WSSecurity 策略和绑定属性

使用 setPolicyType 和 setBinding 命令的 attributes 参数为 WSSecurity 策略和绑定配置指定更多配置信息。应用程序和系统策略集可以使用 WSSecurity 策略和绑定配置。

在使用此主题中的命令之前,请验证是否在使用 wsadmin 工具的最新版本。将属性对象作为 attributesbindingLocation 参数的值来接受的策略集管理命令不受 wsadmin 工具的先前版本支持。例如,这些命令不在 V6.1.0.x 节点上运行。

请在 AdminTask 对象的 PolicySetManagement 组中使用下列命令和参数来定制策略集配置。
  • -attributes 参数用于 getPolicyType 和 getBinding 命令以查看策略和绑定配置的属性。要获取属性,请将属性名传递至 getPolicyType 或 getBinding 命令。
  • -attributes 参数用于 setPolicyType 和 setBinding 命令以在策略和绑定配置中添加、更新或除去属性。要添加或属性更新,请指定属性名和属性值。如果该属性存在,那么 setPolicyType 和 setBinding 命令更新该值;如果该属性不存在,那么会添加该属性及值。要除去属性,请指定属性值为空字符串 ("")。-attributes 参数接受属性对象。
注: 如果使用 -attributes 参数提供的属性名或值无效,那么 setPolicyType 和 setBinding 命令将失败并产生异常。无效的属性作为错误或警告记录在 SystemOut.log 文件中。但是,命令异常可能不包含有关导致该异常的属性的详细信息。当 setPolicyType 和 setBinding 命令失败时,请检查 SystemOut.log 文件以找到任何指示 -attributes 参数的输入包含一个或多个无效属性的错误和警告消息。
注: 本主题引用了一个或多个应用程序服务器日志文件。作为另一种建议采用的方法,您可以在分布式系统和 IBM® i 系统上配置服务器以使用高性能可扩展日志记录 (HPEL) 记录和跟踪基础结构,而不使用 SystemOut.logSystemErr.logtrace.logactivity.log 文件。您还可以将 HPEL 与本机 z/OS® 日志记录设施结合使用。如果要使用 HPEL,那么可从服务器概要文件 bin 目录使用 LogViewer 命令行工具来访问所有日志和跟踪信息。有关使用 HPEL 的更多信息,请参阅有关使用 HPEL 对应用程序进行故障诊断的信息。
对于转换用户 对于转换用户: 在 WebSphere Application Server V7.0 和更高版本中,安全模型增强为以域为中心的安全模型,而不是基于服务器的安全模型。在此版本的产品中,还更改了缺省全局安全性(单元)级别和缺省服务器级别绑定的配置。在 WebSphere Application Server V6.1 Feature Pack for Web Services 中,可以为单元配置一组缺省绑定并可选择性地为每个服务器配置一组缺省绑定。在 V7.0 和更高版本中,您可以配置一个或多个常规服务提供程序绑定以及一个或多个常规服务客户机绑定。配置常规绑定之后,可以指定其中的哪些绑定是全局缺省绑定。还可选择性地指定用作应用程序服务器或安全域的缺省值的常规绑定。trns

为了支持混合单元环境,WebSphere Application Server 支持 V7.0 和 V6.1 绑定。常规单元级别绑定是特定于 V7.0 和更高版本的绑定。特定于应用程序的绑定保留在该应用程序所需要的版本处。当用户创建特定于应用程序的绑定时,应用程序服务器将决定要用于应用程序所必需的绑定版本。

如果没有为 getPolicyType 或 getBinding 命令指定 attributes 参数,那么该命令将返回所有属性。如果对 getPolicyType 或 getBinding 命令传递了一个部分属性名,那么该命令将返回其名称以该部分属性名开头的所有属性。例如,如果对 getPolicyType 命令传递了 SignatureProtection,那么该命令将返回名称以“SignatureProtection”开头的所有属性,这可能包括:
SignatureProtection.response:
   int_body.SignedParts.Body,SignatureProtection.response:int_body.SignedParts.Header_0.Name
and
SignatureProtection.response:int_body.SignedParts.Header_0.Namespace
There are an extensive number of combinations of settings that are available to secure your web service applications. Because of the number of attributes and configuration options from the WS-Security Version 1.0 specification, all attributes are not defined in this topic. The following sections explain the hierarchy structure for the WSSecurity policy and binding attributes:

