Setting server default bindings for policy sets

You can set server default bindings if you want the policy set attachments for service providers and clients that are deployed to the server to use bindings that are different than those that are specified for the cell. If you use multiple security domains, your default server bindings will also override the security domain default bindings.

Before you begin

Before you can set server default bindings for your Java™ API for XML-Based Web Services (JAX-WS) application, you must first configure at least one general provider policy set binding or general client policy set binding. To define and manage these general bindings, use the administrative console and select Services > Policy sets > General provider policy set bindings or Services > Policy sets > General client policy set bindings .

About this task

適用於轉換使用者 適用於轉換使用者: 在 WebSphere Application Server 7.0 版及更新的版本中,安全模型已加強為以網域為中心的安全模型,而不是基於伺服器的安全模型。 另外,本產品的這個版本也變更了預設廣域安全 (Cell) 層次和預設伺服器層次連結的配置。 在 WebSphere Application Server 6.1 版 Feature Pack for Web Services 中,您可以為 Cell 配置一組預設連結,也可以選擇性地為每部伺服器配置一組預設連結。在 7.0 版及更新的版本中,您可以配置一或多個一般服務提供者連結,以及一或多個一般服務用戶端連結。 在配置一般連結之後,您可以指定其中一個連結作為廣域預設連結。您也可以選擇性指定作為應用程式伺服器或安全網域預設值的一般連結。trns

General service provider and client bindings are not linked to a particular policy set, and they provide configuration information that you can reuse across multiple applications. You can create and manage general provider and client policy set bindings, and then select one of each binding type to use as the default for an application server. Setting the server default bindings is useful if you want the services that are deployed to a server to share binding configuration. You can also accomplish this sharing of binding configuration by assigning the binding to each application deployed to the server or by setting default bindings for a security domain and assigning the security domain to one or more servers.

You can specify default bindings for your service provider or client that are used at the global security (cell) level, for a security domain, for a particular server. The default bindings are used in the absence of an overriding binding specified at a lower scope. The following list is the order of precedence from lowest to highest that the application server uses to determine which default bindings to use:
  1. Server level default
  2. Security domain level default
  3. Global security (cell) default

The sample general bindings that are provided with the product are initially set as the global security (cell) default bindings. The default service provider binding and the default service client bindings are used when no application specific bindings or trust service bindings are assigned to a policy set attachment. For trust service attachments, the default bindings are used when no trust specific bindings are assigned. If you do not want to use the provided Provider sample as the default service provider binding, you can select an existing general provider binding or create a new general provider binding to meet your business needs. Likewise, if you do not want to use the provided Client sample as the default service client binding, you can select an existing general client binding or create a new general client binding. To specify your global security (cell) default bindings, use the administrative console, and click Services > Policy sets > Default policy set bindings. For environments with multiple security domains, you can optionally choose the general provider and general client bindings that you want to use as the default bindings for a domain.

In addition to choosing default bindings for the global security (cell), you can also choose the general provider and general client bindings that you want to use as the default bindings for a server. This is only necessary if you want to use different default bindings for a particular server than those used by the other servers in the security domain or cell.

To choose the default bindings for a server from the administrative console, click Servers > Server Types > WebSphere application servers > server_name and then under Security, click Default policy set bindings. If you do not choose a general binding as the default for a server, the default bindings for the domain in which the server resides is used. If you do not choose a binding as the default for a domain, the default bindings for the global security (cell) are used. You must choose a default service provider and default service client bindings for the cell. The general bindings that are included with the product are initially set as the global security (cell) default bindings. You cannot delete a binding that is used as part of any policy set attachment or specified as the default binding for server, a domain, or the cell. To learn more about defining default bindings for a server, see the server default bindings documentation.

混合版本環境 混合版本環境:

