Configuring application-specific and system bindings using wsadmin scripting

Use the Jython or Jacl scripting language to edit custom application bindings and system bindings for policies to match your installation environment or system requirements.

Before you begin

在使用這個主題中的指令之前,請確認您使用 wsadmin 工具的最新版本。 在舊版的 wsadmin 工具中,不支援接受內容物件作為 attributesbindingLocation 參數值的原則集管理指令。 例如,在 6.1.0.x 版節點上,不執行這些指令。

When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:
Table 1. Administrative roles. The administrative role determines if you can configure, modify or assign bindings.
Administrative role Authorization
Administrator The Administrator role must have cell-wide access to configure bindings. If you have access to a specific resource only, you can configure bindings for the resource for which you have access. Only the Administrator role can edit binding attributes.
Configurator The Configurator role with cell-wide or resource specific access can assign or unassign bindings, but cannot edit attributes.
Deployer The Deployer role with cell-wide or resource specific access can assign or unassign bindings, but cannot edit attributes.
Operator The Operator role can view, but cannot configure bindings.
Monitor The Monitor role can view, but cannot configure bindings.

About this task

Binding configurations are environment- and platform-specific information such as keystore information, keys used for signature and encryption, or authentication information. You can use the default binding for each policy set or define application-specific bindings within an application.

There are three types of bindings to use with your policy sets, including cell-level, application server level, and application-level. Default bindings are used at the cell-level or application server level. This topic refers to system binding information or bindings that are defined at the application level, which overrides the cell-level or application server level definition.

Use default bindings only to develop and test applications. You must change signing and encryption keys before using your bindings in a production environment.

適用於轉換使用者 適用於轉換使用者: 在 WebSphere Application Server 7.0 版及更新的版本中,安全模型已加強為以網域為中心的安全模型,而不是基於伺服器的安全模型。 另外,本產品的這個版本也變更了預設廣域安全 (Cell) 層次和預設伺服器層次連結的配置。 在 WebSphere Application Server 6.1 版 Feature Pack for Web Services 中,您可以為 Cell 配置一組預設連結,也可以選擇性地為每部伺服器配置一組預設連結。在 7.0 版及更新的版本中,您可以配置一或多個一般服務提供者連結,以及一或多個一般服務用戶端連結。 在配置一般連結之後,您可以指定其中一個連結作為廣域預設連結。您也可以選擇性指定作為應用程式伺服器或安全網域預設值的一般連結。trns

為了支援混合 Cell 的環境,WebSphere Application Server 支援 7.0 版和 6.1 版連結。 一般的 Cell 層次連結專用於 7.0 版及更新的版本,應用程式特定連結保持應用程式所需要版本。 當使用者建立應用程式專用連結時,應用程式伺服器會判斷供應用程式使用所需要的連結版本。

請利用下列準則來管理環境中的連結:
  • 如果要顯示或修改預設的 6.1 版連結、7.0 版和信任服務連結,或要由應用程式的附件來參照連結,請在 getBinding 或 setBinding 指令中指定 attachmentId 和 bindingLocation 參數。
  • 如果要使用或修改一般 7.0 版及更新版本的連結,請在 getBinding 或 setBinding 指令中指定 bindingName 參數。
  • 如果要顯示特定連結的版本,請指定 getBinding 指令的 version 屬性。
如果出現下列情況,請在 7.0 版及更新的版本環境中,對應用程式使用 6.1 版連結:
  • 應用程式中的模組安裝在至少一部 Web Services Feature Pack 伺服器上。
  • 應用程式包含至少一個 6.1 版應用程式特定連結。 應用程式伺服器未將一般連結指派給 Web Services Feature Pack 伺服器上所安裝之應用程式的資源附件。 應用程式的所有應用程式特定連結都必須在相同層次。
一般服務提供者和用戶端連結未鏈結到特定的原則集,它們提供可在多個應用程式之間重複使用的配置資訊。 您可以建立及管理一般提供者和用戶端原則集連結,然後選取其中一個連結類型作為應用程式伺服器的預設值。 如果想要部署到伺服器的服務共用連結配置,設定伺服器預設連結非常有用。此外,您也可以指派連結給每個部署到伺服器的應用程式,或設定安全網域的預設連結並指派該安全網域給一或多部伺服器,完成共用連結配置。您可以針對安全網域或特定伺服器,指定用於廣域安全 (Cell) 層次的服務提供者或用戶端的預設連結。如果沒有在縮減的範圍指定的置換連結,則會使用預設連結。 應用程式伺服器用來決定要用哪個預設連結的優先順序,從最低到最高,依次如下:
  1. 伺服器層次預設值
  2. 安全網域層次預設值
  3. 廣域安全 (Cell) 預設值