WSSecurity policy properties

Use the getPolicyType command to review a properties object with the properties that are configured in your current WSSecurity policy file. Security policy schemata define the security assertions. Because the elements in the schema have hierarchical relationship, the property names for security policy also have the similar hierarchy. The hierarchical relationship between property names in the security policy is represented by a period (.) between two levels, concatenating the parent and child attributes. Examples of the properties include, but are not limited to, IncludeToken, Name, Namespace, XPath, XPathVersion. The following list describes the top-level assertion policy property names for the WSSecurity policy file:
AsymmetricBinding
You can specify zero or one binding assertion.
SymmetricBinding
You can specify zero or one binding assertion. AsymmetricBinding and SymmetricBinding cannot co-exist in a security policy file.
Wss11
You can specify zero or one Wss11 assertion.
Wss10
You can specify zero or one Wss10 assertion.
Trust10
You can specify zero or one Trust10 assertion.
SignatureProtection
You can specify zero or any number of signature protection assertions.
EncryptionProtection
You can specify zero or any number of encryption protection assertions
SupportingTokens
You can specify zero or any number of supporting token assertions.
For example, the following policy file example displays an AsymmetricBinding assertion:
    <sp:AsymmetricBinding>
      <wsp:Policy>
        <sp:InitiatorSignatureToken>
          <wsp:Policy>
            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy
						/200512/IncludeToken/AlwaysToRecipient">
              <wsp:Policy>
                <sp:WssX509V3Token10 />
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:InitiatorSignatureToken>
        <sp:RecipientSignatureToken>
          <wsp:Policy>
            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy
						/200512/IncludeToken/AlwaysToInitiator">
              <wsp:Policy>
                <sp:WssX509V3Token10 />
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:RecipientSignatureToken>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic256/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
        <sp:Layout>
          <wsp:Policy>
            <sp:Strict/>
          </wsp:Policy>
        </sp:Layout>
      </wsp:Policy>
    </sp:AsymmetricBinding><sp:AsymmetricBinding>
      <wsp:Policy>
        <sp:InitiatorSignatureToken>
          <wsp:Policy>
            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy
						/200512/IncludeToken/AlwaysToRecipient">
              <wsp:Policy>
                <sp:WssX509V3Token10 />
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:InitiatorSignatureToken>
        <sp:RecipientSignatureToken>
          <wsp:Policy>
            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy
						/200512/IncludeToken/AlwaysToInitiator">
              <wsp:Policy>
                <sp:WssX509V3Token10 />
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:RecipientSignatureToken>
      </wsp:Policy>
      <sp:AlgorithmSuite>
        <wsp:Policy>
          <sp:Basic256/>
        </wsp:Policy>
      </sp:AlgorithmSuite>
      <sp:Layout>
        <wsp:Policy>
          <sp:Strict/>
        </wsp:Policy>
      </sp:Layout>
    </sp:AsymmetricBinding>
AsymmetricBinding 声明将返回下列属性名/值对。返回的属性中不会显示嵌套的 wsp:Policy 层。另外,某些属性可能会返回 True,这表示 WSSecurity 配置包含相关的 XML 元素。要编辑属性,将值设置为 True 以包括该属性,或者将值设置为空字符串 "" 以移除该属性。
AsymmetricBinding.Layout = Strict
AsymmetricBinding.AlgorithmSuite.Basic256 = true
AsymmetricBinding.RecipientSignatureToken.X509Token_0.IncludeToken = http://docs.oasis-open.org
/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToInitiator
AsymmetricBinding.InitiatorSignatureToken.X509Token_0.WssX509V3Token10 = true
AsymmetricBinding.InitiatorSignatureToken.X509Token_0.IncludeToken = http://docs.oasis-open.org
/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient
AsymmetricBinding.RecipientSignatureToken.X509Token_0.WssX509V3Token10 = true
另外,以下策略文件示例显示了一个 SupportingTokens 声明:
<sp:SupportingTokens>
        <wsp:Policy wsu:Id="request:custom_auth">
            <spe:CustomToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/
							ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient">
                <wsp:Policy>
                    <spe:WssCustomToken uri=http://bar.com/MyCustomToken localname="tokenv1">
                    </spe:WssCustomToken>
                </wsp:Policy>
            </spe:CustomToken>
        </wsp:Policy>
    </sp:SupportingTokens
SupportingTokens 声明将返回下列属性名/值对。返回的属性中不会显示嵌套的 wsp:Policy 层。
SupportingTokens.request:custom_auth.CustomToken_0.WssCustomToken.uri=http://bar.com
/MyCustomToken
SupportingTokens.request:custom_auth.CustomToken_0.IncludeToken=http://docs.oasis-open.org
/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient
SupportingTokens.request:custom_auth.CustomToken_0.WssCustomToken.localname=tokenv1
注: CustomToken 属性包含一个下标 0 表示法 ( _0 ),这是因为在同一类型的令牌(例如,RecipientSignatureToken 或 InitiatorSignatureToken 令牌)中多次显示该属性。
尽管大多数属性名都遵循先前所描述的分层关系格式,但是也存在下列例外情况:
  • wsu:Id 元素
    此元素使用 ID 的实际值而不使用 Id 作为属性名。以下策略文件示例属性:
    <wsp:Policy wsu:Id="response:int_body">
      <sp:SignedParts>
        <sp:Body/>
      </sp:SignedParts>
    </wsp:Policy>
    前面的 wsu:Id 示例将返回下列属性:
    SignatureProtection.response:int_body.SignedParts.Body = true
  • The Header element
    Because there can be multiple Header elements, the Header_n notation is used to represent this property. See the following policy file example:
     <wsp:Policy wsu:Id="request:conf_body">
         <sp:EncryptedParts>
           <sp:Body/>
           <sp:Header Name="MyElement" Namespace="http://foo.com/MyNamespace" />
         </sp:EncryptedParts>
       </wsp:Policy>
    前面的 Header 示例将返回下列属性:
    EncryptionProtection.request:conf_body.EncryptedParts.Header_0.Name=MyElement
    EncryptionProtection.request:conf_body.EncryptedParts.Header_0.Namespace=http://
    foo.com/MyNamespace
  • XPath 元素
    因为可能存在多个 XPath 元素,所以使用 XPath_n 表示法来表示此属性。请参阅以下策略文件示例:
    <wsp:Policy wsu:Id="request:int_body">
          <sp:SignedElements>
            <sp:XPath>SomeXPathExpression</sp:XPath>
            <sp:XPath>SomeOtherXPathExpression</sp:XPath>
          </sp:EncryptedElements>
        </wsp:Policy>
    前面的 XPath 示例将返回下列属性:
    SignatureProtection.request:int_body.SignedElements.XPath_0=SomeXPathExpression
    SignatureProtection.request:int_body.SignedElements.XPath_1=SomeOtherXPathExpression
  • The X509Token element

