14 Web Services Custom WLST Commands

This chapter provides detailed descriptions of custom WLST commands for Web services, including command syntax, arguments and command examples.

The following sections describe the WebLogic Scripting Tool (WLST) commands for Oracle Infrastructure Web services (which includes SOA composites, ADF Business Components, and WebCenter services) and Java EE Web services. You can use these commands to manage Web services from the command line.

Topics in this chapter include:

Section 14.1, "Overview of Web Services WLST Commands"
Section 14.2, "Web Service and Client Management Commands"
Section 14.3, "Policy Management Commands"
Section 14.4, "Policy Set Management Commands"
Section 14.5, "Oracle WSM Repository Management Commands"
Section 14.6, "Deployment Descriptor Migration Commands"
Section 14.7, "Token Issuer Trust Configuration Commands"
Section 14.8, "Diagnostic Commands"
Section 14.9, "JKS Keystore Configuration Commands"
Section 14.10, "OWSM Configuration Commands"
Section 14.11, "Upgrade OWSM Configuration Command"

For additional details about using these WLST commands for Web services, see the Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

Notes:

To use the Web Services custom WLST commands, you must invoke WLST from the Oracle Common home directory. See "Using Custom WLST Commands" in the Oracle Fusion Middleware Administrator's Guide.

To display the help for the Web service and client management, policy management, and deployment descriptor migration commands, connect to a running instance of the server and enter help('WebServices').

To display the help for the policy set management, Oracle WSM repository management, token issuer trust configuration, and diagnostic commands, connect to a running instance of the server and enter help('wsmManage').

14.1 Overview of Web Services WLST Commands

You can use the Web services WLST commands, in online mode, to:

Perform Web service configuration and Oracle WSM policy management tasks.
Manage the Oracle WSM Repository
Migrate post-deployment policy changes persisted in proprietary deployment descriptor (PDD) files for ADF Business Components and WebCenter services and propagate policy changes to all server instances in a domain.
Check the status of OWSM components.
View and define trusted issuers and DN lists for SAML signing certificates.

The Web services WLST commands manage deployed, active, and running Web services applications. They can be executed everywhere in WLST online mode, for example:

wls:/domain/serverConfig
wls:/domain/domainRuntime

The Web services WLST commands perform many of the same functions that you can complete using Fusion Middleware Control. When using the WLST commands to manage a Web service of an ADF or WebCenter application, you can apply the change only to a Web service deployed in an application on a specific server. If the application is deployed in a cluster or multi-server environment, you need to make the same change to each of the servers to which the application is deployed. Additionally, when you set or change an attached policy in ADF and WebCenter Web service and client applications, you must restart the application for the changes to take effect.

In contrast, if you are using the WLST commands to manage a SOA composite, you only need to issue the command once, and the change is propagated to all the server instances in the composite. When you set or change an attached policy in a SOA composite, you do not need to restart it. The SOA fabric runtime engine internally implements all of the policy management changes.

14.1.1 Specifying Application, Composite, and Service Names

The Web service WLST commands configure a Web service for a specific application. Therefore, the application path name has to uniquely identify the application and the server instance to which it is deployed.

Specifying a Web Service Application Name

To specify a Web service application in a WLST command, use the following format:

[/domain/server/]application[#version_number]

Parameters shown in brackets [] are optional. The following examples show the sample format for a Web service application name:

/soainfra/AdminServer/HelloWorld#1_0
/soainfra/server1/HelloWorld#1_0

If there is only one deployed instance of an application in a domain, you may omit the domain/server parameter, as shown in the following example:

HelloWorld#1_0

In all other instances, the domain/server parameter is required. If it is not specified and WLST finds more than one deployment of the same application on different servers in the domain, you are prompted to specify the domain and the server names.

Web Service client applications are deployed directly to WebLogic Server server instances. Each client application is managed separately. For example, if the application myapp is deployed to both the AdminServer and server1 instances in the domain mydomain, then you need to issue configuration commands to each of the servers using the appropriate application path name:

/mydomain/AdminServer/myapp#1_0
/mydomain/server1/myapp#1_0

Specifying a SOA Composite Name

When there are multiple SOA partition folders in a domain, you must specify the partition name and the composite name using the following format:

partition/composite[version]

The following example shows the sample format for a SOA composite application name:

default/myComposite[1.0]

If there is a single SOA server (non-clustered) and only one SOA partition folder in a domain, you may omit the partition parameter, as shown in the following example:

myComposite[1.0]

Specifying a Service Name

When there are multiple versions (namespaces) of a Web service name for Web Service and Web Service clients, you must specify the namespace and the service name using the following format:

{http://namespace/}serviceName

Note the following:

For Web service and client management commands, and policy management commands, you do not need to enter the namespace if there is only one service name qualified. If there are multiple versions of the service and you do not specify the namespace with the service name, an exception is thrown.
The namespace ({http://namespace/}) should not be included for a SOA composite.
For policy set management commands, both the namespace and service name are required for Web Service and Web Service Client (ws-service and ws-client) resource types.

For more information, see "Determining the Namespace for a Web Service" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

14.1.2 Web Services WLST Command Categories

Web services WLST commands are divided into the categories described in Table 14-1.

Table 14-1 Web Services WLST Command Categories

Command Category	Definition
Section 14.2, "Web Service and Client Management Commands"	View and manage Web services for the service and client.
Section 14.3, "Policy Management Commands"	View and manage directly-attached policies for the service and client.
Section 14.4, "Policy Set Management Commands"	View and manage globally-available policy sets within repository sessions.
Section 14.5, "Oracle WSM Repository Management Commands"	Manage the Oracle WSM repository with new predefined policies provided in the latest installation of the software, as well as import and export documents into and from the repository.
Section 14.6, "Deployment Descriptor Migration Commands"	Migrate proprietary deployment descriptors for scaling post-deployment policy configuration changes in a cluster or propagating the changes to all server instances of the application in the domain.
Section 14.7, "Web Services Token Issuer Trust Commands"	View and define trusted issuers, trusted DN lists, and token attribute rule filters for SAML signing certificates.
Section 14.8, "Diagnostic Commands"	Check the status of the WSM components that are required for proper functioning of the product.
Section 14.9, "JKS Keystore Configuration Commands"	View and manage JKS keystore credentials and certificates.
Section 14.10, "OWSM Configuration Commands"	View and to view and configure the OWSM domain.
Section 14.11, "Upgrade OWSM Configuration Command"	Upgrade the Oracle WSM configuration and policies from a previous release (11.1.1.1.0–11.1.1.6.0) to Release 11.1.1.9.0.

14.2 Web Service and Client Management Commands

Use the WLST commands listed in Table 14-2 to view and manage Web services for deployed, active, and running Web service applications.

Table 14-2 Web Service and Client Management WLST Commands

Use this command...	To...	Use with WLST...
listWebServices	List the Web service information for an application, composite, or domain.	Online
listWebServicePorts	List the Web service ports for a Web service application or SOA composite.	Online
listWebServiceConfiguration	List Web services and port configuration for an application or SOA composite.	Online
setWebServiceConfiguration	Set or change the Web service port configuration for a Web service application or SOA composite.	Online
listWebServiceClients	List Web service client information for an application, SOA composite, or domain.	Online
listWebServiceClientPorts	List Web service client ports information for an application or SOA composite.	Online
listWebServiceClientStubProperties	List Web service client port stub properties for an application or SOA composite.	Online
setWebServiceClientStubProperty	Set, change, or delete a single stub property of a Web service client port for an application or SOA composite.	Online
setWebServiceClientStubProperties	Configure the set of stub properties of a Web service client port for an application or SOA composite.	Online

14.2.1 listWebServices

Command Category: Web Service and Client Management

Use with WLST: Online

14.2.1.1 Description

Lists the Web service information for an application, SOA composite, or domain. If you don't specify a Web service application or a SOA composite, the command lists all services in all applications and composites for every server instance in the domain.

You can specify the amount of information to be displayed in the output using the detail argument. When specified, the output provides endpoint (port) and policy details for all applications and composites in the domain, the secure status of the endpoints, any configuration overrides and constraints, and if the endpoints have a valid configuration. A subject is considered secure if the policies attached to it (either directly or globally) enforce authentication, authorization, or message protection behaviors. Because you can specify the priority of a global or directly attached policy (using the reference.priority configuration override), the effective field indicates if the directly attached policies are in effect for the endpoint.

Note that to simplify endpoint management, all directly attached policies are shown in the output regardless of whether they are in effect. In contrast, only globally attached policies that are in effect for the endpoint are displayed. For more information, see "How the Effective Set of Policies is Calculated" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

The output is listed by each application deployed as shown in the following example:

/domain/server/application#version_number:
     moduleName=helloModule, moduleType=web, serviceName={http://namespace/}service 
/soainfra/AdminServer/soa-infra:
     compositeName=default/HelloWorld[1.0],  moduleType=soa, serviceName=service

Notes:

The listWebServices command output does not include details on SOA components, including policy attachments.

For applications assembled prior to PS5, the namespace is not displayed with the serviceName in the output.

14.2.1.2 Syntax

listWebServices (application,composite,[detail])

Argument Definition

Argument	Definition
`application`	Name and path of the application for which you want to list the Web services. For example, `/domain/server/application#version_number` If specified, all Web services in the application are listed.
`composite`	Name of the SOA composite for which you want to list the Web services. For example, `default/HelloWorld[1.0]` If specified, all Web services in the composite are listed.
`detail`	Optional. Specifies whether to list port and policy details for the Web service. Valid values are: `true`—Output includes details about the service, the port, and the policies. `false`—Output lists only the services. The default is `false`.

application

Name and path of the application for which you want to list the Web services. For example, /domain/server/application#version_number

If specified, all Web services in the application are listed.

composite

Name of the SOA composite for which you want to list the Web services. For example, default/HelloWorld[1.0]

If specified, all Web services in the composite are listed.

detail

Optional. Specifies whether to list port and policy details for the Web service.

Valid values are:

true—Output includes details about the service, the port, and the policies.
false—Output lists only the services. The default is false.

14.2.1.3 Examples

The following example for an Oracle Infrastructure Web service lists all the Web services in all applications and composites in the domain. Sample output is shown in this example.

wls:/soainfra/serverConfig> listWebServices()
/soainfra/AdminServer/soa-infra :
     compositeName=default/HelloWorld[1.0], moduleType=soa, serviceName=service
     compositeName=default/Project1[1.0], moduleType=soa, serviceName=bpelprocess1_client_ep 
 
/soainfra/AdminServer/HelloWorld#1_0 :
     moduleName=j2wbasicPolicy, moduleType=web, serviceName=WssUsernameService

The following example for an Oracle Infrastructure Web service sets the detail argument to true. Sample output is shown in this example. Note that the directly attached policy is not in effect for the endpoint TestPort in the application jaxws-sut.

wls:/jrfServer_domain/serverConfig> listWebServices(detail='true')
 
/jrfServer_domain/jrfServer_admin/jaxws-sut-no-policy :
        moduleName=jaxws-service, moduleType=web, serviceName={http://namespace/}TestService
        enableTestPage: true
        enableWSDL: true
 
                TestPort        http://host.example.com:9315/jaxws-service/TestService
                enable: true
                enableREST: false
                enableSOAP: true
                maxRequestSize: -1
                loggingLevel: NULL
                wsat.flowOption: NEVER
                wsat.version: DEFAULT
                Constraint: No Constraint
                        (global) security : oracle/wss_saml_or_username_token_service_policy, enabled=true
                                /policysets/global/all-domains-default-web-service-policies : Domain("*")
                                        reference.priority=1
                Constraint: HTTPHeader('VIRTUAL_HOST_TYPE','external')
                        (global) security : oracle/wss10_message_protection_service_policy, enabled=true
                                /policysets/global/domainExternal : Domain("*")
                Attached policy or policies are valid; endpoint is secure.
 
/jrfServer_domain/jrfServer_admin/jaxws-sut :
        moduleName=jaxws-sut-service, moduleType=web, serviceName={http://namespace/}TestService
        enableTestPage: true
        enableWSDL: true
 
                TestPort        http://host.example.com:9315/jaxws-sut-service/TestService
                enable: true
                enableREST: false
                enableSOAP: true
                maxRequestSize: -1
                loggingLevel: NULL
                wsat.flowOption: NEVER
                wsat.version: DEFAULT
                management : oracle/log_policy, enabled=true
                security : oracle/wss_username_token_service_policy , enabled=true , effective=false
                Constraint: No Constraint
                        (global) security : oracle/wss_saml_or_username_token_service_policy, enabled=true
                                /policysets/global/all-domains-default-web-service-policies : Domain("*")
                                        reference.priority=1
                Constraint: HTTPHeader('VIRTUAL_HOST_TYPE','external')
                        (global) security : oracle/wss10_message_protection_service_policy, enabled=true
                                /policysets/global/domainExternal : Domain("*")
                Attached policy or policies are valid; endpoint is secure.

The following example for a Java EE Web service sets the detail argument to true. Sample output is shown in this example. The output lists all the Web services in all applications and composites in the domain.

/wls-domain/AdminServer/hellows :
        moduleName=hellows#1!HelloWSService, moduleType=wls, serviceName=HelloWSService
                HelloWSPort
                No policies attached; endpoint is not secure.

14.2.2 listWebServicePorts

Command Category: Web Service and Client Management

Use with WLST: Online

14.2.2.1 Description

List the Web service port names and the endpoint URLs for a Web service application or SOA composite.

The output will display the port name and endpoint URL of the Web service port. For example:

JRFWssUsernamePort         http://localhost:7001/j2wbasicPolicy/WssUsername

14.2.2.2 Syntax

listWebServicePorts(application,moduleOrCompName,moduleType,serviceName)

Argument	Definition
`application`	Name and path of the application for which you want to list the Web services port information. For example, `/domain/server/application#version_number` To list the port information for an application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to list the Web services port information. To list the port information for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services.
`serviceName`	Name of the Web service in the application or SOA composite for which you want to list the port information. For example, {`http://namespace/}serviceName`. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.

14.2.2.3 Example

The following example lists the Web service ports and endpoint URLs for the j2wbasicPolicy service in the soainfra/AdminServer/HelloWorld#1_0 application. Note that the WssUsernameService module name is specified, and the moduleType is set to web.

wls:/soainfra/serverConfig> listWebServicePorts
( '/soainfra/AdminServer/HelloWorld#1_0',
'WssUsernameService','web','{http://namespace/}j2wbasicPolicy')

JRFWssUsernamePort      http://localhost:7001/j2wbasicPolicy/WssUsername

The following example lists the Web service ports and endpoint URLs for the Java EE Web service helloWorldJaxws in the wls-domain/AdminServer/helloWorldJaxws application. Note that the moduleType is set to wls.

wls:/wls-domain/serverConfig> listWebServicePorts ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws')

helloWorldJaxwsSoapHttpPort

14.2.3 listWebServiceConfiguration

Notes:

This command applies to Oracle Infrastructure Web services only.

This command is deprecated and will be removed in a future release.

Command Category: Web Service and Client Management

Use with WLST: Online

14.2.3.1 Description

List the Web service port configuration for a Web service application or SOA composite.

The output will display the configuration information for the Web service port. For example:

enableREST: false
maxRequestSize: -1

14.2.3.2 Syntax

listWebServiceConfiguration(application,moduleOrCompName,moduleType,serviceName,
[subjectName])

Argument	Definition
`application`	Name and path of the application for which you want to list the Web services port configuration. For example, `/domain/server/application#version_number` To list the port configuration for a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to list the Web services port configuration. To list the port configuration for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB).
`serviceName`	Name of the Web service in the application or SOA composite for which you want to list the port configuration. For example, {`http://namespace/}serviceName`. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.
`subjectName`	Optional. Policy subject, port, or operation for which you want to list configuration information.

14.2.3.3 Example

The following example lists the Web service and port configuration information for the application HelloWorld#1_0 for the server soa1 in the domain soainfra. In this example, the Web module name is j2wbasicPolicy, the service name is WssUsernameService, and the subject is a port named JRFWssUsernamePort.

wls:/wls-domain/serverConfig>listWebServiceConfiguration
('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort')

14.2.4 setWebServiceConfiguration

Note:

This command applies to Oracle Infrastructure Web services only.

