBinding>
      <wsp:Policy>
        <sp:InitiatorSignatureToken>
          <wsp:Policy>
            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy
						/200512/IncludeToken/AlwaysToRecipient">
              <wsp:Policy>
                <sp:WssX509V3Token10 />
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:InitiatorSignatureToken>
        <sp:RecipientSignatureToken>
          <wsp:Policy>
            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy
						/200512/IncludeToken/AlwaysToInitiator">
              <wsp:Policy>
                <sp:WssX509V3Token10 />
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:RecipientSignatureToken>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic256/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
        <sp:Layout>
          <wsp:Policy>
            <sp:Strict/>
          </wsp:Policy>
        </sp:Layout>
      </wsp:Policy>
    </sp:AsymmetricBinding><sp:AsymmetricBinding>
      <wsp:Policy>
        <sp:InitiatorSignatureToken>
          <wsp:Policy>
            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy
						/200512/IncludeToken/AlwaysToRecipient">
              <wsp:Policy>
                <sp:WssX509V3Token10 />
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:InitiatorSignatureToken>
        <sp:RecipientSignatureToken>
          <wsp:Policy>
            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy
						/200512/IncludeToken/AlwaysToInitiator">
              <wsp:Policy>
                <sp:WssX509V3Token10 />
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:RecipientSignatureToken>
      </wsp:Policy>
      <sp:AlgorithmSuite>
        <wsp:Policy>
          <sp:Basic256/>
        </wsp:Policy>
      </sp:AlgorithmSuite>
      <sp:Layout>
        <wsp:Policy>
          <sp:Strict/>
        </wsp:Policy>
      </sp:Layout>
    </sp:AsymmetricBinding>
The AsymmetricBinding assertion returns the following property name and value pairs. The nested wsp:Policy layers are not displayed in the returned properties. Additionally, some properties return the true value which indicates that the WSSecurity configuration includes the related XML elements. To edit these properties, set the value as true to include the property, or set the value as an empty string, "", to remove the property.
AsymmetricBinding.Layout = Strict
AsymmetricBinding.AlgorithmSuite.Basic256 = true
AsymmetricBinding.RecipientSignatureToken.X509Token_0.IncludeToken = http://docs.oasis-open.org
/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToInitiator
AsymmetricBinding.InitiatorSignatureToken.X509Token_0.WssX509V3Token10 = true
AsymmetricBinding.InitiatorSignatureToken.X509Token_0.IncludeToken = http://docs.oasis-open.org
/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient
AsymmetricBinding.RecipientSignatureToken.X509Token_0.WssX509V3Token10 = true
Additionally, the following policy file example displays a SupportingTokens assertion:
<sp:SupportingTokens>
        <wsp:Policy wsu:Id="request:custom_auth">
            <spe:CustomToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/
							ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient">
                <wsp:Policy>
                    <spe:WssCustomToken uri=http://bar.com/MyCustomToken localname="tokenv1">
                    </spe:WssCustomToken>
                </wsp:Policy>
            </spe:CustomToken>
        </wsp:Policy>
    </sp:SupportingTokens
The SupportingTokens assertion returns the following property name and value pairs. The nested wsp:Policy layers are not displayed in the returned property.
SupportingTokens.request:custom_auth.CustomToken_0.WssCustomToken.uri=http://bar.com
/MyCustomToken
SupportingTokens.request:custom_auth.CustomToken_0.IncludeToken=http://docs.oasis-open.org
/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient
SupportingTokens.request:custom_auth.CustomToken_0.WssCustomToken.localname=tokenv1
Note: The CustomToken property contains a subscript zero notation ( _0 ) because the property might be displayed multiple times from the same type of token such as the RecipientSignatureToken or InitiatorSignatureToken tokens.
Although most property names follow the hierarchical relationship format described previously, the following exceptions exist:
  • The wsu:Id element
    This element uses the actual value for the ID instead of using Id as the attribute name. The following policy file example property:
    <wsp:Policy wsu:Id="response:int_body">
      <sp:SignedParts>
        <sp:Body/>
      </sp:SignedParts>
    </wsp:Policy>
    The previous wsu:Id example returns the following properties:
    SignatureProtection.response:int_body.SignedParts.Body = true
  • The Header element
    Because there can be multiple Header elements, the Header_n notation is used to represent this property. See the following policy file example:
     <wsp:Policy wsu:Id="request:conf_body">
         <sp:EncryptedParts>
           <sp:Body/>
           <sp:Header Name="MyElement" Namespace="http://foo.com/MyNamespace" />
         </sp:EncryptedParts>
       </wsp:Policy>
    The previous Header example returns the following properties:
    EncryptionProtection.request:conf_body.EncryptedParts.Header_0.Name=MyElement
    EncryptionProtection.request:conf_body.EncryptedParts.Header_0.Namespace=http://
    foo.com/MyNamespace
  • The XPath element
    The XPath_n notation is used to represent this property because there can be multiple XPath elements. See the following policy file example:
    <wsp:Policy wsu:Id="request:int_body">
          <sp:SignedElements>
            <sp:XPath>SomeXPathExpression</sp:XPath>
            <sp:XPath>SomeOtherXPathExpression</sp:XPath>
          </sp:EncryptedElements>
        </wsp:Policy>
    The previous XPath example returns the following properties:
    SignatureProtection.request:int_body.SignedElements.XPath_0=SomeXPathExpression
    SignatureProtection.request:int_body.SignedElements.XPath_1=SomeOtherXPathExpression
  • The X509Token element

