Adding and removing policies using wsadmin scripting

You can use the Jython or Jacl scripting language and the wsadmin tool to query, add, and remove policies for your policy sets.

Before you begin

Before you use the commands in this topic, verify that you are using the most recent version of the wsadmin tool. The policy set management commands that accept a properties object as the value for the attributes or bindingLocation parameters are not supported on previous versions of the wsadmin tool. For example, the commands do not run on a Version 6.1.0.x node.

Additionally, if administrative security is enabled, verify that you use the correct administrative role, as the following table describes:
Table 1. Administrative roles . This table describes the administrative roles and associated authorization when administrative security is enabled.
Administrative role Authorization
Administrator The Administrator role must have cell-wide access to create and remove policies.
Configurator The Configurator role cannot create or remove policies.
Deployer The Deployer role cannot create or remove policies.
Operator The Operator role cannot create or remove policies.
Monitor The Monitor role cannot create or remove policies.

About this task

Policies define which Qualities of Service (QoS) to manage within a policy set. Policy definitions are based on the standards set by the Organization for the Advancement of Structured Information (OASIS) and Web Services Security specifications.

For application policy sets, you can add the following policies:
  • WSSecurity
  • WSReliableMessaging
  • WSAddressing
  • HTTPTransport
  • SSLTransport
  • WSTransaction
  • JMSTransport
  • CustomProperties
For system policy sets, you can add the following policies:
  • WSSecurity
  • WSAddressing
  • HTTPTransport
  • SSLTransport
  • WS-MetadataExchange
  • JMSTransport
  • CustomProperties

Use the following steps to add or remove policy types from your policy set configurations:

Procedure

  • Add a policy to a policy set.
    Use this section to add a policy with default values to the specified policy set. You can create and enable or create and disable the policy.
    1. Launch the wsadmin scripting tool using the Jython scripting language.
      To learn more, see the starting the wsadmin scripting client information.
    2. List all policies for a specified policy set.
      Enter the following command and specify the policy set of interest to list all policies that have been added to the policy set:
      AdminTask.listPolicyTypes('[-policySet PolicySet1]')
      Enter the following command to list all the available policies:
      AdminTask.listPolicyTypes()
    3. Add the policy to your configuration.
      Enter the following command to add and enable a policy:
      AdminTask.addPolicyType('[-policySet PolicySet1 
-policyType policyType_name]')
      Enter the following command to add and disable a policy. Your configuration changes are contained within the policy set, these changes do not effect the system if the -enabled parameter is set to false.
      AdminTask.addPolicyType('[-policySet PolicySet1 
-policyType policyType_name -enabled false]')
    4. Enter the following command to save your changes: 
      AdminConfig.save()
    5. For your configuration changes to take effect, restart all applications with attachments to the policy set.
    The command returns a success or failure message. Repeat this step to create additional policies for your configuration.
  • Remove a policy from the policy set configuration.
    The deletePolicyType command removes the specified policy from the policy set. Applications with attachments to the policy set are not affected until the application restarts.
    1. Start the wsadmin scripting tool.
    2. Enter the following command to list all policies for the policy set of interest: 
      AdminTask.listPolicyTypes('[-policySet PolicySet1]')
    3. Enter the following command to remove the policy: 
      AdminTask.deletePolicyType('[-policySet PolicySet1 
-policyType policyType_name]')
      The command returns a success or failure message.
    4. Save the configuration changes.
      Enter the following command to save your changes:
      AdminConfig.save()
    5. For your configuration changes to take effect, restart all applications with attachments to the policy set.

What to do next

Use the validatePolicySet command to validate your policy set configurations after modifying attributes for policies. For example, enter the following command to validate the PolicySet1 policy set: 
AdminTask.validatePolicySet('-policySet PolicySet1')