3 Web Services Custom WLST Commands

This chapter describes the WebLogic Scripting Tool (WLST) commands for Oracle Infrastructure web services (which includes SOA composites, ADF Business Components,and WebCenter services) Java EE web services, and RESTful web services. You can use these commands to manage web services from the command line.

Note:

Only a subset of the custom WLST commands described in this chapter are supported for Java EE web services.

A subset of WLST commands have been deprecated for Oracle Infrastructure web services and clients. For a complete list of deprecated commands, see Deprecated Commands for Oracle Infrastructure Web Services in Release Notes for Oracle Fusion Middleware Infrastructure.

For additional details about using these WLST commands for web services, see the following documents:

Note:

To use the Web Services custom WLST commands, you must invoke WLST from the Oracle Common home directory. See Using Custom WLST Commands in Administering Oracle Fusion Middleware.

To display the help for the web service and client management and Java EE web service policy management commands, connect to a running instance of the server and enter help('WebServices').

To display the help for the remaining commands, connect to a running instance of the server and enter help('wsmManage').

This chapter contains the following topics:

Overview of Web Services WLST Commands

You can use the web services WLST commands, in online mode, to:

  • Perform web service configuration and OWSM policy management tasks.

  • Manage the OWSM repository.

  • Check the status of OWSM components.

  • View and define trusted issuers and DN lists for SAML signing certificates.

Note:

Ensure that the user is mapped to the appropriate OWSM logical roles, based on the WLST operations you wish to perform. For more information, see "Modifying the User's Group or Role" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

The web services WLST configuration and policy management commands perform many of the same management functions that you can complete using Fusion Middleware Control, such as managing deployed, active, and running web services applications. They can be executed everywhere in WLST online mode, for example:

wls:/domain/serverConfig
wls:/domain/domainRuntime

The following sections provide more information about using the WLST commands:

Specifying Application, Composite, and Service Names

The web service WLST commands configure a web service for a specific application. Therefore, the application path name has to uniquely identify the application and the server instance to which it is deployed.

The following sections describe how to specify the application and service names to uniquely identify the web service.

Specifying a Web Service Application Name

To specify a web service application in a WLST command, use the following format:

[/domain/server/]application[#version_number]

Parameters shown in brackets [] are optional. The following examples show the sample format for a web service application name:

/base_domain/AdminServer/HelloWorld#1_0
/base_domain/server1/HelloWorld#1_0

If there is only one deployed instance of an application in a domain, you may omit the domain/server parameter, as shown in the following example:

HelloWorld#1_0

In all other instances, the domain/server parameter is required. If it is not specified and WLST finds more than one deployment of the same application on different servers in the domain, you are prompted to specify the domain and the server names.

Web service and web service client applications are deployed directly to WebLogic Server server instances. Each application is managed separately. For example, if the application myapp is deployed to both the AdminServer and server1 instances in the domain mydomain, then you need to issue configuration commands to each of the servers using the appropriate application path name:

/mydomain/AdminServer/myapp#1_0
/mydomain/server1/myapp#1_0

Specifying a Service Name

When there are multiple versions (namespaces) of a web service name for Web Service and Web Service clients, you must specify the namespace and the service name using the following format:

{http://namespace/}serviceName

Note the following:

  • For web service and client management commands, and policy management commands, you do not need to enter the namespace if there is only one service name qualified. If there are multiple versions of the service and you do not specify the namespace with the service name, an exception is thrown.

  • The namespace ({http://namespace/}) should not be included for a SOA composite.

  • For policy set management commands, both the namespace and service name are required for Web Service and Web Service Client (ws-service and ws-client) resource types.

For more information, see "Determining the Namespace for a Web Service" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

Identifying the Policy Subject

You can navigate to a policy subject in WLST, without having to refer to Fusion Middleware Control or the WSM-Console. By using the selectWSMPolicySubject command, together with an understanding of the navigation model, you can discover the application, assembly, and subject names by moving down the hierarchy tree. An assembly uniquely identifies a module within an application, for example a .war file.

Selecting the Application

You can select a specific application for modification if an application name is provided.

If you know only a part of the application name, the argument can be a pattern containing wildcard characters. In this case, all of the applications matching that pattern will be listed. You can then select that application to proceed further. If no argument is provided then all application names will be listed.

When the application name is known

If you know the name of the application, enter it as the argument to selectWSMPolicySubject command. WLST responds with the names of the assemblies contained in the application.

In the following example, jaxwsejb30ws is entered as the name of the application. WLST responds with #jaxwsejb, the name of the assembly contained in the application.

wls:/base_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws')
 
#jaxwsejb
 
Select any of the assembly name to proceed.

When only a part of the application name is known

If you know only a part of the application name, you can enter a pattern with wildcard characters. In the following example, jax* is entered as the name of the application in the selectWSMPolicySubject command. WLST responds with a list of applications that match the string.

wls:/base_domain/serverConfig> selectWSMPolicySubject('jax*')
 
jaxws_provider
jaxwsejb30ws
 
Select any of the application name to proceed.

wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws')
 
#jaxws3jb
Select any of the assembly name to proceed

When the application name is not known

If you do not know the name of the application, enter the selectWSMPolicySubject command with no arguments. WLST responds with the names of all applications known to the system. In the following example, the selectWSMPolicySubject command is entered with no arguments. WLST responds with the names of all applications known to the system.

wls:/base_domain/serverConfig> selectWSMPolicySubject()

SimpleRestApp
jaxws_provider
jaxwsejb30ws
wsm-pm

Select any of the application name to proceed.

wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws')
#jaxws3jb
Select any of the assembly name to proceed

Selecting the Assembly

You can select a specific assembly for modification if an application name and assembly name is provided.

If you know only a part of the assembly name, the argument can be a pattern containing wildcard characters. In this case, all of the assemblies matching that pattern will be listed. You can then select an assembly to proceed further. If no argument is provided then all assembly names will be listed.

Note:

For ws-connection type policy subjects, use an empty string '' for the assembly name.

When the assembly name is known

If you know the name of the assembly, enter it with the application name as arguments to the selectWSMPolicySubject command. WLST responds with the names of the subjects contained in the assembly. In the following example, jaxwsejb30ws is entered as the name of the application and #jaxwsejb is entered as the name of the assembly. WLST responds with a list of all of the subjects contained in the assembly.

wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb')
 
WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort)
WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort)
 
Select any of the subject name to proceed.

When only a part of the assembly name is known

If you know only a part of the assembly name, you can enter a pattern with wildcard characters. In the following example, #jaxws* is entered as the partial name of the assembly and jaxwsejb30ws is entered as the name of the application in the selectWSMPolicySubject command. WLST responds with #jaxwsejb, the name of the assembly contained in the application.

wls:/base_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws','#jaxws*')
 
#jaxwsejb
Select any of the assembly name to proceed. 

wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb')
 
WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort)
WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort)
 
Select any of the subject name to proceed.

When the assembly name is not known

If you do not know the name of the assembly, enter the name of the application only as an argument to selectWSMPolicySubject. WLST responds with the names of all assemblies known to the system. In the following example, jaxwsejb30ws is entered as the name of the application as an argument in selectWSMPolicySubject command. WLST responds with the names of all assemblies known to the system.

wls:/base_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws') 
 
#jaxwsejb

Select any of the assembly name to proceed.

Selecting the Subject

You can select a specific policy subject for modification if an application name, assembly name, and policy subject name is provided.

If you know only a part of the policy subject name, the argument can be a pattern containing wildcard characters. In this case, all of the policy subjects matching that pattern will be listed. You can then select a policy subject to proceed further. If no argument is provided then all policy subject names will be listed.

When the policy subject name is known

If you know the name of the policy subject, enter it with the application name and the assembly name as arguments to the selectWSMPolicySubject command. WLST selects the specified policy subject. In the following example, jaxwsejb30ws is entered as the name of the application, #jaxwsejb is entered as the name of the assembly, and WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort) is entered as the name of the policy subject. WLST responds that the policy subject has been selected for modification.

wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb','WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)')
 
The policy subject is selected for modification.

When only a part of the policy subject name is known

If you know only a part of the policy subject name, you can enter a pattern with wildcard characters. In the following example, jaxwsejb30ws is entered as the name of the application, #jaxwsejb is entered as the name of the assembly, and ws-service(*) is entered as the name of the policy subject in the selectWSMPolicySubject command. WLST responds with the name of the policy subjects contained in the assembly.

wls:/base_domain/serverConfig>  selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb', 'ws-service(*)')
 
WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort)
WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort)
 
Select any of the subject name to proceed.

When the policy subject name is not known

If you do not know the name of the policy subject, enter the name of the application, the name of the assembly as arguments to the selectWSMPolicySubject command. WLST responds with the names of all policy subjects contained in the assembly. In the following example, jaxwsejb30ws is entered as the name of the application, #jaxwsejb as the name of the assembly, and None as the policy subject argument in selectWSMPolicySubject command. WLST responds with the names of all policy subjects contained in the assembly.

wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb')
 
WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort)
WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort)
 
Select any of the subject name to proceed.

Web Services WLST Command Categories

Web services WLST commands are divided into the categories described in Table 3-1.

Table 3-1 Web Services WLST Command Categories

Command Category Definition

Session Commands

Manage a session, which is required by some web service WLST commands, such as those that modify repository documents and policy subject commands, need to be executed in the context of a session.

Policy Subject Commands

View and manage web service and web service client policy subjects.

Configuration Commands

View and manage OWSM domain configuration information.

Diagnostic Commands

Check the status of the WSM components that are required for proper functioning of the product.

Web Service and Client Management Commands

View and manage web services for the service and client.

Policy Management Commands

View and manage policy attachment for the service and client. These commands manage both direct policy attachments and global policy attachments in policy sets.

Policy Set Management Commands

View and manage globally available policy sets within sessions.

OWSM Repository Management Commands

Manage the OWSM repository with new predefined policies provided in the latest installation of the software, as well as import and export documents into and from the repository.

Token Issuer Trust Configuration Commands

View and define trusted issuers, trusted distinguished name (DN) lists, and token attribute rule filters for SAML signing certificates.

JKS Keystore Configuration Commands

View and manage JKS keystore credentials and certificates.

Offline Commands

Execution of offline OWSM WLST is supported. The OWSM commands which we want to run offline must be wrapped between startWSMOfflineMode and endWSMOfflineMode commands.

startWSMOfflineMode

The startWSMOfflineMode command starts the execution of offline OWSM WLST.

Description

It starts the execution of offline OWSM WLST.

Syntax

startWSMOfflineMode('<domain_absolute_path>')

domain_absolute_path - Absolute path of weblogic domain where "wsm-pm" is installed.

Example

wls:/jrfServer_domain/serverConfig>startWSMOfflineMode('/ade/vkdwived_owsmpt/work/utp/testout/functional/owsm/wls-jrfServer')

endWSMOfflineMode

The endWSMOfflineMode command ends the execution of offline OWSM WLST.

Description

It ends the execution of offline OWSM WLST.

Syntax

endWSMOfflineMode()

Example

wls:/jrfServer_domain/serverConfig>endWSMOfflineMode()

Example of Running WSM Commands in Offline Mode

The OWSM commands which you want to run offline must be wrapped between the startWSMOfflineMode and endWSMOfflineMode commands.

Description

This example shows how to create global PolicySet offline.

Example

sh wlst.sh
wls:/jrfServer_domain/serverConfig>startWSMOfflineMode('/ade/vkdwived_owsmpt/work/utp/testout/functional/owsm/wls-jrfServer')
Started offline mode.
wls:/jrfServer_domain/serverConfig>beginWSMSession()
Repository session begun.
wls:/jrfServer_domain/serverConfig>createWSMPolicySet('all-domains-default-web-service-policies', 'ws-service', 'Domain("*")')
Description defaulted to "Global policy attachments for Web Service Endpoint resources."The policy set was created successfully in the session.     
wls:/jrfServer_domain/serverConfig>setWSMPolicySetDescription('Default policies for web services in any domain')
Description updated.
wls:/jrfServer_domain/serverConfig>attachWSMPolicy('oracle/wss11_saml_or_username_token_with_message_protection_service_policy')
Policy reference added. 
wls:/jrfServer_domain/serverConfig> displayWSMPolicySet()
Policy Set Details:
-------------------
Name:                all-domains-default-web-service-policies
Type of Resources:   Web Service Endpoint
Scope of Resources:  Domain("*")
Description:         Default policies for web services in any domain
Enabled:             true
Policy Reference:    security : oracle/wss11_saml_or_username_token_with_message_protection_service_policy, enabled=true

wls:/jrfServer_domain/serverConfig>validatePolicySet()
The policy set all-domains-default-web-service-policies is valid.

wls:/jrfServer_domain/serverConfig>commitWSMSession()
The policy set all-domains-default-web-service-policies is valid.
Creating policy set all-domains-default-web-service-policies in repository.
 
Repository session committed successfully.
wls:/jrfServer_domain/serverConfig>endWSMOfflineMode()
Offline mode ended.

Session Commands

Some web service WLST commands, such as those that modify repository documents and policy subject commands, need to be executed in the context of a session. Use the WLST commands listed in Table 3-2 to manage a session.

Table 3-2 Session Management WLST Commands

Use this command... To... Use with WLST...

abortWSMSession

Abort the current modification session, discarding any changes that were made during the session.

Online

beginWSMSession

Begin a session to modify a policy subject or the OWSM repository documents.

Online

commitWSMSession

Write the contents of the current session to the OWSM repository.

Online

describeWSMSession

Describe the contents of the current session. This will indicate either that the session is empty or list the name of the document that is being updated, along with the type of update (create, modify, or delete).

Online

abortWSMSession

Command Category: Session

Use with WLST: Online/offline

Description

Aborts the current modification session, discarding any changes that were made during the session. Messages are displayed that describe what was aborted. An error will be displayed if there is no current session.

Syntax

abortWSMSession([raiseError='true|false'])

raiseError - Optional. When set to ‘true’ it raises exception in case of known errors. When set to ‘false’ it returns a boolean false value in case of known errors. By default, it's set to 'true'.

Examples

The following example aborts the current OWSM session.

wls:/wls-domain/serverConfig>abortWSMSession()

beginWSMSession

Command Category: Session

Use with WLST: Online/offline

Description

Begins a session to modify a policy subject, such as a policy set or a Fusion Middleware web service endpoint. A session can act on a single policy subject only. If a session is already in progress, an error is displayed.

Syntax

beginWSMSession([raiseError='true|false'])

raiseError - Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Example

The following example begins an OWSM session.

wls:/wls-domain/serverConfig>beginWSMSession()

commitWSMSession

Command Category: Session

Use with WLST: Online/offline

Description

Persists the modifications made within the current session. Messages are displayed that describe what was committed. An error will be displayed if there is no current session.

Syntax

commitWSMSession([raiseError='true|false'])

raiseError - Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Example

The following example commits the current repository modification session.

wls:/wls-domain/serverConfig>commitWSMSession()

describeWSMSession

Command Category: Session

Use with WLST: Online/offline

Description

Describes the current session. For repository operations, it will either indicate that no actions have been performed in the session, or it will list the name of the document that is being updated, along with the type of update, such as create, modify, or delete. For policy subject operations, it will list the subject identifier.

If there is no current session, the following error is displayed:

No active session.

Syntax

describeWSMSession([raiseError='true|false'])

raiseError - Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example describes the current session.

wls:/wls-domain/serverConfig>describeWSMSession()

Policy Subject Commands

Use the WLST commands listed in Table 3-3 to view and manage web service and web service client policy subjects. For more information about policy subjects, see "Understanding Policy Subjects" in Understanding Oracle Web Services Manager.

Note:

For Java EE web services, no information is displayed. For information about viewing and modifying Java EE web service policy attachments, see Table 3-7.

Table 3-3 Policy Subject WLST Commands

Use this command... To... Use with WLST...

displayWSMEffectivePolicySet

Display the configuration of effective policy set corresponding to a policy subject.

Online

listWSMPolicySubjects

List the policy subjects that match the specified application, assembly, and subject patterns.

Online

previewWSMEffectivePolicySet

Displays the configuration of an effective policy set corresponding to a policy subject. The display will also include any changes made within the current session when it generates the effective policy set.

Online

listWSMResources

List the resources that have been registered in the repository.

Online

registerWSMResource

Register or create a new resource instance that describes a physical resource within a session.

Online

selectWSMPolicySubject

Select the subject uniquely identified by application, assembly and subject for modification.

Online

selectWSMResource

Select the subject uniquely identified by resource, assembly and subject for modification in a third-party application environment.

Online

displayWSMEffectivePolicySet

Command Category: Policy Subject

Use with WLST: Online

Note:

This command is valid for Oracle Infrastructure web service and clients only. For Java EE web services, no information is displayed.

Description

Displays the configuration of the actual runtime policy set and global policy attachment information used at the time of policy enforcement. This policy set and global policy attachment information is stored within the policy subject.

You must start a session and select the policy subject (using selectWSMPolicySubject) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.

Compare this command with the displayWSMPolicySet command, which displays only the selected global policy set or the selected local policy set, or with the previewWSMEffectivePolicySet, which displays the effective policy set, including changes made to the actual runtime policy set, within the current session.

Syntax

displayWSMEffectivePolicySet([raiseError='true|false'])

raiseError - Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example for an Oracle Infrastructure web service lists that the policies, oracle/wss_username_token_service_policy and oracle/log_policy, are in effect at the time of enforcement.

wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('/weblogic/jrfServer_domain/jaxws-sut','#jaxws-sut-service','WS-SERVICE({http://service.jaxws.wsm.oracle/}TestService#TestPort)')
 
The policy subject is selected for modification.
 
wls:/jrfServer_domain/serverConfig> displayWSMEffectivePolicySet()

        URI="oracle/http_basic_auth_over_ssl_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
 
        The policy subject is secure in this context.

See:

listWSMPolicySubjects

Command Category: Policy Subject

Use with WLST: Online

Description

Lists the policy subjects that match the specified application, assembly, and subject patterns. You can use the optional detail argument to include effective policy set information in the output. The command does not require starting a session.

Syntax

listWSMPolicySubjects([application=None],[assembly=None],[subject=None],[detail='false'], [raiseError='true|false'])
Argument Definition

application

Optional. Pattern identifying applications.

assembly

Optional. Pattern identifying assemblies.

subject

Optional. Pattern identifying subjects.

detail

Optional. Specifies whether to include effective policy set information in the output. The default value is false.

For each directly attached policy, the local.policy.reference.source configuration property is provided identifying the source of the attachment.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

To simplify searching for a particular subject, the application, assembly, or subject argument can specify a pattern containing the wildcard character (*). In this case, all the subjects matching that pattern will be listed.

Examples

The following invocation of the listWSMPolicySubjects command with detail='true' returns the application, assembly, and subject information for all subjects being managed in the entire domain

Note that the local.policy.reference.source configuration property is provided for the directly attached policy identifying its source as LOCAL_ATTACHMENT, indicating that it was attached using either Fusion Middleware Control or WLST.

wls:/base_domain/serverConfig> listWSMPolicySubjects(detail='true') 
Application: /weblogic/base_domain/jaxwsejb30ws
  Assembly: #jaxwsejb
    Subject: WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)

Context : no constraint
        URI="oracle/wss_username_token_service_policy", category=security, 
policy-status=enabled; source=global policy set "username", scope="DOMAIN('*')"; reference-status=enabled; effective=true
        URI="oracle/mex_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
        URI="oracle/mtom_encode_fault_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
        URI="oracle/max_request_size_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
                Property name="max.request.size", value="-1"
        URI="oracle/request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
        URI="oracle/soap_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
        URI="oracle/ws_logging_level_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                Property name="logging.level", value=""
                Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
        URI="oracle/test_page_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
        URI="oracle/wsdl_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
 
        The policy subject is secure in this context.

...

Invoking the listWSMPolicySubjects command with ('jax*') as the argument returns all subjects in applications that begin with jax; in our example, all subjects belonging to the jaxwsejb30ws application:

wls:/base_domain/serverConfig> listWSMPolicySubjects('jax*')
 
Application: /weblogic/base_domain/jaxwsejb30ws
  Assembly: #jaxwsejb
    Subject: WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
 
    Subject: WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
 
    Subject: WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)

The following command returns all RESTful resource subjects in all applications. If there are no RESTful resources in an application, the following message is returned: Subject: No matching subject found for "REST*"

wls:/base_domain/serverConfig> listWSMPolicySubjects(subject='REST*')

Application: /weblogic/base_domain/jaxrs_pack1
 
  Assembly: #jaxrs_pack1.war
 
    Subject: REST-Resource(Jersey)
 
 
Application: /weblogic/base_domain/jaxwsejb30ws
 
  Assembly: #jaxwsejb
 
    Subject: No matching subject found for "REST*".


Application: /weblogic/base_domain/soa-infra
 
  Assembly: #integration/services/RuntimeConfigService
 
    Subject: REST-Resource(oracle.bpm.rest.webapp.BPMApplication)

See:

listWSMResources

Command Category: Repository

Use with WLST: Online

Description

Lists the resources that have been registered in the repository. This command also displays the resource that is being created, modified, or deleted within the current session. You can list all the resources or limit the display using the optional arguments.

Syntax

listWSMResources([resourceType=None],[resourceName=None])
Argument Definition

resourceType

Optional. Specifies the type of resource. If no value is specified, then all the resource instances stored in the repository will be listed.

resourceName

Optional. Name of the resource. The value can be omitted to list all the resources or it can also use wildcards to limit resource matching.

Any of the values listed in the preceding table can contain following wildcard characters to allow for multiple matches.

Character Description

%

The percent character can be used in a value to match any number of characters.

_

The underscore character can be used in a value to match a single character.

\

The back-slash character can be used in a value to escape a wildcard character.

Following are examples of the listWSMResources command that use wildcards:

listWSMResources('application','%App%')
listWSMResources('resourcename','my_%')
listWSMResources()

previewWSMEffectivePolicySet

Command Category: Policy Subject

Use with WLST: Online

Description

Displays the configuration of the effective policy set corresponding to the policy subject. The display will also include any changes made within current session when it generates the effective policy set.

You must start a session and select the policy subject (using selectWSMPolicySubject) before initiating the command. An error will display if no policy subject is selected.