This command is deprecated and will be removed in a future release.

Command Category: Web Service and Client Management

Use with WLST: Online

14.2.4.1 Description

Set or change the Web service port configuration for a Web service application or SOA composite.

Additional information about using this command is provided in "Configuring the Web Service Endpoint" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

14.2.4.2 Syntax

setWebServiceConfiguration(application,moduleOrCompName,moduleType,serviceName,
subjectName,itemProperties)

Argument	Definition
`application`	Name and path of the application for which you want to set or change the Web services port configuration. For example, `/domain/server/application#version_number` To set or change the port configuration for a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to set or change the Web services port configuration. To set or change the port configuration for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB).
`serviceName`	Name of the Web service in the application or SOA composite for which you want to set or change the port configuration. For example, {http://namespace/}serviceName. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.
`subjectName`	Policy subject, port or operation name for which you want to set or change the configuration information.
`itemProperties`	Configurable properties that you can set or change. Specify the properties using the following format: `("name","value")` Valid port configuration name and value pairs are as follows: `enable`—`true` or `false`. Default is `true`. `enableTestPage`—`true` or `false`. Default is `true`. `enableWSDL`—`true` or `false`. Default is `true`. `enableREST`—`true` or `false`. Default is `false`. `maxRequestSize`—long integer, `-1` for values not set. The default is `-1`. `loggingLevel`—`NULL`, `FINEST...SEVERE` (java.util.logging.Level). The default is `NULL`. `wsat.flowOption`—Atomic transaction flow option. Valid values are: `NEVER`—Do not export transaction coordination context. (This is the default.), `SUPPORTS`—Export transaction coordination context if transaction is available, `MANDATORY`—Export transaction coordination context. An exception is thrown if there is no active transaction. This property is valid for SOA services only. `wsat.version`—Atomic transaction version. Valid values are: `WSAT10`, `WSAT11`,`WSAT12`, and `DEFAULT`. This property is valid for SOA services only. For additional information about the atomic transaction properties, see "Configuring Web Services Atomic Transactions" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services. Note: If any configuration item contains an unrecognized property name or invalid value, this set command is rejected and an error message is displayed.

14.2.4.3 Example

The following example enables the port JRFWssUsernamePort for the service WssUsernameService in the Web module j2wbasicPolicy. The service is in the application HelloWorld#1_0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>setWebServiceConfiguration
('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort',[("enable", "true")])

14.2.5 listWebServiceClients

Command Category: Web Service and Client Management

Use with WLST: Online

14.2.5.1 Description

List Web service clients information for an application, SOA composite, or domain. If neither an application nor a composite is specified, the command lists information about all Web service clients in all applications and composites for every server instance in the domain.

You can specify the amount of information to be displayed in the output using the detail argument. When specified, the output provides endpoint (port) and policy details for clients in the domain, the secure status of the endpoints, any configuration overrides and constraints, and if the endpoints have a valid configuration. A subject is considered secure if the policies attached to it (either directly or globally) enforce authentication, authorization, or message protection behaviors. Because you can specify the priority of a global or directly attached policy (using the reference.priority configuration override), the effective field indicates if the directly attached policies are in effect for the endpoint.

The output is listed by each application deployed as shown in the following examples:

This example shows the output of an unsecured endpoint:

/soa_domain/soa_server1/soa-infra :        compositeName=default/Basic_SOA_Client[1.0], moduleType=soa, serviceRefName=Service1
                Basic_soa_service_pt    serviceWSDLURI=http://host.example.com:38001/soa-infra/services/default/Basic_SOA_service/Basic_soa_service.wsdl
                oracle.webservices.contentTransferEncoding=base64
                oracle.webservices.charsetEncoding=UTF-8
                oracle.webservices.operationStyleProperty=document
                wsat.flowOption=WSDLDriven
                oracle.webservices.soapVersion=soap1.1
                oracle.webservices.chunkSize=4096
                oracle.webservices.session.maintain=false
                oracle.webservices.preemptiveBasicAuth=false
                oracle.webservices.encodingStyleProperty=http://schemas.xmlsoap.org/soap/encoding/
                oracle.webservices.donotChunk=true
                No attached policies found; endpoint is not secure.

This example shows the output for secured endpoints:

/soa_domain/soa_server1/AsynchronizedBC_asyncbc :        moduleName=Asychronized-AsynchronizedBC-context-root, moduleType=web, serviceRefName=callback
                owsm.qa.server.serviceinterface.AppModule_asyncServiceImpl/_oracleAsyncResponseClient
              Constraint: No Constraint
                (global) security : oracle/wss_username_token_client_policy, enabled=true
                        /policysets/global/web_callback_add_1 : Module("*")
                Attached policy or policies are valid; endpoint is secure.

 /soa_domain/soa_server1/ADF_DC_4 :        moduleName=wsdl, moduleType=wsconn, serviceRefName=TestService
                TestPort        serviceWSDLURI=http://host.example.com:12345/jaxws-sut-service/TestService?wsdl
                security : oracle/wss_username_token_client_policy, enabled=true, effective=false
              Constraint: No Constraint
                (global) security : oracle/wss11_username_token_with_message_protection_client_policy, enabled=true
                        /policysets/global/PolicySet-Testport : port('TestPort')                        reference.priority=1
                Attached policy or policies are valid; endpoint is secure.

                                /soa_domain/AdminServer/adf_dc_to_bc :        moduleName=ADF_BC, moduleType=wsconn, serviceRefName=AppModuleService
                AppModuleServiceSoapHttpPort    serviceWSDLURI=http://host.example.com:12345/ADF_BC-ADF_BC-context-root/AppModuleService?wsdl
              Constraint: No Constraint
                (global) security : oracle/wss11_username_token_with_message_protection_client_policy, enabled=true
                        /policysets/global/web_reference_add_1 : Domain("soa_domain")
                Attached policy or policies are valid; endpoint is secure.

14.2.5.2 Syntax

listWebServiceClients(application,composite,[detail])

Argument Definition

Argument	Definition
`application`	Name and path of the application for which you want to list the Web service clients. For example, `/domain/server/application#version_number` If specified, all Web services clients in the application are listed.
`composite`	Name of the SOA composite for which you want to list the Web service clients. For example, `default/HelloWorld[1.0]` If specified, all Web service clients in the composite are listed.
`detail`	Optional. Specifies whether to list port and policy details for the Web service clients. Valid values are: `true`—Output includes details about the clients, ports, policies, and whether the endpoint is secure or not. `false`—Output lists only the clients. The default is false.

application

Name and path of the application for which you want to list the Web service clients. For example, /domain/server/application#version_number

If specified, all Web services clients in the application are listed.

composite

Name of the SOA composite for which you want to list the Web service clients. For example, default/HelloWorld[1.0]

If specified, all Web service clients in the composite are listed.

detail

Optional. Specifies whether to list port and policy details for the Web service clients.

Valid values are:

true—Output includes details about the clients, ports, policies, and whether the endpoint is secure or not.
false—Output lists only the clients. The default is false.

14.2.5.3 Examples

The following example lists information for all Web service clients in the domain.

wls:/wls-domain/serverConfig>listWebServiceClients()

The following example lists the Web service clients for the application jwsclient_1#1.10 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>listWebServiceClients('soainfra/soa1/jwsclient_1#1.10')

The following example lists the Web service clients for the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>listWebServiceClients(None,'default/HelloWorld[1.0]')

The following example lists details for all of the Web service clients in the domain.

wls:/wls-domain/serverConfig>listWebServiceClients(None,None,true)

14.2.6 listWebServiceClientPorts

Command Category: Web Service and Client Management

Use with WLST: Online

14.2.6.1 Description

List the Web service port names and the endpoint URLs for Web service clients in an application or SOA composite.

The output will display the name of the Web service client/reference port. For example:

AppModuleServiceSoapHttpPort

14.2.6.2 Syntax

listWebServiceClientPorts(application,moduleOrCompName,moduleType,serviceRefName)

Argument	Definition
`application`	Name and path of the application for which you want to list the Web services port information. For example, `/domain/server/application#version_number` To list the client port information for an application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to list the Web service client port information. To list the client port information for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services. `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	Service reference name of the application or SOA composite for which you want to list the Web service client port information. When the client is an asynchronous Web service callback client, the `serviceRefName` argument must be set to `callback`.

14.2.6.3 Examples

The following example lists the client ports for the WssUsernameClient Web module in the /soainfra/soa1/jwsclient_1#1.1.0 application. Note that the moduleType is set to wsconn, and the serviceRefName is set to WssUsernameClient.

wls:/soainfra/serverConfig> listWebServiceClientPorts
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient')

The following example lists the client ports in the default/HelloWorld[1.0] SOA composite. Note that the moduleType is set to soa, and the serviceRefName is set to client.

wls:/soainfra/serverConfig> listWebServiceClientPorts(None, 'default/HelloWorld[1.0]','soa','client')

14.2.7 listWebServiceClientStubProperties

Note:

This command applies to Oracle Infrastructure Web service clients only.

Command Category: Web Service and Client Management

Use with WLST: Online

14.2.7.1 Description

List Web service client port stub properties for an application or SOA composite.

14.2.7.2 Syntax

listWebServiceClientStubProperties(application, moduleOrCompName, moduleType, 
serviceRefName, portInfoName)

Argument	Definition
`application`	Name and path of the application for which you want to list the Web services client port stub properties. For example, `/domain/server/application#version_number` To list the client port stub properties information for an application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to list the Web services client port stub properties. To list the client port stub properties information for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	Service reference name of the application or SOA composite for which you want to list the Web service client port stub properties.
`portInfoName`	The name of the client port for which you want to list the stub properties.

14.2.7.3 Example

The following example lists the client port stub properties for the JRFWssUsernamePort port of the WssUsernameClient Web module in the /soainfra/soa1/jwsclient_1#1.1.0 application. Note that the moduleType is set to wsconn, and the serviceRefName is set to WssUsernameClient.

wls:/soainfra/serverConfig>listWebServiceClientStubProperties
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort')

14.2.8 setWebServiceClientStubProperty

Note:

This command applies to Oracle Infrastructure Web service clients only.

Command Category: Web Service and Client Management

Use with WLST: Online

14.2.8.1 Description

Set, change, or delete a single stub property of a Web service client port for an application or SOA composite.

14.2.8.2 Syntax

setWebServiceClientStubProperty(application, moduleOrCompName, moduleType, 
serviceRefName,portInfoName,propName,[propValue])

Argument	Definition
`application`	Name and path of the application for which you want to set the Web services client port stub property. For example, `/domain/server/application#version_number` To set a client port stub property for an application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to set the Web services client port stub property. To set a client port stub property for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	Service reference name of the application or SOA composite for which you want to set the Web service client port stub property.
`portInfoName`	The name of the client port for which you want to set the stub property.
`propName`	Stub property name that you want to set, change, or delete. For example, `'keystore.recipient.alias'`.
`propValue`	Optional. The stub property value, for example `'orakey'`. To remove the property, specify a blank `""` value.

14.2.8.3 Example

The following example sets the client port stub property keystore.recipient.alias to the value oracle for the client port JRFWssUsernamePort. The port is a client port of the WssUsernameClient Web module in the /soainfra/soa1/jwsclient_1#1.1.0 application. Note that the moduleType is set to wsconn, and the serviceRefName is set to WssUsernameClient.

wls:/soainfra/serverConfig>setWebServiceClientStubProperty
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort','keystore.recipient.alias','oracle')

14.2.9 setWebServiceClientStubProperties

Note:

This command applies to Oracle Infrastructure Web service clients only.

Command Category: Web Service and Client Management

Use with WLST: Online

14.2.9.1 Description

Configure the set of stub properties of a Web service client port for an application or SOA composite.

This command configures or resets all of the stub properties for the Oracle WSM client security policy attached to the client. Each property that you list in the command is set to the value you specify. If a property that was previously set is not explicitly specified in this command, it is reset to the default for the property. If no default exists, the property is removed.

14.2.9.2 Syntax

setWebServiceClientStubProperties(application, moduleOrCompName, moduleType, 
serviceRefName, portInfoName, properties)

Argument	Definition
`application`	Name and path of the application for which you want to reset the Web services client port stub properties. For example, `/domain/server/application#version_number` To configure or reset the client port stub properties for an application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to reset the Web services client port stub properties. To configure or reset client port stub properties for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	Service reference name of the application or SOA composite for which you want to reset the Web service client port stub properties.
`portInfoName`	The name of the client port for which you want to reset the stub properties.
`properties`	The list of properties to be set or changed. Properties must be specified using the following format: `("property","value")` For example: `[("keystore.recipient.alias","oracle"), ("csf-key","oracle")]` To remove a property or clear the value assigned to it, specify a blank `""` value. For example: `[("csf-key","")]` To remove all the properties of the client port, set this argument to `None`. Sample client port stub properties are as follows: `oracle.webservices.auth.username` `oracle.webservices.auth.password` `keystore.recipient.alias` `csf-key` `saml.issuer.name` `javax.xml.ws.session.maintain` `wsat.Version` —SOA references only `wsat.flowOption`—SOA references only For a complete list of the configurable properties, see "Configuring the Web Service Client" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

14.2.9.3 Example

The following example resets the client port stub properties wsat.flowOption and wsat.Version to SUPPORTS and DEFAULT, respectively. Any other properties that were previously set for this client port are either reset to the default or removed. The client port is JRFWssUsernamePort of the WssUsernameClient Web module in the /soainfra/soa1/jwsclient_1#1.1.0 application. Note that the moduleType is set to wsconn, and the serviceRefName is set to WssUsernameClient.

wls:/soainfra/serverConfig>setWebServiceClientStubProperties('/soainfra/soa1/jwsclient_1#1.1.0',
'WssUsernameClient','wsconn','WssUsernameClient','JRFWssUsernamePort',
[("wsat.flowOption","SUPPORTS"),("wsat.Version","DEFAULT")] )

14.3 Policy Management Commands

Use the WLST commands listed in Table 14-3 to directly attach Oracle WSM Web service and client policies to application ports or SOA composites.

When you set or change an attached policy in ADF and WebCenter Web service and client applications, you must restart the application for the changes to take effect. After the policy change is completed, a reminder message is displayed prompting you to restart the application. You can stop and restart the application using the standard stopApplication and startApplication WLST commands. For more information about these commands, see "Deployment Commands".

Table 14-3 Web Services WLST Directly-attached Policy Management Commands

Use this command...	To...	Use with WLST...
listAvailableWebServicePolicies	Display a list of all the available Oracle Web Services Manager (WSM) policies by category or subject type.	Online
listWebServicePolicies	List Web service port policy information for a Web service in an application or SOA composite.	Online
attachWebServicePolicy	Attach a policy to a Web service port of an application or SOA composite.	Online
attachWebServicePolicies	Attach multiple policies to a Web service port of an application or SOA composite.	Online
enableWebServicePolicy	Enable or disable a policy attached to a port of a Web service application or SOA composite.	Online
enableWebServicePolicies	Enable or disable multiple policies attached to a port of a Web service application or SOA composite.	Online
detachWebServicePolicy	Detach an Oracle WSM policy from a Web service port of an application or SOA composite.	Online
detachWebServicePolicies	Detach multiple Oracle WSM policies from a Web service port of an application or SOA composite.	Online
listWebServiceClientPolicies	List Web service client port policies information for an application or SOA composite.	Online
attachWebServiceClientPolicy	Attach an Oracle WSM policy to a Web service client port of an application or SOA composite.	Online
attachWebServiceClientPolicies	Attach multiple policies to a Web service client port of an application or SOA composite.	Online
enableWebServiceClientPolicy	Enable or disable a policy of a Web service client port of an application or SOA composite.	Online
enableWebServiceClientPolicies	Enable or disable multiple policies of a Web service client port of an application or SOA composite.	Online
detachWebServiceClientPolicy	Detach a policy from a Web service client port of an application or SOA composite.	Online
detachWebServiceClientPolicies	Detach multiple policies from a Web service client port of an application or SOA composite.	Online
setWebServicePolicyOverride	Configure the Web service port policy override properties of an application or SOA composite.	Online

14.3.1 listAvailableWebServicePolicies

Command Category: Policy Management

Use with WLST: Online

14.3.1.1 Description

Display a list of all the available Oracle Web Services Manager (WSM) policies by category or subject type.