    Use the X509Token_n notation to represent this property because multiple X509Token elements can exist. For an example, see the AsymmetricBinding assertion.

  • The CustomToken element

    Use the CustomToken_n notation to represent this property because multiple CustomToken elements can exist. For an example, see the SupportingTokens assertion.

WSSecurity binding properties

Use the getBinding command to review a properties object with the properties that are configured in your current WSSecurity binding configuration. You can also use the administrative console to configure your WSSecurity bindings. Use the information center topics for configuring WSSecurity bindings with administrative console for more information.

The properties defined in this section reflect the hierarchy of the binding schema. Each part of the property name is a lowercase version of the schema type. For example, the application.securityinboundbindingconfig.tokenconsumer_0.jaasconfig.configname property follows the hierarchal format. The attributes begin with application or bootstrap. Attributes that begin with application represent bindings that are associated with the main WS-Security policy. Attributes that begin with bootstrap represent bindings that are associated with the WS-Security bootstrap policy, where the WS-Security policy uses Secure Conversation.

Some property names might have an _n notation appended to them. This notation represents a list of items. For example, multiple tokenconsumer properties exist and are listed from tokenconsumer_0 through tokenconsumer_n, where the set of tokenconsumer values are:
application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.
certpathsettings.certstoreref.reference
application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.
certpathsettings.trustanchorref.reference
application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.classname
application.securityinboundbindingconfig.tokenconsumer_0.classname
application.securityinboundbindingconfig.tokenconsumer_0.jaasconfig.configname
application.securityinboundbindingconfig.tokenconsumer_0.name
application.securityinboundbindingconfig.tokenconsumer_0.valuetype.localname
application.securityinboundbindingconfig.tokenconsumer_0.valuetype.uri

Additionally, some properties in the security binding file return a value of true when queried. To set these properties, set the value to true to include the property, or set the value to an empty string ("") to remove the property. For example, the time stamp, nonce, and trustAnyCertificate properties follow this pattern.

Use the setBinding command and the attributes parameter to add or remove properties to your WSSecurity binding configuration.
  • To add a property, use the setBinding command to pass the property name with a non-zero length string value. To add a list item, use the _n notation to reflect a numeric value that is greater than any current numeric value for the property. For example, if the tokenconsumer_0 and tokenconsumer_1 properties exist in your configuration, specify the new tokenconsumer property as tokenconsumer_2. After adding a property, use the getBinding command to view the most recent list of configured properties.
  • To remove a property, use the setBinding command to pass the property name with an empty string (""). For example, to remove all of the tokenconsumer_0 properties, specify the following property with the attributes parameter:
    application.securityinboundbindingconfig.tokenconsumer_0=""
    The previous example removes all properties that begin with the application.securityinboundbindingconfig.tokenconsumer_0 property name.

The following examples display several sets of properties to configure for your binding. This list does not include all properties to configure for the WSSecurity binding. Use this information as a reference to determine how to form specific property names.

