This chapter describes the WebLogic Scripting Tool (WLST) commands for Oracle Infrastructure web services (which includes SOA composites, ADF Business Components, Java EE web services, and RESTful web services. You can use these commands to manage web services from the command line.
Note:
Only a subset of the custom WLST commands described in this chapter are supported for Java EE web services.A subset of WLST commands have been deprecated for Oracle Infrastructure web services and clients. For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.
For additional details about using these WLST commands for web services, see the following documents:
Notes:
To use the Web Services custom WLST commands, you must invoke WLST from the Oracle Common home directory. See "Using Custom WLST Commands" in the Administering Oracle Fusion Middleware.To display the help for the web service and client management and Java EE web service policy management commands, connect to a running instance of the server and enter help('WebServices')
.
To display the help for the remaining commands, connect to a running instance of the server and enter help('wsmManage')
.
This chapter contains the following topics:
You can use the web services WLST commands, in online mode, to:
Perform web service configuration and OWSM policy management tasks.
Manage the OWSM repository.
Check the status of OWSM components.
View and define trusted issuers and DN lists for SAML signing certificates.
Note:
Ensure that the user is mapped to the appropriate OWSM logical roles, based on the WLST operations you wish to perform. For more information, see "Modifying the User's Group or Role" in Securing Web Services and Managing Policies with Oracle Web Services Manager.The web services WLST configuration and policy management commands perform many of the same management functions that you can complete using Fusion Middleware Control, such as managing deployed, active, and running web services applications. They can be executed everywhere in WLST online mode, for example:
wls:/domain/serverConfig wls:/domain/domainRuntime
The following sections provide more information about using the WLST commands:
The web service WLST commands configure a web service for a specific application. Therefore, the application path name has to uniquely identify the application and the server instance to which it is deployed.
The following sections describe how to specify the application and service names to uniquely identify the web service.
Specifying a Web Service Application Name
To specify a web service application in a WLST command, use the following format:
[/domain/server/]application[#version_number]
Parameters shown in brackets []
are optional. The following examples show the sample format for a web service application name:
/base_domain/AdminServer/HelloWorld#1_0 /base_domain/server1/HelloWorld#1_0
If there is only one deployed instance of an application in a domain, you may omit the domain/server
parameter, as shown in the following example:
HelloWorld#1_0
In all other instances, the domain/server
parameter is required. If it is not specified and WLST finds more than one deployment of the same application on different servers in the domain, you are prompted to specify the domain and the server names.
Web service and web service client applications are deployed directly to WebLogic Server server instances. Each application is managed separately. For example, if the application myapp
is deployed to both the AdminServer
and server1
instances in the domain mydomain
, then you need to issue configuration commands to each of the servers using the appropriate application path name:
/mydomain/AdminServer/myapp#1_0 /mydomain/server1/myapp#1_0
When there are multiple versions (namespaces) of a web service name for Web Service and Web Service clients, you must specify the namespace and the service name using the following format:
{http://namespace/}serviceName
Note the following:
For web service and client management commands, and policy management commands, you do not need to enter the namespace if there is only one service name qualified. If there are multiple versions of the service and you do not specify the namespace with the service name, an exception is thrown.
The namespace ({http://namespace/}
) should not be included for a SOA composite.
For policy set management commands, both the namespace and service name are required for Web Service and Web Service Client (ws-service and ws-client) resource types.
For more information, see "Determining the Namespace for a Web Service" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
You can navigate to a policy subject in WLST, without having to refer to Fusion Middleware Control. By using the selectWSMPolicySubject command, together with an understanding of the navigation model, you can discover the application, assembly, and subject names by moving down the hierarchy tree. An assembly uniquely identifies a module within an application, for example a .war file.
You can select a specific application for modification if an application name is provided.
If you know only a part of the application name, the argument can be a pattern containing wildcard characters. In this case, all of the applications matching that pattern will be listed. You can then select that application to proceed further. If no argument is provided then all application names will be listed.
When the application name is known
If you know the name of the application, enter it as the argument to selectWSMPolicySubject
command. WLST responds with the names of the assemblies contained in the application.
In the following example, jaxwsejb30ws
is entered as the name of the application. WLST responds with #jaxwsejb
, the name of the assembly contained in the application.
wls:/base_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws') #jaxwsejb Select any of the assembly name to proceed.