    Use the X509Token_n notation to represent this property because multiple X509Token elements can exist. For an example, see the AsymmetricBinding assertion.

  • The CustomToken element

    Use the CustomToken_n notation to represent this property because multiple CustomToken elements can exist. For an example, see the SupportingTokens assertion.

WSSecurity binding properties

Use the getBinding command to review a properties object with the properties that are configured in your current WSSecurity binding configuration. You can also use the administrative console to configure your WSSecurity bindings. Use the information center topics for configuring WSSecurity bindings with administrative console for more information.

The properties defined in this section reflect the hierarchy of the binding schema. Each part of the property name is a lowercase version of the schema type. For example, the application.securityinboundbindingconfig.tokenconsumer_0.jaasconfig.configname property follows the hierarchal format. The attributes begin with application or bootstrap. Attributes that begin with application represent bindings that are associated with the main WS-Security policy. Attributes that begin with bootstrap represent bindings that are associated with the WS-Security bootstrap policy, where the WS-Security policy uses Secure Conversation.

Some property names might have an _n notation appended to them. This notation represents a list of items. For example, multiple tokenconsumer properties exist and are listed from tokenconsumer_0 through tokenconsumer_n, where the set of tokenconsumer values are:
application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.
certpathsettings.certstoreref.reference
application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.
certpathsettings.trustanchorref.reference
application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.classname
application.securityinboundbindingconfig.tokenconsumer_0.classname
application.securityinboundbindingconfig.tokenconsumer_0.jaasconfig.configname
application.securityinboundbindingconfig.tokenconsumer_0.name
application.securityinboundbindingconfig.tokenconsumer_0.valuetype.localname
application.securityinboundbindingconfig.tokenconsumer_0.valuetype.uri

Additionally, some properties in the security binding file return a value of true when queried. To set these properties, set the value to true to include the property, or set the value to an empty string ("") to remove the property. For example, the time stamp, nonce, and trustAnyCertificate properties follow this pattern.

Use the setBinding command and the attributes parameter to add or remove properties to your WSSecurity binding configuration.
  • To add a property, use the setBinding command to pass the property name with a non-zero length string value. To add a list item, use the _n notation to reflect a numeric value that is greater than any current numeric value for the property. For example, if the tokenconsumer_0 and tokenconsumer_1 properties exist in your configuration, specify the new tokenconsumer property as tokenconsumer_2. After adding a property, use the getBinding command to view the most recent list of configured properties.
  • To remove a property, use the setBinding command to pass the property name with an empty string (""). For example, to remove all of the tokenconsumer_0 properties, specify the following property with the attributes parameter:
    application.securityinboundbindingconfig.tokenconsumer_0=""
    The previous example removes all properties that begin with the application.securityinboundbindingconfig.tokenconsumer_0 property name.

The following examples display several sets of properties to configure for your binding. This list does not include all properties to configure for the WSSecurity binding. Use this information as a reference to determine how to form specific property names.