14.3.1.2 Syntax

listAvailableWebServicePolicies([category],[subject])

Argument	Definition
`category`	Optional. The policy category, for example: `'security'` , `'management'`.
`subject`	Optional. The policy subject type, for example: `'server'` or `'client'.`

14.3.1.3 Example

The following example lists all the available Oracle WSM server security policies in the domain.

wls:/wls-domain/serverConfig>listAvailableWebServicePolicies('security','server')

14.3.2 listWebServicePolicies

Command Category: Policy Management

Use with WLST: Online

14.3.2.1 Description

List Web service port policy information for a Web service in an application or SOA composite.

The output will display the Web service port name, the OWSM policies it has attached to it, and if applicable, any policy override properties. For example:

HelloWorldPort:
security : oracle/wss_username_token_service_policy , enabled=true

14.3.2.2 Syntax

listWebServicePolicies(application,moduleOrCompName,moduleType,serviceName,subjectName)

Argument	Definition
`application`	Name and path of the application for which you want to list the Web services port policy information. For example, `/domain/server/application#version_number` To list the port policy information for a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to list the Web services port policy information. To list the port policy information for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services.
`serviceName`	Name of the Web service in the application or SOA composite for which you want to list the port policy information. For example, {http://namespace/}serviceName. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.
`subjectName`	Policy subject, port, or operation name.

14.3.2.3 Examples

The following example lists the Web service port policy information for the application HelloWorld#1_0 for the server soa1 in the domain soainfra. In this example, the Web module name is j2wbasicPolicy, the service name is WssUsernameService, and the subject is a port named JRFWssUsernamePort.

wls:/wls-domain/serverConfig>listWebServicePolicies ('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService', 'JRFWssUsernamePort')

The following example lists the port policy information for the SOA composite default/HelloWorld[1.0]. Note that the moduleType is set to SOA, the service name is HelloService, and the subject is a port named HelloWorld_pt.

wls:/wls-domain/serverConfig>listWebServicePolicies (None, 'default/HelloWorld[1.0]', 'soa', 'HelloService', 'HelloWorld_pt')

14.3.3 attachWebServicePolicy

Command Category: Policy Management

Use with WLST: Online

14.3.3.1 Description

Attach a policy to a Web service port of an application or SOA composite.

The policyURI is validated through the Oracle WSM Policy Manager APIs if the wsm-pm application is installed on WebLogic Server and is available. If the PolicyURI that you specify in this command already is attached or exists, then this command enables the policy if it is disabled.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

Policy changes made using this WLST command are only effective after you restart your application. For ADF and WebCenter applications, a message is displayed to remind you to restart your application.

14.3.3.2 Syntax

attachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURI, [subjectType=None])

Argument	Definition
`application`	Name and path of the application to which you want to attach a Web service policy. For example, `/domain/server/application#version_number` To attach a policy to a port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) to which you want to attach a Web service policy. To attach a policy to a port of a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services.
`serviceName`	Name of the Web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.
`subjectName`	Name of the policy subject, port, or operation.
`policyURI`	Oracle WSM policy name URI, for example `'oracle/log_policy'`
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.3.3 Examples

The following example attaches the policy oracle/wss_username_token_service_policy to the port JRFWssUsernamePort of the Web module WssUsernameService. The Web service is part of the application HelloWorld#1_0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>attachWebServicePolicy
('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort','oracle/wss_username_token_service_policy')

The following example attaches the policy oracle/log_policy to the port HelloWorld_pt of the service HelloService in the SOA composite default/HelloWorld[1.0]. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

wls:/wls-domain/serverConfig>attachWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy')

The following example attaches the policy oracle/wss_username_token_service_policy to the port helloWorldJaxwsSoapHttpPort of the Java EE Web service helloWorldJaxws.

wls:wls-domain/serverConfig>attachWebServicePolicy ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy')

A Web service cannot contain both a WebLogic Web service policy and an Oracle Web service policy. If you have a Web service with a WebLogic Web service policy, you must first detach it before attaching the Oracle Web service policy. The following example detaches the WebLogic Web service policy Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml from the port SimplePort in the Java EE Web service SimpleEjbService and attaches the Oracle Web service policy oracle/wss_username_token_service_policy.

wls:wls-domain/serverConfig>detachWebServicePolicy('/wls-domain/AdminServer/SimpleJAXWS','SimpleJAXWS#1!SimpleEjbService', 'wls','SimpleEjbService', 'SimplePort','policy:Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml')
 
wls:wls-domain/serverConfig>attachWebServicePolicy('/wls-domain/AdminServer/SimpleJAXWS','SimpleJAXWS#1!SimpleEjbService', 'wls','SimpleEjbService', 'SimplePort', 'oracle/wss_username_token_service_policy')

Note:

The detachWebServicePolicy WLST command allows you to detach WebLogic Web service policies from a Web service. However, you cannot use the attachWebServicePolicy WLST command to attach WebLogic Web service policies. To attach WebLogic Web service policies to a Web service, you must use the WebLogic Administration Console.

14.3.4 attachWebServicePolicies

Command Category: Policy Management

Use with WLST: Online

14.3.4.1 Description

Attach multiple policies to a Web service port of an application or SOA composite.

The policyURIs are validated through the Oracle WSM Policy Manager APIs if the wsm-pm application is installed on WebLogic Server and is available. If any of the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

14.3.4.2 Syntax

attachWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURIs, [subjectType=None])

Argument	Definition
`application`	Name and path of the application to which you want to attach the Web service policies. For example, `/domain/server/application#version_number` To attach the policies to a port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) to which you want to attach Web service policies. To attach the policies to a port of a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services.
`serviceName`	Name of the Web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.
`subjectName`	Name of the policy subject, port, or operation.
`policyURIs`	List of Oracle WSM policy name URIs, for example `["oracle/log_policy","oracle/wss_username_token_service_policy"]` If any of the policies that you specify are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.4.3 Example

The following example attaches the policies "oracle/log_policy", "oracle/wss_username_token_service_policy" to the port JRFWssUsernamePort of the Web module WssUsernameService. The Web service is part of the application HelloWorld#1_0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>attachWebServicePolicies
('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort',
["oracle/log_policy", "oracle/wss_username_token_service_policy"])

The following example attaches the policies "oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy" to the port helloWorldJaxwsSoapHttpPort of the Web module helloWorldJaxws. The Java EE Web service is part of the application helloWorldJaxws for the server AdminServer in the domain wls-domain.

 wls:wls-domain/ServerConfig>attachWebServicePolicies 
('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws',  
'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', ["oracle/binding_authorization_denyall_policy", 
"oracle/wss_username_token_service_policy"])

14.3.5 enableWebServicePolicy

Command Category: Policy Management

Use with WLST: Online

14.3.5.1 Description

Enable or disable a policy attached to a port of a Web service application or SOA composite.

If the policy that you specify in this command is not attached to the port, an error message is displayed and/or an exception is thrown.

Note:

14.3.5.2 Syntax

enableWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURI, [enable], [subjectType=None] ))

Argument	Definition
`application`	Name and path of the application for which you want to enable a Web service policy. For example, `/domain/server/application#version_number` To enable a policy that is attached to a port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to enable a Web service policy. To enable a policy that is attached to a port of a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services.
`serviceName`	Name of the Web service in the application or SOA composite. For example, {http://namespace/}serviceName
`subjectName`	Name of the policy subject, port, or operation.
`policyURI`	Oracle WSM policy name URI, for example `'oracle/log_policy'` If the policy that you specify is not attached, an error message is displayed and/or an exception is thrown.
`enable`	Optional. Specifies whether to enable or disable the policy. Valid options are: `true`—Enables the policy. The default is `true`. `false`—Disables the policy. If you omit this argument, the policy is enabled.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.5.3 Examples

The following example enables the policy oracle/wss_username_token_service_policy attached to the port JRFWssUsernamePort of the Web module WssUsernameService. The Web service is part of the application HelloWorld#1_0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>enableWebServicePolicy
('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort',"oracle/wss_username_token_service_policy",true)

The following example enables the policy oracle/log_policy attached to the port HelloWorld_pt for the service HelloService in the SOA composite default/HelloWorld[1.0]. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

wls:/wls-domain/serverConfig>enableWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy')

The following example disables the policy oracle/log_policy attached to the port HelloWorld_pt for the service HelloService in the SOA composite default/HelloWorld[1.0]. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

wls:/wls-domain/serverConfig>enableWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy',false)

The following example disables the policy oracle/wss_username_token_service_policy attached to the port helloWorldJaxwsSoapHttpPort for the service helloWorldJaxws in the Java EE Web service wls-domain/AdminServer/helloWorldJaxws

wls:/wls-domain/domainRuntime> enableWebServicePolicy 
('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws',  
'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy', false)

14.3.6 enableWebServicePolicies

Command Category: Policy Management

Use with WLST: Online

14.3.6.1 Description

Enable or disable multiple policies attached to a port of a Web service application or SOA composite.

If the policyURIs that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.

Note:

14.3.6.2 Syntax

enableWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURIs,[enable],[subjectType=None] ))

Argument	Definition
`application`	Name and path of the application for which you want to enable the Web service policies. For example, `/domain/server/application#version_number` To enable policies that are attached to a port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to enable Web service policies. To enable policies that are attached to a port of a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services.
`serviceName`	Name of the Web service in the application or SOA composite.For example, {http://namespace/}serviceName. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.
`subjectName`	Name of the policy subject, port, or operation.
`policyURIs`	List of Oracle WSM policy name URIs, for example `["oracle/log_policy","oracle/wss_username_token_service_policy"]` If the policyURIs that you specify are not attached, an error message is displayed and/or an exception is thrown.
`enable`	Optional. Specifies whether to enable or disable the policies. Valid options are: `true`—Enables the policies. The default is `true`. `false`—Disables the policies. If you omit this argument, the policies are enabled.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.6.3 Example

The following example enables the policies ["oracle/log_policy","oracle/wss_username_token_service_policy"] attached to the port JRFWssUsernamePort of the Web module WssUsernameService. The Web service is part of the application HelloWorld#1_0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>enableWebServicePolicies
('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort',["oracle/log_policy",
"oracle/wss_username_token_service_policy"],true)

The following example disables the policies ["oracle/binding_authorization_denyall_policy","oracle/wss_username_token_service_policy"] attached to the port helloWorldJaxwsSoapHttpPort of the Web module helloWorldJaxws#1!helloWorldJaxws. The Web service is part of the application helloWorldJaxws for the server AdminServer in the domain wls-domain.

wls:/wls-domain/serverConfig>enableWebServicePolicies )
('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 
'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', ["oracle/binding_authorization_denyall_policy", 
"oracle/wss_username_token_service_policy"], false

14.3.7 detachWebServicePolicy

Command Category: Policy Management

Use with WLST: Online

14.3.7.1 Description

Detach an Oracle WSM policy from a Web service port of an application or SOA composite.

Note:

14.3.7.2 Syntax

detachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURI, [subjectType=None])

Argument	Definition
`application`	Name and path of the application from which you want to detach a Web service policy. For example, `/domain/server/application#version_number` To detach a policy from a port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) from which you want to detach a Web service policy. To detach a policy from a port of a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services.
`serviceName`	Name of the Web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.
`subjectName`	Name of the policy subject, port, or operation.
`policyURI`	Oracle WSM policy name URI, for example `'oracle/log_policy'` If the policy specified is not attached, an error message is displayed and/or an exception is thrown.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.7.3 Examples

The following example detaches the policy oracle/wss_username_token_service_policy from the port JRFWssUsernamePort of the Web module WssUsernameService. The Web service is part of the application HelloWorld#1_0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>detachWebServicePolicy
('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort','oracle/wss_username_token_service_policy')

The following example detaches the policy oracle/log_policy from the port HelloWorld_pt of the service HelloService in the SOA composite default/HelloWorld[1.0]. Note that the namespace ({http://namespace/}) should not be included for a SOA composite.

wls:/wls-domain/serverConfig>detachWebServicePolicy(None, 'default/HelloWorld[1.0]','soa','HelloService','HelloWorld_pt','oracle/log_policy')

The following example detaches the policy oracle/wss_username_token_service_policy from the port helloWorldJaxwsSoapHttpPort of the service helloWorldJaxws in the Java EE Web service wls-domain/AdminServer/helloWorldJaxws.

wls:/wls-domain/serverConfig>detachWebServicePolicy
('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy')

14.3.8 detachWebServicePolicies

Command Category: Policy Management

Use with WLST: Online

14.3.8.1 Description

Detach multiple Oracle WSM policies from a Web service port of an application or SOA composite.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

14.3.8.2 Syntax

detachWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, 
subjectName, policyURIs, [subjectType=None])

Argument	Definition
`application`	Name and path of the application from which you want to detach the Web service policies. For example, `/domain/server/application#version_number` To detach policies from a port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) from which you want to detach the Web service policies. To detach policies from a port of a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services.
`serviceName`	Name of the Web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.
`subjectName`	Name of the policy subject, port, or operation.
`policyURIs`	List of Oracle WSM policy name URIs, for example `["oracle/log_policy","oracle/wss_username_token_service_policy"]` If a policyURI specified is not attached, an error message is displayed and/or an exception is thrown.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.8.3 Example

The following example detaches the policies "oracle/log_policy", "oracle/wss_username_token_service_policy" from the port JRFWssUsernamePort of the Web module WssUsernameService. The Web service is part of the application HelloWorld#1_0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>detachWebServicePolicies
('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy','web',
'{http://namespace/}WssUsernameService','JRFWssUsernamePort',
["oracle/log_policy","oracle/wss_username_token_service_policy"])

The following example detaches the policies "oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy" from the port helloWorldJaxwsSoapHttpPort of the Java EE Web module helloWorldJaxws. The Web service is part of the application helloWorldJaxws for the server AdminServer in the domain wls-domain.

wls:/wls-domain/serverConfig>detachWebServicePolicies 
('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 
'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', ["oracle/binding_authorization_denyall_policy", 
"oracle/wss_username_token_service_policy"])

14.3.9 listWebServiceClientPolicies

Command Category: Policy Management

Use with WLST: Online

14.3.9.1 Description

List Web service client port policies information for an application or SOA composite.

The output will display the Web service client/reference port name and the Oracle WSM policies it has attached to it. For example:

test-port:
security: oracle/wss_username_token_client_policy, enabled=true

14.3.9.2 Syntax

listWebServiceClientPolicies(application, moduleOrCompName, moduleType, 
serviceRefName,portInfoName)

Argument	Definition
`application`	Name and path of the application for which you want to list the Web service client port policy information. For example, `/domain/server/application#version_number` To list the client port policy information for a Web services application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to list the Web services port policy information. To list the client port policy information for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services. `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	The service reference name of the application or composite.
`portInfoName`	The client port name.

14.3.9.3 Example

The following example lists the Web service client port policy information for the application jwsclient_1#1.1.0 for the server soa1 in the domain soainfra. In this example, the Web module name is WssUsernameClient, the module type is wsconn, the service reference name is WssUsernameClient, and the client port name is JRFWssUsernamePort.

wls:/wls-domain/serverConfig>listWebServiceClientPolicies
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort')

14.3.10 attachWebServiceClientPolicy

Command Category: Policy Management

Use with WLST: Online

14.3.10.1 Description

Attach a Oracle WSM policy to a Web service client port of an application or SOA composite.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

14.3.10.2 Syntax

attachWebServiceClientPolicy(application,moduleOrCompName,moduleType, 
serviceRefName, portInfoName, policyURI, [subjectType=None] )

Argument	Definition
`application`	Name and path of the application for which you want to attach a policy to the Web service client port. For example, `/domain/server/application#version_number` To attach a policy to a client port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to attach the policy to the client port. To attach a policy to a client port of a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services. `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	The service reference name of the application or composite.
`portInfoName`	The client port to which you want to attach the Oracle WSM client policy.
`policyURI`	The Oracle WSM policy name URI, for example `"oracle/wss_username_token_client_policy"` If the policy that you specify is already attached or exists, then this command enables the policy if it is disabled.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.10.3 Examples

The following example attaches the client policy oracle/wss_username_token_client_policy to the port JRFWssUsernamePort of the Web module WssUsernameClient. The Web service is part of the application jwsclient_1#1.1.0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>attachWebServiceClientPolicy
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort',"oracle/wss_username_token_client_policy")

The following example attaches the client policy oracle/log_policy to the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>attachWebServiceClientPolicy
(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy')

The following example attaches the oracle/wss_username_token_client_policy client policy to the Java EE Web service client port UpperCaseImplPort of the Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2. The Web service is part of the application ClientJWS.

wls:/wls-domain/serverConfig> attachWebServiceClientPolicy 
('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 
'wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', 
"oracle/wss_username_token_client_policy")

14.3.11 attachWebServiceClientPolicies

Command Category: Policy Management

Use with WLST: Online

14.3.11.1 Description

Attach multiple policies to a Web service client port of an application or SOA composite.