When only a part of the application name is known
If you know only a part of the application name, you can enter a pattern with wildcard characters. In the following example, jax*
is entered as the name of the application in the selectWSMPolicySubject
command. WLST responds with a list of applications that match the string.
wls:/base_domain/serverConfig> selectWSMPolicySubject('jax*') jaxws_provider jaxwsejb30ws Select any of the application name to proceed. wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws') #jaxws3jb Select any of the assembly name to proceed
When the application name is not known
If you do not know the name of the application, enter the selectWSMPolicySubject
command with no arguments. WLST responds with the names of all applications known to the system. In the following example, the selectWSMPolicySubject
command is entered with no arguments. WLST responds with the names of all applications known to the system.
wls:/base_domain/serverConfig> selectWSMPolicySubject() SimpleRestApp jaxws_provider jaxwsejb30ws wsm-pm Select any of the application name to proceed. wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws') #jaxws3jb Select any of the assembly name to proceed
You can select a specific assembly for modification if an application name and assembly name is provided.
If you know only a part of the assembly name, the argument can be a pattern containing wildcard characters. In this case, all of the assemblies matching that pattern will be listed. You can then select an assembly to proceed further. If no argument is provided then all assembly names will be listed.
Note:
For ws-connection type policy subjects, use an empty string''
for the assembly name.When the assembly name is known
If you know the name of the assembly, enter it with the application name as arguments to the selectWSMPolicySubject
command. WLST responds with the names of the subjects contained in the assembly. In the following example, jaxwsejb30ws
is entered as the name of the application and #jaxwsejb
is entered as the name of the assembly. WLST responds with a list of all of the subjects contained in the assembly.
wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb') WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort) WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort) WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort) WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort) WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort) Select any of the subject name to proceed.
When only a part of the assembly name is known
If you know only a part of the assembly name, you can enter a pattern with wildcard characters. In the following example, #jaxws*
is entered as the partial name of the assembly and jaxwsejb30ws
is entered as the name of the application in the selectWSMPolicySubject
command. WLST responds with #jaxwsejb
, the name of the assembly contained in the application.
wls:/base_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws','#jaxws*') #jaxwsejb Select any of the assembly name to proceed. wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb') WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort) WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort) WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort) WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort) WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort) Select any of the subject name to proceed.
When the assembly name is not known
If you do not know the name of the assembly, enter the name of the application only as an argument to selectWSMPolicySubject
. WLST responds with the names of all assemblies known to the system. In the following example, jaxwsejb30ws
is entered as the name of the application as an argument in selectWSMPolicySubject
command. WLST responds with the names of all assemblies known to the system.
wls:/base_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws') #jaxwsejb Select any of the assembly name to proceed.
You can select a specific policy subject for modification if an application name, assembly name, and policy subject name is provided.
If you know only a part of the policy subject name, the argument can be a pattern containing wildcard characters. In this case, all of the policy subjects matching that pattern will be listed. You can then select a policy subject to proceed further. If no argument is provided then all policy subject names will be listed.
When the policy subject name is known
If you know the name of the policy subject, enter it with the application name and the assembly name as arguments to the selectWSMPolicySubject
command. WLST selects the specified policy subject. In the following example, jaxwsejb30ws
is entered as the name of the application, #jaxwsejb
is entered as the name of the assembly, and WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
is entered as the name of the policy subject. WLST responds that the policy subject has been selected for modification.
wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb','WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)') The policy subject is selected for modification.
When only a part of the policy subject name is known
If you know only a part of the policy subject name, you can enter a pattern with wildcard characters. In the following example, jaxwsejb30ws
is entered as the name of the application, #jaxwsejb
is entered as the name of the assembly, and ws-service(*)
is entered as the name of the policy subject in the selectWSMPolicySubject
command. WLST responds with the name of the policy subjects contained in the assembly.
wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb', 'ws-service(*)') WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort) WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort) WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort) WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort) WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort) Select any of the subject name to proceed.
When the policy subject name is not known
If you do not know the name of the policy subject, enter the name of the application, the name of the assembly as arguments to the selectWSMPolicySubject
command. WLST responds with the names of all policy subjects contained in the assembly. In the following example, jaxwsejb30ws
is entered as the name of the application, #jaxwsejb
as the name of the assembly, and None
as the policy subject argument in selectWSMPolicySubject
command. WLST responds with the names of all policy subjects contained in the assembly.
wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb') WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort) WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort) WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort) WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort) WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort) Select any of the subject name to proceed.
Web services WLST commands are divided into the categories described in Table 3-1.
