Creating application-specific and trust service-specific bindings using the wsadmin tool

You can use the Jython or Jacl scripting language to create application-specific and trust service-specific bindings to match your installation environment or requirements.

Before you begin

When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:
Table 1. Administrative roles. The administrative role determines if you can configure or assign bindings.
Administrative role Authorization
Administrator The Administrator role must have cell-wide access to configure bindings. If you have access to a specific resource only, you can configure bindings for the resource for which you have access. Only the Administrator role can configure binding attributes.
Configurator The Configurator role with cell-wide or resource specific access can assign or unassign bindings, but cannot edit attributes.
Deployer The Deployer role with cell-wide or resource specific access can assign or unassign bindings, but cannot edit attributes.
Operator The Operator role can view, but cannot configure bindings.
Monitor The Monitor role can view, but cannot configure bindings.

About this task

Policy set bindings specify the details about how your quality of service (QoS) is configured. For example, a policy set attachment determines that sign, encrypt, or reliable messaging should be enabled. The policy set binding specifies how the protection is configured, for example, the path of the keystore file, the class name of the token generator, or the Java™ Authentication and Authorization Service (JAAS) configuration name.

For application policy sets, you can specify the policy set bindings at the cell-level using default binding configurations, at the application level using application-specific binding configurations, or at the cell-level with general bindings. Server-level default bindings are deprecated. If no binding information is specified during policy set attachment, the policy set inherits the default binding. You can specify a general binding as the default for a server instead of server-default bindings.

For system policy sets, you can specify the bindings at the cell-level and the server-level. The available bindings for system policy sets are the TrustServiceSymmetricDefault and TrustServiceSecurityDefault bindings. If no custom binding information is specified by the attachment, the resources inherit the TrustServiceSymmetricDefault or TrustServiceSecurityDefault binding.

避免困難 避免困難: Only use default binding for development and testing. You must customize the signing and encryption keys in your binding configurations for a production environment.gotcha
Note: In WebSphere Application Server Version 7.0 and later, the security model was enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of the product. In the WebSphere Application Server Version 6.1 Feature Pack for Web Services, you can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In Version 7.0 and later, you can configure one or more general service provider bindings and one or more general service client bindings. After you have configured general bindings, you can specify which of these bindings is the global default binding. You can also optionally specify general binding that are used as the default for an application server or a security domain.

為了支援混合 Cell 的環境,WebSphere Application Server 支援 7.0 版和 6.1 版連結。 一般的 Cell 層次連結專用於 7.0 版及更新的版本,應用程式特定連結保持應用程式所需要版本。 當使用者建立應用程式專用連結時,應用程式伺服器會判斷供應用程式使用所需要的連結版本。

請利用下列準則來管理環境中的連結:
  • 如果要顯示或修改預設的 6.1 版連結、7.0 版和信任服務連結,或要由應用程式的附件來參照連結,請在 getBinding 或 setBinding 指令中指定 attachmentId 和 bindingLocation 參數。
  • 如果要使用或修改一般 7.0 版及更新版本的連結,請在 getBinding 或 setBinding 指令中指定 bindingName 參數。
  • 如果要顯示特定連結的版本,請指定 getBinding 指令的 version 屬性。
如果出現下列情況,請在 7.0 版及更新的版本環境中,對應用程式使用 6.1 版連結:
  • 應用程式中的模組安裝在至少一部 Web Services Feature Pack 伺服器上。
  • 應用程式包含至少一個 6.1 版應用程式特定連結。 應用程式伺服器未將一般連結指派給 Web Services Feature Pack 伺服器上所安裝之應用程式的資源附件。 應用程式的所有應用程式特定連結都必須在相同層次。
一般服務提供者和用戶端連結未鏈結到特定的原則集,它們提供可在多個應用程式之間重複使用的配置資訊。 您可以建立及管理一般提供者和用戶端原則集連結,然後選取其中一個連結類型作為應用程式伺服器的預設值。 如果想要部署到伺服器的服務共用連結配置,設定伺服器預設連結非常有用。此外,您也可以指派連結給每個部署到伺服器的應用程式,或設定安全網域的預設連結並指派該安全網域給一或多部伺服器,完成共用連結配置。您可以針對安全網域或特定伺服器,指定用於廣域安全 (Cell) 層次的服務提供者或用戶端的預設連結。如果沒有在縮減的範圍指定的置換連結,則會使用預設連結。 應用程式伺服器用來決定要用哪個預設連結的優先順序,從最低到最高,依次如下:
  1. 伺服器層次預設值
  2. 安全網域層次預設值
  3. 廣域安全 (Cell) 預設值

