Use the wsadmin tool to manage your policy set attachment
configurations. You can use the Jython or Jacl scripting language
to list all attachments and attachment properties, add or remove resources
for an existing attachment, and transfer attachments across policy
sets.
Before you begin
When administrative security is enabled, verify that you
use the correct administrative role, as the following table describes:
Table 1. Administrative roles. The administrative role determines
if you can manage policy set attachments.Administrative role |
Authorization |
Administrator |
The Administrator role must have cell-wide access
to manage policy set attachments. If you have access to a specific
resource only, you can manage policy set attachments for the resource
for which you have access. |
Configurator |
The Configurator role must have cell-wide access
to manage policy set attachments. If you have access to a specific
resource only, you can manage policy set attachments for the resource
for which you have access. |
Deployer |
The Deployer role with cell-wide or resource
specific access can manage policy set attachments for application
resources only. |
Operator |
The Operator role cannot manage policy set attachments. |
Monitor |
The Monitor role cannot manage policy set attachments. |
About this task
Policy set attachments define how a policy set is attached
to resources and binding configurations.
Procedure
- Query the configuration for policy set attachments and
attachment properties.
Before making configuration changes
to your policy set attachments, use the listAttachmentsForPolicySet
and getPolicySetAttachments commands to view current configuration
information about your policy set attachments.
- 啟動 wsadmin Scripting 工具。
- Use the listAttachmentsForPolicySet command to view
all applications to which a specific policy set is attached, for example:
AdminTask.listAttachmentsForPolicySet('[-policySet PolicySet1]')
Use
the -attachmentType parameter to narrow your query. You can query
for
provider or
client attachments.
Note: The application and system/trust values
for the -attachmentType parameter are deprecated. Specify the provider value
in place of the application value. For system policy set
attachments, specify the provider value for the attachmentType
parameter. For a trust client attachment, or a WSNClient attachment,
specify the client value for the attachmentType parameter.
- Use the getPolicySetAttachments command to view the
properties for all policy set attachments in a specified application,
for example:
AdminTask.getPolicySetAttachments('[-applicationName application1]')
Use
the -attachmentType parameter to narrow your query. You can query
for
provider or
client attachments.
- Determine the assets to which a specific policy set is
attached.
Use the listAssetsAttachedToPolicySet command
to display the assets that are attached to the policy set of interest,
as the following example demonstrates:
AdminTask.listAssetsAttachedToPolicySet('[-policySet SecureConversation]')
The command returns a list of properties that describe
each asset. Each properties object contains the assetType property,
which specifies the type of asset.
- Modify resources that apply to a policy set attachment.
- 啟動 wsadmin Scripting 工具。
- Determine the resource of interest and review the command
syntax for the updatePolicySetAttachment command.
For
the commands in the PolicySetManagement group, the term resource refers
to a web service artifact. For application and service client policy
sets, the artifacts use the application hierarchy. The application
hierarchy includes a web service, module name, endpoint, or operation.
Enter the value for the -resource parameter as a string, with a backslash
( / ) character as a delimiter.
Note: When attempting to connect
to a web service from a thin client, verify that the resources you
are specifying are valid before running the updatePolicySetAttachment
command. No configuration changes are made if the requested resource
does not match a resource in the attachment file for the application.
Use
the following format for application and client policy set attachments:
- WebService:/
Attaches all artifacts in the application
to the policy set.
- WebService:/webapp1.war:{http://www.ibm.com}myService
Attaches
all artifacts within the web service {http://www.ibm.com}myService to
the policy set. You must provide a fully qualified name (QName) for
the service.
- WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA
Attaches
all operations for the endpointA endpoint to the policy set.
- WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA/operation1
Attaches
only the operation1 operation to the policy set.
The format for the -resource string differs for system
policy set attachments for the trust service. Use the following format
for system policy set attachments:
- Trust.opName:/
The opName attribute can be
issue, renew, cancel, or validate.
- Trust.opName:/url
The opName attribute can
be issue, renew, cancel, or validate. You can specify any valid URL
for the url attribute.
- Modify the attachment.
For example, the
policy set attachment is connected to the operation1 operation, which
is a specific single operation. To attach the 124 attachment to all
operations for the endpointA endpoint, enter the following command:
AdminTask.updatePolicySetAttachment('[-attachmentId 124 -resources
"WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA" -applicationName application1]')
Note: The
updatePolicySetAttachment command replaces all existing resources
for an attachment with the resources specified in the command. You
can also update your policy set attachments using the addToPolicySetAttachment
command to add resources to an existing attachment, or you can also
use the createPolicySetAttachment command to create an attachment
for a specific resource. For more information about these commands
reference the commands for the PolicySetManagement group for the AdminTask
object.
- Save the configuration changes.
Enter
the following command to save your changes:
AdminConfig.save()
- Remove resources that apply to a policy set attachment.
- 啟動 wsadmin Scripting 工具。
- Determine which resources to remove with the command.
You can remove a resource for each web service artifact, each operation
for an endpoint, or for a specific operation. In the following
example, the command removes the newAttach attachment from operation1,
which is associated with the plantShop application.
AdminTask.removeFromPolicySetAttachment('[-attachmentId newAttach -resources
"WebService:/webapp1.war:{http://www.ibm.com}myPlantService/endpointA/operation1" -applicationName
plantShop]')
The command returns
a success or failure message.
- Save the configuration changes.
Enter
the following command to save your changes:
AdminConfig.save()
- Transfer attachments from one policy set to another policy
set. This command detaches each web service from the source
policy set and attaches those web services to the destination policy
set. The destination policy set must have the same set of enabled
policy types as the source policy set.
- Enter the following command to transfer all attachments:
AdminTask.transferAttachmentsForPolicySet('[-sourcePolicySet PolicySet1
-destinationPolicySet PolicySet2]')
The command returns a success or failure message.
- Save the configuration changes.
Enter
the following command to save your changes:
AdminConfig.save()