本產品所提供的一般連結範例,最初設定為廣域安全 (Cell) 預設連結。 如果沒有指派任何應用程式特定連結或信任服務連結給原則集附件,則會使用預設服務提供者連結和預設服務用戶端連結。 如果是信任服務附件,在未指派任何信任特定連結的情況下,會使用預設連結。如果不要使用提供的「提供者範例」作為預設服務提供者連結,您可以選取現有的一般提供者連結,或建立新的一般提供者連結,以符合您的商業需求。 同樣地,如果不要使用提供的「用戶端範例」作為預設服務用戶端連結,您可以選取現有的一般用戶端連結,或建立新的一般用戶端連結。

Procedure

  1. Launch the wsadmin scripting tool using the Jython scripting language. To learn more, see the starting the wsadmin scripting client information.
  2. Retrieve the current binding data for the attachment of interest.
    Use the getPolicySetAttachments command to determine the attachment ID. You will need to specify the attachment ID in the getBinding and setBinding commands to specify that this is a application-specific binding configuration. Use the following command to retrieve the attachment ID:
    AdminTask.getPolicySetAttachments('-applicationName application1')
    Use the getBinding command to display a properties object that contains each configuration attribute for a specific policy binding configuration. For application and client policy set attachments, specify a properties object for the -bindingLocation parameter using the application and attachmentId property names. For a system policy set attachment for the trust service, specify only the attachmentId property name. The following example queries for an application policy set binding configuration:
    AdminTask.getBinding('-policyType WSAddressing -bindingLocation "[[application application1][attachmentId 
    123]]"')

    To return a specific configuration attribute for the policy, use the -attributes parameter.

  3. Edit the binding configuration.
    Use the setBinding command to update your binding configuration for a policy. To specify that you are editing a application-specific binding configuration, set the -bindingLocation parameter by specifying the application and attachmentId property names in a properties object. You can additionally specify the -attachmentType parameter as provider or client.
    適用於轉換使用者 適用於轉換使用者: 雖然您可以在 -attachmentType 參數中指定 application 值,仍請利用 provider 值來取代 application 值,因為附件不只用於應用程式,例如,信任服務的系統附件。 如果是系統原則集附件,請在 attachmentType 參數中指定 provider 值,在 -attachmentProperties 參數中指定 "[systemType trustService]" 值。 如果是 WSNClient 附件,請在 attachmentType 參數中指定 client 值,在 -attachmentProperties 參數中指定 busWSNService 內容。trns
    Customize your binding configuration with the following optional parameters:
    Table 2. Optional parameters. Use the optional binding parameters to update the binding configuration.
    Parameter Description Data type
    -policyType Specifies the policy of interest. String, optional
    -remove Use this parameter to remove a specific policy from the binding configuration. The default value for the -remove parameter is false. If the -policyType parameter is not specified, the command removes the application-specific binding from the attachment. To delete the binding configuration, provide a value for the -bindingName parameter and an asterisk character (*) for the -attachmentId parameter. Boolean, optional
    -attributes Specifies the attribute values to update. This parameter can include each binding configuration attribute for the policy or a subset of attributes to update. If you do not specify the attributes parameter, the command only updates the binding configuration location that the specified attachment uses. Properties, optional
    -bindingName Specifies the name for the binding configuration. Use this parameter to specify a name for the binding when you create a new application-specific binding. You can also use this parameter to switch an attachment to use a different, existing application-specific binding configuration. Lastly, you must specify a value for this parameter to delete a binding configuration. String, optional
    -replace Specifies whether to replace all of the existing binding configuration attributes with the attributes specified in the command. Use this parameter to remove optional parts of the configuration for policies with complex data. The default value is false. Boolean, optional
    -domainName Specifies the domain name for the binding. Use this parameter to scope a binding to a domain other than the global security domain. String, optional

    The following example disables workload management for the myApplication application's binding configuration for the WSAddressing policy:

    AdminTask.setBinding('[-policyType WSAddressing -bindingLocation "[ [application myApplication] 
    [attachmentId 123] ]"
     -attributes "[preventWLM false]" -attachmentType provider]')
  4. Save the configuration changes.
    Enter the following command to save your changes.
    AdminConfig.save()

指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:19
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=txml_wsfpappbinding
檔名:txml_wsfpappbinding.html