The policyURIs are validated through the Oracle WSM Policy Manager APIs if the wsm-pm application is installed on WebLogic Server and is available. If the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.

If the wsm-pm application is not installed or is not available, this command is not executed.

Note:

14.3.11.2 Syntax

attachWebServiceClientPolicies(application,moduleOrCompName,moduleType, 
serviceRefName,portInfoName,policyURIs, [subjectType=None] )

Argument	Definition
`application`	Name and path of the application for which you want to attach Oracle WSM client policies to the Web service client port. For example, `/domain/server/application#version_number` To attach policies to a client port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to attach the policies to the client port. To attach policies to a client port of a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services. `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	The service reference name of the application or composite.
`portInfoName`	The client port to which you want to attach the Oracle WSM client policy.
`policyURI`	The Oracle WSM policy name URIs, for example `["oracle/log_policy","oracle/wss_username_token_client_policy"]` If the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.11.3 Examples

The following example attaches the policies oracle/wss_username_token_client_policy and oracle/log_policy to the port JRFWssUsernamePort of the Web module WssUsernameClient. The Web service is part of the application jwsclient_1#1.1.0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>attachWebServiceClientPolicies
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort',["oracle/wss_username_token_client_policy","oracle/log_policy"])

The following example attaches the policies oracle/wss_username_token_client_policy and oracle/log_policy to the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>attachWebServiceClientPolicy
(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt',["oracle/wss_username_token_client_policy","oracle/log_policy"])

The following example attaches the policies oracle/wss10_saml20_token_client_policy and oracle/wss11_message_protection_client_policy to the client port UpperCaseImplPort in the Java EE Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>attachWebServiceClientPolicies
('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2',
'wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',\
["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"])

14.3.12 enableWebServiceClientPolicy

Command Category: Policy Management

Use with WLST: Online

14.3.12.1 Description

Enable or disable a policy of a Web service client port of an application or SOA composite.

Note:

14.3.12.2 Syntax

enableWebServiceClientPolicy(application,moduleOrCompName,moduleType, 
serviceRefName,portInfoName,policyURI,[enable],[subjectType=None] )

Argument	Definition
`application`	Name and path of the application for which you want to enable or disable a policy of a Web service client port. For example, `/domain/server/application#version_number` To enable or disable a policy of a client port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to enable or disable a policy of a client port. To enable or disable a policy of a client port for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services. `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	The service reference name of the application or composite.
`portInfoName`	The name of the client port to which you want to attach the Oracle WSM client policy.
`policyURI`	The Oracle WSM policy name URI, for example `"oracle/wss_username_token_client_policy"`
`enable`	Optional. Specifies whether to enable or disable the policy. Valid options are: `true`—Enables the policy. The default is `true`. `false`—Disables the policy. If you omit this argument, the policy is enabled.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.12.3 Examples

The following example enables the client policy oracle/wss_username_token_client_policy of the port JRFWssUsernamePort of the Web module WssUsernameClient. The Web service is part of the application jwsclient_1#1.1.0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>enableWebServiceClientPolicy
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort', "oracle/wss_username_token_client_policy",true)

The following example enables the client policy oracle/log_policy of the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>enableWebServiceClientPolicy(None,
'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy')

The following example disables the client policy oracle/log_policy of the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>enableWebServiceClientPolicy(None,
'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy', false )

The following example disables the client policy oracle/wss_username_token_client_policy on the client port UpperCaseImplPort in the Java EE Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>enableWebServiceClientPolicy('/wls-domain/AdminServer/ClientJWS', 
'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 
'UpperCaseImplPort', "oracle/wss_username_token_client_policy", false)

14.3.13 enableWebServiceClientPolicies

Command Category: Policy Management

Use with WLST: Online

14.3.13.1 Description

Enable or disable multiple policies of a Web service client port of an application or SOA composite.

Note:

14.3.13.2 Syntax

enableWebServiceClientPolicies(application,moduleOrCompName,moduleType, 
serviceRefName,portInfoName,policyURIs,[enable], [subjectType=None] )

Argument	Definition
`application`	Name and path of the application for which you want to enable or disable multiple policies of a Web service client port. For example, `/domain/server/application#version_number` To enable or disable multiple policies of a client port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to enable or disable multiple policies of a client port. To enable or disable multiple policies of a client port for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services. `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	The service reference name of the application or composite.
`portInfoName`	The name of the client port to which you want to attach the Oracle WSM client policies.
`policyURIs`	The list of Oracle WSM policy name URIs, for example `["oracle/log_policy","oracle/wss_username_token_client_policy"]`.
`enable`	Optional. Specifies whether to enable or disable the policies. Valid options are: `true`—Enables the policy. The default is `true`. `false`—Disables the policy. If you omit this argument, the policies are enabled.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.13.3 Example

The following example enables the client policies oracle/log_policy and oracle/wss_username_token_client_policy of the port JRFWssUsernamePort of the Web module WssUsernameClient. The Web service is part of the application jwsclient_1#1.1.0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>enableWebServiceClientPolicies
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort',
["oracle/log_policy", "oracle/wss_username_token_client_policy"], true )

The following example enables the client policies oracle/wss10_saml20_token_client_policy and oracle/wss11_message_protection_client_policy of the port UpperCaseImplPort of the Java EE Web service module owsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>enableWebServiceClientPolicies('/wls-domain/AdminServer/ClientJWS', 
'owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','
'UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"], true)

14.3.14 detachWebServiceClientPolicy

Command Category: Policy Management

Use with WLST: Online

14.3.14.1 Description

Detach a policy from a Web service client port of an application or SOA composite.

Note:

14.3.14.2 Syntax

detachWebServiceClientPolicy(application,moduleOrCompName,moduleType, 
serviceRefName, portInfoName, policyURI, [subjectType=None] )

Argument	Definition
`application`	Name and path of the application for which you want to detach a policy from a Web service client port. For example, `/domain/server/application#version_number` To detach a policy from a client port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to detach the policy from a client port. To detach a policy from a client port of a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services. `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	The service reference name of the application or composite.
`portInfoName`	The client port from which you want to detach the Oracle WSM client policy.
`policyURI`	The Oracle WSM policy name URI, for example `"oracle/wss_username_token_client_policy"` If the policy specified is not attached, an error message is displayed and/or an exception is thrown.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.14.3 Examples

The following example detaches the client policy oracle/wss_username_token_client_policy from the port JRFWssUsernamePort of the Web module WssUsernameClient. The Web service is part of the application jwsclient_1#1.1.0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>detachWebServiceClientPolicy
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort','oracle/wss_username_token_client_policy')

The following example detaches the client policy oracle/log_policy from the client port HelloWorld_pt in the SOA composite default/HelloWorld[1.0].

wls:/wls-domain/serverConfig>detachWebServiceClientPolicy(None, 
'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy' )

The following command detaches the client policy oracle/wss_username_token_client_policy from the client port UpperCaseImplPort in the Java EE client module wsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>  detachWebServiceClientPolicy('/wls-domain/AdminServer/ClientJWS', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy")

14.3.15 detachWebServiceClientPolicies

Command Category: Policy Management

Use with WLST: Online

14.3.15.1 Description

Detach multiple policies from a Web service client port of an application or SOA composite.

Note:

14.3.15.2 Syntax

detachWebServiceClientPolicies(application,moduleOrCompName,moduleType, 
serviceRefName,portInfoName,policyURIs, [subjectType=None] )

Argument	Definition
`application`	Name and path of the application for which you want to detach multiple policies from a Web service client port. For example, `/domain/server/application#version_number` To detach multiple policies from a client port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to detach multiple policies from a client port. To detach multiple policies from a client port for a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). `wls`—Java EE Web services. `wsconn`—Use with a connection-based Web service client such as an ADF DC Web service client, ADF JAX-WS Indirection Proxy, or WebCenter client.
`serviceRefName`	The service reference name of the application or composite.
`portInfoName`	The client port from which you want to detach the Oracle WSM client policy.
`policyURI`	The Oracle WSM policy name URI, for example `"oracle/wss_username_token_client_policy"` If the policy specified is not attached, an error message is displayed and/or an exception is thrown.
`subjectType`	Optional. Policy subject type. Valid options are: `P`—Port. The default is `P`. `O`—Not supported in this release.

14.3.15.3 Example

The following example detaches the client policies oracle/log_policy and oracle/wss_username_token_client_policy from the port JRFWssUsernamePort of the Web module WssUsernameClient. The Web service is part of the application jwsclient_1#1.1.0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>detachWebServiceClientPolicies
('/soainfra/soa1/jwsclient_1#1.1.0','WssUsernameClient','wsconn',
'WssUsernameClient','JRFWssUsernamePort',
["oracle/log_policy","oracle/wss_username_token_client_policy"])

The following example detaches the client policies oracle/wss10_saml20_token_client_policy and oracle/wss11_message_protection_client_policy of the port UpperCaseImplPort of the Java EE Web service module owsm_mbean.resouce_pattern.web.ClientJWS/sei2.

wls:/wls-domain/serverConfig>detachWebServiceClientPolicies('/wls-domain/AdminServer/ClientJWS','
'owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2',
'UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"])

14.3.16 setWebServicePolicyOverride

Command Category: Policy Management

Use with WLST: Online

14.3.16.1 Description

Configure the Web service port policy override properties of an application or SOA composite.

Note:

This command applies to Oracle Infrastructure Web services only.

14.3.16.2 Syntax

setWebServicePolicyOverride(application,moduleOrCompName,moduleType, serviceName, 
portName,policyURI,properties)

Argument	Definition
`application`	Name and path of the application for which you want to override the Web service port policy. For example, `/domain/server/application#version_number` To override properties on a policy attached to a port of a Web service application, this argument is required.
`moduleOrCompName`	Name of the Web module or SOA composite (for example `HelloWorld[1.0]`) for which you want to override a Web service port policy. To override properties on a policy attached to a SOA composite, the composite name is required (for example `default/HelloWorld[1.0]`), and the `moduleType` argument must be set to `soa`.
`moduleType`	Module type. Valid options are: `soa`—SOA composite. `web`—Oracle Infrastructure Web Services packaged as a Web module (including an EJB). Note: The module type `wls` is not supported.
`serviceName`	Name of the Web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace (`{http://namespace/}`) should not be included for a SOA composite.
`subjectName`	Name of the policy subject, port, or operation.
`policyURI`	Oracle WSM policy name URI, for example `'oracle/log_policy'` to which the override properties will be applied. If the policy specified is not attached, an error message is displayed and/or an exception is thrown.
`properties`	Policy override properties. Properties must be specified using the following format: `[("name","value")]` For example: `[("myprop","myval")]` If this argument is set to `None`, then all policy overrides are removed.

14.3.16.3 Examples

The following example configures the override properties for the policy oracle/wss10_message_protection_service_policy for the port JRFWssUsernamePort of the Web module WssUsernameService. The Web service is part of the application HelloWorld#1_0 for the server soa1 in the domain soainfra.

wls:/wls-domain/serverConfig>setWebServicePolicyOverride
('/soainfra/soa1/HelloWorld#1_0','j2wbasicPolicy',
'web','{http://namespace/}WssUsernameService','JRFWssUsernamePort',
"oracle/wss10_message_protection_service_policy",   
[("keystore.sig.csf.key","sigkey")])

14.4 Policy Set Management Commands

Policy sets enhance the security and manageability of an enterprise by providing a mechanism to globally attach one or more policies to a subject type. Using policy sets, an administrator can specify a default set of policies to be enforced even if none are directly attached. For detailed information about determining the type and scope of resources to which a policy set can be attached, see "Creating and Managing Policy Sets" in the Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

All policy set creation, modification, or deletion commands must be performed in the context of a repository session. A repository session can only act on a single document.

Note:

The commands in this section apply to Oracle Infrastructure Web Services only.

To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage').

Use the WLST commands listed in Table 14-4 to manage Oracle WSM Web service policy sets for globally attached policies.

Table 14-4 Web Services WLST Policy Set Management Commands

Use this command...	To...	Use with WLST...
abortRepositorySession	Abort the current Oracle WSM Repository modification session, discarding any changes that were made to the repository during the session.	Online
attachPolicySet	Attach a policy set to the specified resource scope.	Online
attachPolicySetPolicy	Attach a policy to a policy set using the policy's URI.	Online
beginRepositorySession	Begin a session to modify the Oracle WSM Repository.	Online
clonePolicySet	Clone a new policy set from an existing policy set.	Online
commitRepositorySession	Write the contents of the current session to the Oracle WSM repository.	Online
createPolicySet	Create a new, empty policy set.	Online
deleteAllPolicySets	Delete all or selected policy sets from within the Oracle WSM repository.	Online
deletePolicySet	Delete a specified policy set.	Online
describeRepositorySession	Describe the contents of the current repository session.	Online
detachPolicySetPolicy	Detach a policy from a policy set using the policy's URI.	Online
displayPolicySet	Display the configuration of a specified policy set.	Online
enablePolicySet	Enable or disable a policy set.	Online
enablePolicySetPolicy	Enable or disable a policy attachment for a policy set using the policy's URI.	Online
listPolicySets	List the policy sets in the repository.	Online
migrateAttachments	Migrate direct policy attachments to global policy attachments if they are identical.	Online
modifyPolicySet	Specify an existing policy set for modification in the current session.	Online
setPolicySetConstraint	Specify a run-time constraint value for a policy set selected within a session.	Online
setPolicySetPolicyOverride	Add a configuration override to a policy reference in the current policy set.	Online
setPolicySetDescription	Specify a description for the policy set selected within a session.	Online
validatePolicySet	Validate an existing policy set in the repository or in a session.	Online

14.4.1 abortRepositorySession

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.1.1 Description

Abort the current Oracle WSM Repository modification session, discarding any changes that were made to the repository during the session.

14.4.1.2 Syntax

abortRepositorySession()

14.4.1.3 Example

The following example aborts the current Oracle WSM Repository session.

wls:/wls-domain/serverConfig>abortRepositorySession()

14.4.2 attachPolicySet

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.2.1 Description

Within a repository session, set an expression that attaches a policy set to the specified resource scope. The expression must define a valid resource scope in a supported format.

Issuing this command outside of a repository session containing a policy set that is being created or modified will result in an error.

14.4.2.2 Syntax

attachPolicySet(expression)

Argument	Definition
`expression`	Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Resource Scope" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

14.4.2.3 Example

The following example attaches a policy set to the specified base_domain resource.

wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain")')

This example attaches a policy set to the specified base_domain and managed_server resources.

wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain") and Server("managed_server")')

14.4.3 attachPolicySetPolicy

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.3.1 Description

Within a repository session, attach a policy, identified by a specified URI, to the current policy set.

Issuing this command outside of a repository session containing a policy set that is being created or modified will result in an error.

14.4.3.2 Syntax

attachPolicySetPolicy(uri)

Argument	Definition
`uri`	URI specifying the policy to attach to the current policy set. For example, `'oracle/log_policy'`.

14.4.3.3 Example

The following example attaches the Oracle WSM logging policy to the current policy set.

wls:/wls-domain/serverConfig>attachPolicySetPolicy('oracle/log_policy')

14.4.4 beginRepositorySession

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.4.1 Description

Begin a session to modify the Oracle WSM Repository. A repository session can only act on a single document. An error will be displayed if there is already a current session.