Syntax

previewWSMEffectivePolicySet([raiseError='true|false'])

raiseError - Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

wls:/wls-domain/serverConfig>previewWSMEffectivePolicySet()

See:

registerWSMResource

Command Category: Repository

Use with WLST: Online

Description

Within a session, registers or creates a new resource instance that describes a physical resource, such as an application server, or register a sub-resource within the created resource instance. The resource instance will be used to store information describing the logical structure of the resource. The sub-resource will hold information about the client and service ports of a resource instance. Issuing this command outside of a session will result in an error.

Syntax

registerWSMResource(resource, [assembly=None], [subject=None])
Argument Description

resource

Name of existing resource instance. This is a combination of platform name, domain name, and logical name, separated by a forward slash.

assembly

Name of assembly used to identify a sub-resource within a resource instance. This is the combination of module type and module name, separated by a hash character.

subject

Name of the subject identifying the sub-resource. This is a combination of sub-resource type; that is, either "server" or "client" and service, or reference name and port name, separated by a hash character.

Examples

The following example registers the IBM WebSphere platform application WAS/base_cell/myApplication.

wls:/jrfServer_domain/serverConfig> registerWSMResource (‘WAS/base_cell/myApplication')

The following example registers the IBM WebSphere platform domain WAS/base_cell.

wls:/jrfServer_domain/serverConfig> registerWSMResource ('WAS/base_cell')

The following example registers the StockQuoteServicePort endpoint that resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.

wls:/jrfServer_domain/serverConfig> registerWSMResource (‘/WAS/base_cell/myApplication', ‘web# myModule', ‘service(StockQuoteService# StockQuoteServicePort)')

selectWSMPolicySubject

Command Category: Policy Subject

Use with WLST: Online

Description

Within a session, selects a policy subject for modification. You uniquely specify a policy subject by the application, assembly, and policy subject name. Once selected, the policy management commands can be used to modify the directly attached policy set for the policy subject.

You must start a session (beginWSMSession) before performing any policy management edits or policy set transactions. You must also select the policy subject that you want to modify before issuing policy management commands. If there is no current session or there is already an existing modification process, an error is displayed.

Syntax

selectWSMPolicySubject([application=None],[assembly=None],[subject=None], [raiseError='true|false'])
Argument Description

application

Name of the application.

assembly

Name of the assembly. Uniquely identifies the module within an application.

subject

Name of the policy subject.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Note:

Any of the three arguments can specify a pattern containing wildcard character "*". In this case, all the names matching that pattern will be listed. You need to select the name uniquely identifying the subject. The pattern can be specified only for the last unknown entity.

Examples

The following example selects the TestService#TestPort port in the jaxws-sut-service module (assembly) that belongs to the jaxws-sut application.

wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('/weblogic/jrfServer_domain/jaxws-sut','#jaxws-sut-service','WS-SERVICE({http://service.jaxws.wsm.oracle/}TestService#TestPort)')

The policy subject is selected for modification.

The following example selects the jersey RESTful resource in the #restservice module (assembly) that belongs to the helloworld application.

wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('helloworld','#restservice','REST-Resource(Jersey)')

The policy subject is selected for modification.

See:

selectWSMResource

Command Category: Repository

Use with WLST: Online

Description

Within a session, selects a resource instance that describes a physical resource, such as a third-party application server, for modification. The command can also be used to select a particular sub-resource contained within the resource instance for modification. Once a resource instance is selected, then sub-resources within it can be added, removed or modified. Issuing this command outside of a session will result in an error.

You must start a session (beginWSMSession) before performing any policy management edits or policy set transactions. You must also select the resource subject that you want to modify before issuing policy management commands.

Syntax

selectWSMResource([resource=None], [assembly=None], [subject=None])
Arguments Description

resource

Name of existing resource instance. This is a combination of platform name, domain name, and logical name of the resource instance, separated by a forward slash.

assembly

Name of assembly used to identify a sub-resource within a resource instance. This is the combination of module type and module name, separated by a hash character.

subject

Name of the subject identifying the sub-resource. This is a combination of a sub-resource type. For example, either "server" or "client" and service, or reference name and port name, separated by a hash character.

Note:

Any of the three arguments can specify a pattern containing a wildcard character "*". In this case, all the names matching that pattern will be listed. Therefore, you need to select the name uniquely identifying the subject. The pattern can be specified only for the last unknown entity.

Examples

The following example uses the * wildcard to select all applications in the base_domain on the IBM WebSphere application server.

wls:/jrfServer_domain/serverConfig> selectWSMResource('/WAS/base_cell/*Application')

The following example uses the * wildcard to specify all sub-modules of the WEB module that reside on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.

wls:/jrfServer_domain/serverConfig> selectWSMResource('/WAS/base_cell/myApplication','WEB#*Mod')

The following example uses * wildcards to specify all service ports connected to the WEB/myMod sub-resource that resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.

wls:/jrfServer_domain/serverConfig> selectWSMResource('/WAS/base_cell/myApplication','WEB#myMod', 'service(*Service#*Port)')

The following example selects the StockQuoteServicePort endpoint connected to the WEB/myMod sub-resource the resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.

wls:/jrfServer_domain/serverConfig> selectWSMResource (‘/WAS/base_cell/myApplication', ‘WEB#myModule', ‘service(StockQuoteService# StockQuoteServicePort)')

Configuration Commands

Use the WLST commands listed in Table 3-4 to view and configure the OWSM domain.

Note:

The setConfiguration command has been deprecated. It is recommended that you use the setWSMConfiguration command described in "setWSMConfiguration".

Table 3-4 OWSM Environment WLST Commands

Use this command... To... Use with WLST...

configureWSMKeystore

Set the keystore configuration properties.

Online

displayWSMConfiguration

Display the full configuration properties and their values and groups for the specified product.

Online

setWSMConfiguration

Set the configuration properties of the specified product.

Online

setWSMResourceField

Set the value for the fields of a resource or its structural components.

Online

configureWSMKeystore

Command Category: Configuration

Use with WLST: Online/offline

Description

Sets the configuration properties for the OWSM keystore.

Note:

Changes to the keystore configuration at the domain level require that you restart the server.

Syntax

configureWSMKeystore(context, keystoreType, location, keystorePassword, signAlias, signAliasPassword, cryptAlias, cryptAliasPassword, [raiseError='true|false'])
Arguments Description

context

Optional. The context of the configuration document in which the modifications will be done.

keystoreType

Optional. The keystore type category of the property. Valid keystore types are JKS, KSS, PKCS11, and LUNA.

location

Optional. For JKS, it is the absolute location of the keystore or location relative to the fmwconfig directory. For KSS, the format of location should be kss://stripeName/keystoreName The default is kss://owsm/keystore.

keystorePassword

Optional. The keystore password of the keystore configured. It is required for JKS and PKCS11.

signAlias

Optional. The Alias of the sign key. It is required for JKS and PKCS11.

signAliasPassword

Optional. Password of the Alias of the sign key. It is required for JKS and PKCS11.

cryptAlias

Optional. The Alias of the Encryption key. It is required for JKS and PKCS11.

cryptAliasPassword

Optional. Password of the Alias of the Encryption key. It is required for JKS and PKCS11.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example configures the JKS keystore default-keystore.jks in the domain myDomain. It provides the keystore password oratest123, the sign alias oraAlias, the sign alias password ora234, the encryption alias oraCryptAlias, the encryption alias password ora123.

wls:/jrfServer_domain/serverConfig> configureWSMKeystore ('/WLS/myDomain','JKS', './default-keystore.jks','oratest123', 'oraAlias','ora234','oraCryptAlias', 'ora123')

The following example configures the KSS keystore at kss://owsm/keystore in the domain myDomain. It provides the sign alias oraAlias, and the encryption alias oraCryptAlias.

 wls:/jrfServer_domain/serverConfig> configureWSMKeystore ('/WLS/myDomain',keystoreType='KSS', location='kss://owsm/keystore', signAlias='oraAlias', cryptAlias='encAlias')

See:

displayWSMConfiguration

Command Category: Configuration

Use with WLST: Online/offline

Description

Displays the full set of configuration properties, and their values and groups, for the product specified in the context. If a property is not defined in the configuration document associated with the context, then the default value defined for the product is displayed. If a context is not specified, then the set of properties matching the current context is displayed.

Syntax

displayWSMConfiguration([context=None], [raiseError='true|false'])
Arguments Description

context

Optional. The context of the configuration document from which property values are displayed. If a context is not specified, then the set of properties matching the current context is displayed.

To display the default set of properties along with their values, use "/" as the context value."

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example displays the configuration contained in the configuration document in the repository.

wls:/jrfServer_domain/serverConfig> displayWSMConfiguration()

The following example displays the configuration for the base_domain domain.

wls:/jrfServer_domain/serverConfig> displayWSMConfiguration('/WLS/base_domain')

See:

setWSMConfiguration

Command Category: Configuration

Use with WLST: Online/offline

Description

Sets the configuration properties of a domain. The properties are stored in a configuration document for the domain. If a configuration document does not exist, a new one is created.

A new property with values and/or groups of values can be added inside the configuration document. The set of acceptable properties is determined from the default set of properties supported by the product. Specific property values or groups of values can be removed from the configuration document. The configuration document itself is removed if no properties exist in it.

Syntax

setWSMConfiguration(context, category, name, [group=None], [values=None], [raiseError='true|false'])
Arguments Description

context

Optional. The context of the configuration document to be modified. If a context is not provided or is set to None, then the configuration document associated with the currently connected domain is used. For example /WLS/base_domain.

category

The category of the property. This is verified against the default set of properties to ensure it is acceptable for the context.

name

The name of the property. This is verified against the default set of properties to ensure it is acceptable for the context.

group

Optional. A group containing the set of values to add in a configuration document. If the group exists, and this value is set to None, the group is removed.

values

Optional. The array of values to set for a property or group inside the configuration document.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example resets the entire configuration for the domain myDomain to its default values.

wls:/jrfServer_domain/serverConfig> setWSMConfiguration('/WLS/myDomain')

The following command resets the value of the clock.skew property in myDomain to 500.

wls:/jrfServer_domain/serverConfig> setWSMConfiguration('/WLS/myDomain','Agent','clock.skew',None, ['500'])

The following command resets the value of the clock.skew property in myDomain to its default value.

wls:/jrfServer_domain/serverConfig> setWSMConfiguration('/WLS/myDomain','Agent','clock.skew',None,None)

See:

refreshWSMCache

Refreshes the PM cache in MDS and configuration and document cache in agent from PM.

Description

It first refreshes the PM cache in MDS. After that it refreshes the configuration and document cache in agent from PM. It refreshes cache on all agent instances running in the domain.

Syntax

refreshWSMCache([raiseError='true|false'])

raiseError - Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

refreshWSMCache()

setWSMResourceField

Command Category: Resource

Use with WLST: Online

Description

Specifies the value for the fields of a resource or its structural components. This command can be used to either set the requested field on the resource or remove the value of the existing field. Issuing this command outside of a session containing a resource that is being created or modified will result in an error.

Syntax

setWSMResourceField(fieldName, [fieldValue=None])
Argument Definition

fieldName

The name of the field to set. You can set the value for these fields for modification:

  • server—Server name or names. This field can only be set on an application resource.

  • wsdl—WSDL location. This field can only be set on a client port resource.

fieldValue

Optional. The value(s) to set for the field, or omit the value to remove the field.

Examples

The following example sets the wsdl field location on a client port to StockService?wsdl.

wls:/wls-domain/serverConfig> setWSMResourceField('wsdl',['http://localhost/StockService?wsdl'])

The following example sets the server field on an application resource to server1 and server2.

wls:/wls-domain/serverConfig> setWSMResourceField('server',['server1','server2'])

Diagnostic Commands

Use the WLST command in this section to check the status of the WSM components that are required for proper functioning of the product.

checkWSMStatus

Command Category: Diagnostic

Use with WLST: Online

Description

Checks the status of the OWSM components that are required for proper functioning of the product. The status of the components can be checked together or individually. The OWSM components that are checked are:
  • Policy Manager (wsm-pm)

  • Agent (agent)

  • Credential store and keystore configuration (credstore)

  • Oauth2 configuration (oauth2)

  • Policy Manager history (pmHistory)

Syntax

checkWSMStatus([component=None],[address=None],[verbose=true],[days=None],[target=None],[outfile=None])
Arguments Description

component

Optional. All checks will be performed if no value is specified. Valid options are:

  • credstore—Credential Store. Checks whether the credentials are configured for the keystore password, signing, and encryption certificates in the keystore.

  • wsm-pm—Policy Manager. Checks the configuration state of the policy manager component.

  • agent—Enforcement Agent. Checks status of end-to-end service-side enforcement through the wsm agent component. The enforcement check is specific only to the environment from which the command is run.

  • pmHistory—Policy Manager Connection failure history. Display information on past failures in PM communication.

  • oauth2—Scans for oauth2 configuration on DOMAIN scope GPAs for different client types like RESTful client, SOAP client, SOA SOAP client and SOA REST client and validates the same. It also checks for the oauth2 client policy enforcement.

address

Optional. The HTTP URL of the host running the wsm-pm application. This value checks enforcement through an agent component, for example,

checkWSMStatus('agent', 'http://localhost:7001')

The address is not required in the WebLogic Server domain where auto-discovery is present.

verbose

Optional. Set the value to true to view detailed messages (including stack trace, if any). Default value is false.

days

Optional. This attribute is used with the pmHistory component. Set value to the number of days for which past policy manager communication failure records must be displayed. Default value is 5.

target

Optional. Target server name for which check needs to be run. Set this value if check needs to be run for a specific server. If no value is provided, checks are run for all available servers.

outfile

Optional. If not None, output will also be re-directed to file identified by outfile.

Examples

In the following example, the checkWSMStatus command is run without arguments. The status of the credential store, policy manager, and enforcement agent is returned.
wls:/base_domain/serverConfig> checkWSMStatus()
Health check status on server EXAMPLESERVER1 is PASSED.

Health check status on server EXAMPLESERVER2 is PASSED.


Health check status for system is PASSED.

In the following example, the checkWSMStatus command is running with verbose, so detailed output is printed. The status of the credential store, policy manager, and enforcement agent is returned.

wls:/base_domain/serverConfig> checkWSMStatus(verbose='true')
Health check for server "EXAMPLESERVER":
 
Credential Store Configuration:
 
PASSED.
        Message(s):
             keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
                 Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
             keystore-csf-key : Credentials configured.
             keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
                 Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
             sign-csf-key : Credentials configured.
             Sign Key : Key configured.
                 Alias - orakey
             Sign Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
             keystore.enc.csf.key : Property is configured and its value is "enc-csf-key".
                 Description: The "keystore.enc.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for decryption.
             enc-csf-key : Credentials configured.
             Encrypt Key : Key configured.
                 Alias - orakey
             Encrypt Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
 
Policy Manager:
 
 
PASSED.
        Message(s):
             OWSM Policy Manager connection state is OK.
             OWSM Policy Manager connection URL is "host.example.com:1234".
 
Enforcement Agent:
 
 
PASSED.
        Message(s):
             Enforcement is successful.
             Service URL: http://host:port/Diagnostic/DiagnosticService?wsdl

Health check status on server EXAMPLESERVER is PASSED.


Health check status for system is PASSED.
In the following example, the checkWSMStatus command checks to validate wsm-pm configuration on single server in the domain. Setting the verbose value to true send a detailed output to the file defined by the outfile attribute.
 wls:/base_domain/serverConfig>checkWSMStatus('wsm-pm', target='EXAMPLESERVER',verbose='true',outfile='example.txt')
 

Health check for server "EXAMPLESERVER":

Policy Manager:

PASSED.
        Message(s):
             OWSM Policy Manager connection URL is "t3://slc05njx:8741".
             OWSM Policy Manager connection state is OK.

 
Health check status on server EXAMPLESERVER is PASSED.


Health check status for system is PASSED.

In the following example, the credential store key keystore-csf-key is not configured and the checkWSMStatus command is rerun for the credential store credstore. The status check fails because the csf-key keystore-csf-key is not present in the credential store.

wls:/base_domain/serverConfig> checkWSMStatus('credstore',target='EXAMPLESERVER')
 
Health check for server "EXAMPLESERVER":

Credential Store Configuration:

FAILED.
        Message(s):
             keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
                Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
             keystore-csf-key : Credentials configured.
             keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
                Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
             sign-csf-key : Credentials configured.
             Sign Key : Key not configured.
             oracle.wsm.security.SecurityException: WSM-00111 : Keystore is not properly configured. Check your keystore configurations.
Credential Store Diagnostic Messages:
        Message(s):
             The alias orakey is either not present in the keystore or is configured incorrectly. Check the contents of the keystore and the password for the alias "orakey". The password of the alias "orakey" should be the same as the password stored in the csf key=sign-csf-key

NOTE:- All the above commands are based on the Domain level configurations. The actual alias may have been  overridden at runtime due to configuration override.


Health check status on server EXAMPLESERVER is FAILED.


Health check status for system is FAILED.

In the following example, the csf-key keystore-csf-key is configured and the checkWSMStatus command is rerun. The configuration check passes.

wls:/base_domain/serverConfig> createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore-csf-key", password="password", desc="Keystore Password CSF Key")
Already in Domain Runtime Tree
 
wls:/base_domain/serverConfig> checkWSMStatus('credstore',target='EXAMPLESERVER')
 
Health check status on server EXAMPLESERVER is PASSED.


Health check status for system is PASSED.

The following example checks the enforcement status of the agent component on all servers in domain.

wls:/test_domain1/serverConfig> checkWSMStatus('agent')
 

Health check status on server EXAMPLESERVER1 is PASSED.

Health check status on server EXAMPLESERVER2 is PASSED.


Health check status for system is PASSED.
In the following example, checks are run for agent with invalid address on all servers in the domain. The health check fails and detailed output with diagnosis is logged automatically.
wls:/test_domain1/serverConfig>checkWSMStatus(component='agent', address='invalidAddress')


Health check for server "EXAMPLESERVER1":

Note: Enforcement might succeed if OWSM Policy Manager is down due to policy caching. For such scenarios wsm-pm test must be run prior to this test.

FAILED.
        Message(s):
             The protocol used in the URL "invalidAddress/wsm-pm-diagnostic/DiagnosticService?wsdl" is not supported.
Enforcement Agent Diagnostic Messages:
        Message(s):
             Service URL: invalidAddress/wsm-pm-diagnostic/DiagnosticService?wsdl
             Make sure that the URL of the host running wsm-pm application is specified and valid. The only supported protocol is "http".

Health check status on server EXAMPLESERVER1 is FAILED.


Health check for server "EXAMPLESERVER2":

Note: Enforcement might succeed if OWSM Policy Manager is down due to policy caching. For such scenarios wsm-pm test must be run prior to this test.

FAILED.
        Message(s):
             The protocol used in the URL "invalidAddress/wsm-pm-diagnostic/DiagnosticService?wsdl" is not supported.
Enforcement Agent Diagnostic Messages:
        Message(s):
             Service URL: invalidAddress/wsm-pm-diagnostic/DiagnosticService?wsdl
             Make sure that the URL of the host running wsm-pm application is specified and valid. The only supported protocol is "http".

Health check status on server EXAMPLESERVER2 is FAILED.


Health check status for system is FAILED.
In the following example, the checkWSMStatus command checks to get pm communication failure history for last 200 days on server EXAMPLESERVER with output also redirected to history.txt.
wls:/test_domain1/serverConfig>checkWSMStatus(component='pmHistory', days='200 days', target='EXAMPLESERVER', outfile='history.txt')


Health check for server "EXAMPLESERVER":

Policy Manager Connection Failure History:

        Message(s):
             [Tracking Id: 42c2e21a-9744-4071-920f-00099560a8b9-000003c2,0#1459247224547] [Failure Timestamp: 2016-03-29T03:27:04.598-07:00] [Recovery Timestamp: 2016-03-29T03:34:15.970-07:00] [Diagnosis: wsm-pm:PASSED;agent:FAILED:[Unable to proceed with the test as host url is not specified or is invalid.];credstore:PASSED;]
             [Tracking Id: 42c2e21a-9744-4071-920f-00099560a8b9-0000032a,0#1459160635500] [Failure Timestamp: 2016-03-28T03:23:55.500-07:00] [Recovery Timestamp: 2016-03-28T03:24:55.627-07:00] [Diagnosis: wsm-pm:PASSED;agent:FAILED:[Enforcement has failed., Service URL: http://example.com:12164/wsm-pm-diagnostic/DiagnosticService?WSDL, Could not determine wsdl ports. WSDLException: faultCode=OTHER_ERROR: Failed to read WSDL from http://example.com:12164/wsm-pm-diagnostic/DiagnosticService?WSDL: HTTP connection error code is 503];credstore:PASSED;]
             [Tracking Id: 42c2e21a-9744-4071-920f-00099560a8b9-000002a6,0#1459073942154] [Failure Timestamp: 2016-03-27T03:19:02.154-07:00] [Recovery Timestamp: 2016-03-27T03:22:05.444-07:00] [Diagnosis: wsm-pm:FAILED:[OWSM Policy Manager connection URL is "t3://slc05njx:12164"., oracle.wsm.policymanager.PolicyManagerException: WSM-02054 : Failure in looking up EJB component. The EJB JNDI name is "DocumentManager#oracle.wsm.policymanager.bean.ejb.IRemoteDocumentManager", the provider URL is "t3://slc05njx:12164"., Policy Manager Url Configuration:, java.sql.SQLNonTransientConnectionException: Insufficient data while reading from the network - expected a minimum of 6 bytes and received only 0 bytes.  The connection has been terminated., Policy Manager User Configuration:,  PM user - "OracleSystemUser" configurations are valid.];agent:FAILED:[Unable to proceed with the test as host url is not specified or is invalid.];credstore:PASSED;]
             [Tracking Id: 42c2e21a-9744-4071-920f-00099560a8b9-00000291,0#1458987480506] [Failure Timestamp: 2016-03-26T03:18:00.506-07:00] [Recovery Timestamp: 2016-03-26T03:19:00.879-07:00] [Diagnosis: wsm-pm:PASSED;agent:FAILED:[Enforcement has failed., Service URL: http://example.com:12164/wsm-pm-diagnostic/DiagnosticService?WSDL, Could not determine wsdl ports. WSDLException: faultCode=OTHER_ERROR: Failed to read WSDL from http://example.com:12164/wsm-pm-diagnostic/DiagnosticService?WSDL: HTTP connection error code is 503];credstore:PASSED;]

Health check status on server EXAMPLESERVER is PASSED.


