By defining a custom policy set or defining assertions about how
services are defined, you can configure Web services security. You can use
the administrative console to manage custom policy sets.
Before you begin
A policy set specifies a set of common message policy assertions
that can be specified within a policy. For example, a policy set can define
general security policy assertions that apply to other protocols, such as
Web Services Security (WS-Security), SOAP messages, Web Services Secure Conversation
(WS-Secure Conversation) and Web Services Trust (WS-Trust).
Important: Use
system policy sets with the trust service only. The requestor (client) must
utilize Java API for XML-Based Web Services (JAX-WS) only. Requestors which
use Java API for XML-based remote procedure calls (JAX-RPC) are incompatible
with the policy set QOS.
About this task
Only custom policy sets can be modified. Default system policy sets
are read only and cannot be changed.
Procedure
- To define system policy sets, click Services > Policy sets >
System policy sets.
- Click one of the following actions to work with the system policy
set configurations:
- New
- To create a system policy set configuration. Enter a unique name for the
system policy set configuration in the Name field. For example, you might
specify EcommerceTrustServiceSecurity.
- Delete
- To delete an existing configuration. Select the check box next to an existing
policy set name, and click Delete.
- Copy
- To copy an existing configuration. Select the check box next to an existing
policy set name, and click Copy.
- Export
- To export an existing configuration. Select the check box next to an existing
policy set name, and click Export.
- To edit the settings of an existing policy set configuration, click
the link for the existing custom system policy set that you want to change.
Use the administrative console to modify existing custom policy sets that
have been created.
- Optional: If creating a policy set, enter a short description
for the new policy set. Default policy sets can only be viewed.
For a custom policy set, edit the brief description of the policy set in the
Description field. This description displays in the list on the System policy
sets panel. The description should be meaningful to you and other potential
users of this policy set.
- If creating a new policy set, click Apply. The
policy set name must be applied before you can add policy types to the new
policy set.
- Optional: If needed, add the policy type information,
or change the policy types for an existing system policy set. You
can add, delete, enable, or disable policy types for the selected policy set.
You can add any valid policy types to the policy set collection. The following
are available policy types for system policy sets:
- HTTP transport - for HTTP transport policies
- SSL transport - for HTTPS transport policies
- WS-Addressing - for endpoint addressing policies
- WS-Security - for secure SOAP messages policies
- Click OK and then click Save to save the information
directly to the master configuration.
Results
You have provided the basic information to create a system policy
set. You can also create a new or update an existing system policy set for
the WebSphere Application Server trust service using the wsadmin tool. The
wsadmin tool examples are written in the Jython scripting language.
What to do next
After creating a system policy set and adding the policy types, attach
the system policy set to a trust service operation for an endpoint, or attach
it to one of the trust service default operations.