signinginfo element
Use this property to configure signing information. For a custom binding, an unlimited number of signinginfo elements specified for the securityoutboundbindingconfig and securityinboundbindingconfig assertions can exist. In the default bindings, the system allows a maximum of two signinginfo elements for the securityoutboundbindingconfig and securityinboundbindingconfig assertions. The following example displays the format for two signinginfo elements:
application.securityinboundbindingconfig.signinginfo_0.signingkeyinfo_0
.reference=con_signkeyinfo
application.securityinboundbindingconfig.signinginfo_0.signingpartreference_0
.reference=request:int_body
application.securityoutboundbindingconfig.signinginfo_0.signingpartreference_0
.reference=response:int_body
application.securityoutboundbindingconfig.signinginfo_0.signingpartreference_0.timestamp=true
encryptioninfo element
Use this property to configure encryption information. For a custom binding, an unlimited number of encryptioninfo elements specified for the securityoutboundbindingconfig and securityinboundbindingconfig assertions can exist. In the default bindings, the system accepts a maximum of two encryptioninfo elements for the securityoutboundbindingconfig and securityinboundbindingconfig assertions. The following example displays the format for two encryptioninfo properties:
application.securityinboundbindingconfig.encryptioninfo_0.encryptionpartreference
.nonce=true
application.securityinboundbindingconfig.encryptioninfo_0.encryptionpartreference
.reference=request:conf_body
application.securityoutboundbindingconfig.encryptioninfo_0.encryptionpartreference
.nonce=true
application.securityoutboundbindingconfig.encryptioninfo_0.encryptionpartreference
.timestamp=true
tokengenerator element
In the default bindings, the tokengenerator elements that the signinginfo or encryptioninfo elements do not reference are considered to be authentication token generators. Each authentication token generator must have a unique valuetype element. The following example displays an example of a generator for an X.509 protection token:
application.securityoutboundbindingconfig.tokengenerator_0.name=gen_signtgen
application.securityoutboundbindingconfig.tokengenerator_0.classname=com.ibm.ws.wssecurity.wssapi.token
.impl.CommonTokenGenerator
application.securityoutboundbindingconfig.tokengenerator_0.valuetype.uri=
application.securityoutboundbindingconfig.tokengenerator_0.valuetype.localname=http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.classname=com.ibm.websphere.wssecurity
.callbackhandler.X509GenerateCallbackHandler
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.key.alias=soaprequester
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.key.keypass={xor}PDM2OjEr
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.key.name=CN=SOAPRequester, 
OU=TRL, O=IBM, ST=Kanagawa, C=JP
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.keystore.path=${USER_INSTALL_ROOT}
/etc/ws-security/samples/dsig-sender.ks
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.keystore.storepass={xor}PDM2OjEr
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.keystore.type=JKS
application.securityoutboundbindingconfig.tokengenerator_0.jaasconfig.configname=system.wss.generate.x509
The following example displays a generator for a username authentication token:
application.securityoutboundbindingconfig.tokengenerator_1.name=gen_usernametoken
application.securityoutboundbindingconfig.tokengenerator_1.classname=com.ibm.ws.wssecurity
.wssapi.token.impl.CommonTokenGenerator
application.securityoutboundbindingconfig.tokengenerator_1.valuetype.uri=
application.securityoutboundbindingconfig.tokengenerator_1.valuetype.localname=http://docs
.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
application.securityoutboundbindingconfig.tokengenerator_1.callbackhandler.classname=com.ibm
.websphere.wssecurity.callbackhandler.UNTGenerateCallbackHandler
application.securityoutboundbindingconfig.tokengenerator_1.callbackhandler.basicAuth.userid=user1
application.securityoutboundbindingconfig.tokengenerator_1.callbackhandler.basicAuth.password=myPassword
application.securityoutboundbindingconfig.tokengenerator_1.securityTokenReference.reference=request:uname_token
application.securityoutboundbindingconfig.tokengenerator_1.jaasconfig.configname=system.wss.generate.unt
tokenconsumer element
In the default bindings, the tokenconsumer elements that the signinginfo or encryptioninfo elements do not reference are authentication token consumers. Each authentication token consumer must have a unique valuetype element. The following example displays the format for a set of tokenconsumer elements:
application.securityinboundbindingconfig.tokenconsumer_0.name=con_unametoken
application.securityinboundbindingconfig.tokenconsumer_0.classname=com.ibm.ws.wssecurity.wssapi
.token.impl.CommonTokenConsumer
application.securityinboundbindingconfig.tokenconsumer_0.valuetype.localname=http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
application.securityinboundbindingconfig.tokenconsumer_0.valuetype.uri=
application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.classname=com.ibm.websphere
.wssecurity.callbackhandler.UNTConsumeCallbackHandler
application.securityinboundbindingconfig.tokenconsumer_0.jaasconfig.configname=system.wss.consume.unt
application.securityinboundbindingconfig.tokenconsumer_0.securitytokenreference.reference=request:uname_token
actor element
Defines the actor uniform resource identifier (URI) to be included in the WSSecurity headers of a generated message, as displayed by the following example:
application.securityinboundbindingconfig.actor=http://myActor.com
application.securityoutboundbindingconfig.actor=http://myActor.com
certstorelist element
Defines certificate store configurations and signing information, as displayed by the following example:
application.securityinboundbindingconfig.certstorelist.collectioncertstores_0
.name=DigSigCertStore
application.securityinboundbindingconfig.certstorelist.collectioncertstores_0
.provider=IBMCertPath
application.securityinboundbindingconfig.certstorelist.collectioncertstores_0
.x509certificates_0.path=${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer
keyinfo element
Defines key information for signing and encryption configurations, as displayed by the following example:
application.securityinboundbindingconfig.keyinfo_0.classname=com.ibm.ws.wssecurity.wssapi
.CommonContentConsumer
application.securityinboundbindingconfig.keyinfo_0.name=con_signkeyinfo
application.securityinboundbindingconfig.keyinfo_0.tokenreference.reference=con_tcon
application.securityinboundbindingconfig.keyinfo_0.type=STRREF
trustanchor property
Defines configuration information that is used to validate the trust of the signer certificate, as displayed by the following example:
application.securityinboundbindingconfig.trustanchor_0.keystore.path=${USER_INSTALL_ROOT}
/etc/ws-security/samples/dsig-receiver.ks
application.securityinboundbindingconfig.trustanchor_0.keystore.storepass={xor}LDotKTot
application.securityinboundbindingconfig.trustanchor_0.keystore.type=JKS
application.securityinboundbindingconfig.trustanchor_0.name=DigSigTrustAnchor
timestampexpires element
Defines an expiration date for the configuration, as displayed by the following example:
application.securityoutboundbindingconfig.timestampexpires.expires=5
application.securityinboundbindingconfig.caller_X.order
Specifies the order for a caller when using wsadmin scripts, where X is the unique string that identifies the instance of the caller:
-attributes [[application.securityinboundbindingconfig.caller_0.order 2]]

