You can use the Jython or Jacl scripting language and the
wsadmin tool to query, add, and remove policies for your policy sets.
Before you begin
Before you use the commands in this topic, verify
that you are using the most recent version of the wsadmin tool. The
policy set management commands that accept a properties object as
the value for the attributes or bindingLocation parameters
are not supported on previous versions of the wsadmin tool. For example,
the commands do not run on a Version 6.1.0.x node.
Additionally,
if administrative security is enabled, verify that you use the correct
administrative role, as the following table describes:
Table 1. Administrative
roles . This table describes the administrative roles and
associated authorization when administrative security is enabled.
Administrative role |
Authorization |
Administrator |
The Administrator role must have cell-wide access
to create and remove policies. |
Configurator |
The Configurator role cannot create or remove
policies. |
Deployer |
The Deployer role cannot create or remove policies. |
Operator |
The Operator role cannot create or remove policies. |
Monitor |
The Monitor role cannot create or remove policies. |
About this task
Policies define which Qualities of Service (QoS) to manage
within a policy set. Policy definitions are based on the standards
set by the Organization for the Advancement of Structured Information
(OASIS) and Web Services Security specifications.
For application
policy sets, you can add the following policies:
- WSSecurity
- WSReliableMessaging
- WSAddressing
- HTTPTransport
- SSLTransport
- WSTransaction
- JMSTransport
- CustomProperties
For system policy sets, you can add the following policies:
- WSSecurity
- WSAddressing
- HTTPTransport
- SSLTransport
- WS-MetadataExchange
- JMSTransport
- CustomProperties
Use the following steps to add or remove policy types
from your policy set configurations:
Procedure
- Add a policy to a policy set.
Use this section
to add a policy with default values to the specified policy set. You
can create and enable or create and disable the policy.
- Launch the wsadmin scripting tool using the Jython scripting
language.
To learn more, see the starting the wsadmin
scripting client information.
- List all policies for a specified policy set.
Enter
the following command and specify the policy set of interest to list
all policies that have been added to the policy set:
AdminTask.listPolicyTypes('[-policySet PolicySet1]')
Enter
the following command to list all the available policies:
AdminTask.listPolicyTypes()
- Add the policy to your configuration.
Enter
the following command to add and enable a policy:
AdminTask.addPolicyType('[-policySet PolicySet1
-policyType policyType_name]')
Enter the following command to
add and disable a policy. Your configuration changes are contained
within the policy set, these changes do not effect the system if the
-enabled parameter is set to
false.
AdminTask.addPolicyType('[-policySet PolicySet1
-policyType policyType_name -enabled false]')
- Enter the following command to save your changes:
- For your configuration changes to take effect, restart
all applications with attachments to the policy set.
The command returns a success or failure message. Repeat
this step to create additional policies for your configuration.
- Remove a policy from the policy set configuration.
The deletePolicyType command removes the specified policy from
the policy set. Applications with attachments to the policy set are
not affected until the application restarts.
- Start the wsadmin scripting tool.
- Enter the following command to list all policies for
the policy set of interest:
AdminTask.listPolicyTypes('[-policySet PolicySet1]')
- Enter the following command to remove the policy:
AdminTask.deletePolicyType('[-policySet PolicySet1
-policyType policyType_name]')
The
command returns a success or failure message.
- Save the configuration changes.
Enter
the following command to save your changes:
AdminConfig.save()
- For your configuration changes to take effect, restart
all applications with attachments to the policy set.
What to do next
Use the validatePolicySet command to validate your policy
set configurations after modifying attributes for policies. For example,
enter the following command to validate the
PolicySet1 policy
set:
AdminTask.validatePolicySet('-policySet PolicySet1')