You can use the Jython or Jacl scripting language and the wsadmin
tool to query, add, and remove policies for your policy sets.
Before you begin
Before you use the commands in this topic, verify that
you are using the most recent version of the wsadmin tool. The policy set
management commands that accept a properties object as the value for the attributes or bindingLocation parameters
are not supported on previous versions of the wsadmin tool. For example, the
commands do not run on a Version 6.1.0.x node.
About this task
Policies define which Qualities of Service (QoS) to manage within
a policy set. Policy definitions are based on the standards set by the Organization
for the Advancement of Structured Information (OASIS) and Web Services Security
specifications.
For application policy sets, you can add the following
policies:
- WSSecurity
- WSReliableMessaging
- WSAddressing
- HTTPTransport
- SSLTransport
- WSTransaction
For system policy sets, you can add the following policies:
- WSSecurity
- WSAddressing
- HTTPTransport
- SSLTransport
Use the following steps to add or remove policy types from your
policy set configurations:
Procedure
- Add a policy to a policy set. Use this section to add
a policy with default values to the specified policy set. You can create and
enable or create and disable the policy.
- Launch the wsadmin
scripting tool.
- List all policies for a specified policy set.
Enter
the following command and specify the policy set of interest to list all policies
that have been added to the policy set:
AdminTask.listPolicyTypes('[-policySet PolicySet1]')
Enter
the following command to list all the available policies:
AdminTask.listPolicyTypes()
- Add the policy to your configuration.
Enter the
following command to add and enable a policy:
AdminTask.addPolicyType('[-policySet PolicySet1
-policyType policyType_name]')
Enter the following
command to add and disable a policy. Your configuration changes are contained
within the policy set, these changes do not effect the system if the -enabled
parameter is set to
false.
AdminTask.addPolicyType('[-policySet PolicySet1
-policyType policyType_name -enabled false]')
- Enter the following command to save your changes:
AdminConfig.save()
- For your configuration changes to take effect, restart all applications
with attachments to the policy set.
The command returns a success or failure message. Repeat this
step to create additional policies for your configuration.
- Remove a policy from the policy set configuration. The deletePolicyType command
removes the specified policy from the policy set. Applications with attachments
to the policy set are not affected until the application restarts.
- Launch the wsadmin
scripting tool.
- Enter the following command to list all policies for the policy
set of interest:
AdminTask.listPolicyTypes('[-policySet PolicySet1]')
- Enter the following command to remove the policy:
AdminTask.deletePolicyType('[-policySet PolicySet1
-policyType policyType_name]')
The command
returns a success or failure message.
- Save the configuration changes.
Enter the following
command to save your changes:
AdminConfig.save()
- For your configuration changes to take effect, restart all applications
with attachments to the policy set.
What to do next
Use the
validatePolicySet to validate your policy set configurations
after modifying attributes for policies. For example, enter the following
command to validate the
PolicySet1 policy set:
AdminTask.validatePolicySet('-policySet PolicySet1')