本產品所提供的一般連結範例,最初設定為廣域安全 (Cell) 預設連結。 如果沒有指派任何應用程式特定連結或信任服務連結給原則集附件,則會使用預設服務提供者連結和預設服務用戶端連結。 如果是信任服務附件,在未指派任何信任特定連結的情況下,會使用預設連結。如果不要使用提供的「提供者範例」作為預設服務提供者連結,您可以選取現有的一般提供者連結,或建立新的一般提供者連結,以符合您的商業需求。 同樣地,如果不要使用提供的「用戶端範例」作為預設服務用戶端連結,您可以選取現有的一般用戶端連結,或建立新的一般用戶端連結。

Procedure

  1. Launch a scripting command. To learn more, see the starting the wsadmin scripting client information.
  2. Determine the type of binding to create.

    You can create application policy set bindings at the cell-level, server-level, or application-level, and trust service policy set bindings at the cell-level or server-level.

  3. Retrieve the current binding configuration for the policy of interest.
    Use the getBinding command to display a Properties object containing all configuration attributes for a specific binding. Specify the location of the binding by passing a properties object using the -bindingLocation parameter and the following reference table:
    Table 2. Command parameters. Use the command to display attributes for a binding.
    Type of binding -bindingLocation parameter value
    Server-level (deprecated) -bindingLocation "[[node node1][server server1]]"
    Application -bindingLocation "[[application application1][attachmentId 123]]"
    Trust service -bindingLocation "[[systemType trustService] [attachmentId 123]]"
    Trust client -bindingLocation "[[systemType trustClient] [attachmentId 123]]"
    WS-Notification client -bindingLocation "[[bus myBus][WSNService myService][attachmentId 123]"
    For this example, the command displays the current binding configuration for the WSAddressing policy, with the 123 attachment ID, for the application1 application:
    AdminTask.getBinding('-policyType WSAddressing -bindingLocation "[[application application1][attachmentId 123]]"')
    To return a specific configuration attribute for the policy, use the -attributes parameter. For example, enter this command to determine if workload management is enabled:
    AdminTask.getBinding('-policyType WSaddressing -bindingLocation "[[application application1][attachmentId 123]]" -attributes "[preventWLM]"')
    The command returns a properties object which contains the value of the requested attribute, preventWLM. You might receive an error message if the binding does not exist in your configuration.
  4. Create a new application-specific binding for the policy of interest.
    Use the setBinding command to create a binding configuration for a policy. To specify that you are creating an application-specific binding, set the -bindingLocation parameter by passing the application and attachmentId property names in a properties object. If you are creating a system policy set binding for the trust service, you only need to specify the attachmentId property name. You can further customize your binding with the following parameters:
    Table 3. Command parameters. Use the command to create a binding configuration.
    Parameter Description Data type
    -policyType Specifies the policy of interest. String, optional
    -attachmentType Specifies the type of policy set attachment. If the attachment is for an application, you do not need to specify this parameter.
    適用於轉換使用者 適用於轉換使用者: 雖然您可以在 -attachmentType 參數中指定 application 值,仍請利用 provider 值來取代 application 值,因為附件不只用於應用程式,例如,信任服務的系統附件。 如果是系統原則集附件,請在 attachmentType 參數中指定 provider 值,在 -attachmentProperties 參數中指定 "[systemType trustService]" 值。 如果是 WSNClient 附件,請在 attachmentType 參數中指定 client 值,在 -attachmentProperties 參數中指定 busWSNService 內容。trns
    String, optional
    -attributes Specifies the attribute values to update. This parameter can include all binding attributes for the policy or a subset of attributes. Properties, optional
    -bindingName Specifies the name for your new application-specific binding. A name is generated if it is not specified. String, optional
    -domainName Specifies the domain name for the binding. Use this parameter to scope a binding to a domain other than the global security domain. String, optional

    The following example creates the WSAddressing1234binding attachment-specific binding for the WSAddressing policy, assigned to the application1 application attachment 123, and enables workload management:

    AdminTask.setBinding('-policyType WSAddressing -bindingName 
     WSAddressing123binding -bindingLocation "[ [application application1] [attachmentId 123] ]" -attributes 
     "[preventWLM false]"')
  5. Optional: Add application-specific binding properties.
    Use the setBinding command to add any additional custom properties for your application-specific binding. The application server provides custom properties that are specific to each quality of service. Use the following format to specify custom properties for the binding:
    AdminTask.setBinding('[-bindingLocation "[ [application application1] [attachmentId 123] 
     ]" -policyType WSAddressing -attributes "[[properties_x:name key_value] [properties_x:value 
     value]"]')
  6. Save your configuration changes.
    AdminConfig.save()

指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:19
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=txml_wsfpcreatebinding
檔名:txml_wsfpcreatebinding.html