如果您的應用程式含有一或多個在 WebSphere® Application Server 6.1 版層次配置的應用程式特定連結,則這個應用程式是一個 6.1 版應用程式。如果您的應用程式是部署於 6.1 版的伺服器(但於 7.0 版或更新版本的應用程式伺服器環境內),或您擁有 6.1 版應用程式(部署於 7.0 版或更新版本的應用程式伺服器),您可以對 Cell 指定 6.1 版預設原則集連結。 這些連結用於 6.1 版應用程式內的用戶端和提供者原則集附件,以及 6.1 版伺服器所部署的服務應用程式附件。此外,除非在附件點由應用程式特定連結或 6.1 版伺服器預設連結置換,否則這些預設連結會用於 6.1 版附件。您可以將 6.1 版連結升級為 WebSphere Application Server 7.0 版及更新版本所用的連結。如果 6.1 版應用程式不是安裝在 WebSphere Application Server 6.1 版上,請利用 wsadmin 工具,以 upgradeBindings 指令來升級連結層次。

mixv

根據啟用安全時所指派的安全角色而定,您可能會有建立或編輯配置資料之文字輸入欄位或按鈕的存取權。 請檢閱管理角色說明文件,以進一步瞭解應用程式伺服器的有效角色。

Procedure

  1. Open the administrative console.
  2. To set default policy set bindings for your server, selectServers > Server Types > WebSphere application servers > server_name > Default policy set bindings.
  3. Select the server default provider binding.

    If you specify a server default provider binding, the selected binding overrides the default provider bindings that are specified for the cell or the security domain to which the server is deployed. The default setting is None.

    If multiple security domains are in use, the name of the security domain to which each binding is scoped displays beside the name of each available provider binding. Only the bindings that are scoped to the global security level or to the security domain to which the server is deployed are displayed.

  4. Select the server default client binding.

    If you specify a server default client binding, the selected binding overrides the default client bindings that are specified for the cell or the security domain to which the server is deployed. The default setting is None.

    If multiple security domains are in use, the name of the security domain to which each binding is scoped displays beside the name of each available provider binding. Only the bindings that are scoped to the global security level or to the security domain to which the server is deployed are displayed.

  5. Click Apply or OK to submit your changes.
  6. Click Save to save your changes to the master configuration.
  7. (optional) If you are using a Version 6.1 application, you can specify server V6.1 default policy set bindings. To set these bindings, select Servers > Server Types > WebSphere application servers > server_name > Default policy set bindings > Version 6.1 default policy set bindings.
    混合版本環境 混合版本環境: Select the V6.1 default bindings for this server. If your application contains one or more application specific bindings that are configured at the WebSphere Application Server V6.1 level, this application is a V6.1 application. These default bindings are used for client and provider policy set attachments for applications that are deployed to V6.1 servers, and for V6.1 applications that are deployed to V7.0 and later servers. These bindings are used for both client and provider policy set attachments within V6.1 applications and attachments to service applications that are deployed to a V6.1 server. Additionally, these default bindings are used for V6.1 attachments unless they are overridden at the attachment point by an application specific binding or a V6.1 server default binding. mixv

Results

When you complete these steps, the server default bindings are defined and all policy set attachments that specify use of the default binding for your web service applications that are deployed to the server will use server level default bindings.

Example

Suppose you have configured an application server, server1, and you have deployed several web service applications to the server1 application server. Because these applications have similar security and quality of service requirements and you plan for them to share security configuration, you want to define the default bindings for policy set attachments to service providers and clients using the server1.

Suppose also that you want to modify the provided general provider binding, Provider sample. You can copy and modify this provided sample to take advantage of existing bindings.

  1. Copy and modify the provided Provider sample and Client sample to meet your security and quality of service requirements. Include binding configuration for all policy types.
    • Click Services > Policy sets > General provider policy set bindings. Select Provider sample > copy. Name the new general provider binding, MyServiceProviderbinding , and provide a description for the new binding.
    • Click Services > Policy sets > General client policy set bindings. Select Client sample > copy. Name the new general client binding, MyServiceClientbinding, and provide a description for the new binding.
  2. Locate server1 in the Application servers collection and click the instance. From the administrative console, select Servers > Server Types > WebSphere application servers , and click the server1 instance.
  3. Click Default policy set bindings.
  4. Select the bindings that you want to use for your provider and client policy set attachments. In this example, select your customized general bindings, MyServiceProviderbinding and MyServiceClientbinding.
  5. Click Apply or OK to submit your changes.
  6. Click Save to save your changes to the master configuration.
Each time you attach a policy set to a service or client deployed to the server1 application server, it is initially set to use the specified bindings.
.

What to do next

After setting server default bindings, you can start deploying services to the server and start attaching policy sets. Alternatively, you might already have services deployed to the server, and the server is using the global default bindings because there is no server default binding. Now that you have set server default bindings, ensure that the server default bindings are used for the service messages as specified.


指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:18
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twbs_wsspsappservbind
檔名:twbs_wsspsappservbind.html