Health check status for system is PASSED.

In the following example, no OAuth2 global policy sets are configured.

wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')


OAuth2 Client Configuration Status:


        Message(s):
             
						No OAuth2 client policy (oauth2_config_client_policy or oauth token policy) attached in the domain for client type(s): REST_CLIENT, WS_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
						Health check for server "jrfServer_admin":
						
						Health check status on server jrfServer_admin is FAILED.
						
						Health check status for system is FAILED.

In the following example, the OAuth2 global policy set is Configured for ws-client (SOAP client) subject type. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.

beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.oracle.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','oauth2.client.csf.key','basic.client.credentials');
validateWSMPolicySet();
commitWSMSession()

wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')                                              

OAuth2 Client Configuration Status:

        Message(s):
             OAuth2 Client Configuration Checks for type SOAP Client: PASSED
             Successful OAuth Configurations for Client Type(s): WS_CLIENT
							Health check status on server jrfServer_admin is PASSED.
							Health check status for system is PASSED.

In the following example, the OAuth2 global policy set is configured for ws-client (SOAP client) subject type and verbose flag true. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.

beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','oauth2.client.csf.key','basic.client.credentials');
validateWSMPolicySet();
commitWSMSession()

wls:/test_domain1/serverConfig>checkWSMStatus('oauth2', verbose='true')

OAuth2 Client Configuration Status:

        Message(s):
                OAuth2 Client Configuration Checks for type SOAP Client: PASSED
                        OAuth2 Server hostname example.com is valid
                        OAuth2 Server token URL http://example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens is valid
                        OAuth2 Client CSF key basic.client.credentials which stores the OAuth Client Credentials is configured.
                        Client ID: OWSMClientId
                        Client credentials configured as 'oauth2.client.csf.key' config override property in oauth2 client policies are also registered with OAuth2 server
                        OAuth2 user tenant name configured  as 'user.tenant.name' config override property in oauth2 client policies is valid
                        keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
                                Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
                        keystore-csf-key : Credentials configured.
                        keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
                                Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
                        sign-csf-key : Credentials configured.
                        Sign Key : Key configured.
                                 Alias - orakey
                        Sign Certificate : Certificate configured.
                                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                                 Expiry - June 28, 2020 11:17:12 AM PDT
             

             

             Successful OAuth Configurations for Client Type(s): WS_CLIENT

Health check for server "jrfServer_admin":

Health check status on server jrfServer_admin is PASSED.

Health check status for system is PASSED.

In the following example, invalid token.uri is configured in the OAuth2 GPA. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.

beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.com:14100/test/tokens');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','oauth2.client.csf.key','basic.client.credentials');
validateWSMPolicySet();
commitWSMSession()

wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')                                                            

OAuth2 Client Configuration Status:

        Message(s):
                OAuth2 Client Configuration Checks for type SOAP Client: FAILED

        Message(s):
             
        Diagnosis messages for client type SOAP Client : 

             Make sure that OAuth2 token endpoint configured as 'token.uri' config override in 'oracle/oauth2_config_client_policy' is valid
             

             OAuth2 client policies (oracle/oauth2_config_client_policy and oauth2 token policy) can also be configured for client type(s): REST_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
Health check for server "jrfServer_admin":

Health check status on server jrfServer_admin is FAILED.

In the following example, no Oauth2 config policy is configured in the OAuth2 GPA. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.

beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','oauth2.client.csf.key','basic.client.credentials');
validateWSMPolicySet();
commitWSMSession()

wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')                                                                                

OAuth2 Client Configuration Status:

        Message(s):
                OAuth2 Client Configuration Checks for type SOAP Client: FAILED
                        Policy Attachment Check Messages:
                        oracle/oauth2_config_client_policy is not present in any policy set configured for domain
             


        Message(s):
             

             OAuth2 client policies (oracle/oauth2_config_client_policy and oauth2 token policy) can also be configured for client type(s): REST_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
Health check for server "jrfServer_admin":

Health check status on server jrfServer_admin is FAILED.

Health check status for system is FAILED.

Health check status for system is FAILED.

In the following example, no Oauth2 client policy is configured in the OAuth2 GPA. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.

beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens');
validateWSMPolicySet();
commitWSMSession()


wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')                                                                                                 

OAuth2 Client Configuration Status:

        Message(s):
                OAuth2 Client Configuration Checks for type SOAP Client: FAILED
                        Policy Attachment Check Messages:
                        OAuth2 Client Policy (For Ex: oracle/http_oauth2_token_client_policy) is not present in any policy set configured for domain
             


        Message(s):
             

             OAuth2 client policies (oracle/oauth2_config_client_policy and oauth2 token policy) can also be configured for client type(s): REST_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
Health check for server "jrfServer_admin":

Health check status on server jrfServer_admin is FAILED.

Health check status for system is FAILED.

In the following example, the keystore.sig.csf.key is invalid in the Oauth2 GPA. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.

beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','rest-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','oauth2.client.csf.key','basic.client.credentials');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','keystore.sig.csf.key','custom-sign-csf-key');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens');
validateWSMPolicySet();
commitWSMSession()

wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')                                                       

OAuth2 Client Configuration Status:

        Message(s):
                OAuth2 Client Configuration Checks for type REST Client: FAILED

        Message(s):
             
        Diagnosis messages for client type REST Client : 

             Make sure the property keystore.sig.csf.key configured in the OAuth2 client policies keystore-csf-key is also present in the credential store.
                 Please follow the steps to add a credential to the Credential Store: 
                1. connect() 
                2. createCred(map="oracle.wsm.security", key="custom-sign-csf-key", user="<sign-key-alias>", password="<sign-key-password>", desc="Sign CSF Key")
             

             OAuth2 client policies (oracle/oauth2_config_client_policy and oauth2 token policy) can also be configured for client type(s): WS_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
Health check for server "jrfServer_admin":

Health check status on server jrfServer_admin is FAILED.

Health check status for system is FAILED.

Web Service and Client Management Commands

Use the WLST commands listed in Table 3-5 to view and manage web services for deployed, active, and running web service applications.

Note:

The commands listed in Table 3-5 have an application argument.

In an multi-tenant environment, if you intend to target a specific application instance within a tenant's partition, then you must include the partition name as part of the application as follows:

/domain/server/application#version$partition

However, if you are targeting a domain-scoped application, then you do not have to include the partition name. You can use the application argument as follows:

/domain/server/application#version

Table 3-5 Web Service and Client Management WLST Commands

Use this command... To... Use with WLST...

listWebServiceClientPorts

List web service client ports information for an application or SOA composite.

Online

listWebServiceClients

List web service client information for an application, SOA composite, or domain.

Online

listWebServiceClientStubProperties

List web service client port stub properties for an application or SOA composite.

Online

listWebServicePorts

List the web service ports for a web service application or SOA composite.

Online

listWebServices

List the web service information for an application, composite, or domain.

Online

setWebServiceClientStubProperties

Configure the set of stub properties of a web service client port for an application or SOA composite.

Online

setWebServiceClientStubProperty

Set, change, or delete a single stub property of a web service client port for an application or SOA composite.

Online

listWebServiceClientPorts

Command Category: Web Service and Client Management

Use with WLST: Online

Description

Lists the web service port names and the endpoint URLs for web service clients in an application or SOA composite.

The output will display the name of the web service client/reference port. For example:

AppModuleServiceSoapHttpPort

Syntax

listWebServiceClientPorts(application,moduleOrCompName,moduleType,serviceRefName)
Argument Definition

application

Name and path of the application for which you want to list the web services port information. For example, /domain/server/application#version_number

To list the client port information for an application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web service client port information.

To list the client port information for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

serviceRefName

Service reference name of the application or SOA composite for which you want to list the web service client port information.

When the client is an asynchronous web service callback client, the serviceRefName argument must be set to callback.

Examples

The following example lists the client ports for the WssUsernameClient Web module in the /base_domain/server1/jwsclient_1#1.1.0 application. Note that the moduleType is set to wsconn, and the serviceRefName is set to WssUsernameClient.

wls:/base_domain/serverConfig> listWebServiceClientPorts
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient')

The following example lists the client ports in the default/HelloWorld[1.0] SOA composite. Note that the moduleType is set to soa, and the serviceRefName is set to client.

wls:/base_domain/serverConfig> listWebServiceClientPorts(None, 'default/HelloWorld[1.0]','soa','client')

listWebServiceClients

Command Category: Web Service and Client Management

Use with WLST: Online

Description

Lists web service clients information for an application, SOA composite, or domain. If neither an application nor a composite is specified, the command lists information about all Web service clients in all applications and composites for every server instance in the domain. If an application is not specified, the command lists information about all web service clients in all applications for every server instance in the domain.

You can specify the amount of information to be displayed in the output using the detail argument. When specified, the output provides endpoint (port) and policy details for clients in the domain, the secure status of the endpoints, any configuration overrides and constraints, and if the endpoints have a valid configuration. A subject is considered secure if the policies attached to it (either directly or globally) enforce authentication, authorization, or message protection behaviors. Because you can specify the priority of a global or directly attached policy (using the reference.priority configuration override), the effective field indicates if the directly attached policies are in effect for the endpoint.

The local.policy.reference.source configuration property is provided for each directly attached policy identifying the source of the attachment. For more information about the local.policy.reference.source configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

Note that to simplify endpoint management, all directly attached policies are shown in the output regardless of whether they are in effect. In contrast, only globally attached policies that are in effect for the endpoint are displayed. For more information, see "How the Effective Set of Policies is Calculated" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

The output is listed by each application deployed as shown in the following examples:

This example shows the output of an unsecured endpoint:

wls:/jrfServer_domain/serverConfig> listWebServiceClients(detail=true)

/jrfServer_domain/jrfServer_admin/ADFDCDecoupling_Project1_ADFDCDecoupling :
        moduleName=testadfbc, moduleType=wsconn, serviceRefName=AppModuleService
                AppModuleServiceSoapHttpPort

                The policy subject is not secure in this context.
/soa_domain/soa_server1/soa-infra :        compositeName=default/Basic_SOA_Client[1.0], moduleType=soa, serviceRefName=Service1
                Basic_soa_service_pt    serviceWSDLURI=http://host.example.com:1234/soa-infra/services/default/Basic_SOA_service/Basic_soa_service.wsdl
                oracle.webservices.contentTransferEncoding=base64
                oracle.webservices.charsetEncoding=UTF-8
                oracle.webservices.operationStyleProperty=document
                wsat.flowOption=WSDLDriven
                oracle.webservices.soapVersion=soap1.1
                oracle.webservices.chunkSize=4096
                oracle.webservices.session.maintain=false
                oracle.webservices.preemptiveBasicAuth=false
                oracle.webservices.encodingStyleProperty=http://schemas.xmlsoap.org/soap/encoding/
                oracle.webservices.donotChunk=true
                No attached policies found; endpoint is not secure.

This example shows the output for a secured endpoint. Note that the local.policy.reference.source configuration property is provided for the directly attached policy identifying its source as LOCAL_ATTACHMENT, indicating that it was attached using either Fusion Middleware Control or WLST. For more information about the local.policy.reference.source configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

wls:/jrfServer_domain/serverConfig> listWebServiceClients(detail=true)
 
/jrfServer_domain/jrfServer_admin/ADFDCDecoupling_Project1_ADFDCDecoupling :
        moduleName=testadfbc, moduleType=wsconn, serviceRefName=AppModuleService
                AppModuleServiceSoapHttpPort serviceWSDLURI=http://host.example.com:1234/ADFBCDecoupling-ADFBCDecoupling-context-root/AppModuleService?wsdl
                URI="oracle/wss10_saml_token_with_message_protection_client_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                        Property name="local.policy.reference.source", value="LOCAL_ATTACHMENT"
 
        The policy subject is secure in this context.

Syntax

listWebServiceClients(application,composite,[detail])
Argument Definition

application

Name and path of the application for which you want to list the web service clients. For example, /domain/server/application#version_number

If specified, all web services clients in the application are listed.

composite

Name of the SOA composite for which you want to list the Web service clients. For example, default/HelloWorld[1.0]

If specified, all Web service clients in the composite are listed.

detail

Optional. Specifies whether to list port and policy details for the web service clients.

For each directly attached policy, the local.policy.reference.source configuration property is provided identifying the source of the attachment. For more information, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

Valid values are:

  • true—Output includes details about the clients, ports, policies, and whether the endpoint is secure or not.

  • false—Output lists only the clients. The default is false.

Examples

The following example lists information for all web service clients in the domain.

wls:/wls-domain/serverConfig>listWebServiceClients()

The following example lists the web service clients for the application jwsclient_1#1.10 for the server server1 in the domain base_domain.

wls:/wls-domain/serverConfig>listWebServiceClients('base_domain/server1/jwsclient_1#1.10')

The following example lists the Web service clients for the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>listWebServiceClients(None,'default/HelloWorld[1.0]')

The following example lists details for all of the web service clients in the domain.

wls:/wls-domain/serverConfig>listWebServiceClients(None,None,true)

listWebServiceClientStubProperties

Note:

This command applies to Oracle Infrastructure web service clients only.

Command Category: Web Service and Client Management

Use with WLST: Online

Description

Lists web service client port stub properties for an application or SOA composite.

Syntax

listWebServiceClientStubProperties(application, moduleOrCompName, moduleType, 
serviceRefName, portInfoName)
Argument Definition

application

Name and path of the application for which you want to list the web services client port stub properties. For example, /domain/server/application#version_number

To list the client port stub properties information for an application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services client port stub properties.

To list the client port stub properties information for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

serviceRefName

Service reference name of the application or SOA composite for which you want to list the web service client port stub properties.

portInfoName

The name of the client port for which you want to list the stub properties.

Example

The following example lists the client port stub properties for the JRFWssUsernamePort port of the WssUsernameClient Web module in the /base_domain/server1/jwsclient_1#1.1.0 application. Note that the moduleType is set to wsconn, and the serviceRefName is set to WssUsernameClient.

wls:/base_domain/serverConfig>listWebServiceClientStubProperties
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort')

listWebServicePorts

Command Category: Web Service and Client Management

Use with WLST: Online

Description

Lists the web service port names and the endpoint URLs for a web service application or SOA composite.

The output will display the port name and endpoint URL of the web service port. For example:

JRFWssUsernamePort         http://localhost:7001/j2wbasicPolicy/WssUsername

Syntax

listWebServicePorts(application,moduleOrCompName,moduleType,serviceName)
Argument Definition

application

Name and path of the application for which you want to list the web services port information. For example, /domain/server/application#version_number

To list the port information for an application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services port information.

To list the port information for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

serviceName

Name of the web service in the application or SOA composite for which you want to list the port information. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

Example

The following example lists the web service ports and endpoint URLs for the Oracle Infrastructure web service j2wbasicPolicy service in the base_domain/AdminServer/HelloWorld#1_0 application. Note that the WssUsernameService module name is specified, and the moduleType is set to web.

wls:/base_domain/serverConfig> listWebServicePorts
( '/base_domain/AdminServer/HelloWorld#1_0',
'WssUsernameService','web','{http://namespace/}j2wbasicPolicy')

JRFWssUsernamePort      http://localhost:7001/j2wbasicPolicy/WssUsername

The following example lists the web service ports and endpoint URLs for the Java EE web service helloWorldJaxws in the wls-domain/AdminServer/helloWorldJaxws application. Note that the moduleType is set to wls.

wls:/wls-domain/serverConfig> listWebServicePorts ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws')

helloWorldJaxwsSoapHttpPort

listWebServices

Command Category: Web Service and Client Management

Use with WLST: Online

Description

Lists the web service information for an application, SOA composite, or domain. If you do not specify a web service application or a SOA composite, the command lists all services in all applications and composites for every server instance in the domain.

You can specify the amount of information to be displayed in the output using the detail argument. When enabled, the output provides endpoint (port) and policy details for all applications and composites in the domain, the secure status of the endpoints, any configuration overrides and constraints, and if the endpoints have a valid configuration. In addition, the local.policy.reference.source configuration property is provided for each directly attached policy identifying the source of the attachment, as described in "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

A subject is considered secure if the policies attached to it (either directly or globally) enforce authentication, authorization, or message protection behaviors. Because you can specify the priority of a global or directly attached policy (using the reference.priority configuration override), the effective field indicates if the directly attached policies are in effect for the endpoint.

Note that to simplify endpoint management, all directly attached policies are shown in the output regardless of whether they are in effect. In contrast, only globally attached policies that are in effect for the endpoint are displayed. For more information, see "How the Effective Set of Policies is Calculated" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

The output is listed by each application deployed as shown in the following example:

/domain/server/application#version_number:
     moduleName=helloModule, moduleType=web, serviceName={http://namespace/}service 
/base_domain/AdminServer/soa-infra:
     compositeName=default/HelloWorld[1.0],  moduleType=soa, serviceName=service 

Note:

The listWebServices command output does not include details on SOA components, including policy attachments.

For applications assembled prior to 11g Release 1, (11.1.1.6), the namespace is not displayed with the serviceName in the output.

Syntax

listWebServices (application,composite,[detail])
Argument Definition

application

Name and path of the application for which you want to list the web services. For example, /domain/server/application#version_number

If specified, all web services in the application are listed.

composite

Name of the SOA composite for which you want to list the Web services. For example, default/HelloWorld[1.0]

If specified, all Web services in the composite are listed.

detail

Optional. Specifies whether to list port and policy details for the web service.

For each directly attached policy, the local.policy.reference.source configuration property is provided identifying the source of the attachment. For more information, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

Valid values are:

  • true—Output includes details about the service, the port, and the policies.

  • false—Output lists only the services. The default is false.

Examples

The following example for an Oracle Infrastructure web service lists all the web services in all applications and composites in the domain. Sample output is shown in this example.

wls:/base_domain/serverConfig> listWebServices()
/base_domain/AdminServer/soa-infra :
     compositeName=default/HelloWorld[1.0], moduleType=soa, serviceName=service
     compositeName=default/Project1[1.0], moduleType=soa, serviceName=bpelprocess1_client_ep 
/base_domain/AdminServer/jaxwsejb30ws :
        moduleName=jaxwsejb, moduleType=web, serviceName=JaxwsWithHandlerChainBeanService
        moduleName=jaxwsejb, moduleType=web, serviceName=WsdlConcreteService
        moduleName=jaxwsejb, moduleType=web, serviceName=EchoEJBService
        moduleName=jaxwsejb, moduleType=web, serviceName=CalculatorService
        moduleName=jaxwsejb, moduleType=web, serviceName=DoclitWrapperWTJService
 

The following example for an Oracle Infrastructure web service sets the detail argument to true. Sample output is shown in this example. Security policies are shown in bold text.

Note that the reference priority of the globally attached policy is set to 10 and the directly attached policy is not in effect for the endpoint CalculatorPort in the application jaxwsejb30ws.

Also, note that the local.policy.reference.source configuration property is provided for each directly attached policy identifying the source of the attachment. For more information about the local.policy.reference.source configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

wls:/base_domain/serverConfig> listWebServices(detail='true')
 
/base_domain/AdminServer/jaxwsejb30ws :
moduleName=jaxwsejb, moduleType=web, serviceName=CalculatorService
            CalculatorPort  http://host.example.com:1234/jaxwsejb/Calculator
            URI="oracle/wss10_saml20_token_with_message_protection_service_policy", 
category=security, policy-status=enabled; source=global policy set "
MyPolicySet1", scope="DOMAIN('*')"; reference-status=enabled; effective=true
                        Property name="reference.priority", value="10"
             URI="oracle/mex_request_processing_service_policy",
 category=wsconfig, policy-status=enabled; source=local policy set;
 reference-status=enabled; effective=true
                        Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
             URI="oracle/mtom_encode_fault_service_policy", category=wsconfig,
 policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                        Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
             URI="oracle/max_request_size_policy", category=wsconfig,
 policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                        Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
                        Property name="max.request.size", value="-1"
             URI="oracle/request_processing_service_policy", category=wsconfig,
 policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                        Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
             URI="oracle/soap_request_processing_service_policy", category=wsconfig,
 policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                        Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
             URI="oracle/ws_logging_level_policy", category=wsconfig,
 policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                        Property name="logging.level", value=""
                        Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
             URI="oracle/test_page_processing_service_policy", category=wsconfig,
 policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                        Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
             URI="oracle/wsdl_request_processing_service_policy", category=wsconfig,
 policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
                        Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
             URI="oracle/http_saml20_token_bearer_service_policy", category=security,
 policy-status=enabled; source=local policy set; reference-status=enabled;  reference-status=enabled; effective=false
                        Property name="local.policy.reference.source", value="ANNOTATION"
 
        The policy subject is secure in this context.

The following example for a Java EE web service sets the detail argument to true. Sample output is shown in this example. The output lists all the web services in all applications and composites in the domain.

/base_domain/AdminServer/SimpleJAXWS :
   moduleName=SimpleJAXWS#1!SimpleEjbService, moduleType=wls, serviceName=SimpleEjbService
      SimplePort
      URI="oracle/http_basic_auth_over_ssl_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
            Property name="local.policy.reference.source", value="LOCAL_ATTACHMENT"
 
        The policy subject is secure in this context.
 
        moduleName=SimpleJAXWS#1!SimpleImplService, moduleType=wls, serviceName=SimpleImplService
            SimplePort
                  has Operation level ws-policy
            Attached policy or policies are valid; endpoint is not secure.

setWebServiceClientStubProperties

Note:

This command applies to Oracle Infrastructure web service clients only.

Command Category: Web Service and Client Management

Use with WLST: Online

Description

Configures the set of stub properties of a web service client port for an application or SOA composite.

This command configures or resets all of the stub properties for the OWSM client security policy attached to the client. Each property that you list in the command is set to the value you specify. If a property that was previously set is not explicitly specified in this command, it is reset to the default for the property. If no default exists, the property is removed.