14.4.4.2 Syntax

beginRepositorySession()

14.4.4.3 Example

The following example begins an Oracle WSM Repository modification session.

wls:/wls-domain/serverConfig>beginRepositorySession()

14.4.5 clonePolicySet

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.5.1 Description

Within a repository session, clone a new policy set from an existing policy set. When cloning an existing policy set, all values and attachments in the source policy set are copied into the new policy set, although you can supply a different expression identifying the resource scope. The expression must define a valid resource scope in a supported format.

Issuing this command outside of a repository session will result in an error.

14.4.5.2 Syntax

clonePolicySet(name, source,[attachTo=None],[description=None],[enable='true'])

Argument	Definition
`name`	Name of the new policy set clone.
`source`	Name of the source policy set that will be cloned.
`attachTo=None`	Optional. Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Resource Scope" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services. If this argument is set to `None`, then the expression used in the source policy set to identify the scope of resources is retained.
`description=None`	Optional. Description for the new policy set. If this argument is set to `None`, then the description used in the source policy set is retained.
`enable='true'`	Optional. Specifies whether to enable or disable the policy set. Valid options are: `true`—Enables the policy set. The default is `true`. `false`—Disables the policy set. If you omit this argument, the policy set is enabled.

14.4.5.3 Example

The first example creates a policy set by cloning the existing myPolicySet policy set to create a new mynewPolicySet. The second example also creates a policy set, but narrows the resource scope to policy subjects in the specified soa_server1 server in the domain.

wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet')
wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet','Server("soa_server1")')

14.4.6 commitRepositorySession

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.6.1 Description

Write the contents of the current session to the Oracle WSM Repository. Messages are displayed that describe what was committed. An error will be displayed if there is no current session.

14.4.6.2 Syntax

commitRepositorySession()

14.4.6.3 Example

The following example commits the current repository modification session.

wls:/wls-domain/serverConfig>commitRepositorySession()

14.4.7 createPolicySet

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.7.1 Description

Create a new, empty policy set within a repository session. When creating a new policy set, you must specify the type of policy subject that the policy set will apply to, and a supported expression that defines a valid resource scope in a supported format.

Issuing this command outside of a repository session will result in an error.

14.4.7.2 Syntax

createPolicySet(name, type,attachTo,[description=None],[enable='true'])

Argument	Definition
`name`	Name of the new, empty policy set.
`type`	The type of policy subject to which the new policy set applies. The type of policy subject must be one of the following values: `rest-resource`—RESTful Resource `sca-component`—SOA Component `sca-reference`—SOA Reference `sca-service`—SOA Service `ws-service`—Web Service Endpoint `ws-client`—Web Service Client `ws-connection`—Web Service Connection `ws-callback`—Asynchronous Callback Client
`attachTo`	Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Resource Scope" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services.
`description`	Optional. Description of the new policy set. If no description is specified, then the description for a new policy set will be "Global policy attachments for `<type>`", where `<type>` is the subject type.
`enable`	Optional. Specifies whether to enable or disable the new policy set. Valid options are: `true`—Enables the new policy set. The default is `true`. `false`—Disables the new policy set. If you omit this argument, the policy set is enabled.

14.4.7.3 Example

The first example creates a new policy set and specifies the resource scope to only ws-service types (Web Service Endpoint) in the base_domain domain. The second example creates a new policy set, but also narrows the resource scope to only sca-service types (SOA Service) in the soa_server1 server in the domain.

wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','ws-service','Domain("base_domain")')
wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','sca-service','Server("soa_server1")','My policySet')

14.4.8 deleteAllPolicySets

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.8.1 Description

Delete all or selected policy sets from within the Oracle WSM repository. You can specify whether to force deletion of all the policy sets, or prompt to select individual policy sets for deletion. If deletion of any policy set fails then this operation throws an exception and no policy sets are deleted.

14.4.8.2 Syntax

deleteAllPolicySets([mode])

Argument Definition

Argument	Definition
`mode`	Optional. The action to be taken for performing policy set deletion. Valid options are: `force`—Automatically delete all policy sets without prompting. `prompt`—Request user confirmation for each policy set deletion. Available options are `yes`, `no`, and `cancel`. If you select `cancel` for any property set deletion, the operation is canceled and no policy sets are deleted. If no mode is specified, this argument defaults to `prompt` mode.

mode

Optional. The action to be taken for performing policy set deletion. Valid options are:

force—Automatically delete all policy sets without prompting.
prompt—Request user confirmation for each policy set deletion. Available options are yes, no, and cancel. If you select cancel for any property set deletion, the operation is canceled and no policy sets are deleted.

If no mode is specified, this argument defaults to prompt mode.

14.4.8.3 Examples

The following example automatically deletes all policy sets from the respository without prompting.

wls:/jrfServer_domain/serverConfig> deleteAllPolicySets("force") 
 
Starting Operation deleteAllPolicySets ...
 
All policy sets were deleted successfully from repository.
 
deleteAllPolicySets Operation Completed.

The following examples delete selected policy sets from the repository.

wls:/jrfServer_domain/serverConfig> deleteAllPolicySets()

wls:/jrfServer_domain/serverConfig> deleteAllPolicySets('prompt')
 
Starting Operation deleteAllPolicySets ...
 
Policy Set Name: create_policyset_6
Select "create_policyset_6" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_8
Select "create_policyset_8" for deletion (yes/no/cancel)? yes
Policy Set Name: create_policyset_21
Select "create_policyset_21" for deletion (yes/no/cancel)? no 
Policy Set Name: create_policyset_10
Select "create_policyset_10" for deletion (yes/no/cancel)? yes
 
All the selected policy sets were deleted successfully from repository.
 
deleteAllPolicySets Operation Completed.

14.4.9 deletePolicySet

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.9.1 Description

Delete a specified policy set within a repository session. If the session already contains a different policy set, an error will display. If the session already contains the named policy set, then a creation will be undone or a modification will be converted into a deletion.

Issuing this command outside of a repository session will result in an error.

14.4.9.2 Syntax

deletePolicySet(name)

Argument	Definition
`name`	Name of the policy set to be deleted.

14.4.9.3 Example

The following example deletes a specified myPolicySet policy set.

wls:/wls-domain/serverConfig>deletePolicySet('myPolicySet')

14.4.10 describeRepositorySession

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.10.1 Description

Describe the contents of the current session. This will either indicate that the session is empty or list the name of the document that is being updated, along with the type of update (create, modify, or delete). An error will be displayed if there is no current session.

14.4.10.2 Syntax

describeRepositorySession()

14.4.10.3 Example

The following example describes the current repository modification session.

wls:/wls-domain/serverConfig>describeRepositorySession()

14.4.11 detachPolicySetPolicy

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.11.1 Description

Within a repository session, detach a policy, identified by a specified URI, from the current policy set.

Issuing this command outside of a repository session containing a policy set that is being created or modified will result in an error.

14.4.11.2 Syntax

detachPolicySetPolicy(uri)

Argument	Definition
`uri`	URI specifying the policy to detach to the current policy set. For example, `oracle/log_policy'`.

14.4.11.3 Example

The following example detaches the Oracle WSM logging policy from the current policy set.

wls:/wls-domain/serverConfig>detachPolicySetPolicy('oracle/log_policy')

14.4.12 displayPolicySet

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.12.1 Description

Display the configuration of a specified policy set. If the policy set is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the policy set does not exist.

This command can be issued outside of a repository session.

14.4.12.2 Syntax

displayPolicySet([name])

Argument	Definition
`name`	Optional. Name of the policy set to be displayed. If a name is not specified, the configuration of the policy set, if any, in the current session is displayed or an error message is displayed.

14.4.12.3 Example

The following example displays the configuration of the myPolicySet policy set.

wls:/wls-domain/serverConfig>displayPolicySet('myPolicySet')

14.4.13 enablePolicySet

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.13.1 Description

Enable or disable the current policy set within a repository session. If not specified, this command enables the policy set.

Issuing this command outside of a repository session containing a policy set that is being created or modified will result in an error.

14.4.13.2 Syntax

enablePolicySet([enable=True])

Argument Definition

Argument	Definition
`enable`	Optional. Specifies whether to enable or disable the policy set. Valid options are: `true`—Enables the policy set. The default is `true`. `false`—Disables the policy set. If you omit this argument, the policy set is enabled.

enable

Optional. Specifies whether to enable or disable the policy set. Valid options are:

true—Enables the policy set. The default is true.
false—Disables the policy set.

If you omit this argument, the policy set is enabled.

14.4.13.3 Example

The following example enables the current policy set.

wls:/wls-domain/serverConfig>enablePolicySet(true)

14.4.14 enablePolicySetPolicy

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.14.1 Description

Within a repository session, enable or disable the policy attachment, which is identified by the provided URI in the current policy set. If not specified, this command enables the policy set. An error displays if the identified policy is not currently attached to the policy set.

Issuing this command outside of a repository session containing a policy set that is being created or modified will result in an error.

14.4.14.2 Syntax

enablePolicySetPolicy(uri,[enable=true])

Argument Definition

uri URI specifying the policy attachment within the policy set.

Argument	Definition
`uri`	URI specifying the policy attachment within the policy set.
`enable`	Optional. Specifies whether to enable or disable the policy attachment specified by the URI in the policy set. Valid options are: `true`—Enables the specified policy attachment in the policy set. The default is `true`. `false`—Disables specified policy attachment in the policy set. If you omit this argument, the policy set attachment is enabled.

enable

Optional. Specifies whether to enable or disable the policy attachment specified by the URI in the policy set. Valid options are:

true—Enables the specified policy attachment in the policy set. The default is true.
false—Disables specified policy attachment in the policy set.

If you omit this argument, the policy set attachment is enabled.

14.4.14.3 Example

The following example disables the specified logging policy attachment within the current policy set.

wls:/wls-domain/serverConfig>enablePolicySetPolicy('/oracle/log_policy',false)

14.4.15 listPolicySets

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.15.1 Description

Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. You can list all the policy sets or limit the display to include only those that apply to specific policy subject resource types.

14.4.15.2 Syntax

listPolicySets([type=None])

Argument Definition

Argument	Definition
`type=None`	Optional. Specifies the type of policy sets to be displayed. The policy subject resource type must be one of the following values: `sca-component`—SOA Component `sca-reference`—SOA Reference `sca-service`—SOA Service `ws-service`—Web Service Endpoint `ws-client`—Web Service Client `ws-connection`—Web Service Connection `ws-callback`—Asynchronous Callback Client If this argument is set to `None`, then all the policy sets stored in the repository will be listed.

type=None

Optional. Specifies the type of policy sets to be displayed. The policy subject resource type must be one of the following values:

sca-component—SOA Component
sca-reference—SOA Reference
sca-service—SOA Service
ws-service—Web Service Endpoint
ws-client—Web Service Client
ws-connection—Web Service Connection
ws-callback—Asynchronous Callback Client

If this argument is set to None, then all the policy sets stored in the repository will be listed.

14.4.15.3 Example

The first two examples list policy sets by either the sca-reference or ws-client resource types. Whereas, the third example lists all the policy sets stored in the repository.

wls:/wls-domain/serverConfig>listPolicySets('sca-reference')
wls:/wls-domain/serverConfig>listPolicySets('ws-client')
wls:/wls-domain/serverConfig>listPolicySets()

14.4.16 migrateAttachments

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.16.1 Description

Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. You can specify whether to force the migration, prompt for confirmation before each migration, or simply list the migrations that would occur. A direct policy attachment is identical if its URI is the same as one provided by a global policy attachment, and if it does not have any scoped configuration overrides.

Note:

A direct attachment with an unscoped override will be migrated but an attachment with a scoped override will not. This is because after running the migrateAttachments() command, the enforcement of the policies on all subjects remains the same, even though some policies are globally attached.

Whether forced or prompted, the command lists each direct policy attachment that is migrated. This output will identify the policy subject that was modified, the URI of the identical policy reference, and the name of the global policy attachment document that duplicated the direct attachment.

14.4.16.2 Syntax

migrateAttachments([mode])

Argument Definition

Argument	Definition
`mode`	The action to be taken for each policy attachment that can be migrated. Valid options are: `force`—Automatically migrate all identical policy attachments without prompting. `preview`—List all policy attachments that can be migrated, but does not perform any migration. `prompt`—Request user confirmation before migrating each policy attachment. If no mode is specified, this argument defaults to `prompt` mode.

mode

The action to be taken for each policy attachment that can be migrated. Valid options are:

force—Automatically migrate all identical policy attachments without prompting.
preview—List all policy attachments that can be migrated, but does not perform any migration.
prompt—Request user confirmation before migrating each policy attachment.

If no mode is specified, this argument defaults to prompt mode.

14.4.16.3 Example

The following examples describe how to use the repository attachment migration modes.

wls:/wls-domain/serverConfig>migrateAttachments()
wls:/wls-domain/serverConfig>migrateAttachments('force')
wls:/wls-domain/serverConfig>migrateAttachments('preview')
wls:/wls-domain/serverConfig>migrateAttachments('prompt')

14.4.17 modifyPolicySet

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.17.1 Description

Specify a policy set for modification in the current repository session. The latest version of the named policy set will be loaded into the current session. If the session already contains a different policy set, then an error will be displayed; if the session already contains the named policy set, then no action will be taken. Subsequent attempts to modify the named policy set will show the current version in the session.

Issuing this command outside of a repository session will result in an error.

14.4.17.2 Syntax

modifyPolicySet(name)

Argument	Definition
`name`	Name of the policy set to be modified in the current session.

14.4.17.3 Example

The following example opens the myPolicySet policy set for modification in the current session.

wls:/wls-domain/serverConfig>modifyPolicySet('myPolicySet')

14.4.18 setPolicySetConstraint

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.18.1 Description

Specify a run-time constraint value for a policy set selected within a session. Issuing this command outside of a repository session containing a policy set that is being created or modified will result in an error.

For more information, see "Specifying Run-time Constraints in Policy Sets" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

14.4.18.2 Syntax

setPolicySetConstraint(constraint)

Argument	Definition
`constraint`	Expression that specifies the run-time context to which the policy set applies. If not specified, the policy set applies to all run-time contexts.

14.4.18.3 Example

The following example specifies that the policy set apply only to requests from external clients.

setPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE","external")')

The following example specifies that the policy set apply only to requests from non-external clients.

setPolicySetConstraint('!HTTPHeader("VIRTUAL_HOST_TYPE","external")')

14.4.19 setPolicySetDescription

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.19.1 Description

Specify a description for a policy set selected within a session.

Issuing this command outside of a repository session containing a policy set that is being created or modified will result in an error.

14.4.19.2 Syntax

setPolicySetDescription(description)

Argument	Definition
`description`	Describes a policy set.

14.4.19.3 Example

The following example creates a description for a policy set.

wls:/wls-domain/serverConfig>setPolicySetDescription('PolicySetDescription')

14.4.20 setPolicySetPolicyOverride

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.20.1 Description

Add a configuration override, described by a name, value pair, to an attached policy reference in the current policy set. The value argument is optional. If the value argument is omitted, the property specified by the name argument is removed from the policy reference in the policy set. If the property specified by the name argument already exists and a value argument is provided, the current value is overwritten by the new value specified with the value argument.

Issuing this command outside of a repository session containing a policy set that is being created or modified results in an error.

14.4.20.2 Syntax

setPolicySetPolicyOverride(uri,name,[value=None])

Argument	Definition
`URI`	String representing the Oracle WSM policy URI, for example `'oracle/wss10_saml_token_service_policy'` to which the override properties will be applied.
`name`	String representing the name of the override property. For example: `['reference.priority']`
`value`	Optional. String representing the value of the property. If this argument is not specified, the property specified by the `name` argument, if it exists, is removed.

14.4.20.3 Example

The following example specifies a configuration override for the reference.priority property for the oracle/wss10_saml_token_service_policy to a value of 1.

setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority','1')

The following example removes the property reference.priority from the oracle/wss10_saml_token_service_policy in the policy set.

setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority')

14.4.21 validatePolicySet

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Policy Set Management

Use with WLST: Online

14.4.21.1 Description

Validates an existing policy set. If a policy set name is provided, the command will validate the specified policy set. If no policy set name is specified, the command will validate the policy set in the current repository session.