signinginfo element
Use this property to configure signing information. For a custom binding, an unlimited number of signinginfo elements specified for the securityoutboundbindingconfig and securityinboundbindingconfig assertions can exist. In the default bindings, the system allows a maximum of two signinginfo elements for the securityoutboundbindingconfig and securityinboundbindingconfig assertions. The following example displays the format for two signinginfo elements:
application.securityinboundbindingconfig.signinginfo_0.signingkeyinfo_0
.reference=con_signkeyinfo
application.securityinboundbindingconfig.signinginfo_0.signingpartreference_0
.reference=request:int_body
application.securityoutboundbindingconfig.signinginfo_0.signingpartreference_0
.reference=response:int_body
application.securityoutboundbindingconfig.signinginfo_0.signingpartreference_0.timestamp=true
encryptioninfo 元素
使用此属性来配置加密信息。对于定制绑定,可以存在为 securityoutboundbindingconfigsecurityinboundbindingconfig 断言指定的无限数量的 encryptioninfo 元素。在缺省绑定中,系统允许最多为 securityoutboundbindingconfigsecurityinboundbindingconfig 声明指定两个 encryptioninfo 元素。以下示例显示了两个 encryptioninfo 属性的格式:
application.securityinboundbindingconfig.encryptioninfo_0.encryptionpartreference
.nonce=true
application.securityinboundbindingconfig.encryptioninfo_0.encryptionpartreference
.reference=request:conf_body
application.securityoutboundbindingconfig.encryptioninfo_0.encryptionpartreference
.nonce=true
application.securityoutboundbindingconfig.encryptioninfo_0.encryptionpartreference
.timestamp=true
tokengenerator 元素
在缺省绑定中,signinginfoencryptioninfo 元素未引用的 tokengenerator 元素将被认为是认证令牌生成器。每个认证令牌生成器都必须具有唯一的 valuetype 元素。以下示例显示了 X.509 保护令牌的一个生成器示例:
application.securityoutboundbindingconfig.tokengenerator_0.name=gen_signtgen
application.securityoutboundbindingconfig.tokengenerator_0.classname=com.ibm.ws.wssecurity.wssapi.token
.impl.CommonTokenGenerator
application.securityoutboundbindingconfig.tokengenerator_0.valuetype.uri=
application.securityoutboundbindingconfig.tokengenerator_0.valuetype.localname=http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.classname=com.ibm.websphere.wssecurity
.callbackhandler.X509GenerateCallbackHandler
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.key.alias=soaprequester
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.key.keypass={xor}PDM2OjEr
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.key.name=CN=SOAPRequester, 
OU=TRL, O=IBM, ST=Kanagawa, C=JP
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.keystore.path=${USER_INSTALL_ROOT}
/etc/ws-security/samples/dsig-sender.ks
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.keystore.storepass={xor}PDM2OjEr
application.securityoutboundbindingconfig.tokengenerator_0.callbackhandler.keystore.type=JKS
application.securityoutboundbindingconfig.tokengenerator_0.jaasconfig.configname=system.wss.generate.x509
The following example displays a generator for a username authentication token:
application.securityoutboundbindingconfig.tokengenerator_1.name=gen_usernametoken
application.securityoutboundbindingconfig.tokengenerator_1.classname=com.ibm.ws.wssecurity
.wssapi.token.impl.CommonTokenGenerator
application.securityoutboundbindingconfig.tokengenerator_1.valuetype.uri=
application.securityoutboundbindingconfig.tokengenerator_1.valuetype.localname=http://docs
.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