Syntax

setWebServiceClientStubProperties(application, moduleOrCompName, moduleType, 
serviceRefName, portInfoName, properties)
Argument Definition

application

Name and path of the application for which you want to reset the web services client port stub properties. For example, /domain/server/application#version_number

To configure or reset the client port stub properties for an application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to reset the web services client port stub properties.

To configure or reset client port stub properties for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

serviceRefName

Service reference name of the application or SOA composite for which you want to reset the web service client port stub properties.

portInfoName

The name of the client port for which you want to reset the stub properties.

properties

The list of properties to be set or changed. Properties must be specified using the following format:

("property","value")

For example:

[("keystore.recipient.alias","oracle"), ("csf-key","oracle")]

To remove a property or clear the value assigned to it, specify a blank "" value. For example:

[("csf-key","")]

To remove all the properties of the client port, set this argument to None.

Sample client port stub properties are as follows:

  • oracle.webservices.auth.username

  • oracle.webservices.auth.password

  • keystore.recipient.alias

  • csf-key

  • saml.issuer.name

  • javax.xml.ws.session.maintain

  • wsat.Version —SOA references only

  • wsat.flowOption—SOA references only

Example

The following example resets the client port stub properties ROLE and keystore.recipient.alias to ADMIN and orakey, respectively. Any other properties that were previously set for this client port are either reset to the default or removed. The client port is JRFWssUsernamePort of the WssUsernameClient Web module in the /base_domain/server1/jwsclient_1#1.1.0 application. Note that the moduleType is set to wsconn, and the serviceRefName is set to WssUsernameClient.

wls:/base_domain/serverConfig>setWebServiceClientStubProperties('/base_domain/server1/jwsclient_1#1.1.0',
'WssUsernameClient','wsconn','WssUsernameClient','JRFWssUsernamePort',
[("ROLE","ADMIN"),("keystore.recipient.alias","orakey")] )

setWebServiceClientStubProperty

Command Category: Web Service and Client Management

Use with WLST: Online

Description

Sets, changes, or deletes a single stub property of a web service client port for an application or SOA composite.

Syntax

setWebServiceClientStubProperty(application, moduleOrCompName, moduleType, 
serviceRefName,portInfoName,propName,[propValue])
Argument Definition

application

Name and path of the application for which you want to set the web services client port stub property. For example, /domain/server/application#version_number

To set a client port stub property for an application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to set the web services client port stub property.

To set a client port stub property for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

serviceRefName

Service reference name of the application or SOA composite for which you want to set the web service client port stub property.

portInfoName

The name of the client port for which you want to set the stub property.

propName

Stub property name that you want to set, change, or delete. For example, 'keystore.recipient.alias'.

propValue

Optional. The stub property value, for example, 'orakey'.

To remove the property, specify a blank "" value.

Example

The following example sets the client port stub property keystore.recipient.alias to the value orakey for the client port JRFWssUsernamePort. The port is a client port of the WssUsernameClient Web module in the /base_domain/server1/jwsclient_1#1.1.0 application. Note that the moduleType is set to wsconn, and the serviceRefName is set to WssUsernameClient.

wls:/base_domain/serverConfig>setWebServiceClientStubProperty
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort','keystore.recipient.alias','orakey')

Policy Management Commands

Note:

The policy management commands for Java EE Web Services (or clients) listed in Table 3-7 have been deprecated in this release for Oracle Infrastructure Web Services.

For Oracle Infrastructure web services, to manage OWSM directly attached policies in release 12c, it is recommended that you use the new WLST commands listed in Table 3-6. For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.

Use the WLST commands listed in Table 3-6 to manage Oracle Infrastructure and RESTful Web Services direct and global policy attachments.

Table 3-6 Oracle Infrastructure and RESTful Web Services and Clients - WLST Commands for Direct Policy Attachments

Use this command... To... Use with WLST...

attachWSMPolicy

Attach a policy to the selected policy subject or policy set document within a session.

Online

attachWSMPolicies

Attach multiple policies to the selected policy subject or policy set document within a session.

Online

detachWSMPolicy

Detach a policy from the selected policy subject or policy set document within a session.

Online

detachWSMPolicies

Detach multiple policies from the selected policy subject or policy set document within a session.

Online

enableWSMPolicies

Enable or disable multiple policies that are attached to the selected policy subject or policy set document within a session.

Online

enableWSMPolicy

Enable or disable a policy that is attached to the selected policy subject or policy set document within a session.

Online

listAvailableWebServicePolicies

Display a list of all the available OWSM policies by category or subject type.

Online

listWebServiceClientPolicies

List web service client port policies information for an application or SOA composite.

Online

listWebServicePolicies

List web service port policy information for a web service in an application or SOA composite.

Online

setWSMPolicyOverride

Configure override properties for a policy that is attached to the selected policy subject or policy set document within a session.

Online

Use the WLST commands listed in Table 3-7 to manage Java EE Web Services (or clients) directly attached policies.

Note:

The commands listed in Table 3-7 have an application argument.

In an multi-tenant environment, if you intend to target a specific application instance within a tenant's partition, then you must include the partition name as part of the application as follows:

/domain/server/application#version$partition

However, if you are targeting a domain-scoped application, then you do not have to include the partition name. You can use the application argument as follows:

/domain/server/application#version

Table 3-7 Java EE Web Services (or Clients) - WLST Commands for Direct Policy Attachments

Use this command... To... Use with WLST...

attachWebServiceClientPolicies

Attach multiple policies to a web service client port of an application or SOA composite.

Online

attachWebServiceClientPolicy

Attach an OWSM policy to a web service client port of an application or SOA composite.

Online

attachWebServicePolicies

Attach multiple policies to a web service port of an application or SOA composite.

Online

attachWebServicePolicy

Attach a policy to a web service port of an application or SOA composite.

Online

detachWebServiceClientPolicies

Detach multiple policies from a web service client port of an application or SOA composite.

Online

detachWebServiceClientPolicy

Detach a policy from a web service client port of an application or SOA composite.

Online

detachWebServicePolicies

Detach multiple OWSM policies from a web service port of an application or SOA composite

Online

detachWebServicePolicy

Detach an OWSM policy from a web service port of an application or SOA composite.

Online

enableWebServiceClientPolicies

Enable or disable multiple policies of a web service client port of an application or SOA composite.

Online

enableWebServiceClientPolicy

Enable or disable a policy of a web service client port of an application or SOA composite.

Online

enableWebServicePolicies

Enable or disable multiple policies attached to a port of a web service application or SOA composite.

Online

enableWebServicePolicy

Enable or disable a policy attached to a port of a web service application or SOA composite.

Online

listAvailableWebServicePolicies

Display a list of all the available OWSM policies by category or subject type.

Online

listWebServiceClientPolicies

List web service client port policies information for an application or SOA composite.

Online

listWebServicePolicies

List web service port policy information for a web service in an application or SOA composite.

Online

attachWebServiceClientPolicies

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure web services.

For Oracle Infrastructure Web Services, this command has been deprecated. It is recommended that you use the attachWSMPolicies command, as described in "attachWSMPolicies". The following examples show how to migrate to use the attachWSMPolicies command.

11g Release:

wls:/wls-domain/serverConfig>attachWebServiceClientPolicies
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort',["oracle/wss_username_token_client_policy","oracle/log_policy"])

12c Release:

wls:/wls-domain/serverConfig>attachWSMPolicies(["oracle/wss_username_token_client_policy","oracle/log_policy"])

Command Category: Policy Management

Use with WLST: Online

Description

Attaches multiple policies to a web service client port of an application or SOA composite.

The policyURIs are validated through the OWSM Policy Manager APIs if the wsm-pm application is installed on WebLogic Server and is available.

For Java EE (wls) module types only: If the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

attachWebServiceClientPolicies(application,moduleOrCompName,moduleType, 
serviceRefName,portInfoName,policyURIs,[subjectType=None] )
Argument Definition

application

Name and path of the application for which you want to attach OWSM client policies to the web service client port. For example, /domain/server/application#version_number

To attach policies to a client port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to attach the policies to the client port.

To attach policies to a client port of a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

Note: The web and wsconn module types are deprecated for this release.

serviceRefName

The service reference name of the application or composite.

portInfoName

The client port to which you want to attach the OWSM client policy.

policyURI

The OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_client_policy"]

If the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Examples

The following example attaches the policy oracle/log_policy to the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>attachWebServiceClientPolicies
(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt',["oracle/wss_username_token_client_policy","oracle/log_policy"]) 

The following example attaches the policies oracle/wss10_saml20_token_client_policy and oracle/wss11_message_protection_client_policy to the client port UpperCaseImplPort in the Java EE Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>attachWebServiceClientPolicies
('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"])

attachWebServiceClientPolicy

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicy command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy command.

11g Release:

wls:/wls-domain/serverConfig>attachWebServiceClientPolicy
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort',"oracle/wss_username_token_client_policy")

12c:

wls:/wls-domain/serverConfig>attachWSMPolicy("oracle/wss_username_token_client_policy")

Command Category: Policy Management

Use with WLST: Online

Description

Attaches an OWSM policy to a web service client port of an application or SOA composite.

The policyURI is validated through the OWSM Policy Manager APIs if the wsm-pm application is installed on WebLogic Server and is available.

For Java EE (wls) module types only: If the PolicyURI that you specify in this command already is attached or exists, then this command enables the policy if it is disabled.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

attachWebServiceClientPolicy(application,moduleOrCompName,moduleType, 
serviceRefName, portInfoName, policyURI, [subjectType=None] )
Argument Definition

application

Name and path of the application for which you want to attach a policy to the web service client port. For example, /domain/server/application#version_number.

To attach a policy to a client port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to attach the policy to the client port.

To attach a policy to a client port of a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

Note: The web and wsconn module types are deprecated for this release.

serviceRefName

The service reference name of the application or composite.

portInfoName

The client port to which you want to attach the OWSM client policy.

policyURI

The OWSM policy name URI, for example, oracle/wss_username_token_client_policy"

If the policy that you specify is already attached or exists, then this command enables the policy if it is disabled.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Examples

The following example attaches the client policy oracle/log_policy to the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>attachWebServiceClientPolicy
(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy') 

The following example attaches the oracle/wss_username_token_client_policy client policy to the Java EE web service client port UpperCaseImplPort of the Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2. The web service is part of the application ClientJWS.

wls:/wls-domain/serverConfig> attachWebServiceClientPolicy ('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy")

attachWebServicePolicies

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicies command, as described in "attachWSMPolicies". The following examples show how to migrate to use the attachWSMPolicies command.

11g Release:

wls:/wls-domain/serverConfig> attachWebServicePolicies
('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort',
["oracle/log_policy", "oracle/wss_username_token_service_policy"])

12c Release:

wls:/wls-domain/serverConfig> attachWSMPolicies["oracle/log_policy", "oracle/wss_username_token_service_policy"])

Command Category: Policy Management

Use with WLST: Online

Description

Attaches multiple policies to a web service port of an application or SOA composite.

The policyURIs are validated through the OWSM Policy Manager APIs if the wsm-pm application is installed on WebLogic Server and is available.

For Java EE (wls) module types only: if any of the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

attachWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, 
subjectName,policyURIs,[subjectType=None])
Argument Definition

application

Name and path of the application to which you want to attach the web service policies. For example, /domain/server/application#version_number

To attach the policies to a port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) to which you want to attach web service policies.

To attach the policies to a port of a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

Note: The web module type is deprecated for this release.

serviceName

Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

subjectName

Name of the policy subject, port, or operation.

policyURIs

List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]

If any of the policies that you specify are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Example

The following example attaches the policies 'oracle/binding_authorization_denyall_policy', 'oracle/wss_username_token_service_policy' to the port helloWorldJaxwsSoapHttpPort of the Web module helloWorldJaxws. The Java EE web service is part of the application helloWorldJaxws for the server AdminServer in the domain wls-domain.

 wls:wls-domain/ServerConfig>attachWebServicePolicies ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort, ['oracle/binding_authorization_denyall_policy', 'oracle/wss_username_token_service_policy'])

attachWebServicePolicy

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicy command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy command.

11g Release:

wls:/wls-domain/serverConfig> attachWebServicePolicy
('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort','oracle/wss_username_token_service_policy')

12c Release:

wls:/wls-domain/serverConfig> attachWSMPolicy('oracle/wss_username_token_service_policy')

Command Category: Policy Management

Use with WLST: Online

Description

Attaches a policy to a web service port of an application or SOA composite.

The policyURI is validated through the OWSM Policy Manager APIs if the wsm-pm application is installed on WebLogic Server and is available.

For Java EE (wls) module types only: If the PolicyURI that you specify in this command already is attached or exists, then this command enables the policy if it is disabled.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

attachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURI, [subjectType=None])
Argument Definition

application

Name and path of the application to which you want to attach a web service policy. For example, /domain/server/application#version_number

To attach a policy to a port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) to which you want to attach a web service policy.

To attach a policy to a port of a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

Note: The web module type is deprecated for this release.

serviceName

Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

subjectName

Name of the policy subject, port, or operation.

policyURI

OWSM policy name URI, for example, 'oracle/log_policy'

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Examples

The following example attaches the policy oracle/log_policy to the port HelloWorld_pt of the service HelloService in the SOA composite default/HelloWorld[1.0]. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

wls:/wls-domain/serverConfig>attachWebServicePolicy(None, 'default/HelloWorld[1.0]','soa','HelloService','HelloWorld_pt','oracle/log_policy')

The following example attaches the policy oracle/wss_username_token_service_policy to the port helloWorldJaxwsSoapHttpPort of the Java EE web service helloWorldJaxws.

wls:wls-domain/serverConfig> attachWebServicePolicy ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy')

A web service cannot contain both a WebLogic web service policy and an Oracle web service policy. If you have a web service with a WebLogic web service policy, you must first detach it before attaching the Oracle web service policy. The following example detaches the WebLogic web service policy Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml from the port SimplePort in the Java EE web service SimpleEjbService and then attaches the Oracle web service policy oracle/wss_username_token_service_policy.

wls:wls-domain/serverConfig>detachWebServicePolicy('/wls-domain/AdminServer/SimpleJAXWS','SimpleJAXWS#1!SimpleEjbService', 'wls','SimpleEjbService', 'SimplePort','policy:Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml')
 
wls:wls-domain/serverConfig>attachWebServicePolicy('/wls-domain/AdminServer/SimpleJAXWS','SimpleJAXWS#1!SimpleEjbService', 'wls','SimpleEjbService', 'SimplePort', 'oracle/wss_username_token_service_policy')

Note:

The detachWebServicePolicy WLST command allows you to detach WebLogic web service policies from a web service. However, you cannot use the attachWebServicePolicy WLST command to attach WebLogic web service policies. To attach WebLogic web service policies to a web service, you must use the WebLogic Administration Console.

attachWSMPolicies

Note:

This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.

Command Category: Policy Management

Use with WLST: Online

Description

Within a session, attaches multiple policies, identified by specified the URIs, to the selected policy subject.

You must start a session and select the policy set (selectWSMPolicySet) or policy subject (selectWSMPolicySubject) before initiating the command. However, if attachWSMPolicies is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected. If there is no current session and no policy subject selected, an error is displayed.

Syntax

attachWSMPolicies(uris, [raiseError='true|false'])
Element Description

uris

List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]

raiseError

Optional. When set to true it raises exception in case of known errors. When set to false it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example attaches the policies oracle/log_policy and oracle/wss_username_token_service_policy. It assumes that you have already selected a policy subject.

wls:/wls-domain/serverConfig>attachWSMPolicies(["oracle/log_policy", "oracle/wss_username_token_service_policy"])

attachWSMPolicy

Note:

This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.

Command Category: Policy Management

Use with WLST: Online/offline

Description

Within a session, attaches a policy, identified by the specified URI, to the selected policy subject or policy set.

You must start a session and select the policy set (selectWSMPolicySet) or policy subject (selectWSMPolicySubject) before initiating the command. However, if attachWSMPolicy is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected. If there is no current session and no policy subject is selected, an error is displayed.

Syntax

attachWSMPolicy(uri, [raiseError='true|false'])
Argument Definition

uri

OWSM policy name URI, for example, 'oracle/log_policy'

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example attaches the policy oracle/wss_username_token_service_policy. It assumes that you have already selected a web service port, a web service client port, or a current policy set.

wls:/wls-domain/serverConfig>attachWSMPolicy('oracle/wss_username_token_service_policy')

detachWebServiceClientPolicies

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicies command, as described in "detachWSMPolicies". The following examples show how to migrate to use the detachWSMPolicies command.

11g Release:

wls:/wls-domain/serverConfig>detachWebServiceClientPolicies
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort',
["oracle/log_policy","oracle/wss_username_token_client_policy"])

12c Release:

wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_client_policy"])

Command Category: Policy Management

Use with WLST: Online

Description

Detaches multiple policies from a web service client port of an application or SOA composite.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

detachWebServiceClientPolicies(application,moduleOrCompName,moduleType, 
serviceRefName,portInfoName,policyURIs,[subjectType=None] )
Argument Definition

application

Name and path of the application for which you want to detach multiple policies from a web service client port. For example, /domain/server/application#version_number

To detach multiple policies from a client port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to detach multiple policies from a client port.

To detach multiple policies from a client port for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

Note: The web and wsconn module types are deprecated for this release.

serviceRefName

The service reference name of the application or composite.

portInfoName

The client port from which you want to detach the OWSM client policy.

policyURI

The OWSM policy name URI, for example, oracle/wss_username_token_client_policy"

If the policy specified is not attached, an error message is displayed and/or an exception is thrown.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Example

The following example detaches the client policies oracle/wss10_saml20_token_client_policy and oracle/wss11_message_protection_client_policy of the port UpperCaseImplPort of the Java EE web service module owsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>detachWebServiceClientPolicies('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"])

detachWebServiceClientPolicy

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicy command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy command.

11g Release:

wls:/wls-domain/serverConfig>detachWebServiceClientPolicy
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort','oracle/wss_username_token_client_policy')

12c Release:

wls:/wls-domain/serverConfig>detachWSMPolicy('oracle/wss_username_token_client_policy')

Command Category: Policy Management

Use with WLST: Online

Description

Detaches a policy from a web service client port of an application or SOA composite.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

detachWebServiceClientPolicy(application,moduleOrCompName,moduleType, 
serviceRefName, portInfoName, policyURI, [subjectType=None] )
Argument Definition

application

Name and path of the application for which you want to detach a policy from a web service client port. For example, /domain/server/application#version_number

To detach a policy from a client port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to detach the policy from a client port.

To detach a policy from a client port of a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

Note: The web and wsconn module types are deprecated for this release.

serviceRefName

The service reference name of the application or composite.

portInfoName

The client port from which you want to detach the OWSM client policy.

policyURI

The OWSM policy name URI, for example, oracle/wss_username_token_client_policy"

If the policy specified is not attached, an error message is displayed and/or an exception is thrown.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Examples

The following example detaches the client policy oracle/log_policy from the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>detachWebServiceClientPolicy(None, 
'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy' ) 

The following command detaches the client policy oracle/wss_username_token_client_policy from the client port UpperCaseImplPort in the Java EE client module wsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>  detachWebServiceClientPolicy('/wls-domain/AdminServer/ClientJWS', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy")

detachWebServicePolicies

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicies command, as described in "detachWSMPolicies". The following examples show how to migrate to use the detachWSMPolicies command.

11g Release:

wls:/wls-domain/serverConfig>detachWebServicePolicies
('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort',
["oracle/log_policy","oracle/wss_username_token_service_policy"])

12c Release:

wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"])

Command Category: Policy Management

Use with WLST: Online

Description

Detaches multiple OWSM policies from a web service port of an application or SOA composite.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

detachWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURIs,[subjectType=None])
Argument Definition

application

Name and path of the application from which you want to detach the web service policies. For example, /domain/server/application#version_number

To detach policies from a port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) from which you want to detach the web service policies.

To detach policies from a port of a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

Note: The web module type is deprecated for this release.

serviceName

Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

subjectName

Name of the policy subject, port, or operation.

policyURIs

List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]

If a policyURI specified is not attached, an error message is displayed and/or an exception is thrown.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Example

The following example detaches the policies "oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy" from the port helloWorldJaxwsSoapHttpPort of the Java EE Web module helloWorldJaxws. The web service is part of the application helloWorldJaxws for the server AdminServer in the domain wls-domain.

wls:/wls-domain/serverConfig>detachWebServicePolicies ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', ["oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy"])

detachWebServicePolicy

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicy command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy command.

11g Release:

wls:/wls-domain/serverConfig>detachWebServicePolicy('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web','{http://namespace/}WssUsernameService','JRFWssUsernamePort','oracle/wss_username_token_service_policy')

12c Release:

wls:/wls-domain/serverConfig>detachWSMPolicy('oracle/wss_username_token_service_policy')

Command Category: Policy Management

Use with WLST: Online

Description

Detaches an OWSM policy from a web service port of an application or SOA composite.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

detachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURI, [subjectType=None])
Argument Definition

application

Name and path of the application from which you want to detach a web service policy. For example, /domain/server/application#version_number

To detach a policy from a port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) from which you want to detach a web service policy.

To detach a policy from a port of a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

Note: The web module type is deprecated for this release.

serviceName

Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

subjectName

Name of the policy subject, port, or operation.

policyURI

OWSM policy name URI, for example, 'oracle/log_policy'

If the policy specified is not attached, an error message is displayed and/or an exception is thrown.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Examples

The following example detaches the policy oracle/log_policy from the port HelloWorld_pt of the service HelloService in the SOA composite default/HelloWorld[1.0]. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

wls:/wls-domain/serverConfig>detachWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy')

The following example detaches the policy oracle/wss_username_token_service_policy from the port helloWorldJaxwsSoapHttpPort of the service helloWorldJaxws in the Java EE web service wls-domain/AdminServer/helloWorldJaxws.

wls:/wls-domain/serverConfig>detachWebServicePolicy
('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy')

detachWSMPolicies

Note:

This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.

Command Category: Policy Management

Use with WLST: Online

Description

Within a session, detaches multiple policies, identified by an array of URIs or index values, from the selected policy subject.