An error message displays if the policy set does not exist, or a name is not provided and the session is not active, or if the Oracle WSM Repository does not contain a suitable policy set.

14.4.21.2 Syntax

validatePolicySet([name=None])

Argument	Definition
`name`	Optional. Name of the policy set to validate. If a name is not provided then the command will validate the policy set being created or modified in the current session.

14.4.21.3 Example

The first example validates the policy set in the current session. The second example validates the specified myPolicySet policy set.

wls:/wls-domain/serverConfig>validatePolicySet()
wls:/wls-domain/serverConfig>validatePolicySet('myPolicySet')

14.5 Oracle WSM Repository Management Commands

Use the commands listed in Table 14-5 to manage the WSM documents stored in the Oracle WSM Repository. For additional information about upgrading or migrating documents in an Oracle WSM Repository, see "Upgrading the Oracle WSM Policies in the Repository" in the Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

Additional MDS WLST commands are described in Chapter 8, "Metadata Services (MDS) Custom WLST Commands."

Table 14-5 Policy Repository Management Commands

Use this command...	To...	Use with WLST...
upgradeWSMPolicyRepository	Upgrade the Oracle WSM predefined policies stored in the Oracle WSM Repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software.	Online
resetWSMPolicyRepository	Delete the existing policies stored in the Oracle WSM Repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software.	Online
exportRepository	Export a set of documents from the repository into a supported ZIP archive. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive.	Online
importRepository	Import a set of documents from a supported ZIP archive into the repository. You can provide the location of a file that describes how to map a physical information from the source environment to the target environment.	Online

14.5.1 upgradeWSMPolicyRepository

Command Category: Policy Repository Management

Use with WLST: Online

Note:

In 11.1.1.6.0 and later, after you install the latest patch set, the repository is automatically upgraded as part of server startup. You no longer need to execute the upgradeWSMPolicyRepository command.

14.5.1.1 Description

Upgrade the Oracle WSM predefined policies stored in the Oracle WSM Repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. If the repository is empty, all of the predefined policies included in the installation are loaded into the repository.

When you execute this command, a message is displayed indicating the policies that have been added to the repository. Any predefined policy that has not been customized for your environment will be replaced. Note, however, that predefined policies that have been customized and user-defined custom policies in the repository are not replaced. To replace these policies also, use the resetWSMPolicyRepository(true) command.

The output message also displays a list of any existing predefined policies that Oracle has changed or discontinued in the latest release. If a policy has been discontinued and is no longer supported, Oracle recommends that you remove all references to it and then delete it using Oracle Enterprise Manager.

14.5.1.2 Syntax

upgradeWSMPolicyRepository()

14.5.1.3 Example

The following example upgrades the existing installation with policies provided in the latest release:

wls:/wls-domain/serverConfig>upgradeWSMPolicyRepository()

14.5.2 resetWSMPolicyRepository

Command Category: Policy Repository Management

Use with WLST: Online

14.5.2.1 Description

Delete the existing policies stored in the Oracle WSM Repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software. You can use the clearStore argument to specify whether to delete all policies, including custom user policies, from the Oracle WSM Repository before loading the new predefined policies.

14.5.2.2 Syntax

resetWSMPolicyRepository([clearStore='false'])

Argument	Definition
`clearStore='false'`	Policies to be deleted. Valid values are: `true`—All policies in the repository, including custom user policies, are deleted. `false`—Only the predefined policies supplied by Oracle are deleted. The default is `false`.

14.5.2.3 Example

The following example deletes all the policies in the repository, including user policies, and adds the predefined policies provided in the current product installation:

wls:/wls-domain/serverConfig>resetWSMPolicyRepository(true)

14.5.3 exportRepository

Command Category: Policy Repository Management

Use with WLST: Online

14.5.3.1 Description

Export a set of documents from the Oracle WSM Repository into a supported ZIP archive. If the specified archive already exists, the following options are presented:

The specified archive already exists. Update existing archive?
Enter "yes" to merge documents into existing archive, "no" to overwrite,
or "cancel" to cancel the operation.

You can also specify a list of the documents to be exported, or use a search expression to find specific documents in the repository.

14.5.3.2 Syntax

exportRepository(archive,[documents=None],[expandReferences='false'])

Argument	Definition
`archive`	Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive. During override, the original archive is backed up and a message describes the location of the backup archive.
`documents=None`	Optional. The documents to be exported to the archive. If no documents are specified, then all assertion templates, intents, policies, and policy sets will be exported. You can specify a list of the documents to be exported, or use a search expression to find specific documents in the repository.
`expandReferences='false'`	Optional. Specifies whether the policy references should be expanded during export.

14.5.3.3 Example

The following examples describe repository export sessions. The first example exports all Oracle WSM documents to the policies.zip file.

wls:/wls-domain/serverConfig>exportRepository("/tmp/policies.zip")

This example exports only the sca-component, sca-reference, and sca-service policy sets to the policies.jar file, and also expands the all policy references output during the export process.

wls:/wls-domain/serverConfig>exportRepository("/tmp/policies.jar",
["/policysets/sca_component,/policysets/sca_reference,/policysets/sca_service]", true)

This example exports policy sets using wildcards to the some_global_with_noreference_2 file.

wls:/wls-domain/serverConfig>exportRepository('./export/some_global_with_noreference_2', 
['policysets:global/web_%','policysets:global/web_ref%', 'policysets:global/web_call%'], false)

14.5.4 importRepository

Command Category: Policy Repository Management

Use with WLST: Online

14.5.4.1 Description

Import a set of documents from a supported ZIP archive into the Oracle WSM Repository. You can use the map argument to provide the location of a file that describes how to map physical information from the source environment to the target environment. For example, you can use the map file to ensure that the attachment expression in a policy set document is updated to match the target environment, such as Domain("foo")=Domain("bar")

14.5.4.2 Syntax

importRepository(archive,[map=None],[generateMapFile='false'])

Argument Definition

archive Path to the archive file that contains the list of documents to be imported. If a document being imported is a duplicate of the current version that already exists in the repository, then it will not be imported and a new version of the document is not created

Argument	Definition
`archive`	Path to the archive file that contains the list of documents to be imported. If a document being imported is a duplicate of the current version that already exists in the repository, then it will not be imported and a new version of the document is not created
`map=None`	Optional. Location of a sample map file that describes how to map physical information from the source environment to the target environment. You can generate a new map file by setting the `generateMapFile` argument to `true`. If you specify a map file without setting the `generateMapFile` argument to `true`, and the file does not exist, the operation fails and an error is displayed.
`generateMapFile=false`	Optional. Specify whether to create a sample map file at the location specified by the map argument. No documents are imported when this argument is set to `true`. The default is `false`. After the map file is created you can edit it using any text editor. The map file contains the document names given in the archive file and their corresponding `attachTo` values. The `attachTo` value can be updated to correspond to the new environment. If a mapping update is not required for a document name, that entry may be either deleted or commented out using the `#` character. Note: When importing documents into the repository, OWSM validates the `attachTo` values only. If a value is invalid, then the policy set is disabled. Other text in the map file is not validated.

map=None

Optional. Location of a sample map file that describes how to map physical information from the source environment to the target environment. You can generate a new map file by setting the generateMapFile argument to true.

If you specify a map file without setting the generateMapFile argument to true, and the file does not exist, the operation fails and an error is displayed.

generateMapFile=false

Optional. Specify whether to create a sample map file at the location specified by the map argument. No documents are imported when this argument is set to true. The default is false.

After the map file is created you can edit it using any text editor. The map file contains the document names given in the archive file and their corresponding attachTo values. The attachTo value can be updated to correspond to the new environment. If a mapping update is not required for a document name, that entry may be either deleted or commented out using the # character.

Note: When importing documents into the repository, OWSM validates the attachTo values only. If a value is invalid, then the policy set is disabled. Other text in the map file is not validated.

14.5.4.3 Example

The following examples describe repository import sessions.

The first example imports the contents of the policies.zip file into the repository.

wls:/wls-domain/serverConfig>importRepository("/tmp/policies.zip")

This example uses the generateMapFile argument to generate a map file.

wls:/wls-domain/serverConfig>importRepository("./export/some_global_with_noreference_2', map="./export/some_global_with_noreference_2_map', generateMapFile=true)

Here is an example of a generated map file:

This is an auto generated override file containing the document names given in 
the archive file and their corresponding attachTo values. The attachTo value can 
be updated according to the new environment details. If there is no update 
required for any document name,that entry may be either deleted or commented 
using the character ("#")

[Resource Scope Mappings
]
sca_component_add_1=Composite("*Async*")
sca_reference_add_1=Composite("*Basic_SOA_Client*")
sca_reference_no=Server("*")
sca_service_add_1=Composite("*Basic_SOA_service")
web_callback_add_1=Application("*")
web_client_add_1=Module("*")
web_reference_add_1=Domain("*")
web_service_add_1=Domain("*domain*") and Server("*soa*") and Application("*ADF*")
ws_service_no_1=Server("*Admin*")

This example illustrates how to import documents using a generated map file: /some_global_with_noreference_2_map.

wls:/wls-domain/serverConfig>importRepository('../export/export_all', 'export_all_map')

14.6 Deployment Descriptor Migration Commands

Use the commands listed in Table 14-6 to migrate the ADF Business Components and WebCenter services proprietary deployment descriptor (PDD) files between environments, such as from test to production.

For additional information about using these commands, see "Managing Application Migration Between Environments" in the Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

Note:

These commands are deprecated and will be removed in a future release.

Table 14-6 Deployment Descriptor Migration Commands

Use this command...	To...	Use with WLST...
exportJRFWSApplicationPDD	Export an ADF Business Control or WebCenter application deployment descriptor to a Java Archive (JAR) file.	Online
importJRFWSApplicationPDD	Import an ADF Business Control or WebCenter Web service application deployment descriptor from the exported JAR file into a new environment, for example, a production environment or a scaled server instance in a cluster.	Online
savePddToAllAppInstancesInDomain	Import and save the ADF BC or WebCenter Web service application deployment descriptor from the exported JAR file into all of the server instances in the connected domain.	Online

14.6.1 exportJRFWSApplicationPDD

Command Category: Deployment descriptor migration

Use with WLST: Online

14.6.1.1 Description

Export an ADF Business Control or WebCenter application deployment descriptor to a Java Archive (JAR) file. If you do not specify a name for the JAR file, the output displays the default name and path to the JAR file.

Note:

This command is deprecated and will be removed in a future release.

14.6.1.2 Syntax

exportJRFWSApplicationPDD(application,pddJarFileName=None)

Argument	Definition
`application`	Name and path of the application for which you want to export the configuration information. For example, `/domain/server/application#version`
`pddJarFileName`	Optional. User-specified name for the JAR file. The default is `None`. For example, `/tmp/myPDD.jar`.

14.6.1.3 Example

The following example exports the Web service PDD for the application ADFBCHelloWorld into a JAR file named exportPDD.jar.

wls:/wls-domain/serverConfig>exportJRFWSApplicationPDD
('/wls-domain/ManagedServer/ADFBCHelloWorld','/tmp/exportPDD.jar')

/tmp/exportPDD.jar

14.6.2 importJRFWSApplicationPDD

Command Category: Deployment descriptor migration

Use with WLST: Online

14.6.2.1 Description

Import an ADF Business Control or WebCenter Web service application deployment descriptor from the exported JAR file into a new environment, for example, a production environment or a scaled server instance in a cluster.

Notes:

Changes made using this WLST command are only effective after you restart your application. After importing the deployment descriptor, a message is displayed to remind you to restart your application.

This command is deprecated and will be removed in a future release.

14.6.2.2 Syntax

importJRFWSApplicationPDD(application,pddJarFileName)

Argument	Definition
`application`	Fully qualified path and name of the application to which you want to import the configuration information. For example, `/domain/server/application#version`
`pddJarFileName`	Name of the JAR file that contains the PDD file to be imported. For example, `/tmp/myPDD.jar`

14.6.2.3 Example

The following example imports the Web service application deployment descriptor for the ADFBCHelloWorld application that has been migrated to the server ManagedServer2. The command uses the name of the JAR file that was generated when the exportJRFWSApplicationPDD command was executed.

wls:/wls-domain/serverConfig>importJRFWSApplicationPDD
('/wls-domain/ManagedServer2/ADFBCHelloWorld', '/tmp/exportPDD.jar')

application  /wls-domain/ManagedServer2/ADFBCHelloWorld PDD has been reset,
 please restart application now to uptake changes!

14.6.3 savePddToAllAppInstancesInDomain

Command Category: Deployment descriptor migration

Use with WLST: Online

14.6.3.1 Description

Import and save the ADF BC or WebCenter Web service application deployment descriptor from the exported JAR file into all of the server instances in the connected domain. You can also use the optional restartApp argument to restart the application automatically.

Note:

This command is deprecated and will be removed in a future release.

14.6.3.2 Syntax

savePddToAllAppInstancesInDomain(applicationName,pddJarFileName,restartApp=true)

Argument	Definition
`applicationName`	Name of the application to which you want to import the configuration information. For example, `application#version`
`pddJarFileName`	Name of the JAR file that contains the PDD file to be imported. For example, `/tmp/myPDD.jar`
`restartApp`	Optional. Restart the application. Valid values are: `true`—Restart the application automatically. The default is `true`. `false`—Do not restart the application automatically.

14.6.3.3 Example

wls:/wls-domain/serverConfig>savePddToAllAppInstancesInDomain
'ADFBCHelloWorld', '/tmp/exportPDD.jar' , true

saving pdd to  com.bea:ServerRuntime=ManagedServer,Name=ADFBCHelloWorld,
Location=ManagedServer,Type=ApplicationRuntime
saving pdd to  com.bea:ServerRuntime=ManagedServer2,Name=ADFBCHelloWorld,
Location=ManagedServer2,Type=ApplicationRuntime
restarting application  ADFBCHelloWorld
Stopping application ADFBCHelloWorld.
<Mar 24, 2010 10:50:07 AM PDT> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating stop operation for application, ADFBCHelloWorld 
[archive: null], to Cluster-1 .> 
.Completed the stop of Application with status completed
Current Status of your Deployment:
Deployment command type: stop
Deployment State       : completed
Deployment Message     : no message
Starting application ADFBCHelloWorld.
<Mar 24, 2010 10:50:11 AM PDT> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating start operation for application, ADFBCHelloWorld 
[archive: null], to Cluster-1 .> 
.Completed the start of Application with status completed
Current Status of your Deployment:
Deployment command type: start
Deployment State       : completed
Deployment Message     : no message

The following example imports the Web service application deployment descriptor for the ADFBCHelloWorld application that was previously exported into all of the servers in the domain, but does not restart the application automatically. This example shows the commands you need to enter to restart the application manually.

wls:/wls-domain/serverConfig>savePddToAllAppInstancesInDomain
('ADFBCHelloWorld', '/tmp/exportPDD.jar', false)

saving pdd to  com.bea:ServerRuntime=ManagedServer,Name=ADFBCHelloWorld,
Location=ManagedServer,Type=ApplicationRuntime
saving pdd to  com.bea:ServerRuntime=ManagedServer2,Name=ADFBCHelloWorld,
Location=ManagedServer2,Type=ApplicationRuntime
application  ADFBCHelloWorld  PDD has been reset, please restart application now to uptake changes!

wls:/wls-domain/serverConfig> stopApplication('ADFBCHelloWorld')
wls:/wls-domain/serverConfig> startApplication('ADFBCHelloWorld')

14.7 Token Issuer Trust Configuration Commands

Use the WLST commands listed in Table 14-7 to view and define trusted issuers, trusted distinguished name (DN) lists, and token attribute rule filters for SAML and JWT signing certificates.

Note:

The commands in this section apply to Oracle Infrastructure Web Services only.

To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage').

