PolicySetManagement command group for the AdminTask object

You can use the Jython or Jacl scripting languages to manage policy set configurations with the wsadmin tool. Use the commands and parameters in the PolicySetManagement group to create, delete, and manage policy set, policy, and policy set attachment configurations.

Before you use the commands in this topic, verify that you are using the most recent version of the wsadmin tool. The policy set management commands that accept a properties object as the value for the attributes or bindingLocation parameters are not supported on previous versions of the wsadmin tool. For example, the commands do not run on a Version 6.1.0.x node.

Use the following command to manage policy set configurations:
Use the following command to manage policy settings:
Use the following commands to manage policy set attachments:
Use the following commands to manage policy set bindings:

listPolicySets

The listPolicySets command returns a list of all existing policy sets.

Target object

None.

Optional parameters

-policySetType
Specifies the type of policy set. When the value is application, the command lists application policy sets. When the value is system/trust, the command lists the policy sets for the trust service. The default value for this parameter is application. (String, optional)

Return value

A list of all existing policy sets. Each entry in the list is the name of a policy set.

Batch mode example usage

Interactive mode example usage

getPolicySet

The getPolicySet command returns general attributes, such as description and default indicator, for the specified policy set.

Target object

None.

Required parameters

-policySet
Specifies the policy set name. For a list of all policy set names, use the listPolicySets command. (String, required)

Return value

A list of attributes for the specified policy set name.

Batch mode example usage

Interactive mode example usage

createPolicySet

The createPolicySet command creates a new policy set. Policies are not created with the policy set. The default indicator is set to false.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set. (String, required)
-description
Adds a description for the policy set. (String, required)

Optional parameters

-policySetType
Specifies the type of policy set. When the value is application, the command creates application policy sets. When the value is system/trust, the command creates a policy set for the trust service. The default value for this parameter is application. (String, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

copyPolicySet

The copyPolicySet command creates a copy of an existing policy set. By default, the policy set attachments are transferred to the new policy set.

Target object

None.

Required parameters

-sourcePolicySet
Specifies the name of the existing policy set to copy. (String, required)
-newPolicySet
Specifies the name of the new policy set you are creating. (String, required)
-newDescription
Adds a description for the new policy set. (String, required)

Optional parameters

-transferAttachments
If this parameter is set to true, all attachments transfer from the source policy set to the new policy set. The default value is false. (Boolean, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

deletePolicySet

The deletePolicySet command deletes the specified policy set. If attachments exist for the policy set, the command returns a failure message.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set to delete. (String, required)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

updatePolicySet

The updatePolicySet command enables you to input an attribute list to update the policy set. You can use this command to update all attributes for the policy set, or a subset of attributes.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set to update. (String, required)
-attributes
Specifies a properties object that contains the attributes to update for the specified policy set. (Properties, required)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

addPolicyType

The addPolicyType command adds a policy with default values for the specified policy set. You must indicate whether to enable or disable the added policy.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set to update. (String, required)
-policyType
Specifies the name of the policy to add to the policy set. (String, required)
-enabled
If this parameter is set to true, new policy is enabled in the policy set. If this parameter is set to false, the configuration is contained within the policy set but the configuration does not have an effect on the system. (Boolean, required)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

deletePolicyType

The deletePolicyType command deletes a policy from a policy set.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set to update. (String, required)
-policyType
Specifies the name of the policy to remove from the policy set. (String, required)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

validatePolicySet

The validatePolicySet command validates the policy set configuration.

Target object

None.

Required parameters

-policySet
Specifies the policy set to update. (String, required)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

exportPolicySet

The exportPolicySet command exports a policy set as an archive that can be copied onto a client environment.

Target object

None.

Required parameters

-policySet
Specifies the policy set to export. (String, required)
-pathName
Specifies the path name of the archive file to create. (String, required)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

importPolicySet

The importPolicySet command imports a policy set from a compressed archive file onto the server environment.

Target object

None.

Required parameters

-importFile
Specifies the path name of the archive file to import. (String, required)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

listPolicyTypes

The listPolicyTypes command returns a list of the names of the policies configured on your system. The input parameters allow you to list each policy type configured in the system, the policy types configured in a policy set, or the policy types in a binding.

Target object

None.

Optional parameters

-policySet
Specifies the name of the policy set to query for policies. If the policy set is not specified, the command lists all policies defined in your configuration. (String, optional)
-bindingLocation
Specifies the location of the binding. This value be cell-wide default binding, server-specific default binding, or attachment-specific binding. Specify the bindingLocation parameter as a properties object following these guidelines:
  • For cell-wide default binding, use a null or empty properties.
  • For server-specific default binding, specify the node and server names in the properties. The property names are node and server.
  • For attachment-specific binding, specify the application name and attachment ID in the properties. The property names are application and attachmentId.
(Properties, optional)
-attachmentType
Specifies the type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)

Return value

All policies that are configured.