You must start a session and select the policy set (selectWSMPolicySet) or policy subject (selectWSMPolicySubject) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.

Syntax

detachWSMPolicies(uris, [raiseError='true|false'])
Argument Definition

uris

Array of URIs or index values specifying the policies to detach from a policy subject. For example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]

If the specified policy URIs are not attached, an error message is displayed and/or an exception is thrown.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example detaches the OWSM logging policy and username token service policy from the current policy subject:

wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"])

The following example uses the index values of the OWSM logging policy and username token service URIs to detach them from the current policy subject

wls:/wls-domain/serverConfig>detachWSMPolicies('1','3')

detachWSMPolicy

Note:

This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.

Command Category: Policy Management

Use with WLST: Online

Description

Within a session, detaches a policy, identified by the specified URI or index value, from the selected policy subject.

You must start a session and select the policy set (selectWSMPolicySet) or policy subject (selectWSMPolicySubject) before initiating the command. If there is no current session and no policy subject selected, an error is displayed

Issuing this command outside of a session containing a policy subject that is being created or modified will result in an error.

Syntax

detachWSMPolicy(uri, [raiseError='true|false'])
Argument Definition

uri

URI or index value specifying the policy to detach from a policy subject. For example, 'oracle/log_policy'.

If the specified policy URI is not attached, an error message is displayed and/or an exception is thrown.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example detaches the OWSM logging policy from the current policy subject.

wls:/wls-domain/serverConfig>detachWSMPolicy('oracle/log_policy')

The following example uses the index value of the OWSM logging policy's URI to detach it from the current policy subject.

wls:/wls-domain/serverConfig>detachWSMPolicy('1')

enableWebServiceClientPolicies

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicies command, as described in "enableWSMPolicies". The following examples show how to migrate to use the enableWSMPolicies command.

11g Release:

wls:/wls-domain/serverConfig>enableWebServiceClientPolicies
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort',
["oracle/log_policy", "oracle/wss_username_token_client_policy"], true ) 

12c Release:

wls:/wls-domain/serverConfig>enableWSMPolicies(["oracle/log_policy", "oracle/wss_username_token_client_policy"], true ) 

Command Category: Policy Management

Use with WLST: Online

Description

Enables or disables multiple policies of a web service client port of an application or SOA composite.

Note:

Policy changes made using this WLST command are only effective after you restart your application

Syntax

enableWebServiceClientPolicies(application,moduleOrCompName,moduleType, 
serviceRefName,portInfoName,policyURIs,[enable],[subjectType=None] )
Argument Definition

application

Name and path of the application for which you want to enable or disable multiple policies of a web service client port. For example, /domain/server/application#version_number

To enable or disable multiple policies of a client port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable or disable multiple policies of a client port.

To enable or disable multiple policies of a client port for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

Note: The web and wsconn module types are deprecated for this release.

serviceRefName

The service reference name of the application or composite.

portInfoName

The name of the client port to which you want to attach the OWSM client policies.

policyURIs

The list of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_client_policy"].

enable

Optional. Specifies whether to enable or disable the policies. Valid options are:

  • true—Enables the policy. The default is true.

  • false—Disables the policy.

If you omit this argument, the policies are enabled.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Example

The following example enables the client policies oracle/wss10_saml20_token_client_policy and oracle/wss11_message_protection_client_policy of the port UpperCaseImplPort of the Java EE web service module owsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>enableWebServiceClientPolicies('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"], true)

enableWebServiceClientPolicy

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicy command, as described in "enableWSMPolicy". The following examples show how to migrate to use the enableWSMPolicy command.

11g Release:

wls:/wls-domain/serverConfig>enableWebServiceClientPolicy
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort', "oracle/wss_username_token_client_policy",true)

12c Release:

wls:/wls-domain/serverConfig>enableWSMPolicy("oracle/wss_username_token_client_policy",true)

Command Category: Policy Management

Use with WLST: Online

Description

Enables or disables a policy of a web service client port of an application or SOA composite.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

enableWebServiceClientPolicy(application,moduleOrCompName,moduleType, 
serviceRefName,portInfoName,policyURI,[enable],[subjectType=None] )
Argument Definition

application

Name and path of the application for which you want to enable or disable a policy of a web service client port. For example, /domain/server/application#version_number

To enable or disable a policy of a client port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable or disable a policy of a client port.

To enable or disable a policy of a client port for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

Note: The web and wsconn module types are deprecated for this release.

serviceRefName

The service reference name of the application or composite.

portInfoName

The name of the client port to which you want to attach the OWSM client policy.

policyURI

The OWSM policy name URI, for example, oracle/wss_username_token_client_policy"

enable

Optional. Specifies whether to enable or disable the policy. Valid options are:

  • true—Enables the policy. The default is true.

  • false—Disables the policy.

If you omit this argument, the policy is enabled.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Examples

The following example enables the client policy oracle/log_policy of the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>enableWebServiceClientPolicy(None,
'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy')

The following example disables the client policy oracle/log_policy of the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>enableWebServiceClientPolicy(None,
'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy', false )

The following example disables the client policy oracle/wss_username_token_client_policy on the client port UpperCaseImplPort in the Java EE Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>enableWebServiceClientPolicy('/wls-domain/AdminServer/ClientJWS', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy", false)

enableWebServicePolicies

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicies command, as described in "enableWSMPolicies". The following examples show how to migrate to use the enableWSMPolicies command.

11g Release:

wls:/wls-domain/serverConfig> enableWebServicePolicies
('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort',["oracle/log_policy", "oracle/wss_username_token_service_policy"],true)

12c Release:

wls:/wls-domain/serverConfig> enableWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"],true)

Command Category: Policy Management

Use with WLST: Online

Description

Enables or disables multiple policies attached to a port of a web service application or SOA composite.

If the policyURIs that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

enableWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURIs,[enable],[subjectType=None] ))
Argument Definition

application

Name and path of the application for which you want to enable the web service policies. For example, /domain/server/application#version_number

To enable policies that are attached to a port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable web service policies.

To enable policies that are attached to a port of a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

Note: The web module type is deprecated for this release.

serviceName

Name of the web service in the application or SOA composite.For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

subjectName

Name of the policy subject, port, or operation.

policyURIs

List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]

If the policyURIs that you specify are not attached, an error message is displayed and/or an exception is thrown.

enable

Optional. Specifies whether to enable or disable the policies. Valid options are:

  • true—Enables the policies. The default is true.

  • false—Disables the policies.

If you omit this argument, the policies are enabled.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Example

The following example disables the policies ["oracle/binding_authorization_denyall_policy","oracle/wss_username_token_service_policy"] attached to the port helloWorldJaxwsSoapHttpPort of the Web module helloWorldJaxws#1!helloWorldJaxws. The web service is part of the application helloWorldJaxws for the server AdminServer in the domain wls-domain.

wls:/wls-domain/serverConfig>enableWebServicePolicies ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', ["oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy"], false)

enableWebServicePolicy

Note:

Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicy command, as described in "enableWSMPolicy". The following examples show how to migrate to use the enableWSMPolicy command.

11g Release:

wls:/wls-domain/serverConfig>enableWebServicePolicy
('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort',"oracle/wss_username_token_service_policy",true)

12c Release:

wls:/wls-domain/serverConfig>enableWSMPolicy("oracle/wss_username_token_service_policy",true)

Command Category: Policy Management

Use with WLST: Online

Description

Enables or disables a policy attached to a port of a web service application or SOA composite.

If the policy that you specify in this command is not attached to the port, an error message is displayed and/or an exception is thrown.

Note:

Policy changes made using this WLST command are only effective after you restart your application.

Syntax

enableWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURI, [enable], [subjectType=None] ))
Argument Definition

application

Name and path of the application for which you want to enable a web service policy. For example, /domain/server/application#version_number

To enable a policy that is attached to a port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable a web service policy.

To enable a policy that is attached to a port of a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

Note: The web module type is deprecated for this release.

serviceName

Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

subjectName

Name of the policy subject, port, or operation.

policyURI

OWSM policy name URI, for example, 'oracle/log_policy'

If the policy that you specify is not attached, an error message is displayed and/or an exception is thrown.

enable

Optional. Specifies whether to enable or disable the policy. Valid options are:

  • true—Enables the policy. The default is true.

  • false—Disables the policy.

If you omit this argument, the policy is enabled.

subjectType

Optional. Policy subject type. Valid options are:

  • P—Port. The default is P.

  • O—Not supported in this release.

Examples

The following example enables the policy oracle/log_policy attached to the port HelloWorld_pt for the service HelloService in the SOA composite default/HelloWorld[1.0]. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

wls:/wls-domain/serverConfig>enableWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy')

The following example disables the policy oracle/log_policy attached to the port HelloWorld_pt for the service HelloService in the SOA composite default/HelloWorld[1.0]. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

wls:/wls-domain/serverConfig>enableWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy',false)

The following example disables the policy oracle/wss_username_token_service_policy attached to the port helloWorldJaxwsSoapHttpPort for the service helloWorldJaxws in the Java EE web service wls-domain/AdminServer/helloWorldJaxws

wls:/wls-domain/domainRuntime> enableWebServicePolicy ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy', false)

enableWSMPolicies

Note:

This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.

Command Category: Policy Management

Use with WLST: Online

Description

Within a session, enables or disables multiple policy attachments, identified by the specified URIs, that are attached to a policy subject.

You must start a session and select the policy set (selectWSMPolicySet) or policy subject (selectWSMPolicySubject) before initiating the command. However, if enableWSMPolicies is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected.

If the optional enable argument is not specified, this command enables the policy attachment by default. If the policy URIs that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.

Syntax

enableWSMPolicies(uris,[enable=true], [raiseError='true|false'])
Argument Definition

uris

List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]

If the policyURIs that you specify are not attached, an error message is displayed and/or an exception is thrown.

enable

Optional. Specifies whether to enable or disable the policy attachments. Valid options are:

  • true—Enables the specified policy attachments. The default is true.

  • false—Disables the specified policy attachments.

If you omit this argument, the policies are enabled.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example enables the policies ["oracle/log_policy","oracle/wss_username_token_service_policy"] attached to the port JRFWssUsernamePort of the Web module WssUsernameService. The web service is part of the application HelloWorld#1_0 for the server server1 in the domain base_domain.

wls:/wls-domain/serverConfig>enableWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"],true)

enableWSMPolicy

Note:

This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.

Command Category: Policy Management

Use with WLST: Online

Description

Within a session, enables or disables a policy attachment, identified by a specified URI, that is attached to a policy subject.

You must start a session and select the policy set (selectWSMPolicySet) or policy subject (selectWSMPolicySubject) before initiating the command. However, if enableWSMPolicy is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected.

If the optional enable argument is not specified, this command enables the policy attachment by default. If the policyURIs that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.

Syntax

enableWSMPolicy(uri,[enable=true], [raiseError='true|false'])
Argument Definition

uri

URI specifying the policy attachment within the policy set.

enable

Optional. Specifies whether to enable or disable the policy attachment specified by the URI in the policy set. Valid options are:

  • true—Enables the specified policy attachment in the policy set. The default is true.

  • false—Disables specified policy attachment in the policy set.

If you omit this argument, the policy set attachment is enabled.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example enables the policy oracle/wss_username_token_service_policy attached to the port JRFWssUsernamePort of the Web module WssUsernameService. The web service is part of the application HelloWorld#1_0 for the server server1 in the domain base_domain.

wls:/wls-domain/serverConfig>enableWSMPolicy("oracle/wss_username_token_service_policy",true)

The following example enables the policy oracle/log_policy attached to the port HelloWorld_pt for the service HelloService in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>enableWSMPolicy('oracle/log_policy')

The following example disables the policy oracle/log_policy attached to the port HelloWorld_pt for the service HelloService in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>enableWSMPolicy('oracle/log_policy',false)

listAvailableWebServicePolicies

Command Category: Policy Management

Use with WLST: Online

Description

Displays a list of all the available OWSM policies by category or subject type.

Syntax

listAvailableWebServicePolicies([category],[subject])
Argument Definition

category

Optional. The policy category, for example,: 'security', 'management'.

subject

Optional. The policy subject type, for example,: 'server' or 'client'.

Example

The following example lists all the available OWSM server security policies in the domain.

wls:/wls-domain/serverConfig>listAvailableWebServicePolicies('security','server')

listWebServiceClientPolicies

Command Category: Policy Management

Use with WLST: Online

Description

Lists web service client port policies information for an application or SOA composite.

The output will display the web service client/reference port name, the OWSM policies it has attached to it and details about each attachment such as the policy category, status, the source of the policy attachment, any policy override properties (if applicable), and if the policy is in effect for the subject. It also displays if the policy subject is secure. For example:

test-port:
URI=oracle/wss_username_token_client_policy, category=security, policy-status=enabled
 source=local policy set; reference-status=enabled; effective=true
 The policy subject is secure in this context.

Syntax

listWebServiceClientPolicies(application, moduleOrCompName, moduleType, 
serviceRefName,portInfoName)
Argument Definition

application

Name and path of the application for which you want to list the web service client port policy information. For example, /domain/server/application#version_number

To list the client port policy information for a web services application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services port policy information.

To list the client port policy information for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

  • wsconn—Use with a connection-based web service client such as an ADF DC web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.

serviceRefName

The service reference name of the application or composite.

portInfoName

The client port name.

Example

The following example lists the web service client port policy information for the application jwsclient_1#1.1.0 for the server server1 in the domain base_domain. In this example, the Web module name is WssUsernameClient, the module type is wsconn, the service reference name is WssUsernameClient, and the client port name is JRFWssUsernamePort.

wls:/wls-domain/serverConfig>listWebServiceClientPolicies
('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort') 

listWebServicePolicies

Command Category: Policy Management

Use with WLST: Online

Description

Lists web service policy information for a web service port in an application or SOA composite.

The output will display the web service port name, the OWSM policies it has attached to it and details about each attachment such as the policy category, status, the source of the policy attachment, any policy override properties (if applicable), and if the policy is in effect for the subject. It also displays if the policy subject is secure. For example:

CalculatorPort:
URI="oracle/wss_username_token_service_policy", category=security, policy-status=enabled;
 source=local policy set; reference-status=enabled; effective=true
 The policy subject is secure in this context.

Syntax

listWebServicePolicies(application,moduleOrCompName,moduleType,serviceName,subjectName)
Argument Definition

application

Name and path of the application for which you want to list the web services port policy information. For example, /domain/server/application#version_number

To list the port policy information for a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services port policy information.

To list the port policy information for a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. Valid options are:

  • soa—SOA composite.

  • web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

  • wls—Java EE web services.

serviceName

Name of the web service in the application or SOA composite for which you want to list the port policy information. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

subjectName

Policy subject, port, or operation name.

Examples

The following example lists the web service policy information for the port CalculatorPort in the application jaxwsejb30ws. In this example, the Web module name is jaxwsejb, and the service name is CalculatorService.

wls:/wls-domain/serverConfig>listWebServicePolicies ('/base_domain/AdminServer/jaxwsejb30ws','jaxwsejb','web', '{http://namespace/}CalculatorService', 'CalculatorPort')

The following example lists the port policy information for the SOA composite default/HelloWorld[1.0]. Note that the moduleType is set to SOA, the service name is HelloService, and the subject is a port named HelloWorld_pt. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

wls:/wls-domain/serverConfig>listWebServicePolicies (None, 'default/HelloWorld[1.0]', 'soa', 'HelloService', 'HelloWorld_pt')

setWebServicePolicyOverride

Note:

This command has been deprecated for Oracle Infrastructure Web Services. It is recommended that you use the setWSMPolicyOverride command, as described in "setWSMPolicyOverride".

This command does not apply to Java EE web services.

The following examples show how to migrate to use the setWSMPolicyOverride command.

11g Release:

wls:/jrfServer_domain/serverConfig> setWebServicePolicyOverride ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy', 'web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', 'oracle/wss_username_token_service_policy', 'reference.priority', '10')
 

12c Release (for repository and policy subject operations):

wls:/jrfServer_domain/serverConfig> setWSMPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
 

Command Category: Policy Management

Use with WLST: Online

Description

Configures the web service port policy override properties of an application or SOA composite.

Syntax

setWebServicePolicyOverride(application,moduleOrCompName,moduleType, serviceName, 
portName,policyURI,properties)
Argument Definition

application

Name and path of the application for which you want to override the web service port policy. For example, /domain/server/application#version_number

To override properties on a policy attached to a port of a web service application, this argument is required.

moduleOrCompName

Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to override a web service port policy.

To override properties on a policy attached to a SOA composite, the composite name is required (for example, default/HelloWorld[1.0]), and the moduleType argument must be set to soa.

moduleType

Module type. The valid option is web—Oracle Infrastructure web services packaged as a Web module (including an EJB).

Note: The module type wls is not supported.

serviceName

Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

subjectName

Name of the policy subject, port, or operation.

policyURI

OWSM policy name URI, for example, 'oracle/log_policy' to which the override properties will be applied.

If the policy specified is not attached, an error message is displayed and/or an exception is thrown.

properties

Policy override properties. Properties must be specified using the following format:

[("name","value")]

For example: [("myprop","myval")]

If this argument is set to None, then all policy overrides are removed.

Examples

The following example configures the override properties for the policy oracle/wss10_message_protection_service_policy for the port JRFWssUsernamePort of the Web module WssUsernameService. The web service is part of the application HelloWorld#1_0 for the server server1 in the domain base_domain.

wls:/wls-domain/serverConfig>setWebServicePolicyOverride ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy', 'web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', "oracle/wss10_message_protection_service_policy", [("keystore.sig.csf.key","sigkey")])

setWSMPolicyOverride

Note:

For direct policy attachments, this command applies to Oracle Infrastructure and RESTful web services only. For configuration overrides on policy references within a policy set, this command also applies to Java EE web services. For more information about configuration overrides in policy sets, see "Overriding Configuration Properties for Globally Attached Policies Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

The local.policy.reference.source property is for informational purposes only, to identify the source of the direct policy attachment, and should not be overridden. For more information, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

Command Category: Policy Management

Use with WLST: Online

Description

Within a session, adds a configuration override, described by a name-value pair, to a policy identified by the specified URI and attached to the policy set document or policy subject. The value argument is optional. If the value argument is omitted, the property specified by the name argument is removed from the policy subject. If the property specified by the name argument already exists and a value argument is provided, the current value is overwritten by the new value.

You must start a session and select the policy set (selectWSMPolicySet) or policy subject (selectWSMPolicySubject) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.

Syntax

setWSMPolicyOverride(uri, name, value, [raiseError='true|false'])
Argument Description

uri

String representing the policy URI. For example, 'oracle/wss10_saml_token_service_policy', to which the override properties will be applied.

name

String representing the name of the override property. For example: ['reference.priority']

value

Optional. String representing the value of the property. If this argument is not specified, the property specified by the name argument, if it exists, is removed.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example specifies a configuration override for the reference.priority property for the oracle/wss10_saml_token_service_policy to a value of 1.

wls:/wls-domain/serverConfig> setWSMPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority','1')

The following example removes the property reference.priority from the oracle/wss10_saml_token_service_policy in the policy set.

wls:/wls-domain/serverConfig> setWSMPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority')

Policy Set Management Commands

Policy sets enhance the security and manageability of an enterprise by providing a mechanism to globally attach one or more policies to a subject type. Using policy sets, an administrator can specify a default set of policies to be enforced even if none are directly attached. For detailed information about determining the type and scope of resources a policy set can be attached to, see "Defining the Type and Scope of Resources for Globally Attached Policies" in the Securing Web Services and Managing Policies with Oracle Web Services Manager.

All policy set creation, modification, or deletion commands must be performed in the context of a session. A session can only act on a single policy set.

Note:

To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage').

The policy set management commands listed in Table 3-9 have been deprecated in this release for Oracle Infrastructure Web Services.

For Oracle Infrastructure Web Services, Oracle recommends that you use the new WLST commands listed in Table 3-8 to manage OWSM policy sets in release 12c. These commands must be executed within the context of a session using the session commands described in Session Commands.

For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.

Use the WLST commands listed in Table 3-6 to manage globally available policy sets.

Table 3-8 Web Services Global Policy Set Management WLST Commands

Use this command... To... Use with WLST...

cloneWSMPolicySet

Within a session, clone a new policy set from an existing policy set.

Online

createWSMPolicySet

Create a new, empty policy set within a session.

Online

deleteWSMAllPolicySets

Delete all or selected policy sets from within the OWSM repository.

Online

deleteWSMPolicySet

Delete a specified policy set within a session.

Online

displayWSMPolicySet

Display the configuration of a specified policy set.

Online

enableWSMPolicySet

Enable or disable the current policy set within a session.

Online

listWSMPolicySets

Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session.

Online

selectWSMPolicySet

Specify a policy set for modification within a session.

Online

setWSMPolicySetConstraint

Specify a run-time constraint value for a policy set selected within a session.

Online

setWSMPolicySetOverride

Configure override properties to a policy set.

Online

setWSMPolicySetDescription

Specify a description for a policy set selected within a session.

Online

setWSMPolicySetScope

Set an expression that attaches a policy set to the specified resource scope.

Online

unregisterWSMResource

Unregister or remove the resource instance that describes a registered physical resource within a session.

Online

validateWSMPolicySet

Validate an existing policy set.

Online

Table 3-9 list the WLST commands that are deprecated in this release for managing Oracle Infrastructure web service global policy sets.

Table 3-9 Deprecated WLST Commands for Global Policy Set Management

Use this command... To... Use with WLST...

abortRepositorySession

Abort the current OWSM repository modification session, discarding any changes that were made to the repository during the session.

Online

attachPolicySet

Attach a policy set to the specified resource scope.

Online

attachPolicySetPolicy

Attach a policy to a policy set using the policy's URI.

Online

beginRepositorySession

Begin a session to modify the OWSM repository.

Online

clonePolicySet

Clone a new policy set from an existing policy set.

Online

commitRepositorySession

Write the contents of the current session to the OWSM repository.

Online

createPolicySet

Create a new, empty policy set.

Online

deleteAllPolicySets

Delete all or selected policy sets from within the OWSM repository.

Online

deletePolicySet

Delete a specified policy set.

Online

describeRepositorySession

Describe the contents of the current session.