setPolicyType and setBinding command examples

Use the previous reference information with the setPolicyType and setBinding commands to modify your policy and binding configuration data.

문제점 방지 문제점 방지: The administrative console command assistance provides incorrect Jython syntax for the setPolicyType command. The XPath expression for the response message part protection of the Username WSSecurity policy set contains single quotes (') within each XPath property value, which Jython does not support. To fix the command from the administrative console command assistance, add a backslash character (\) before each single quote to escape the single quote.gotcha
The following example uses the setBinding command to set the enabled and provides properties for the myCustomSecurityPS custom policy set, which contains a ReliableMessaging policy:
AdminTask.setBinding('[-bindingLocation "" -bindingName cellWideBinding2 -policyType
 WSSecurity
 -attributes [[application.securityinboundbindingconfig.caller_0.order 2][inResponsewithSSL:configAlias 
NodeDefaultSSLSettings]
[inResponsewithSSL:config properties_directory/ssl.client.props]
[outAsyncResponsewithSSL:configFile properties_directory/ssl.client.props]
[outAsyncResponsewithSSL:configAlias NodeDefaultSSLSetings]
[outRequestwithSSL:configFile properties_directory/ssl.client.props]
[outRequestwithSSL:configAlias NodeDefaultSSLSettings]]]')
The following setPolicyType command enables the WSSecurity policy and creates a signature protection assertion:
AdminTask.setPolicyType('-policySet myPolicySet -policyType WSSecurity -attributes 
"[[enabled true][provides 
Some_amount_of_security][SignatureProtection.request:app_signparts.SignedElements.XPath_0 
SignatureProtectionV2]]"')
The following setBinding command specifies key information for a server-specific binding:
AdminTask.setBinding('-policyType WSSecurity -bindingLocation "[[server server1][node 
node01]]" 
-attributes "[[application.securityinboundbindingconfig.keyinfo_0.name dec_server_keyinfo]
[application.securityinboundbindingconfig.keyinfo_0.classname 
com.ibm.ws.wssecurity.wssapi.CommonContentGenerator]
[application.securityinboundbindingconfig.keyinfo_0.type STRREF]]"')
The following setBinding command specifies key information for an attachment-specific binding:
AdminTask.setBinding('-policyType WSSecurity -bindingLocation "[[application PolicySet]
[attachmentId 999]]" 
-attributes "[[application.securityinboundbindingconfig.keyinfo_0.name dec_app_keyinfo]
[application.securityinboundbindingconfig.keyinfo_0.classname 
com.ibm.ws.wssecurity.wssapi.CommonContentGenerator]
[application.securityinboundbindingconfig.keyinfo_0.type STRREF]]" -attachmentType application 
 -bindingName myBindingName')
The following setBinding command specifies trust anchor information for a cell-wide binding:
AdminTask.setBinding('-policyType WSSecurity -bindingLocation "" -attributes 
"[application.securityinboundbindingconfig.trustanchor_0.name DigSigTrustAnchor2]"')

주제 유형을 표시하는 아이콘 참조 주제



시간소인 아이콘 마지막 업데이트 날짜: July 9, 2016 6:10
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=rxml_wsfpwssecurity
파일 이름:rxml_wsfpwssecurity.html