Table 14-7 Web Services Token Issuer Trust Commands

Use this command...	To...	Use with WLST...
deleteWSMTokenIssuerTrust	Delete the entry for the issuer, including the DN list in it.	Online
deleteWSMTokenIssuerTrustAttributeRule	Delete a token attribute rule associated with a trusted DN.	Online
displayWSMTokenIssuerTrust	Display the names of the DN lists associated with a specified issuer.	Online
setWSMTokenIssuerTrust	Specify a trusted issuer with a DN list.	Online
setWSMTokenIssuerTrustAttributeFilter	Specify the DN of a token signing certificate and a list of trusted users. The name ID and the attribute can contain a filter with multiple value patterns.	Online
setWSMTokenIssuerTrustAttributeMapping	Specify the DN of a token signing certificate and a list of trusted users. The name ID and the attribute can be mapped to another user ID.	Online
revokeWSMTokenIssuerTrust	Remove trusted issuers and associated configurations (DNs and token attribute rules).	Online
exportWSMTokenIssuerTrustMetadata	Export the trust configuration (issuers, DNs, and token attribute rules) for all trusted issuers.	Online
importWSMTokenIssuerTrustMetadata	Import the trust configuration (Issuers, DNs, and token attribute rules) for all trusted issuers.	Online

14.7.1 deleteWSMTokenIssuerTrust

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online

14.7.1.1 Description

Delete a trusted token issuer and its associated trusted DN list. Supported values for a SAML assertion or JWT token type are dns.sv, dns.hok, or dns.jwt.

14.7.1.2 Syntax

deleteWSMTokenIssuerTrust(type, issuer)

Arguments	Definition
`type`	The type of SAML assertion or JWT tokens the trusted issuer issues: `dns.sv` – SAML sender vouches client list `dns.hok` – SAML HOK or Bearer `dns.jwt` – JWT token.
`issuer`	The name of the issuer whose trusted DN list will be deleted (for example, SAML assertion or JWT token). The issuer will also be deleted.

14.7.1.3 Examples

In the following example, the issuer www.yourcompany.com and the DN list in the dns.sv trusted SAML sender vouches client list for the issuer are deleted:

wls:/wls-domain/serverConfig>deleteWSMTokenIssuerTrust('dns.sv', 'www.yourcompany.com')

14.7.2 deleteWSMTokenIssuerTrustAttributeRule

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online

14.7.2.1 Description

Delete the token attribute rule associated with a trusted DN.

14.7.2.2 Syntax

deleteWSMTokenIssuerTrustAttributeRule(dn)

Arguments	Description
`dn`	The DN of the token signing certificate used as the identifier for the token rule that is to be deleted.

14.7.2.3 Examples

In the following example, the token attribute rule associated with the CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US' trusted DN is deleted.

wls:/wls-domain/serverConfig>deleteWSMTokenIssuerTrustAttributeRule('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US')

14.7.3 displayWSMTokenIssuerTrust

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online

14.7.3.1 Description

Display a trusted token issuer and its associated trusted DN list. Supported values for a SAML assertion or JWT token type are dns.hok, dns.sv, or dns.jwt. The issuer argument is optional. If the issuer and type is specified and exists in the trusted issuer list for the type, then the associated DN lists for the issuer is displayed. If issuer is not set, then all trusted issuers of the given type are listed.

14.7.3.2 Syntax

displayWSMTokenIssuerTrust(type, issuer)

Arguments	Definition
`type`	The type of SAML assertion or JWT tokens the trusted issuer issues: `dns.sv` – SAML sender vouches client list `dns.hok` – SAML HOK or Bearer `dns.jwt` – JWT token.
`issuer`	Optional. The issuer whose trusted DN list is displayed (for example, SAML assertion or JWT token). If not set, the list of all the trusted issuers is displayed.

14.7.3.3 Examples

In the following example, the DN lists in the dns.sv trusted SAML sender vouches client list for the www.oracle.com trusted issuer are displayed:

wls:/wls-domain/serverConfig>displayWSMTokenIssuerTrust('dns.sv', 'www.oracle.com')

In the following example, the names of all trusted SAML issuers associated with the dns.sv trusted SAML sender vouches client list are displayed:

wls:/wls-domain/serverConfig>displayWSMTokenIssuerTrust('dns.sv', None)

14.7.4 setWSMTokenIssuerTrust

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online

14.7.4.1 Description

Configure a trusted token issuer and define trusted keys or a trusted DN list for the issuer. Supported values for a SAML assertion or JWT token type are dns.hok, dns.sv, or dns.jwt. The trustedKeyIDs argument is optional. If you do not set this argument, only the trusted issuer will be set for the specified type.

This command can be used to specify the DN list associated with a trusted token issuer, update the list, or delete the list. See the following examples.

14.7.4.2 Syntax

setWSMTokenIssuerTrust(type, issuer, trustedKeyIDs)

Argument	Definition
`issuer`	The name of the trusted issuer, for example `www.oracle.com`.
`type`	The type of SAML assertion or JWT tokens the trusted issuer issues: `dns.sv` – SAML sender vouches client list `dns.hok` – SAML HOK or Bearer `dns.jwt` – JWT token.
`trustedKeyIDs`	Optional. An array of DN's for token signing certificates associated with the issuer for the specified type. This is a comma-separated list with the format `['CN=name1', 'CN=name2', 'CN=name3', ...]`. If you enter an empty set (`[]`) the list of DN values will be deleted for the issuer.

14.7.4.3 Examples

In the following example, CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US' is set as a DN in the dns.sv DN list for the www.oracle.com trusted issuer:

wls:/wls-domain/serverConfig>setWSMTokenIssuerTrust('dns.sv', 'www.oracle.com', ['CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US'])

In the following example, the name CN=orcladmin, OU=Doc, O=Oracle, C=US' in added to the dns.sv DN list for the www.oracle.com trusted issuer:

wls:/wls-domain/serverConfig>setWSMTokenIssuerTrust('dns.sv','www.oracle.com', ['CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US', 'CN=orcladmin, OU=Doc, O=Oracle, C=US'])

In the following example, the list of DN values in the dns.sv DN list is removed from the www.oracle.com trusted issuer:

wls:/wls-domain/serverConfig>setWSMTokenIssuerTrust('dns.sv', 'www.oracle.com', [])

14.7.5 setWSMTokenIssuerTrustAttributeFilter

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online

14.7.5.1 Description

Specify token attribute filtering rules for a trusted DN list. For each trusted DN configured for an issuer, a token attribute filtering rule can be configured and applied. Each rule has two parts: a name ID and an attributes part for attributes in a SAML assertion or JWT token. The name ID and each attribute can contain a filter with multiple value patterns.

To remove the list of filters for an attribute for the signing certificate, use an empty set ([]) for the value of filters.

Note:

You must first use the setWSMTokenIssuerTrust command to configure a list of trusted DN names for an issuer.

14.7.5.2 Syntax

setWSMTokenIssuerTrustAttributeFilter(dn, attr-name, filters)

Argument	Definition
`dn`	The DN of a token signing certificate.
`attr-name`	The name of the user attribute for which the filtering will be applied. The value can be as follows: `name-id`
`filters`	List of filters for the attribute. The list has the format ['`value1`', '`value2`', '`value3`', `...]`. Each value can be an exact name or a name pattern with a wildcard character "`*`". When `name-id` is selected for the `attr-name` argument, then the value of the subject name ID in the incoming SAML assertion must match one of the specified values to go through. If no values are specified, then any value for the subject name ID will go through.

14.7.5.3 Examples

In the following example, the name ID yourTrustedUser is set as a trusted user for the weblogic trusted DN:

wls:/wls-domain/serverConfig>setWSMTokenIssuerTrustAttributeFilter('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US','name-id', ['yourTrustedUser'])

Starting Operation setWSMTokenIssuerTrustAttributeFilter ...
The token attribute filter are successfully set

Starting Operation setWSMTokenIssuerTrustAttributeFilter ...
The token attribute filter are successfully set

In the following example, the name IDs jdoe is added to the list of trusted users for the weblogic trusted DN:

wls:/wls-domain/serverConfig>setWSMTokenIssuerTrustAttributeFilter('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US','name-id', ['yourTrustedUser', 'jdoe'])

In the following example, the list of trusted users for the weblogic trusted DN is removed:

wls:/wls-domain/serverConfig>setWSMTokenIssuerTrustAttributeFilter('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US', 'name-id', [])

14.7.6 setWSMTokenIssuerTrustAttributeMapping

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online

14.7.6.1 Description

Specify token attribute mapping rules for a trusted DN list. For each trusted DN configured for a token issuer, a token attribute mapping rule can be configured and applied. Each rule has two parts: a name ID and an attributes part for attributes associated with a SAML assertion or JWT token.

For a trusted DN, a token attribute mapping rule sets the mapping for the value of an attribute as specified by the attr-name argument. The user-attribute argument is optional and indicates the local user attribute it corresponds to. The user-mapping-attribute argument is optional and indicates the user attribute to be used in the system to authenticate the users. If the attribute as identified by attr-name exists for a token attribute rule for the DN, the mapping is overwritten by the new value.

For example, in federated environments, where the user subject ID (for example, mail) in the token is different from the user attribute (for example, uid) for authenticating the same user, the name ID and each attribute can map the local user attribute for the subject name ID to the local user attribute to authenticate a trusted user.

Note:

You must first use the setWSMTokenIssuerTrust command to configure a list of trusted DN names for an issuer.

14.7.6.2 Syntax

setTokenIssuerTrustAttributeMapping(DN, attr-name, user-attribute=None, user-mapping-attribute=None)

Arguments	Description
`DN`	The DN of a token signing certificate.
`attr-name`	The name of the use attribute for which the mapping will be applied The value can be as follows: `name-id`
`user-attribute`	Optional. The local name of the user attribute in the local identity store that the subject name ID corresponds to. The value can be as follows: `mail`
`user-mapping-attribute`	Optional. The value of the local name of the user attribute in the local identity store that the subject name ID maps to for authentication. The value can be as follows: `uid`

14.7.6.3 Examples

In the following example, the mail attribute for the Subject ID in the token is mapped to the uid attribute.

wls:/base_domain/serverConfig>setTokenIssuerTrustAttributeMapping('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US', 'name-id', 'mail', 'uid')

Starting Operation setWSMTokenIssuerTrustAttributeMapping ...
The token attribute mapping are successfully set

In the following example, the local user attribute for the Subject ID in the token is mapped to the uid attribute.

wls:/base_domain/serverConfig>setTokenIssuerTrustAttributeMapping('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US', 'name-id', '', 'uid')

14.7.7 revokeWSMTokenIssuerTrust

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online

14.7.7.1 Description

Revokes trust by removing all trusted issuers and associated configurations (DNs and token attribute rules). The issuers specified in the optional exclude list will not be removed. If no argument is passed, then all trusted issuers and the associated configuration are removed.

14.7.7.2 Syntax

revokeWSMTokenIssuerTrust(excludeIssuers=None)

Arguments	Definition
`excludeIssuers`	Optional. The list of issuers for which trust configuration should not be removed.

14.7.7.3 Examples

In the following example, all trusted issuer configurations are removed except for www.oracle.com and www.yourcompany.com, which have been excluded:

wls:/wls-domain/serverConfig>revokeWSMTokenIssuerTrust(['www.oracle.com','www.yourcompany.com'])

Starting Operation revokeWSMTokenIssuerTrust ...
Configuration for trusted issuers successfully removed.

In the following example, all trusted issuer configurations are removed:

wls:/wls-domain/serverConfig>revokeWSMTokenIssuerTrust()

Starting Operation revokeWSMTokenIssuerTrust ...
Configuration for trusted issuers successfully removed.

14.7.8 exportWSMTokenIssuerTrustMetadata

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online

14.7.8.1 Description

Export all the trust configurations (issuer, DNs, and token attribute rules) for all trusted issuers. The trust configuration will be exported to an XML file identified by the specified location. The trust configuration for the issuers specified in the exclude list will not be exported. If no argument is passed, the trust configuration for all trusted issuers will be exported.

14.7.8.2 Syntax

exportWSMTokenIssuerTrustMetadata(trustFile,excludeIssuers=None)

Arguments	Definition
`trustFile`	The location of the file where the exported metadata will be stored.
`excludeIssuers`	Optional. The list of issuers for which trust configuration should not be exported.

14.7.8.3 Examples

In the following example, all trusted issuer configurations are exported to the specified XML file except for www.oracle.com and www.yourcompany.com, which have been excluded:

wls:/wls-domain/serverConfig>exportWSMTokenIssuerTrustMetadata(trustFile='/tmp/trustData.xml',['www.oracle.com','www.myissuer.com'])

Starting Operation exportWSMTokenIssuerTrustMetadata ...
Configuration for trusted issuers successfully exported.

In the following example, all specified trusted issuer configurations are exported to the specified XML file:

wls:/wls-domain/serverConfig>exportWSMTokenIssuerTrustMetadata(trustFile='/tmp/trustData.xml')

Starting Operation exportWSMTokenIssuerTrustMetadata ...
Configuration for trusted issuers successfully exported.

14.7.9 importWSMTokenIssuerTrustMetadata

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: Token Issuer Trust Configuration

Use with WLST: Online

14.7.9.1 Description

Import the trust configurations (issuers, DNs, and token attribute rules) for all trusted issuers. The trust configuration will be imported from an XML file identified by the specified location.

14.7.9.2 Syntax

importWSMTokenIssuerTrustMetadata(trustFile)

Arguments	Definition
`trustFile`	The location of the file where the imported metadata will be stored.

14.7.9.3 Examples

In the following example, all trusted issuer configurations are imported from the specified XML file:

wls:/wls-domain/serverConfig>importWSMTokenIssuerTrustMetadata(trustFile='/tmp/trustData.xml')

Starting Operation importWSMTokenIssuerTrustMetadata ...
Configuration for trusted issuers successfully imported.

14.8 Diagnostic Commands

Use the WLST command in this section to check the status of the WSM components that are required for proper functioning of the product.

14.8.1 checkWSMStatus

Command Category: Diagnostic

Use with WLST: Online

14.8.1.1 Description

Check the status of the WSM components that are required for proper functioning of the product. The WSM components that are checked are the policy manager (wsm-pm), the agent (agent), and the credential store and keystore configuration. The status of the components can be checked together or individually.

Note:

The Policy Manager (wsm-pm) application must be deployed and running for the check status tool to function correctly.

14.8.1.2 Syntax

checkWSMStatus([component=None],[address=None],[verbose=true])

Arguments Description

component

Optional. All checks will be performed if no value is specified. Valid options are:

wsm-pm—Policy Manager. Checks the configuration state of the policy manager component.
agent—Enforcement Agent. Checks status of end-to-end service-side enforcement through the wsm agent component. The enforcement check is specific only to the environment from which the command is run.
credstore—Credential Store. Checks whether the credentials are configured for the keystore password, signing, and encryption certificates in the keystore.

address

Optional. The HTTP URL of the host running the Policy Manager wsm-pm application. This value is required for checking enforcement through an agent component, for example,

checkWSMStatus('agent', 'http://localhost:7001')

The address is not required in the WebLogic Server domain where auto-discovery is present.

verbose Optional. If the value of this flag is true, then the detailed messages (including stack trace, if any) are displayed. Default is false.

14.8.1.3 Examples

In the following example, the checkWSMStatus command is run without arguments. The status of the credential store, policy manager, and enforcement agent is returned.

wls:/base_domain/serverConfig> checkWSMStatus()
 
Credential Store Configuration:
 
PASSED.
        Message(s):
             keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
                 Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
             keystore-csf-key : Credentials configured.
             keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
                 Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
             sign-csf-key : Credentials configured.
             Sign Key : Key configured.
                 Alias - orakey
             Sign Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
             keystore.enc.csf.key : Property is configured and its value is "enc-csf-key".
                 Description: The "keystore.enc.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for decryption.
             enc-csf-key : Credentials configured.
             Encrypt Key : Key configured.
                 Alias - orakey
             Encrypt Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
 
Policy Manager:
 
 
PASSED.
        Message(s):
             OWSM Policy Manager connection state is OK.
             OWSM Policy Manager connection URL is "host.example.com:1234".
 
Enforcement Agent:
 
 
PASSED.
        Message(s):
             Enforcement is successful.
             Service URL: http://host.example.com:7001/Diagnostic/DiagnosticService?wsdl

In the following example, the credential store key keystore-csf-key is deleted and the checkWSMStatus command is rerun for the credential store credstore. The status check fails because the csf-key keystore-csf-key is not present in the credential store:

wls:/base_domain/serverConfig> deleteCred(map="oracle.wsm.security", key="keystore-csf-key") 
wls:/base_domain/serverConfig> checkWSMStatus('credstore')
 
Credential Store Configuration:
 
FAILED.
        Message(s):
             keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
                 Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
             keystore-csf-key : Credentials not configured.
 