Online

detachPolicySetPolicy

Detach a policy from a policy set using the policy's URI.

Online

displayPolicySet

Display the configuration of a specified policy set.

Online

enablePolicySet

Enable or disable a policy set.

Online

enablePolicySetPolicy

Enable or disable a policy attachment for a policy set using the policy's URI.

Online

listPolicySets

List the policy sets in the repository.

Online

migrateAttachments

Migrate direct policy attachments to global policy attachments if they are identical.

Online

modifyPolicySet

Specify an existing policy set for modification in the current session.

Online

setPolicySetConstraint

Specify a run-time constraint value for a policy set selected within a session.

Online

setPolicySetDescription

Specify a description for the policy set selected within a session.

Online

setPolicySetPolicyOverride

Add a configuration override to a policy reference in the current policy set.

Online

validatePolicySet

Validate an existing policy set in the repository or in a session.

Online

abortRepositorySession

Note:

This command has been deprecated. It is recommended that you use the abortWSMSession command, as described in "abortWSMSession".

The following examples show how to migrate to use the abortWSMSession command.

11g Release (for Repository operations):

wls:/jrfServer_domain/serverConfig> abortRepositorySession()
 

12c Release (for both Repository and PolicySubject operations):

wls:/jrfServer_domain/serverConfig> abortWSMSession()

Command Category: Policy Set Management

Use with WLST: Online

Description

Aborts the current modification session, discarding any changes that were made to the repository during the session.

Syntax

abortRepositorySession()

Example

The following example aborts the current OWSM session.

wls:/wls-domain/serverConfig>abortRepositorySession()

attachPolicySet

Note:

This command has been deprecated. It is recommended that you use the setWSMPolicySetScope command, as described in "setWSMPolicySetScope".

The following examples show how to migrate to use the setWSMPolicySetScope command.

11g Release:

wls:/jrfServer_domain/serverConfig> attachPolicySet ('Domain("base_domain")')
 

12c Release:

wls:/jrfServer_domain/serverConfig> setWSMPolicySetScope ('Domain("base_domain")')

Command Category: Policy Set Management

Use with WLST: Online

Description

Within a session, sets an expression that attaches a policy set to the specified resource scope. The expression must define a valid resource scope in a supported format.

Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

attachPolicySet(expression)
Argument Definition

expression

Expression that attaches the policy set to the specified resource scope.

For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

Example

The following example attaches a policy set to the specified base_domain resource.

wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain")')

This example attaches a policy set to the specified base_domain and managed_server resources.

wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain") and Server("managed_server")')

attachPolicySetPolicy

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicy command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy command.

11g Release (for both Repository and PolicySubject operation on policy set):

wls:/jrfServer_domain/serverConfig> attachPolicySetPolicy ('oracle/wss_username_token_service_policy')

12c Release:

wls:/jrfServer_domain/serverConfig> attachWSMPolicy('oracle/wss_username_token_service_policy')

Command Category: Policy Set Management

Use with WLST: Online

Description

Within a session, attaches a policy, identified by the specified URI, to the current policy set.

Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

attachPolicySetPolicy(uri)
Argument Definition

uri

URI specifying the policy to attach to the current policy set. For example, 'oracle/log_policy'.

Example

The following example attaches the OWSM logging policy to the current policy set.

wls:/wls-domain/serverConfig>attachPolicySetPolicy('oracle/log_policy')

beginRepositorySession

Note:

This command has been deprecated. It is recommended that you use the beginWSMSession command, as described in "beginWSMSession".

The following examples show how to migrate to use the beginWSMSession command.

11g Release (for Repository operations):

wls:/jrfServer_domain/serverConfig> beginRepositorySession()

12c Release (for both Repository and PolicySubject operations):

wls:/jrfServer_domain/serverConfig> beginWSMSession()

Command Category: Policy Set Management

Use with WLST: Online

Description

Begins a session to modify the OWSM Repository. A session can only act on a single policy subject, such as a policy set or a Fusion Middleware web service endpoint. An error will be displayed if there is already a current session.

Syntax

beginRepositorySession()

Example

The following example begins an OWSM Repository modification session.

wls:/wls-domain/serverConfig>beginRepositorySession()

clonePolicySet

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the cloneWSMPolicySet command, as described in "cloneWSMPolicySet". The following examples show how to migrate to use the cloneWSMPolicySet command.

11g Release:

wls:/jrfServer_domain/serverConfig> clonePolicySet ('myNewPolicySet', 'myPolicySet')

12c Release:

wls:/jrfServer_domain/serverConfig> cloneWSMPolicySet ('myNewPolicySet', 'myPolicySet')

Command Category: Policy Set Management

Use with WLST: Online

Description

Within a session, clones a new policy set from an existing policy set. When cloning an existing policy set, all values and attachments in the source policy set are copied into the new policy set, although you can supply a different expression identifying the resource scope. The expression must define a valid resource scope in a supported format.

Issuing this command outside of a session will result in an error.

Syntax

clonePolicySet(name, source,[attachTo=None],[description=None],[enable='true'])
Argument Definition

name

Name of the new policy set clone.

source

Name of the source policy set that will be cloned.

attachTo=None

Optional. Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

If this argument is set to None, then the expression used in the source policy set to identify the scope of resources is retained.

description=None

Optional. Description for the new policy set.

If this argument is set to None, then the description used in the source policy set is retained.

enable='true'

Optional. Specifies whether to enable or disable the policy set. Valid options are:

  • true—Enables the policy set. The default is true.

  • false—Disables the policy set.

If you omit this argument, the policy set is enabled.

Example

The first example creates a policy set by cloning the existing myPolicySet policy set to create a new mynewPolicySet. The second example also creates a policy set, but narrows the resource scope to policy subjects in the specified jaxwsejb30ws application in the domain.

wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet')
wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet','Application("jaxwsejb30ws")')

cloneWSMPolicySet

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, clones a new policy set from an existing policy set. When cloning an existing policy set, all values and attachments in the source policy set are copied into the new policy set, although you can supply a different expression identifying the resource scope. The expression must define a valid resource scope in a supported format.

Issuing this command outside of a session will result in an error.

Syntax

cloneWSMPolicySet(name,source,[scope=None],[description=None],[enable='true'], [raiseError='true|false'])
Argument Definition

name

Name of the new policy set clone.

source

Name of the source policy set that will be cloned.

scope=None

Optional. Expression that attaches the policy set to the specified resource scope.

If this argument is not specified, then the expression used in the source policy set to identify the scope of resources is retained.

description=None

Optional. Description for the new policy set.

If this argument is not specified, then the description used in the source policy set is retained.

enable='true'

Optional. Specifies whether to enable or disable the policy set. If you omit this argument, the policy set is enabled.Valid options are:

  • true—Enables the policy set. The default is true.

  • false—Disables the policy set.

If you omit this argument, the policy set is enabled.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The first example creates a policy set by cloning the existing myPolicySet policy set to create a new mynewPolicySet. The second example also creates a policy set, but narrows the resource scope to policy subjects in the specified jaxwsejb30ws application in the domain.

wls:/wls-domain/serverConfig>cloneWSMPolicySet('myNewPolicySet','myPolicySet')
wls:/wls-domain/serverConfig>cloneWSMPolicySet('myNewPolicySet','myPolicySet','Application("jaxwsejb30ws")')

See:

commitRepositorySession

Note:

This command has been deprecated. It is recommended that you use the commitWSMSession command, as described in "commitWSMSession".

The following examples show how to migrate to use the commitWSMSession command.

11g Release (for Repository operations):

wls:/jrfServer_domain/serverConfig> commitRepositorySession()

12c Release (for both Repository and PolicySubject operations):

wls:/jrfServer_domain/serverConfig> commitWSMSession()

Command Category: Policy Set Management

Use with WLST: Online

Description

Writes the contents of the current session to the OWSM Repository. Messages are displayed that describe what was committed. An error will be displayed if there is no current session.

Syntax

commitRepositorySession()

Example

The following example commits the current repository modification session.

wls:/wls-domain/serverConfig>commitRepositorySession()

createPolicySet

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the createWSMPolicySet command, as described in "createWSMPolicySet". The following examples show how to migrate to use the createWSMPolicySet command.

11g Release:

wls:/jrfServer_domain/serverConfig> createPolicySet('myPolicySet', 'ws-service', 'Domain("base_domain")')

12c Release:

wls:/jrfServer_domain/serverConfig> createWSMPolicySet ('myPolicySet', 'ws-service', 'Domain("base_domain")')

Command Category: Policy Set Management

Use with WLST: Online

Description

Creates a new, empty policy set within a session. When creating a new policy set, you must specify the type of policy subject that the policy set will apply to, and a supported expression that defines a valid resource scope in a supported format.

Issuing this command outside of a session will result in an error.

Syntax

createPolicySet(name,type,attachTo,[description=None],[enable='true'])
Argument Definition

name

Name of the new, empty policy set.

type

The type of policy subject to which the new policy set applies. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager.

attachTo

Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

description

Optional. Description of the new policy set. If no description is specified, then the description for a new policy set will be "Global policy attachments for <type>", where <type> is the subject type.

enable

Optional. Specifies whether to enable or disable the new policy set. Valid options are:

  • true—Enables the new policy set. The default is true.

  • false—Disables the new policy set.

If you omit this argument, the policy set is enabled.

Example

The first example creates a new policy set and specifies the resource scope to only ws-service types (Web Service Endpoint) in the base_domain domain. The second example creates a new policy set, but also narrows the resource scope to only sca-service types (SOA Service) in the soa_server1 server in the domain.

wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','ws-service','Domain("base_domain")')
wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','sca-service','Server("soa_server1")','My policySet')

createWSMPolicySet

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, creates a new, empty policy set. When creating a new policy set, you must specify the type of policy subject that the policy set will apply to, and provide a supported expression that defines a valid resource scope in a supported format.

Issuing this command outside of a session will result in an error.

Syntax

createWSMPolicySet(name,type,scope,[description=None],[enable='true'], [raiseError='true|false'])
Argument Definition

name

Name of the new, empty policy set.

type

The type of policy subject that the new policy set applies to.

scope

Optional. Expression that attaches the policy set to the specified resource scope.

If this argument is not specified, then the expression used in the source policy set to identify the scope of resources is retained.

description=None

Optional. Description of the new policy set. If no description is specified, then the description for a new policy set will be "Global policy attachments for <type>", where <type> is the subject type.

enable='true'

Optional. Specifies whether to enable or disable the new policy set. Valid options are:

  • true—Enables the new policy set. The default is true.

  • false—Disables the new policy set.

If you omit this argument, the policy set is enabled.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example creates a new policy set and specifies the resource scope to only ws-service types (Web Service Endpoint) in the base_domain domain.

wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','ws-service','Domain("base_domain")')

The following example creates a new policy set, but also narrows the resource scope to only sca-service types (SOA Service) in the soa_server1 server in the domain.

wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','sca-service','Server("soa_server1")','My policySet')

The following example creates a new policy set, narrowing the resource scope to only sca-rest-reference types (SOA RESTful references) in the base_domain domain.

wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','sca-rest-reference','Domain("base_domain")','My policySet')

The following example creates a new policy set, narrowing the resource scope to only sca-rest-reference types (OSB RESTful business services) in the base_domain domain.

wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','biz-rest-service','Domain("base_domain")','My policySet')

See:

deleteAllPolicySets

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the deleteWSMAllPolicySets command, as described in "deleteWSMAllPolicySets". The following examples show how to migrate to use the deleteWSMAllPolicySets command.

11g Release:

wls:/jrfServer_domain/serverConfig> deleteAllPolicySets()
 

12c Release:

wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets()

Command Category: Policy Set Management

Use with WLST: Online

Description

Deletes all or selected policy sets from within the OWSM repository. You can specify whether to force deletion of all the policy sets, or prompt to select individual policy sets for deletion. If deletion of any policy set fails then this operation throws an exception and no policy sets are deleted.

Syntax

deleteAllPolicySets([mode])
Argument Definition

mode

Optional. The action to be taken for performing policy set deletion. Valid options are:

  • force—Automatically delete all policy sets without prompting.

  • prompt—Request user confirmation for each policy set deletion. Available options are yes, no, and cancel. If you select cancel for any property set deletion, the operation is canceled and no policy sets are deleted.

If no mode is specified, this argument defaults to prompt mode.

Examples

The following example automatically deletes all policy sets from the respository without prompting.

wls:/jrfServer_domain/serverConfig> deleteAllPolicySets("force") 
 
Starting Operation deleteAllPolicySets ...
 
All policy sets were deleted successfully from repository.
 
deleteAllPolicySets Operation Completed. 

The following examples delete selected policy sets from the repository.

wls:/jrfServer_domain/serverConfig> deleteAllPolicySets()

or

wls:/jrfServer_domain/serverConfig> deleteAllPolicySets('prompt')
 
Starting Operation deleteAllPolicySets ...
 
Policy Set Name: create_policyset_6
Select "create_policyset_6" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_8
Select "create_policyset_8" for deletion (yes/no/cancel)? yes
Policy Set Name: create_policyset_21
Select "create_policyset_21" for deletion (yes/no/cancel)? no 
Policy Set Name: create_policyset_10
Select "create_policyset_10" for deletion (yes/no/cancel)? yes
 
All the selected policy sets were deleted successfully from repository.
 
deleteAllPolicySets Operation Completed.

deleteWSMAllPolicySets

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Deletes all or selected policy sets within a session. You can specify whether to force deletion of all the policy sets, or prompt to select individual policy sets for deletion. If deletion of any policy set fails then this operation throws an exception and no policy sets are deleted.

Syntax

deleteWSMAllPolicySets([mode], [raiseError='true|false'])
Argument Definition

mode

Optional. The action to be taken for performing policy set deletion. Valid options are:

  • force—Automatically delete all policy sets without prompting.

  • prompt—Request user confirmation for each policy set deletion. Available options are yes, no, and cancel. If you select cancel for any property set deletion, the operation is canceled and no policy sets are deleted.

If no mode is specified, this argument defaults to prompt mode.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example automatically deletes all policy sets from the respository without prompting.

wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets("force") 
 
Starting Operation deleteWSMAllPolicySets ...
 
All policy sets were deleted successfully from repository.
 
deleteWSMAllPolicySets Operation Completed. 

The following examples delete selected policy sets from the repository.

wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets()

or

wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets('prompt')
 
Starting Operation deleteWSMAllPolicySets ...
 
Policy Set Name: create_policyset_6
Select "create_policyset_6" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_8
Select "create_policyset_8" for deletion (yes/no/cancel)? yes
Policy Set Name: create_policyset_21
Select "create_policyset_21" for deletion (yes/no/cancel)? no 
Policy Set Name: create_policyset_10
Select "create_policyset_10" for deletion (yes/no/cancel)? yes
 
All the selected policy sets were deleted successfully from repository.
 
deleteWSMAllPolicySets Operation Completed.

deletePolicySet

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the deleteWSMPolicySet command, as described in "deleteWSMPolicySet". The following examples show how to migrate to use the deleteWSMPolicySet command.

11g Release:

wls:/jrfServer_domain/serverConfig> deletePolicySet('myPolicySet')
 

12c Release:

wls:/jrfServer_domain/serverConfig> deleteWSMPolicySet ('myPolicySet')

Command Category: Policy Set Management

Use with WLST: Online

Description

Deletes a specified policy set within a session. If the session already contains a different policy set, an error will display. If the session already contains the named policy set, then a creation will be undone or a modification will be converted into a deletion.

Issuing this command outside of a session will result in an error.

Syntax

deletePolicySet(name)
Argument Definition

name

Name of the policy set to be deleted.

Example

The following example deletes a specified myPolicySet policy set.

wls:/wls-domain/serverConfig>deletePolicySet('myPolicySet')

deleteWSMPolicySet

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, deletes a specified policy set. If the session already contains a different policy set, an error will display. If the session already contains the named policy set, then a creation will be undone or a modification will be converted into a deletion.

Issuing this command outside of a session will result in an error.

Syntax

deleteWSMPolicySet(name, [raiseError='true|false'])
Argument Definition

name

Name of the policy set to be deleted.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example deletes a specified myPolicySet policy set.

wls:/wls-domain/serverConfig>deleteWSMPolicySet('myPolicySet')

describeRepositorySession

Note:

This command has been deprecated. It is recommended that you use the describeWSMSession command, as described in "describeWSMSession". The following examples show how to migrate to use the describeWSMSession command.

11g Release (for Repository operations):

wls:/jrfServer_domain/serverConfig> describeRepositorySession()

12c Release (for both Repository and Policy Subject operations):

wls:/jrfServer_domain/serverConfig> describeWSMSession()

Command Category: Policy Set Management

Use with WLST: Online

Description

Describes the contents of the current session. This will either indicate that the session is empty or list the name of the policy subject that is being updated, along with the type of update (create, modify, or delete). An error will be displayed if there is no current session.

Syntax

describeRepositorySession()

Example

The following example describes the current repository modification session.

wls:/wls-domain/serverConfig>describeRepositorySession()

detachPolicySetPolicy

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicy command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy command.

11g Release (for both Repository and Policy Subject operations on policy set):

wls:/jrfServer_domain/serverConfig> detachPolicySetPolicy ('oracle/wss_username_token_service_policy')

12c Release:

wls:/jrfServer_domain/serverConfig> detachWSMPolicy('oracle/wss_username_token_service_policy')

Command Category: Policy Set Management

Use with WLST: Online

Description

Within a session, detaches a policy, identified by a specified URI, from the current policy set.

Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

detachPolicySetPolicy(uri)
Argument Definition

uri

URI specifying the policy to detach to the current policy set. For example, oracle/log_policy'.

Example

The following example detaches the OWSM logging policy from the current policy set.

wls:/wls-domain/serverConfig> detachPolicySetPolicy('oracle/log_policy')

displayPolicySet

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the displayWSMPolicySet command, as described in "displayWSMPolicySet". The following examples show how to migrate to use the displayWSMPolicySet command.

11g Release:

wls:/jrfServer_domain/serverConfig> displayPolicySet('myPolicySet')
 

12c Release:

wls:/jrfServer_domain/serverConfig> displayWSMPolicySet ('myPolicySet')

Command Category: Policy Set Management

Use with WLST: Online

Description

Displays the configuration of a specified policy set. If the policy set is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the policy set does not exist.

This command can be issued outside of a session.

Syntax

displayPolicySet([name])
Argument Definition

name

Optional. Name of the policy set to be displayed.

If a name is not specified, the configuration of the policy set, if any, in the current session is displayed or an error message is displayed.

Example

The following example displays the configuration of the myPolicySet policy set.

wls:/wls-domain/serverConfig>displayPolicySet('myPolicySet')

displayWSMResource

Note:

This command applies to Oracle Infrastructure and RESTful Web services. It does not apply to Java EE Web services in this release.

Command Category: Respository

Use with WLST: Online

Description

Displays the configuration of a registered resource instance. If the resource instance is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the resource instance does not exist. This command can be issued outside of a session.

displayWSMResource(resourceName=None), (resourceName=Type)
Argument Definition

resourceName

The name of an existing resource instance. This is a combination of platform name, domain name, and logical name of resource, separated by a forward slash. If null, then the currently selected resource will be displayed.

resourceType

Specifies the type of resource. The value must be one of the following:

  • application–An application resource.

  • domain–A management domain resource.

  • server–A server resource.

If the resourceType is omitted, than it will default to the application value.

Examples

The following example displays the configuration of the application named myApplication in the base_cell domain on the IBM WebSphere application server.

wls:/wls-domain/serverConfig> displayWSMResource('/WAS/base_cell/myApplication')

The following example displays the configuration of the base_cell domain on the IBM WebSphere application server.

wls:/wls-domain/serverConfig> displayWSMResource('/WAS/base_cell','domain')

Since the resourceType argument is omitted, the following example displays...

displayWSMResource()

displayWSMPolicySet

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Displays the configuration of a specified policy set. If the policy set is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the policy set does not exist.

This command can be issued outside of a session.

Syntax

displayWSMPolicySet([name], [raiseError='true|false'])
Argument Definition

name

Optional. Name of the policy set to be displayed.

If a name is not specified, the configuration of the policy set, if any, in the current session is displayed or an error message is displayed.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example displays the configuration of the myPolicySet policy set.

wls:/wls-domain/serverConfig>displayWSMPolicySet('myPolicySet')

displayWSMAvailablePolicySet

Displays the configuration of the available policy set (composed of both local and global policy attachments).

Command Category: Policy Set Management

Use with WLST: Online

Description

Displays the configuration of the available policy set (composed of both local and global policy attachments). It includes all relevant attached policies along with its topology nodes, regardless of whether the policies, policy references, and global policy sets are enabled or disabled. It includes policies without any conflict filtering. The policy subject stores the policy set information. It throws an exception, if there is no current session and no selected policy subject.

Syntax

displayWSMAvailablePolicySet([raiseError='true|false'])

raiseError - Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

displayWSMAvailablePolicySet()

enablePolicySet

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicySet command, as described in "enableWSMPolicySet". The following examples show how to migrate to use the enableWSMPolicySet command.

11g Release:

wls:/jrfServer_domain/serverConfig> enablePolicySet(true)

12c Release:

wls:/jrfServer_domain/serverConfig> enableWSMPolicySet(true)

Command Category: Policy Set Management

Use with WLST: Online

Description

Enables or disables the current policy set within a session. If not specified, this command enables the policy set.

Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

enablePolicySet([enable=True])
Argument Definition

enable

Optional. Specifies whether to enable or disable the policy set. Valid options are:

  • true—Enables the policy set. The default is true.

  • false—Disables the policy set.

If you omit this argument, the policy set is enabled.

Example

The following example enables the current policy set.

wls:/wls-domain/serverConfig>enablePolicySet(true)

enablePolicySetPolicy

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicySet command, as described in "enableWSMPolicySet". The following examples show how to migrate to use the enableWSMPolicySet command.

11g Release:

wls:/wls-domain/serverConfig>enablePolicySetPolicy('/oracle/log_policy',false) 

12c Release:

wls:/wls-domain/serverConfig>enableWSMPolicy('/oracle/log_policy',false) 

Command Category: Policy Set Management

Use with WLST: Online

Description

Within a session, enables or disables the policy attachment, which is identified by the provided URI in the current policy set. If not specified, this command enables the policy set. An error displays if the identified policy is not currently attached to the policy set.

Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

enablePolicySetPolicy(uri,[enable=true])
Argument Definition

uri

URI specifying the policy attachment within the policy set.

enable

Optional. Specifies whether to enable or disable the policy attachment specified by the URI in the policy set. Valid options are:

  • true—Enables the specified policy attachment in the policy set. The default is true.

  • false—Disables specified policy attachment in the policy set.

If you omit this argument, the policy set attachment is enabled.

Example

The following example disables the specified logging policy attachment within the current policy set.

wls:/wls-domain/serverConfig>enablePolicySetPolicy('/oracle/log_policy',false) 

enableWSMPolicySet

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, enables or disables the current policy set. If the optional enable argument is not specified, this command enables the policy set by default.

Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

enableWSMPolicySet([enable=True], [raiseError='true|false'])
Argument Definition

enable

Optional. Specifies whether to enable or disable the policy set. Valid options are:

  • true—Enables the policy set. The default is true.

  • false—Disables the policy set.

If you omit this argument, the policy set is enabled.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example enables the current policy set.

wls:/wls-domain/serverConfig>enableWSMPolicySet(true)

listPolicySets

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the listWSMPolicySets command, as described in "listWSMPolicySets". The following examples show how to migrate to use the listWSMPolicySets command.

11g Release:

wls:/wls-domain/serverConfig>listPolicySets('ws-service')

12c Release:

wls:/wls-domain/serverConfig>listWSMPolicySets('ws-service')

Command Category: Policy Set Management

Use with WLST: Online

Description

Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. You can list all the policy sets or limit the display to include only those that apply to specific policy subject resource types.

Syntax

listPolicySets([type=None])
Argument Definition

type=None

Optional. Specifies the type of policy subject for which the associated policy sets will be displayed. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager

If this argument is set to None, then all the policy sets stored in the repository will be listed.

Example

The first two examples list policy sets by either the ws-service or ws-client resource types. The third example lists all the policy sets stored in the repository.

wls:/wls-domain/serverConfig>listPolicySets('ws-service')
wls:/wls-domain/serverConfig>listPolicySets('ws-client')
wls:/wls-domain/serverConfig>listPolicySets()

listWSMPolicySets

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. You can list all the policy sets or use the type argument to limit the display to include only those sets that apply to specific policy subject resource types.

Syntax

listWSMPolicySets([type=None], [raiseError='true|false'])
Argument Definition

type=None

Optional. Specifies the type of policy subject for which the associated policy sets will be displayed.

If this argument is set to None, then all the policy sets stored in the repository will be listed.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The first two examples list policy sets by either the ws-service or ws-client resource types. Whereas, the third example lists all the policy sets stored in the repository.

wls:/wls-domain/serverConfig>listWSMPolicySets('ws-service')
wls:/wls-domain/serverConfig>listWSMPolicySets('ws-client')
wls:/wls-domain/serverConfig>listWSMPolicySets()

See:

migrateAttachments

Note:

This command has been deprecated. It is recommended that you use the migrateWSMAttachments command, as described in "migrateWSMAttachments". The following examples show how to migrate to use the migrateWSMAttachments command.

11g Release:

wls:/jrfServer_domain/serverConfig> migrateAttachments()
 

12c Release:

wls:/jrfServer_domain/serverConfig> migrateWSMAttachments()

Command Category: Policy Set Management

Use with WLST: Online

Description

Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. You can specify whether to force the migration, prompt for confirmation before each migration, or simply list the migrations that would occur. A direct policy attachment is identical if its URI is the same as one provided by a global policy attachment, and if it does not have any scoped configuration overrides.

Note:

A direct attachment with an unscoped override will be migrated but an attachment with a scoped override will not. This is because after running the migrateAttachments() command, the enforcement of the policies on all subjects remains the same, even though some policies are globally attached.

Whether forced or prompted, the command lists each direct policy attachment that is migrated. This output will identify the policy subject that was modified, the URI of the identical policy reference, and the name of the global policy attachment document that duplicated the direct attachment.

Syntax

migrateAttachments([mode])
Argument Definition

mode

The action to be taken for each policy attachment that can be migrated. Valid options are:

  • force—Automatically migrate all identical policy attachments without prompting.

  • preview—List all policy attachments that can be migrated, but does not perform any migration.

  • prompt—Request user confirmation before migrating each policy attachment.

If no mode is specified, this argument defaults to prompt mode.

Example

The following examples describe how to use the repository attachment migration modes.

wls:/wls-domain/serverConfig>migrateAttachments()
wls:/wls-domain/serverConfig>migrateAttachments('force')
wls:/wls-domain/serverConfig>migrateAttachments('preview')
wls:/wls-domain/serverConfig>migrateAttachments('prompt')

modifyPolicySet

Note:

For Oracle Infrastructure Web Services, it is recommended that you use the selectWSMPolicySet command, as described in "selectWSMPolicySet". The following examples show how to migrate to use the selectWSMPolicySet command.

11g Release:

wls:/jrfServer_domain/serverConfig> modifyPolicySet('myPolicySet')
 

12c Release:

wls:/jrfServer_domain/serverConfig> selectWSMPolicySet ('myPolicySet')

Command Category: Policy Set Management

Use with WLST: Online

Description

Specifies a policy set for modification in the current session. The latest version of the named policy set will be loaded into the current session. If the session already contains a different policy set, then an error will be displayed; if the session already contains the named policy set, then no action will be taken. Subsequent attempts to modify the named policy set will show the current version in the session.

Issuing this command outside of a session will result in an error.

Syntax

modifyPolicySet(name)
Argument Definition

name

Name of the policy set to be modified in the current session.

Example

The following example opens the myPolicySet policy set for modification in the current session.

wls:/wls-domain/serverConfig>modifyPolicySet('myPolicySet')

selectWSMPolicySet

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, specifies a policy set for modification. The latest version of the named policy set is loaded into the current session. If the session already contains a different policy set, then an error will be displayed; if the session already contains the named policy set, then no action will be taken. Subsequent attempts to modify the named policy set will show the current version in the session.

Issuing this command outside of a session will result in an error.

Syntax

selectWSMPolicySet(name, [raiseError='true|false'])
Argument Description

name

Name of the policy set to be modified in the current session.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example selects a policy set in the current session named myPolicySet.

wls:/wls-domain/serverConfig> selectWSMPolicySet('myPolicySet')

setPolicySetConstraint

Note:

This command has been deprecated. It is recommended that you use the setWSMPolicySetConstraint command, as described in "setWSMPolicySetConstraint". The following examples show how to migrate to use the setWSMPolicySetConstraint command.

11g Release:

wls:/jrfServer_domain/serverConfig> setPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
 

12c Release:

wls:/jrfServer_domain/serverConfig> setWSMPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')

Command Category: Policy Set Management

Use with WLST: Online

Description

Specifies a run-time constraint value for a policy set selected within a session. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

For more information, see "Specifying Run-time Constraints in Policy Sets" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

Syntax

setPolicySetConstraint(constraint)
Argument Definition

constraint

Expression that specifies the run-time context to which the policy set applies. If not specified, the policy set applies to all run-time contexts.

Example

The following example specifies that the policy set apply only to requests from external clients.

wls:/wls-domain/serverConfig> setPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE","external")')

The following example specifies that the policy set apply only to requests from non-external clients.

wls:/wls-domain/serverConfig> setPolicySetConstraint('!HTTPHeader("VIRTUAL_HOST_TYPE","external")')

setPolicySetDescription

Note:

This command has been deprecated. It is recommended that you use the setWSMPolicySetDescription command, as described in "setWSMPolicySetDescription". The following examples show how to migrate to use the setWSMPolicySetDescription command.

11g Release:

wls:/jrfServer_domain/serverConfig> setPolicySetDescription ('Global policy set for web service endpoint.')

12c Release:

wls:/jrfServer_domain/serverConfig> setWSMPolicySetDescription ('Global policy set for web service endpoint.')

Command Category: Policy Set Management

Use with WLST: Online

Description

Specifies a description for a policy set selected within a session.

Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

setPolicySetDescription(description)
Argument Definition

description

Describes a policy set.

Example

The following example creates a description for a policy set.

wls:/wls-domain/serverConfig>setPolicySetDescription('PolicySetDescription')

setPolicySetPolicyOverride

Note:

This command has been deprecated. It is recommended that you use the setWSMPolicyOverride command, as described in "setWSMPolicyOverride". The following examples show how to migrate to use the setWSMPolicyOverride command.

11g Release:

wls:/jrfServer_domain/serverConfig> setPolicySetPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
 

12c Release:

wls:/jrfServer_domain/serverConfig> setWSMPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
 

Command Category: Policy Set Management

Use with WLST: Online

Description

Adds a configuration override, described by a name, value pair, to an attached policy reference in the current policy set. The value argument is optional. If the value argument is omitted, the property specified by the name argument is removed from the policy reference in the policy set. If the property specified by the name argument already exists and a value argument is provided, the current value is overwritten by the new value specified with the value argument.

Issuing this command outside of a session containing a policy set that is being created or modified results in an error.

Syntax

setPolicySetPolicyOverride(uri,name,[value=None])
Argument Definition

URI

String representing the OWSM policy URI, for example, 'oracle/wss10_saml_token_service_policy' to which the override properties will be applied.

name

String representing the name of the override property.

For example: ['reference.priority']

value

Optional. String representing the value of the property. If this argument is not specified, the property specified by the name argument, if it exists, is removed.

Example

The following example specifies a configuration override for the reference.priority property for the oracle/wss10_saml_token_service_policy to a value of 1.

wls:/wls-domain/serverConfig> setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority','1')

The following example removes the property reference.priority from the oracle/wss10_saml_token_service_policy in the policy set.

wls:/wls-domain/serverConfig> setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority')

setWSMPolicySetConstraint

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, specifies a constraint value for a policy set selected within a session. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

setWSMPolicySetConstraint(constraint, [raiseError='true|false'])
Argument Definition

constraint

Expression that specifies the run-time context to which the policy set applies. If not specified, the policy set applies to all run-time contexts.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example specifies that the policy set applies only to requests from external clients.

wls:/wls-domain/serverConfig> setWSMPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE","external")')

The following example specifies that the policy set applies only to requests from non-external clients.

wls:/wls-domain/serverConfig> setWSMPolicySetConstraint('!HTTPHeader("VIRTUAL_HOST_TYPE","external")')

See:

setWSMPolicySetDescription

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, specifies a description for a policy set. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

setWSMPolicySetDescription(description, [raiseError='true|false'])
Argument Definition

description

Describes a policy set.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example creates a description for a policy set.

wls:/wls-domain/serverConfig>setWSWPolicySetDescription('PolicySetDescription')

setWSMPolicySetOverride

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, adds a configuration override, described by a name-value pair, to the currently selected policy set. The override is unscoped to any specific policy reference. The value argument is optional. If the value argument is omitted, a null is assumed for value, and the property specified by the name argument is removed from the policy set. If the property specified by the name argument already exists and a value argument is provided, the current value is overwritten by the new value.

You must start a session and select the policy set (using the selectWSMPolicySet command), before initiating the command. Issuing this command outside of a session containing a policy subject that is being created or modified results in an error.

Syntax

setWSMPolicySetOverride(name,[value=None], [raiseError='true|false'])
Argument Description

name

String representing the name of the override property. For example: ['on.behalf.of']

value

Optional. String representing the value of the property. If this argument is not specified, a null is assumed and the property specified by the name argument is removed, if one exists with the same name.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example specifies a configuration override for the on.behalf.of property for the policy set selected in the session to a value of true.

wls:/wls-domain/serverConfig> setWSMPolicySetOverride('on.behalf.of','true')

The following example removes the property on.behalf.of from the policy set.

wls:/wls-domain/serverConfig> setWSMPolicySetOverride('on.behalf.of')

setWSMPolicySetScope

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, sets an expression that attaches a policy set to the specified resource scope. The expression must define a valid resource scope in a supported format.

Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.

Syntax

setWSMPolicySetScope(expression, [raiseError='true|false'])
Argument Definition

expression

Expression that attaches the policy set to the specified resource scope.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following example attaches a policy set to the specified base_domain resource.

wls:/wls-domain/serverConfig>setWSMPolicySetScope('Domain("base_domain")')

This example attaches a policy set to the specified base_domain and managed_server resources.

wls:/wls-domain/serverConfig>setWSMPolicySetScope('Domain("base_domain") and Server("managed_server")')

See:

unregisterWSMResource

Command Category: Repository

Use with WLST: Online

Description

Within a session, unregisters or removes the resource instance that describes a physical resource, such as an application server, or unregister a sub-resource existing within a resource instance. The sub-resource holds the information about the client and service ports of a resource. Issuing this command outside of a session will result in an error.

Syntax

unregisterWSMResource(resource, [assembly=None], [subject=None])
Arguments Description

resource

Name of existing resource instance. This is a combination of platform name, domain name, and logical name, separated by a forward slash.

assembly

Name of assembly used to identify a sub-resource within a resource instance. This is the combination of module type and module name, separated by a hash character.

subject

Name of the subject identifying the sub-resource. This is a combination of sub-resource type; that is, either "server" or "client" and service, or reference name and port name, separated by a hash character.

Examples

The following example unregisters the myApplication in the base_domain on the IBM WebSphere application server.

wls:/jrfServer_domain/serverConfig> unregisterWSMResource ('/WAS/base_cell/myApplication')

The following example registers the IBM WebSphere platform domain WAS/base_cell.

wls:/jrfServer_domain/serverConfig> registerWSMResource ('WAS/base_cell')

The following example unregisters the base_domain on the IBM WebSphere application server.

wls:/jrfServer_domain/serverConfig> unregisterWSMResource (‘/WAS/base_cell')

The following example unregisters the StockQuoteServicePort endpoint that resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.

wls:/jrfServer_domain/serverConfig> unregisterWSMResource (‘/WAS/base_cell/myApplication', ‘web# myModule', ‘service(StockQuoteService# StockQuoteServicePort)')

validatePolicySet

Note:

This command has been deprecated. It is recommended that you use the validateWSMPolicySet command, as described in "validateWSMPolicySet". The following examples show how to migrate to use the validateWSMPolicySet command.

11g Release:

wls:/jrfServer_domain/serverConfig> validatePolicySet ('myPolicySet')

12c Release:

wls:/jrfServer_domain/serverConfig> validateWSMPolicySet ('myPolicySet')

Command Category: Policy Set Management

Use with WLST: Online

Description

Validates an existing policy set. If a policy set name is provided, the command will validate the specified policy set. If no policy set name is specified, the command will validate the policy set in the current session.

An error message displays if the policy set does not exist, or a name is not provided and the session is not active, or if the OWSM repository does not contain a suitable policy set.

Syntax

validatePolicySet([name=None])
Argument Definition

name

Optional. Name of the policy set to validate. If a name is not provided then the command will validate the policy set being created or modified in the current session.

Example

The first example validates the policy set in the current session. The second example validates the specified myPolicySet policy set.

wls:/wls-domain/serverConfig>validatePolicySet()
wls:/wls-domain/serverConfig>validatePolicySet('myPolicySet')

validateWSMPolicySet

Command Category: Policy Set Management

Use with WLST: Online/offline

Description

Within a session, validates an existing policy set. If a policy set name is provided, the specified policy set is validated. If no policy set name is specified, the policy set in the current session is validated.

If the policy set does not exist, if a name is not provided and the session is not active, or if the repository does not contain a suitable policy set, an error message is displayed.

Syntax

validateWSMPolicySet([name=None], [raiseError='true|false'])
Argument Definition

name

Optional. Name of the policy set to validate. If a name is not provided then the command will validate the policy set being created or modified in the current session.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The first example validates the policy set in the current session. The second example validates the specified myPolicySet policy set.

wls:/wls-domain/serverConfig> validateWSMPolicySet()
wls:/wls-domain/serverConfig> validateWSMPolicySet('myPolicySet')

OWSM Repository Management Commands

Use the commands listed in Table 3-10 to manage the Oracle Infrastructure Web Services documents stored in the OWSM repository. For additional information about upgrading or migrating documents in an OWSM repository, see Upgrading the OWSM Repository in the Securing Web Services and Managing Policies with Oracle Web Services Manager.

Note:

The repository management commands listed in Table 3-11 have been deprecated in this release.

To manage the OWSM repository in release 12c, it is recommended that you use the new WLST commands listed in Table 3-10. For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.

Additional MDS WLST commands are described in Metadata Services (MDS) Custom WLST Commands.

Table 3-10 Oracle Infrastructure Web Services - WLST Commands for Repository Management

Use this command... To... Use with WLST...

exportWSMAppMetadata

Export a set of applications metadata from the repository into a supported ZIP archive.

Note: This command is supported for Oracle Infrastructure and RESTful web services only. This command is not supported for ADF DC web service clients and Java EE web services.

Online

exportWSMRepository

Export a set of documents from the repository into a supported ZIP archive.

Online

importWSMArchive

Import a set of documents from a supported ZIP archive into the repository.

Online

migrateWSMPMRoles

Migrate the custom roles and policies from the Plan.xml file to the wsm-pm.ear policy store.

Online

migrateWSMAttachments

Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain.

Online

resetWSMRepository

Delete the existing policies stored in the repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software.

Online

upgradeWSMRepository

Upgrade the OWSM predefined policies stored in the repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software.

Online

Table 3-11 list the WLST commands for managing the OWSM repository that have been deprecated in this release.

Table 3-11 Deprecated WLST Commands for Repository Management

Use this command... To... Use with WLST...

exportRepository

Export a set of documents from the repository into a supported ZIP archive. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive.

Online

importRepository

Import a set of documents from a supported ZIP archive into the repository. You can provide the location of a file that describes how to map a physical information from the source environment to the target environment.

Online

resetWSMPolicyRepository

Delete the existing policies stored in the repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software.

Online

upgradeWSMPolicyRepository

Upgrade the OWSM predefined policies stored in the repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software.

Online

exportRepository

Note:

This command has been deprecated. It is recommended that you use the exportWSMRepository command, as described in "exportWSMRepository". The following examples show how to migrate to use the exportWSMRepository command.

11g Release:

wls:/jrfServer_domain/serverConfig> exportRepository ("/tmp/repo.zip")
 

12c Release:

wls:/jrfServer_domain/serverConfig> exportWSMRepository ("/tmp/repo.zip")

Command Category: OWSM Repository Management

Use with WLST: Online

Description

Exports a set of documents from the OWSM repository into a supported ZIP archive. If the specified archive already exists, the following options are presented:

The specified archive already exists. Update existing archive?
Enter "yes" to merge documents into existing archive, "no" to overwrite,
or "cancel" to cancel the operation.

You can also specify a list of the documents to be exported, or use a search expression to find specific documents in the repository.

Read only documents, such as predefined policies and assertion templates, will not be included in the export.

Syntax

exportRepository(archive,[documents=None],[includeShared='false'])
Argument Definition

archive

Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive.

During override, the original archive is backed up and a message describes the location of the backup archive.

documents=None

Optional. The documents to be exported to the archive. If no documents are specified, then all assertion templates, intents, policies, and policy sets will be exported. You can specify a list of the documents to be exported, or use a search expression to find specific documents in the repository.

includeShared='false'

Optional. Specifies whether the policy references should be expanded during export.

Example

The following examples describe repository export sessions. The first example exports all OWSM documents to the policies.zip file.

wls:/wls-domain/serverConfig>exportRepository("/tmp/policies.zip")

This example exports only the MyPolicySet1, MyPolicySet2, and MyPolicySet3 policy sets to the policies.jar file, and also expands all the policy references output during the export process.

wls:/wls-domain/serverConfig>exportRepository("/tmp/policies.jar",
["/policysets/MyPolicySet1","/policysets/MyPolicySet2","/policysets/MyPolicySet3"], true)

This example exports policy sets using wildcards to the some_global_with_noreference_2 file.

wls:/wls-domain/serverConfig>exportRepository('./export/some_global_with_noreference_2', ['policysets:global/web_%','policysets:global/web_ref%', 'policysets:global/web_call%'], false)

exportWSMAppMetadata

Note:

This command is supported for Oracle Infrastructure and RESTful web services only. This command is not supported for ADF DC web service clients and Java EE web services.

Command Category: OWSM Repository Management

Use with WLST: Online

Description

Exports a set of application metadata from the repository into a supported ZIP archive. If the specified archive already exists, you are presented with a set of options: merge the documents into the existing archive, overwrite the archive, or cancel the operation. By default, all metadata for applications in the current domain is exported to the archive, or you can use a search expression to export specific metadata for applications in the repository.

Note:

Read only documents, such as predefined policies and assertion templates, will not be included in the export.

Syntax

exportWSMAppMetadata(archive,[applications=None],[includeShared='false'], [raiseError='true|false'])
Argument Description

archive

Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive. During override, the original archive is backed up and a message describes the location of the backup archive.

applications=None

Optional. The metadata of applications to be exported to the archive. If no application names are specified, then all metadata for applications in the current domain will be exported. You can specify a list of search expressions to find specific application metadata in the repository, using this syntax: /{PLATFORM_NAME}/{DOMAIN_NAME}/{APPLICATION_NAME}.

includeShared='false'

Optional. Specifies whether the shared documents (those that are specified as policy references within wsm-assembly documents) should be included during export. Because read-only documents can not be exported, only custom or cloned shared policies will be included in the export.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The first example exports the application metadata in the repository into the applications.zip file and saves it in the tmp directory.

The second example exports the metadata of the applications whose names begin with SalesApp and TradeApp into the applications.zip file and saves it in the tmp directory.