application.securityoutboundbindingconfig.tokengenerator_1.callbackhandler.classname=com.ibm
.websphere.wssecurity.callbackhandler.UNTGenerateCallbackHandler
application.securityoutboundbindingconfig.tokengenerator_1.callbackhandler.basicAuth.userid=user1
application.securityoutboundbindingconfig.tokengenerator_1.callbackhandler.basicAuth.password=myPassword
application.securityoutboundbindingconfig.tokengenerator_1.securityTokenReference.reference=request:uname_token
application.securityoutboundbindingconfig.tokengenerator_1.jaasconfig.configname=system.wss.generate.unt
tokenconsumer element
In the default bindings, the tokenconsumer elements that the signinginfo or encryptioninfo elements do not reference are authentication token consumers. Each authentication token consumer must have a unique valuetype element. The following example displays the format for a set of tokenconsumer elements:
application.securityinboundbindingconfig.tokenconsumer_0.name=con_unametoken
application.securityinboundbindingconfig.tokenconsumer_0.classname=com.ibm.ws.wssecurity.wssapi
.token.impl.CommonTokenConsumer
application.securityinboundbindingconfig.tokenconsumer_0.valuetype.localname=http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
application.securityinboundbindingconfig.tokenconsumer_0.valuetype.uri=
application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.classname=com.ibm.websphere
.wssecurity.callbackhandler.UNTConsumeCallbackHandler
application.securityinboundbindingconfig.tokenconsumer_0.jaasconfig.configname=system.wss.consume.unt
application.securityinboundbindingconfig.tokenconsumer_0.securitytokenreference.reference=request:uname_token
actor element
Defines the actor uniform resource identifier (URI) to be included in the WSSecurity headers of a generated message, as displayed by the following example:
application.securityinboundbindingconfig.actor=http://myActor.com
application.securityoutboundbindingconfig.actor=http://myActor.com
certstorelist 元素
定义证书库配置和签名信息,如以下示例中所示:
application.securityinboundbindingconfig.certstorelist.collectioncertstores_0
.name=DigSigCertStore
application.securityinboundbindingconfig.certstorelist.collectioncertstores_0
.provider=IBMCertPath
application.securityinboundbindingconfig.certstorelist.collectioncertstores_0
.x509certificates_0.path=${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer
keyinfo 元素
定义用于为配置签名和加密的密钥信息,如以下示例中所示:
application.securityinboundbindingconfig.keyinfo_0.classname=com.ibm.ws.wssecurity.wssapi
.CommonContentConsumer
application.securityinboundbindingconfig.keyinfo_0.name=con_signkeyinfo
application.securityinboundbindingconfig.keyinfo_0.tokenreference.reference=con_tcon
application.securityinboundbindingconfig.keyinfo_0.type=STRREF
trustanchor 属性
定义用于验证签署者证书的信任度的配置信息,如以下示例中所示:
application.securityinboundbindingconfig.trustanchor_0.keystore.path=${USER_INSTALL_ROOT}
/etc/ws-security/samples/dsig-receiver.ks
application.securityinboundbindingconfig.trustanchor_0.keystore.storepass={xor}LDotKTot
application.securityinboundbindingconfig.trustanchor_0.keystore.type=JKS
application.securityinboundbindingconfig.trustanchor_0.name=DigSigTrustAnchor
timestampexpires 元素
定义配置的到期日期,如以下示例中所示:
application.securityoutboundbindingconfig.timestampexpires.expires=5
application.securityinboundbindingconfig.caller_X.order
指定当使用 wsadmin 脚本时调用者的顺序,其中 X 是标识该调用者的实例的唯一字符串:
-attributes [[application.securityinboundbindingconfig.caller_0.order 2]]