Credential Store Diagnostic Messages:
        Message(s):
                 The csf-key keystore-csf-key is not present in the credential store. 
 
 Perform the following steps to update the credential store (using WLST commands):-
 1. connect()
 2. createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore-csf-key", password="<keystore-password>", desc="Keystore Password CSF Key")
 NOTE:- All the above commands are based on the Domain level configurations. The actual csf key may be overridden at runtime due to config override. See Documentation for more details.

In the following example, the csf-key keystore-csf-key is configured and the checkWSMStatus command is rerun. The configuration check passes.

wls:/base_domain/serverConfig> createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore-csf-key", password="welcome1", desc="Keystore Password CSF Key")
Already in Domain Runtime Tree
 
wls:/base_domain/serverConfig> checkWSMStatus('credstore')
 
Credential Store Configuration:
 
 
PASSED.
        Message(s):
             keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
                 Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
             keystore-csf-key : Credentials configured.
             keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
                 Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
             sign-csf-key : Credentials configured.
             Sign Key : Key configured.
                 Alias - orakey
             Sign Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
             keystore.enc.csf.key : Property is configured and its value is "enc-csf-key".
                 Description: The "keystore.enc.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for decryption.
             enc-csf-key : Credentials configured.
             Encrypt Key : Key configured.
                 Alias - orakey
             Encrypt Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
true

The following example checks the enforcement status of the agent component at the URL http://localhost:7001.

wls:/test_domain1/serverConfig> checkWSMStatus('agent','http://localhost:7001')
 
Enforcement Agent:
 
Note: Enforcement might succeed if OWSM Policy Manager is down due to policy caching. For such scenarios wsm-pm test must be run prior to this test.
 
PASSED.
        Message(s):
             Enforcement is successful.
             Service URL: http://localhost:7001/Diagnostic/DiagnosticService?wsdl

14.9 JKS Keystore Configuration Commands

Use the WLST commands listed in Table 14-8 to view and manage JKS keystore credentials and certificates.

Note:

The commands in this section apply to Oracle Infrastructure Web Services only.

To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage').

Table 14-8 JKS Keystore Configuration Commands

Use this command...	To...	Use with WLST...
deleteWSMKeyStoreEntry	Delete a single `KeyStore.TrustedCertificateEntry` entry from the keystore.	Online
deleteWSMKeyStoreEntries	Delete all `KeyStore.TrustedCertificateEntry` entries from the keystore except those identified by the aliases in the exclusion list.	Online
exportWSMCertificate	Export a trusted certificate or a certificate chain associated with a private key, indicated by a specified alias, to a specified location.	Online
importWSMCertificate	Import a trusted certificate or a certificate chain associated with a private key, indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location.	Online
listWSMKeystoreAliases	List all the aliases in the keystore.	Online
displayWSMCertificate	Displays the string representing the contents of a user's certificate if the alias specifies a `KeyStore.TrustedCertificateEntry`. Displays the certificates in the chain if the alias points to a certificate chain specified by the `KeyStore.PrivateKeyEntry`.	Online

14.9.1 deleteWSMKeyStoreEntry

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: JKS Keystore Management

Use with WLST: Online

14.9.1.1 Description

Delete a single KeyStore.TrustedCertificateEntry entry from the keystore. You cannot delete the keyStore.PrivateKeyEntry.

14.9.1.2 Syntax

deleteWSMKeyStoreEntry(alias)

Arguments	Description
`alias`	Alias of the certificate to be deleted.

14.9.1.3 Examples

In this example, the alias for a key store entry, testalias1, is deleted from the keystore.

wls:/base_domain/serverConfig> deleteWSMKeyStoreEntry('testalias')

Starting Operation deleteWSMKeyStoreEntry ...
Certificate for alias "testalias" successfully deleted.

14.9.2 deleteWSMKeyStoreEntries

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: JKS Keystore Management

Use with WLST: Online

14.9.2.1 Description

Delete all KeyStore.TrustedCertificateEntry entries from the keystore except those identified by the aliases in the exclusion list. If no argument is passed then all the KeyStore.TrustedCertificateEntry entries will be deleted.

14.9.2.2 Syntax

deleteWSMKeyStoreEntries(exclusionList=None)

Arguments	Description
`exclusionList`	Optional. List of aliases for the certificate that should not be deleted.

14.9.2.3 Examples

In this example, all key store entries are deleted from the keystore, except for the testalias and testalias2 aliases, which are specified on the exclusion list:

wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries(['testalias', 'testalias2'])

Starting Operation deleteWSMKeyStoreEntries ...
Certificate(s) deleted successfully.

In this example, all key store entries are deleted from the keystore:

wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries()

14.9.3 exportWSMCertificate

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: JKS Keystore Management

Use with WLST: Online

14.9.3.1 Description

Export a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The certificate will be exported to the specified location.

If the type argument is Certificate:
- If the alias is pointing to KeyStore.TrustedCertificateEntry, it will return the trusted certificate associated with the entry.
- If the alias is pointing to KeyStore.PrivateKeyEntry, it will return the first certificate in the certificate chain.
- If the alias does not point to either KeyStore.TrustedCertificateEntry or KeyStore.PrivateKeyEntry, it will return an error message.
If the type argument is PKCS7:
- If the alias is pointing to a KeyStore.PrivateKeyEntry, it will return the certificate chain associated with the entry in PKCS7 format.
- If the alias does not point to KeyStore.PrivateKeyEntry, it will return an error message.
If the type argument is set to an invalid value, an error message is returned.

14.9.3.2 Syntax

exportWSMCertificate(alias, certFile, type)

Arguments	Description
`alias`	Alias of the certificate to be exported.
`certFile`	Location of the file where the exported certificate will be stored.
`type`	Type of keystore entry to be exported. Valid values are: `Certificate` for exporting `KeyStore.TrustedCertificateEntry`. `PKCS7` for exporting a certificate chain corresponding to a `keyStoreKeyStore.PrivateKeyEntry` specified by the `alias` in PKCS7 format.

14.9.3.3 Examples

In this example, the trusted certificate testalias is identified by type as Certificate and is exported to the specified certificate.cer file:

wls:/base_domain/serverConfig> exportWSMCertificate('testalias','/tmp/certificate.cer','Certificate')

Starting Operation exportWSMCertificate ...
Certificate for alias "testalias" successfully exported.

In this example, the certificate chain testalias2 is identified by type as PKCS7 and is exported to the specified certificatechain.p7b file:

wls:/base_domain/serverConfig> exportWSMCertificate('testalias2','/tmp/certificatechain.p7b','PKCS7')

14.9.4 importWSMCertificate

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: JKS Keystore Management

Use with WLST: Online

14.9.4.1 Description

Import a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location.

14.9.4.2 Syntax

importWSMCertificate(alias, certFile, type, password=None)

Arguments	Description
`alias`	Alias of the certificate to be imported.
`certFile`	Location of the file from which the Base64 encoded certificate will be imported.
`type`	Type of keystore entry to be imported. Valid values are: `Certificate` for importing `KeyStore.TrustedCertificateEntry`. `PKCS7` for importing a certificate chain corresponding to a `keyStoreKeyStore.PrivateKeyEntry` specified by the `alias` in PKCS7 format.
`password`	Optional. Password associated with the private key.

14.9.4.3 Examples

In this example, the trusted certificate testalias is identified by type as Certificate and is imported from the specifiedcertificate.cer file:

wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificate.cer','Certificate')

Starting Operation importWSMCertificate ...
Certificate for alias "testalias" successfully imported.

In this example, the password-protected certificate chain testalias is identified by type as PKCS7 and is imported from the specified certificatechain.p7b file:

wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7',password='privatekeypassword')

In this example, the certificate chain testalias is identified by type as PKCS7 and is imported from the specified certificatechain.p7b file:

wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7')

14.9.5 listWSMKeystoreAliases

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: JKS Keystore Management

Use with WLST: Online

14.9.5.1 Description

List all the aliases in the keystore.

14.9.5.2 Syntax

listWSMKeystoreAliases()

14.9.5.3 Examples

In this example, all the aliases in the keystore are listed.

wls:/base_domain/serverConfig>listWSMKeystoreAliases()

Starting Operation listWSMKeystoreAliases ...

testalias
orakey
testalias2

14.9.6 displayWSMCertificate

Displays the string representing the contents of a user's certificate if the alias specifies a KeyStore.TrustedCertificateEntry. Displays the certificates in the chain if the alias points to a certificate chain specified by a KeyStore.PrivateKeyEntry.

Note:

This command applies to Oracle Infrastructure Web services only.

Command Category: JKS Keystore Management

Use with WLST: Online

14.9.6.1 Description

14.9.6.2 Syntax

displayWSMCertificate(alias)

Arguments	Description
`alias`	Alias of the certificate/certificate chain to be displayed.

14.9.6.3 Examples

In this example, the contents of the orakey trusted certificate is displayed.

wls:/base_domain/serverConfig>displayWSMCertificate('orakey')

Starting Operation displayWSMCertificate ...
[
  Version: V3
  Subject: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
  101336654071087305620295721341875459581727184852017960998615641847764412775989
  046768838406911494435712364431883104460420101263455337490958825568587912620074
  497379158835791101805994438262634259467352941329678718608662643461089403600239
  418798937444529854556507844518713085827283731161032187719240566731105687269
  public exponent: 65537
  Validity: [From: Tue Apr 07 15:04:45 PDT 2009,
               To: Thu Feb 14 14:04:45 PST 2019]
  Issuer: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US
  SerialNumber: [    49dbcdfd]
]
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 69 29 71 5D 97 1C 28 07   F1 5E 6A AA 49 A7 F7 31  i)q]..(..^j.I..1
  0010: F2 B6 91 91 A1 7E D3 F9   1A C6 58 38 85 00 BA 49  ..........X8...I
  0020: 21 69 E0 06 8D 9F BF 7B   C4 8C 83 95 69 4A 49 EB  !i..........iJI.
  0030: 70 D8 7E A9 75 0D 8C C5   7C 9B 14 AB 93 76 A9 35  p...u........v.5
  0040: 56 21 71 77 8D 2A AB 1C   CA 81 E0 15 36 4E 81 0A  V!qw.*......6N..
  0050: 55 8F D4 5E 1C D0 BF 12   A3 44 8E 65 18 D9 4C E6  U..^.....D.e..L.
  0060: 4C 5E 14 4A 7F DF CD 51   59 43 02 41 67 B0 EA 3E  L^.J...QYC.Ag..>
  0070: 58 F4 38 50 3B 2D A3 81   08 8A 84 4C 4B E0 8B 3E  X.8P;-.....LK..>

14.10 OWSM Configuration Commands

Use the WLST commands listed in Table 14-9 to view and configure the OWSM domain.

Table 14-9 OWSM Configuration Commands

Use this command...	To...	Use with WLST...
displayConfiguration	Display the full configuration properties and their values and groups for the specified product.	Online
setConfiguration	Sets the configuration properties of a domain.	Online

14.10.1 displayConfiguration

Command Category: Configuration

Use with WLST: Online

14.10.1.1 Description

Displays the full set of configuration properties, and their values and groups, for the product specified in the context. If a property is not defined in the configuration document associated with the context, then the default value defined for the product is displayed. If a context is not specified, then the set of properties matching the current context is displayed.

14.10.1.2 Syntax

displayConfiguration([context=None])

Arguments	Description
`context`	Optional. The context of the configuration document from which property values are displayed. If a context is not specified, then the set of properties matching the current context is displayed. To display the default set of properties along with their values, use "`/`" as the context value.

14.10.1.3 Examples

The following example displays the configuration contained in the configuration document in the repository.

wls:/jrfServer_domain/serverConfig> displayConfiguration()

The following example displays the configuration for the base_domain domain.

wls:/jrfServer_domain/serverConfig> displayConfiguration('WLS/base_domain')

14.10.2 setConfiguration

Command Category: Configuration

Use with WLST: Online

14.10.2.1 Description

Sets the configuration properties of a domain. The properties are stored in a configuration document for the domain. If a configuration document does not exist, a new one is created.

A new property with values and/or groups of values can be added inside the configuration document. The set of acceptable properties is determined from the default set of properties supported by the product. Specific property values or groups of values can be removed from the configuration document. The configuration document itself is removed if no properties exist in it.

14.10.2.2 Syntax

setConfiguration(context, category, name, [group=None], [values=None])

Arguments	Description
`context`	Optional. The context of the configuration document to be modified for the product. If a context is not provided or is set to None, then the configuration document associated with the currently connected domain is used. For example /WLS/base_domain.
`category`	The category of the property. This is verified against the default set of properties to ensure it is acceptable for the context. Use the displayConfiguration command to see the category name associated with each property.
name	The name of the property. This is verified with the default set of properties for acceptability.
group	Optional. A group containing the set of values to add in a property document. If set to None, then the group will be removed, if such a group exists.
values	Optional. The array of values to set for a property or group inside the property document.

14.10.2.3 Example

The following example resets the entire configuration for the domain myDomain to its default values.

wls:/jrfServer_domain/serverConfig> setConfiguration('/WLS/myDomain')

The following command resets the value of the clock.skew property in myDomain to 500.

wls:/jrfServer_domain/serverConfig> setConfiguration('/WLS/myDomain','Agent','clock.skew',None, ['500'])

The following command resets the value of the clock.skew property in myDomain to its default value.

wls:/jrfServer_domain/serverConfig> setConfiguration('/WLS/myDomain','Agent','clock.skew',None,None)

14.11 Upgrade OWSM Configuration Command

During the patching of an earlier Oracle Fusion Middleware 11g release to Release 11.1.1.9.0, use the WLST command in this section to upgrade the OWSM configuration in a WebLogic Server 11g domain from a previous release (11.1.1.1.0–11.1.1.6.0) to Release 11.1.1.9.0.

The OWSM configuration and policies will be upgraded, such as:

Any predefined policies that have not been customized for your environment are replaced, and any new policies are automatically added. Note, however, that predefined policies that have been customized and user-created custom policies in the repository are not replaced.
WS-Trust configuration, such as DNs and trusted issuers.
Custom roles for secure EJBs.

For more information about patching WebLogic Server 11g domains, see "Post-Patching Tasks for Your WebLogic Server Domain" in the Oracle Fusion Middleware Patching Guide.

14.11.1 upgradeWSM

Command Category: OWSM Configuration Upgrade

Use with WLST: Offline

14.11.1.1 Description

Upgrades the OWSM configuration in a WebLogic Server 11g domain from a previous release (11.1.1.1.0–11.1.1.6.0) to release 11.1.1.9.0. After completing the 11.1.1.9.0 patch installation in your FMW environment, this command must be run from the oracle_common\common\bin directory of release 11.1.1.9.0. installation.

14.11.1.2 Syntax

upgradeWSM(domainPath)

Arguments	Description
`domainPath`	The path of the WebLogic Server 11g domain that is being upgraded.

14.11.1.3 Example

In the following example, the OWSM configuration in a WebLogic Server 11g 11.1.1.5.0 domain is being upgraded to release 11.1.1.9.0.

oracle_common\common\bin > upgradeWSM('/Oracle_HOME/user_projects/domains/ps5_domain')

Starting Operation upgradeWSM ...

Upgrading Oracle Web Services Manager configuration started.

Upgrading Oracle Web Services Manager configuration files started.
Upgrading Oracle Web Services Manager configuration files completed.
Migration of custom roles and policies started.
Migration of custom roles and policies completed.
Oracle Web Services Manager successfully upgraded to version 11.1.1.9.0.

In this example, the upgradeWSM command is being run in a WebLogic Server 11g 11.1.1.5.0 domain that has already been upgraded to release 11.1.1.9.0.

wls:/offline>upgradeWSM('/Oracle_HOME/user_projects/domains/ps5_domain')
 
Starting Operation upgradeWSM ...
 
Oracle Web Services Manager is already upgraded to version 11.1.1.9.0. Upgrade is not required.