Use the -attributes parameter for the setPolicyType and setBinding
commands to specify additional configuration information for the SSLTransport
policy and policy set binding. Application and system policy sets can use
the SSLTransport policy and binding.
Use the following commands and parameters in
the PolicySetManagement group of the AdminTask object to customize your policy
set configuration.
- Use the attributes parameter for the getPolicyType and getBinding
commands to view the properties for your policy and binding configuration.
To get an attribute, pass the property name to the getPolicyType or getBinding
command.
- Use the attributes parameter for the setPolicyType and setBinding
commands to add, update, or remove properties from your policy and binding
configurations. To add or update an attribute, specify the property name and
value. The setPolicyType and setBinding commands update the value if the attribute
exists, or adds the attribute and value if the attribute does not exist. To
remove an attribute, specify the value as an empty string (""). The attributes parameter
accepts a properties object.
Note: If a property name or value supplied with the attributes parameter
is not valid, then the setPolicyType and setBinding commands fail with an
exception. The property that is not valid is logged as an error or warning
in the SystemOut.log file. However, the command exception might not
contain the detailed information for the property that caused the exception.
When the setPolicyType and setBinding commands fail, examine the SystemOut.log file
for any error and warning messages that indicate that the input for the attributes parameter
contains one or multiple properties that are not valid.
Before you use the commands in this topic, verify that
you are using the most recent version of the wsadmin tool. The policy set
management commands that accept a properties object as the value for the attributes or bindingLocation parameters
are not supported on previous versions of the wsadmin tool. For example, the
commands do not run on a Version 6.1.0.x node.
SSLTransport policy properties
Use
the SSLTransport policy to ensure message security.
Configure the SSLTransport
policy by specifying the following properties with the setPolicyType command:
- outRequestSSLenabled
- Specifies whether to enable the SSL security transport for outbound service
requests.
- outAsyncResponseSSLenabled
- Specifies whether to enable the SSL security transport for asynchronous
service responses.
- inResponseSSLenabled
- Specifies whether to enable the SSL security transport for inbound service
responses.
The following setPolicyType command example sets values
for all SSLTransport policy properties:
AdminTask.setPolicyType('[-policySet "WSHTTPS default" -policyType
SSLTransport -attributes "[[inReponseSSLenabled yes]
[outAsyncResponseSSLenabled yes][outRequestSSLenabled yes]]"]')
SSLTransport binding properties
Use
the SSLTransport policy type to ensure message security.
Configure the
SSLTransport binding by specifying the following properties using the setBinding
command:
- outRequestwithSSL:configFile
- outRequestwithSSL:configAlias
- If you enable SSL outbound service requests, then these two attributes
define the specific SSL security transport binding and location. The default
value for the outRequestwithSSL:configFile attribute is the location of the
ssl.client.props file. The default value for the outRequestwithSSL:configAlias
attribute is NodeDefaultSSLSettings.
- outAsyncResponsewithSSL:configFile
- outAsyncResponsewithSSL:configAlias
-
- If you enable SSL asynchronous service responses, then these two attributes
define the specific SSL security transport binding and location. The default
value for the outAsyncRequestwithSSL:configFile attribute is the location
of the ssl.client.props file. The default value for the outAsyncRequestwithSSL:configAlias
attribute is NodeDefaultSSLSettings.
- inResponsewithSSL:configFile
- inResponsewithSSL:configAlias
-
- If you enable SSL inbound service responses, then these two attributes
define the specific SSL security transport binding and location. The default
value for the inResponsewithSSL:configFile attribute is the location of the
ssl.client.props file. The default value for the inResponsewithSSL:configAlias
property is NodeDefaultSSLSettings.
The following setBinding command example sets values for
all SSLTransport binding attributes:
AdminTask.setBinding('[-bindingLocation "" -policyType SSLTransport
-attributes "[[inResponsewithSSL:configAlias NodeDefaultSSLSettings]
[inResponsewithSSL:config properties_directory/ssl.client.props]
[outAsyncResponsewithSSL:configFile properties_directory/ssl.client.props]
[outAsyncResponsewithSSL:configAlias NodeDefaultSSLSetings]
[outRequestwithSSL:configFile properties_directory/ssl.client.props]
[outRequestwithSSL:configAlias NodeDefaultSSLSettings]]"]')