setPolicyType 和 setBinding 命令示例

使用 setPolicyType 和 setBinding 命令并根据前面所提供的参考信息来修改策略和绑定配置数据。

避免故障 避免故障: 管理控制台命令帮助对 setPolicyType 命令提供不正确的 Jython 语法。对于“用户名 WSSecurity”策略集的响应消息部件保护,其 XPath 表达式在每个 XPath 属性值中都包含 Jython 不支持的单引号 (')。要更正管理控制台命令帮助中的命令,请在每个单引号前面添加反斜杠字符 (\) 以对该单引号进行转义。gotcha
以下示例使用 setBinding 命令来设置定制策略集 myCustomSecurityPS(该策略集包含 ReliableMessaging 策略)的 enabled 和 provides 属性:
AdminTask.setBinding('[-bindingLocation "" -bindingName cellWideBinding2 -policyType
 WSSecurity
 -attributes [[application.securityinboundbindingconfig.caller_0.order 2][inResponsewithSSL:configAlias 
NodeDefaultSSLSettings]
[inResponsewithSSL:config properties_directory/ssl.client.props]
[outAsyncResponsewithSSL:configFile properties_directory/ssl.client.props]
[outAsyncResponsewithSSL:configAlias NodeDefaultSSLSetings]
[outRequestwithSSL:configFile properties_directory/ssl.client.props]
[outRequestwithSSL:configAlias NodeDefaultSSLSettings]]]')
The following setPolicyType command enables the WSSecurity policy and creates a signature protection assertion:
AdminTask.setPolicyType('-policySet myPolicySet -policyType WSSecurity -attributes 
"[[enabled true][provides 
Some_amount_of_security][SignatureProtection.request:app_signparts.SignedElements.XPath_0 
SignatureProtectionV2]]"')
以下 setBinding 命令指定特定于服务器的绑定的密钥信息:
AdminTask.setBinding('-policyType WSSecurity -bindingLocation "[[server server1][node 
node01]]" 
-attributes "[[application.securityinboundbindingconfig.keyinfo_0.name dec_server_keyinfo]
[application.securityinboundbindingconfig.keyinfo_0.classname 
com.ibm.ws.wssecurity.wssapi.CommonContentGenerator]
[application.securityinboundbindingconfig.keyinfo_0.type STRREF]]"')
以下 setBinding 命令指定特定于连接的绑定的密钥信息:
AdminTask.setBinding('-policyType WSSecurity -bindingLocation "[[application PolicySet]
[attachmentId 999]]" 
-attributes "[[application.securityinboundbindingconfig.keyinfo_0.name dec_app_keyinfo]
[application.securityinboundbindingconfig.keyinfo_0.classname 
com.ibm.ws.wssecurity.wssapi.CommonContentGenerator]
[application.securityinboundbindingconfig.keyinfo_0.type STRREF]]" -attachmentType application 
 -bindingName myBindingName')
以下 setBinding 命令指定单元范围内的绑定的信任锚信息:
AdminTask.setBinding('-policyType WSSecurity -bindingLocation "" -attributes 
"[application.securityinboundbindingconfig.trustanchor_0.name DigSigTrustAnchor2]"')

指示主题类型的图标 参考主题



时间戳记图标 最近一次更新时间: last_date
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=rxml_wsfpwssecurity
文件名:rxml_wsfpwssecurity.html