Batch mode example usage

Interactive mode example usage

getPolicyType

The getPolicyType command returns the attributes for a specified policy.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set to query. (String, required)
-policyType
Specifies the name of the policy of interest. (String, required)

Optional parameters

-attributes
Specifies the specific attributes to display. If this parameter is not used, the command returns all attributes for the specified policy. (String[], optional)

Return value

A properties object containing the policy attributes.

Batch mode example usage

Interactive mode example usage

setPolicyType

The setPolicyType command updates the attributes of a specified policy.
Avoid trouble Avoid trouble: The administrative console command assistance provides incorrect Jython syntax for the setPolicyType command. The XPath expression for the response message part protection of the Username WSSecurity policy set contains single quotes (') within each XPath property value, which Jython does not support. To fix the command from the administrative console command assistance, add a backslash character (\) before each single quote to escape the single quote.

[Updated in July 2011] Also, if you are using a Jython script to update the attributes, the brackets should not be included if you want to get a list of elements and not a list of strings. [Updated in July 2011]

jul2011

gotcha

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set of interest. (String, required)
-policyType
Specifies the name of the policy of interest. (String, required)
-attributes
Specifies the specific attributes to be updated. The properties could include all of the policy attributes or a subset of attributes. (Properties, required)

Optional parameters

-replace
Indicates whether the new attributes provided from the command replace the existing policy attributes. For policies with complex data, you can remove optional parts of the configuration when necessary. Use this parameter to get all attributes, perform edits, and replace the binding configuration with the edited data. The default value is false. (Boolean, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

getPolicyTypeAttribute

The getPolicyTypeAttribute command returns the value for the specified policy attribute.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set of interest. (String, required)
-policyType
Specifies the name of the policy of interest. (String, required)
-attributeName
Specifies the name of the attribute of interest. (String, required)

Return value

A string that contains the value of the specified attribute.

Batch mode example usage

Interactive mode example usage

setPolicyTypeAttribute

The setPolicyTypeAttribute command sets the value for the specified policy attribute.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set of interest. (String, required)
-policyType
Specifies the name of the policy of interest. (String, required)
-attributeName
Specifies the name of the attribute of interest. (String, required)
-attributeValue
Specifies the value of the attribute of interest. (String, required)

Return value

If the attribute is successfully added to the policy, the command returns the true string value.

Batch mode example usage

Interactive mode example usage

getPolicySetAttachments

The getPolicySetAttachments command lists the properties for all policy set attachments configured in a specified application.

Target object

None.

Optional parameters

-applicationName
Specifies the name of the application to query for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required to query for trust service attachments. (String, optional)
-attachmentType
Specifies the type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)
-expandResources
Provides expanded information that details the attachment properties for each resource. An asterisk ( * ) character returns all Web services. This parameter is valid if the value for the -attachmentType parameter is set to application, client, or system/trust. (String, optional)

Return value

A list of properties for each attachment in the application, including the policy set name, attachment ID, and resource list.

Batch mode example usage

Interactive mode example usage

createPolicySetAttachment

The createPolicySetAttachment command creates a new policy set attachment for an application.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set to attach. (String, required)
-resources
Specifies the name of the application resources to attach to the policy set. (String[], required)

Optional parameters

-applicationName
Specifies the name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)
-attachmentType
Specifies the type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)
-dynamicClient
Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

Return value

A string with the ID of the new attachment.

Batch mode example usage

Interactive mode example usage

updatePolicySetAttachment

The updatePolicySetAttachment command updates the resources that apply to a policy set attachment.

Target object

None.

Required parameters

-attachmentId
Specifies the name of the attachment to update. (String, required)
-resources
Specifies the names of the application resources to attach to the policy set. (String, required)

Optional parameters

-applicationName
Specifies the name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)
-attachmentType
Specifies the type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)
-dynamicClient
Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

addToPolicySetAttachment

The addToPolicySetAttachment command adds additional resources that apply to a policy set attachment.

Target object

None.

Required parameters

-attachmentId
Specifies the name of the attachment to update. (String, required)
-resources
Specifies the names of the application resources to attach to the policy set. (String, required)

Optional parameters

-applicationName
Specifies the name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)
-attachmentType
Specifies the type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)
-dynamicClient
Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

removeFromPolicySetAttachment

The removeFromPolicySetAttachment command removes resources that apply to a policy set attachment.

Target object

None.

Required parameters

-attachmentId
Specifies the name of the attachment to remove. (String, required)
-resources
Specifies the names of the application resources to attach to the policy set. (String, required)

Optional parameters

-applicationName
Specifies the name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)
-attachmentType
Specifies the type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

deletePolicySetAttachment

The deletePolicySetAttachment command removes a policy set attachment from an application.