The third example exports the metadata of the applications whose names begin with SalesApp and TradeApp into the applications.zip file and saves it in the tmp directory. Additionally, shared resources are included in this export.

wls:/wls-domain/serverConfig> exportWSMAppMetadata("/tmp/applications.zip")

wls:/wls-domain/serverConfig> exportWSMAppMetadata("/tmp/applications.zip",["/WLS/base_domain/SalesApp%","WLS/base_domain/TradeApp%"])

wls:/wls-domain/serverConfig> exportWSMAppMetadata("/tmp/applications.zip",["/WLS/base_domain/SalesApp%","WLS/base_domain/TradeApp%"], true)

Note:

Use integer values 0 (false) or 1 (true) to pass Boolean types on wsadmin and ojbst because the Python version used by these scripting tools may not support Boolean types.

exportWSMRepository

Command Category: OWSM Repository Management

Use with WLST: Online/offline

Description

Exports a set of documents from the OWSM repository into a supported ZIP archive. If the specified archive already exists, the following options are presented:

The specified archive already exists. Update existing archive?
Enter "yes" to merge documents into existing archive, "no" to overwrite,
or "cancel" to cancel the operation.

You can also specify a list of the documents to be exported, or use a search expression to find specific documents in the repository.

Note:

Read only documents, such as predefined policies and assertion templates, will not be included in the export.

Syntax

exportWSMRepository(archive,[documents=None],[includeShared='false'], [raiseError='true|false'])
Argument Definition

archive

Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive.

During override, the original archive is backed up and a message describes the location of the backup archive.

documents=None

Optional. The documents to be exported to the archive. If no documents are specified, then only shared documents that include policies and policy sets will be exported. If this argument is specified as an empty string [''], then all shared documents that include policies and policy sets, application metadata and configuration documents will be exported. You can specify a list of documents to be exported, or use a search expression to find specific documents in the repository.

includeShared='false'

Optional. Specifies whether the shared documents (those that are specified as policy references within policy sets and wsm-assembly documents) should be included during export. Because read-only documents can not be exported, only custom or cloned shared policies will be included in the export.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following examples describe repository export sessions. The first example exports all OWSM documents to the policies.zip archive.

wls:/wls-domain/serverConfig>exportWSMRepository("/tmp/policies.zip")

This example exports only the MyPolicySet1, MyPolicySet2, and MyPolicySet3 policy sets to the policies.jar archive, and also expands all the policy references output during the export process.

wls:/wls-domain/serverConfig>exportWSMRepository("/tmp/policies.jar",
["/policysets/MyPolicySet1","/policysets/MyPolicySet2","/policysets/MyPolicySet3"], true)

This example exports policy sets using wildcards to the some_global_with_noreference_2 archive.

wls:/wls-domain/serverConfig>exportWSMRepository('./export/some_global_with_noreference_2',
['policysets:global/web_%','policysets:global/web_ref%', 'policysets:global/web_call%'], false)

importRepository

Note:

This command has been deprecated. It is recommended that you use the importWSMArchive command, as described in "importWSMArchive". The following examples show how to migrate to use the importWSMArchive command.

11g Release (for repository documents):

wls:/jrfServer_domain/serverConfig> importRepository ("/tmp/repo.zip")
 

12c Release (for repository documents):

wls:/jrfServer_domain/serverConfig> importWSMArchive ("/tmp/repo.zip")
 

Command Category: OWSM Repository Management

Use with WLST: Online

Description

Imports a set of documents from a supported ZIP archive into the OWSM repository. You can use the map argument to provide the location of a file that describes how to map physical information from the source environment to the target environment. For example, you can use the map file to ensure that the attachment expression in a policy set document is updated to match the target environment, such as Domain("foo")=Domain("bar").

Read only documents, such as predefined policies and assertion templates, will not be included in the import.

Syntax

importRepository(archive,[map=None],[generateMapFile='false'])
Argument Definition

archive

Path to the archive file that contains the list of documents to be imported. If a document being imported is a duplicate of the current version that already exists in the repository, then it will not be imported and a new version of the document is not created

map=None

Optional. Location of a sample map file that describes how to map physical information from the source environment to the target environment. You can generate a new map file by setting the generateMapFile argument to true.

If you specify a map file without setting the generateMapFile argument to true, and the file does not exist, the operation fails and an error is displayed.

generateMapFile=false

Optional. Specify whether to create a sample map file at the location specified by the map argument. No documents are imported when this argument is set to true. The default is false.

After the map file is created you can edit it using any text editor. The map file contains the document names given in the archive file and their corresponding attachTo values. The attachTo value can be updated to correspond to the new environment. If a mapping update is not required for a document name, that entry may be either deleted or commented out using the # character.

Note: When importing documents into the repository, OWSM validates the attachTo values only. If a value is invalid, then the policy set is disabled. Other text in the map file is not validated.

Example

The following examples describe repository import sessions.

The first example imports the contents of the policies.zip file into the repository.

wls:/wls-domain/serverConfig>importRepository("/tmp/policies.zip")

This example uses the generateMapFile argument to generate a map file.

wls:/wls-domain/serverConfig>importRepository("./export/some_global_with_noreference_2', map="./export/some_global_with_noreference_2_map', generateMapFile=true)

Here is an example of a generated map file:

This is an auto generated override file containing the document names given in 
the archive file and their corresponding attachTo values. The attachTo value can 
be updated according to the new environment details. If there is no update 
required for any document name,that entry may be either deleted or commented 
using the character ("#")

[Resource Scope Mappings
]
sca_component_add_1=Composite("*Async*")
sca_reference_add_1=Composite("*Basic_SOA_Client*")
sca_reference_no=Server("*")
sca_service_add_1=Composite("*Basic_SOA_service")
web_callback_add_1=Application("*")
web_client_add_1=Module("*")
web_reference_add_1=Domain("*")
web_service_add_1=Domain("*domain*") and Server("*soa*") and Application("*ADF*")
ws_service_no_1=Server("*Admin*")

This example illustrates how to import documents using a generated map file: /some_global_with_noreference_2_map.

wls:/wls-domain/serverConfig>importRepository('../export/export_all', 'export_all_map')

importWSMArchive

Command Category: OWSM Repository Management

Use with WLST: Online/offline

Description

Imports a set of documents from a supported ZIP archive into the OWSM repository. You can use the map argument to provide the location of a file that describes how to map physical information from the source environment to the target environment. For example, you can use the map file to ensure that the attachment expression in a policy set document is updated to match the target environment, such as Domain("foo")=Domain("bar").

Read only documents, such as predefined policies and assertion templates, will not be included in the import.

Syntax

importWSMArchive(archive,[map=None],[generateMapFile='false'], [raiseError='true|false'])
Argument Definition

archive

Name of the archive file.

map=None

Optional. Location of a sample map file that describes how to map physical information from the source environment to the target environment. You can generate a new map file by setting the generateMapFile argument to true.

If you specify a map file without setting the generateMapFile argument to true, and the file does not exist, the operation fails and an error is displayed.

generateMapFile=false

Optional. Specify whether to create a sample map file at the location specified by the map argument. No documents are imported when this argument is set to true. The default is false.

After the file is created you can edit it using any text editor. The attachTo values can be updated to correspond to the new environment. If a mapping update is not required for a document name, that entry may be either deleted or commented out using the # character.

Note: When importing documents into the repository, OWSM validates the attachTo values only. If a value is invalid, then the policy set is disabled. Other text in the map file is not validated.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

The following examples describe repository import sessions.

The first example imports the contents of the policies.zip file into the repository.

wls:/wls-domain/serverConfig>importWSMArchive("/tmp/policies.zip")

This example uses the generateMapFile argument to generate a map file.

wls:/wls-domain/serverConfig>importWSMArchive("./export/some_global_with_noreference_2', map="./export/some_global_with_noreference_2_map', generateMapFile=true)

Here is an example of a generated map file:

This is an auto generated override file containing the document names given in 
the archive file and their corresponding attachTo values. The attachTo value can 
be updated according to the new environment details. If there is no update 
required for any document name,that entry may be either deleted or commented 
using the character ("#")

[Resource Scope Mappings
]
sca_component_add_1=Composite("*Async*")
sca_reference_add_1=Composite("*Basic_SOA_Client*")
sca_reference_no=Server("*")
sca_service_add_1=Composite("*Basic_SOA_service")
web_callback_add_1=Application("*")
web_client_add_1=Module("*")
web_reference_add_1=Domain("*")
web_service_add_1=Domain("*domain*") and Server("*soa*") and Application("*ADF*")
ws_service_no_1=Server("*Admin*")

This example illustrates how to import documents using a generated map file: /some_global_with_noreference_2_map.

wls:/wls-domain/serverConfig>importWSMArchive('../export/export_all', 'export_all_map')

migrateWSMPMRoles

Command Category: OWSM Repository Management

Use with WLST: Online

Description

Migrates the custom roles and policies from the Plan.xml file to the wsm-pm.ear policy store. If the Plan.xml file is not used to override default security, then this command will not migrate the wsm-pm.ear policy store.

Syntax

migrateWSMPMRoles(domain, [raiseError='true|false'])
Arguments Description

domain

Absolute path to the domain home where the wsm-pm application is configured.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Example

In the following example, custom roles and policies are migrated from the Plan.xml file to the wsm-pm.ear policy store that resides in '/WLS/myDomain.

wls:/wls-domain/serverConfig> migrateWSMPMRoles('/WLS/myDomain')

migrateWSMAttachments

Command Category: OWSM Repository Management

Use with WLST: Online

Description

Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. You can specify whether to force the migration, prompt for confirmation before each migration, or simply list the migrations that would occur. A direct policy attachment is identical if its URI is the same as one provided by a global policy attachment, and if it does not have any scoped configuration overrides.

Note:

A direct attachment with an unscoped override will be migrated but an attachment with a scoped override will not. This is because after running the migrateAttachments() command, the enforcement of the policies on all subjects remains the same, even though some policies are globally attached.

Whether forced or prompted, the command lists each direct policy attachment that is migrated. This output will identify the policy subject that was modified, the URI of the identical policy reference, and the name of the global policy attachment document that duplicated the direct attachment.

Syntax

migrateWSMAttachments([mode='prompt'])
Argument Definition

mode

The action to be taken for each policy attachment that can be migrated. Valid options are:

  • force—Automatically migrate all identical policy attachments without prompting.

  • preview—List all policy attachments that can be migrated, but does not perform any migration.

  • prompt—Request user confirmation before migrating each policy attachment.

If no mode is specified, this argument defaults to prompt mode.

Examples

The following examples describe how to use the repository attachment migration modes.

wls:/wls-domain/serverConfig>migrateWSMAttachments()
wls:/wls-domain/serverConfig>migrateWSMAttachments('force')
wls:/wls-domain/serverConfig>migrateWSMAttachments('preview')
wls:/wls-domain/serverConfig>migrateWSMAttachments('prompt')

resetWSMPolicyRepository

Note:

This command has been deprecated. It is recommended that you use the resetWSMRepository command, as described in "resetWSMRepository". The following examples show how to migrate to use the resetWSMRepository command.

11g Release:

wls:/jrfServer_domain/serverConfig> resetWSMPolicyRepository()

12c Release:

wls:/jrfServer_domain/serverConfig> resetWSMRepository()

Command Category: OWSM Repository Management

Use with WLST: Online

Description

Deletes the existing policies stored in the OWSM repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software. You can use the clearStore argument to specify whether to delete all policies, including custom user policies, from the OWSM repository before loading the new predefined policies.

Syntax

resetWSMPolicyRepository([clearStore='false'])
Argument Definition

clearStore='false'

Policies to be deleted. Valid values are:

  • true—All policies in the repository, including custom user policies, are deleted.

  • false—Only the predefined policies supplied by Oracle are deleted. The default is false.

Example

The following example deletes all the policies in the repository, including user policies, and adds the predefined policies provided in the current product installation:

wls:/wls-domain/serverConfig>resetWSMPolicyRepository(true)

Note:

Use integer values 0 (false) or 1 (true) to pass Boolean types on wsadmin and ojbst because the Python version used by these scripting tools may not support Boolean types.

resetWSMRepository

Command Category: OWSM Repository Management

Use with WLST: Online/offline

Description

Deletes the existing policies stored in the repository and refresh it with the current set of predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. You can use the clearStore argument to specify whether to delete all policies, including custom user policies, from the repository before loading the new predefined policies.

Note:

These command also updates the version number of the predefined policies and assertion templates.

Syntax

resetWSMRepository([clearStore='false'])
Argument Definition

clearStore='false'

Policies to be deleted. Valid values are:

  • true—All policies in the repository, including custom user policies, are deleted. The repository is then recreated with the new set of predefined documents.

  • false—Only the predefined policies supplied by Oracle are deleted. Custom documents are not deleted when this option is used. The repository is then re-created with the new set of predefined documents. The default is false.

Examples

The following example deletes all the policies in the repository, including user policies, and adds the predefined policies provided in the current product installation:

wls:/wls-domain/serverConfig>resetWSMRepository(true)

upgradeWSMPolicyRepository

Note:

This command has been deprecated. It is recommended that you use the upgradeWSMRepository command, as described in "upgradeWSMRepository". The following examples show how to migrate to use the upgradeWSMRepository command.

11g Release:

wls:/jrfServer_domain/serverConfig> upgradeWSMPolicyRepository()

12c Release:

wls:/jrfServer_domain/serverConfig> upgradeWSMRepository()

Command Category: OWSM Repository Management

Use with WLST: Online

Description

Upgrades the OWSM predefined policies stored in the OWSM repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. If the repository is empty, all of the predefined policies included in the installation are loaded into the repository.

This command does not remove any existing predefined and user-defined custom policies in the repository. If a predefined policy has been modified or discontinued in a subsequent release, one of the following occurs:

  • For policies that have been discontinued, a message is displayed listing the discontinued policies. In this case, Oracle recommends that you no longer reference the policies and remove them using Oracle Enterprise Manager.

  • For policies that have changed in the subsequent release, a message is displayed listing the changed policies. Oracle recommends that you import the latest version of the policies using Oracle Enterprise Manager.

Syntax

upgradeWSMPolicyRepository()

Example

The following example upgrades the existing installation with policies provided in the latest release:

wls:/wls-domain/serverConfig>upgradeWSMPolicyRepository()

upgradeWSMRepository

Command Category: OWSM Repository Management

Use with WLST: Online/offline

Description

Upgrades the OWSM predefined policies stored in the repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. If the repository is empty, all of the predefined policies included in the installation are loaded into the repository.

This command does not remove any existing predefined and user-defined custom policies in the repository. If a predefined policy has been modified or discontinued in a subsequent release, one of the following occurs:

  • For policies that have been discontinued, a message is displayed listing the discontinued policies. In this case, Oracle recommends that you no longer reference the policies and remove them using Oracle Enterprise Manager.

  • For policies that have changed in the subsequent release, a message is displayed listing the changed policies. Oracle recommends that you import the latest version of the policies using Oracle Enterprise Manager.

Syntax

upgradeWSMRepository()

Examples

The following example upgrades the existing installation with policies provided in the latest release:

wls:/wls-domain/serverConfig>upgradeWSMRepository()

Token Issuer Trust Configuration Commands

Use the WLST commands listed in Table 3-12 to view and define trusted issuers, trusted distinguished name (DN) lists, token attribute rules for trusted DNs, and import, export, or revoke federation metadata.

When using WLST to create, modify, and delete token issuer trust documents, you must execute the commands in the context of a session. Each session applies to a single trust document only.

For additional information about using these commands, see "Configuring SAML Trusted Issuers, DN Lists, and Token Attribute Rules Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

Note:

The commands in this section apply to Oracle Infrastructure Web Services only.

To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage').

The help('wsmManage') now displays JWT trusted issuers as a supported token type.

Table 3-12 Web Services Token Issuer Trust Commands

Use this command... To... Use with WLST...

createWSMTokenIssuerTrustDocument

Create a new token issuer trust document using the name provided.

Online

deleteWSMTokenIssuerTrust

Delete the entry for the issuer, including the DN list in it.

Online

deleteWSMTokenIssuerTrustAttributeRule

Delete a token attribute rule associated with a trusted DN.

Online

deleteWSMTokenIssuerTrustDocument

Delete the token issuer trust document, specified by the name argument, from the repository.

Online

displayWSMTokenIssuerTrust

Display the names of the DN lists associated with a specified issuer.

Online

exportWSMTokenIssuerTrustMetadata

Export trusted issuers, associated DNs, and token attribute rules.

Online

importWSMTokenIssuerTrustMetadata

Import trusted issuers, associated DNs, and token attribute rules.

Online

listWSMTokenIssuerTrustDocuments

List the token issuer trust documents in the repository.

Online

revokeWSMTokenIssuerTrust

Remove trusted issuers, associated DNs, and token attribute rules.

Online

selectWSMTokenIssuerTrustDocument

Select the token issuer trust document, identified by the name argument, to be modified in the session.

Online

setWSMTokenIssuerTrust

Specify a trusted token issuer with a DN list.

Online

setWSMTokenIssuerTrustAttributeFilter

Add, delete, or update token attribute rules for a given token signing certificate DN.

Online

setWSMTokenIssuerTrustAttributeMapping

Set the mapping to map value of an attribute for a trusted DN to local user attribute value and the mapped user attribute.

Online

setWSMTokenIssuerTrustDisplayName

Set or reset the display name of the Token Issuer Trust document currently selected in the session.

Online

setWSMTokenIssuerTrustVirtualUser

Specify a trusted token issuer with a DN list for virtual user.

Online

deleteWSMTokenIssuerTrustVirtualUser

Delete a virtual user associated with a trusted DN from the token issuer trust document.

Online

setWSMTokenIssuerTrustVirtualUserRoleMapping

For any DN in the trusted DN list of a trusted token issuer, this command sets the mapping the roles for a virtual user.

Online

displayWSMTokenIssuerTrustAttributeRule

Display the mapping of the roles for a virtual user.

Online

importFederationMetadata

Import the signing certificate (federation metadata document) and configure WS-Trust for the Relying Party (RP-STS) in OWSM.

Online

exportFederationMetadata

Generates the signed or unsigned federation document for the Identity Provided STS (IP-STS) or Service Provider.

Online

revokeFederationMetadata

Removes the signing certificates from OWSM and the WS-Trust configuration from the federation metadata document.

Online

setWSMJWKTokenIssuerTrust Imports the JWK document from a trusted issuer and configures the trust in OWSM. Online
revokeWSMJWKTokenIssuerTrust It reverses the trust configuration done in setWSMJWKTokenIssuerTrust. It also removes any imported certificates. Online
enableWSMTokenIssuerTrustOneToken Enables or disables 1Paas - 1Token Trust for a given DN and/or Issuer. Online
enableWSMTokenIssuerTrust Enables or disables trusted issuer and key identifiers in the current Token Issuer Trust document. Online
setWSMTokenIssuerTrustProxy Configures proxy for a token issuer trust. Online
removeWSMTokenIssuerTrustProxy Removes the proxy configured for the token attribute rule identified by issuer and identifier. Online
displayWSMTokenIssuerTrustProxy Displays the proxy configured for the token attribute rule identified by issuer and identifier. Online
importWSMDiscoveryMetadata

Imports WSMDiscoveryMetadata from a trusted issuer and configures the trust in OWSM.

Online

revokeWSMDiscoveryMetadata

Removes the trust configuration done using importWSMDiscoveryMetadata. It also removes any imported certificates.

Online

addWSMTokenIssuerTrustRP

Adds or Deletes trusted relying party.

Online

displayWSMTokenIssuerTrustRP

Displays trusted relying party for a given type.

Online

createWSMTokenIssuerTrustDocument

Note:

This command applies to Oracle Infrastructure web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online/offline

Description

Within a session, creates a new token issuer trust document using the name provided.

You must start a session (beginWSMSession) before creating or modifying any token issuer trust documents. If there is no current session or there is already an existing modification process, an error is displayed.

Syntax

createWSMTokenIssuerTrustDocument(name, displayName, [raiseError='true|false'])
Arguments Definition

name

Name of the document to be created. An error is thrown if a name is not provided.

displayName

Optional. Display name for the document.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

In the following example, the trust document named tokenissuertrustWLSbase_domain is created, with a display name of wls_domain Trust Document. In the second example, no display name is provided.

wls:/wls-domain/serverConfig> createWSMTokenIssuerTrustDocument("tokenissuertrustWLSbase_domain","wls_domain Trust Document")
wls:/wls-domain/serverConfig> createWSMTokenIssuerTrustDocument("tokenissuertrustWLSbase_domain") 

See:

deleteWSMTokenIssuerTrust

Note:

This command applies to Oracle Infrastructure web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online/offline

Description

Within a session, deletes the list of all the trusted key identifiers matching the type (such as dns.hok, dns.sv, or dns.jwt) for the issuer specified. This issuer must exist in the token issuer trust document selected in the session for modification. If no trusted key identifiers exist, then the issuer itself is deleted.

You must start a session (beginWSMSession) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.

You cannot modify the default token issuer trust document.

Syntax

deleteWSMTokenIssuerTrust(type, issuer, [raiseError='true|false'])
Arguments Definition

type

Type of issuer to be deleted, such as dns.hok, dns.sv, or dns.jwt.

issuer

Name of the issuer whose trusted DN list will be deleted.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

In the following example, the issuer www.yourCompany.com and the DN list in the dns.sv trusted SAML sender vouches client list for the issuer are deleted:

wls:/wls-domain/serverConfig> deleteWSMTokenIssuerTrust('dns.sv', 'www.yourCompany.com') 

See:

deleteWSMTokenIssuerTrustAttributeRule

Note:

This command applies to Oracle Infrastructure web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online/offline

Description

Delete a token attribute rule associated with a trusted DN from the token issuer trust document.

You must start a session (beginWSMSession) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.

Syntax

deleteWSMTokenIssuerTrustAttributeRule(dn, [raiseError='true|false'])
Arguments Description

dn

The DN of the token signing certificate that identifies the rule to be deleted.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

In the following example, the token attribute rule associated with the 'CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US trusted DN is deleted.

wls:/wls-domain/serverConfig> deleteWSMTokenIssuerTrustAttributeRule('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US')

See:

deleteWSMTokenIssuerTrustDocument

Note:

This command applies to Oracle Infrastructure web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online/offline

Description

Deletes the token issuer trust document, specified by the name argument, from the repository. The default token issuer trust document cannot be deleted.

Syntax

deleteWSMTokenIssuerTrustDocument (name, [raiseError='true|false'])
Arguments Definition

name

Name of the token issuer trust document to be deleted.

raiseError

Optional. When set to true, it raises exception in case of known errors. When set to false, it returns a boolean false value in case of known errors. By default, it's set to true.

Examples

In the fol