Target object

None.

Required parameters

-attachmentId
Specifies the name of the attachment to delete. (String, required)

Optional parameters

-applicationName
Specifies the name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)
-attachmentType
Specifies the type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

listAttachmentsForPolicySet

The listAttachmentsForPolicySet command lists the applications to which a specific policy set is attached.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set of interest. (String, required)

Optional parameters

-attachmentType
Specifies the type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)

Return value

A list of application names.

Batch mode example usage

Interactive mode example usage

deleteAttachmentsForPolicySet

The deleteAttachmentsForPolicySet command removes all attachments for a specific policy set.

Target object

None.

Required parameters

-policySet
Specifies the name of the policy set from which to remove the attachments. (String, required)

Optional parameters

-applicationName
Specifies the name of the application of interest. The command only deletes attachments for the application of interest if you specify this parameter. (String, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

transferAttachmentsForPolicySet

The transferAttachmentsForPolicySet command transfers all attachments from one policy set to another policy set.

Target object

None.

Required parameters

-sourcePolicySet
Specifies the source policy set from which to copy attachments. (String, required)
-destinationPolicySet
Specifies the name of the policy set to which the attachments are copied. (String, required)

Optional parameters

-applicationName
Specifies the name of the application of interest. The command only transfers attachments for the application of interest if you specify this parameter. (String, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage

getBinding

The getBinding command returns the binding configuration for a specified policy and scope. You can use the getBinding command to return a list of available custom bindings, which includes bindings that are and are not referenced by attachments.

Target object

None.

Required parameters

-policyType
Specifies the policy of interest. (String, required)
-bindingLocation
Specifies the location of the binding. This value be cell-wide default binding, server-specific default binding, or attachment-specific binding. Specify the bindingLocation parameter as a properties object following these guidelines:
  • For cell-wide default binding, use a null or empty properties.
  • For server-specific default binding, specify the node and server names in the properties. The property names are node and server.
  • For attachment-specific binding, specify the application name and attachment ID in the properties. The property names are application and attachmentId.
(Properties, required)

Optional parameters

-attachmentType
Specifies the type of policy set attachment. Use this parameter to distinguish between types of attachment custom bindings. The cell and server default bindings are common for all attachment types. The three types of policy set attachments are application, client, and system/trust. The default value is application. (String, optional)
-attributes
Specifies the names of the attributes to return. If this parameter is not specified, the command returns all attributes. (String[], optional)

Return value

A properties object that contains the requested configuration attributes for the policy binding.

Batch mode example usage

Interactive mode example usage

setBinding

The setBinding command updates the binding configuration for a specified policy. Use this command to add a server-specific binding, update an attachment to use a custom binding, edit binding attributes, or to remove a binding configuration.

Target object

None.

Required parameters

-bindingLocation
Specifies the location of the binding. This value be cell-wide default binding, server-specific default binding, or attachment-specific binding. Specify the bindingLocation parameter as a properties object following these guidelines:
  • For cell-wide default binding, use a null or empty properties.
  • For server-specific default binding, specify the node and server names in the properties. The property names are node and server.
  • For attachment-specific binding, specify the application name and attachment ID in the properties. The property names are application and attachmentId.
(Properties, required)
-policyType
Specifies the policy of interest. (String, required)

Optional parameters

-attachmentType
Specifies the type of policy set attachment. Use this parameter to distinguish between types of attachment custom bindings. The cell and server default bindings are common for all attachment types. The three types of policy set attachments are application, client, and system/trust. The default value is application. (String, optional)
-attributes
Specifies the attribute values to update. This parameter can include all binding attributes for the policy or a subset to update. If the attributes parameter is not specified, the command only updates the binding location used by the specified attachment. (Properties, optional)
-bindingName
Specifies the name for the binding. The binding name is optional. A name is generated if it is not specified. (String, optional)
-replace
Specifies whether to replace all of the existing binding attributes with the attributes specified in the command. Use this parameter to remove optional parts of the configuration for policies with complex data. The default value is false. (Boolean, optional)
-remove
Specifies whether to remove a server-specific default binding or to remove a custom binding from an attachment. You can not remove cell-level default binding. The default value is false. (Boolean, optional)

Return value

A success or failure message.

Batch mode example usage

Interactive mode example usage




Related concepts
Web services policy sets
Related tasks
Configuring application and system policy sets for Web services using scripting
Creating and copying policy sets using the wsadmin tool
Adding and removing policies using the wsadmin tool
Deleting policy sets using the wsadmin tool
Creating policy set attachments using the wsadmin tool
Managing policy set attachments using the wsadmin tool
Removing policy set attachments using the wsadmin tool
Related reference
Policy configuration properties for all policies
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=rxml_wsfppolicyset
File name: rxml_wsfppolicyset.html