Table 3-1 Web Services WLST Command Categories
Command Category | Definition |
---|---|
Manage a session, which is required by some web service WLST commands, such as those that modify repository documents and policy subject commands, need to be executed in the context of a session. |
|
View and manage web service and web service client policy subjects. |
|
View and manage OWSM domain configuration information. |
|
Check the status of the WSM components that are required for proper functioning of the product. |
|
View and manage web services for the service and client. |
|
View and manage policy attachment for the service and client. These commands manage both direct policy attachments and global policy attachments in policy sets. |
|
View and manage globally available policy sets within sessions. |
|
Manage the OWSM repository with new predefined policies provided in the latest installation of the software, as well as import and export documents into and from the repository. |
|
View and define trusted issuers, trusted distinguished name (DN) lists, and token attribute rule filters for SAML signing certificates. |
|
View and manage JKS keystore credentials and certificates. |
Some web service WLST commands, such as those that modify repository documents and policy subject commands, need to be executed in the context of a session. Use the WLST commands listed in Table 3-2 to manage a session.
Table 3-2 Session Management WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Abort the current modification session, discarding any changes that were made during the session. |
Online |
|
Begin a session to modify a policy subject or the OWSM repository documents. |
Online |
|
Write the contents of the current session to the OWSM repository. |
Online |
|
Describe the contents of the current session. This will indicate either that the session is empty or list the name of the document that is being updated, along with the type of update (create, modify, or delete). |
Online |
Command Category: Session
Use with WLST: Online
Aborts the current modification session, discarding any changes that were made during the session. Messages are displayed that describe what was aborted.An error will be displayed if there is no current session.
Command Category: Session
Use with WLST: Online
Begins a session to modify a policy subject, such as a policy set or a Fusion Middleware web service endpoint. A session can act on a single policy subject only. If a session is already in progress, an error is displayed.
Command Category: Session
Use with WLST: Online
Persists the modifications made within the current session. Messages are displayed that describe what was committed. An error will be displayed if there is no current session.
Command Category: Session
Use with WLST: Online
Describes the current session. For repository operations, it will either indicate that no actions have been performed in the session, or it will list the name of the document that is being updated, along with the type of update, such as create, modify, or delete. For policy subject operations, it will list the subject identifier.
If there is no current session, the following error is displayed:
No actions in session.
Use the WLST commands listed in Table 3-3 to view and manage web service and web service client policy subjects. For more information about policy subjects, see "Understanding Policy Subjects" in Understanding Oracle Web Services Manager.
Note:
For Java EE web services, no information is displayed. For information about viewing and modifying Java EE web service policy attachments, see Table 3-7.Table 3-3 Policy Subject WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Display the configuration of effective policy set corresponding to a policy subject. |
Online |
|
List the policy subjects that match the specified application, assembly, and subject patterns. |
Online |
|
Displays the configuration of an effective policy set corresponding to a policy subject. The display will also include any changes made within the current session when it generates the effective policy set. |
Online |
|
Select the subject uniquely identified by application, assembly and subject for modification. |
Online |
|
Command Category: Policy Subject
Use with WLST: Online
Note:
This command is valid for Oracle Infrastructure web service and clients only. For Java EE web services, no information is displayed. For information about viewing and modifying Java EE web service policy attachments, see Table 3-7.Displays the configuration of the actual runtime policy set and global policy attachment information used at the time of policy enforcement. This policy set and global policy attachment information is stored within the policy subject.
You must start a session and select the policy subject (using selectWSMPolicySubject
) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.
Compare this command with the "displayWSMPolicySet" command, which displays only the selected global policy set or the selected local policy set, or with the "previewWSMEffectivePolicySet", which displays the effective policy set, including changes made to the actual runtime policy set, within the current session.
The following example for an Oracle Infrastructure web service lists that the policies, oracle/wss_username_token_service_policy
and oracle/log_policy
, are in effect at the time of enforcement.
wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('/weblogic/jrfServer_domain/jaxws-sut','#jaxws-sut-service','WS-SERVICE({http://service.jaxws.wsm.oracle/}TestService#TestPort)')
The policy subject is selected for modification.
wls:/jrfServer_domain/serverConfig> displayWSMEffectivePolicySet()
URI="oracle/http_basic_auth_over_ssl_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
The policy subject is secure in this context.
Command Category: Policy Subject
Use with WLST: Online
Lists the policy subjects that match the specified application, assembly, and subject patterns. You can use the optional detail
argument to include effective policy set information in the output. The command does not require starting a session.
For more information about the pattern used to identify a subject, see Section 3, "Identifying the Policy Subject."
listWSMPolicySubjects([application=None],[assembly=None],[subject=None],[detail='false'])
Argument | Definition |
---|---|
application |
Optional. Pattern identifying applications. |
assembly |
Optional. Pattern identifying assemblies. |
subject |
Optional. Pattern identifying subjects. |
detail |
Optional. Specifies whether to include effective policy set information in the output. The default value is false .
For each directly attached policy, the |
To simplify searching for a particular subject, the application
, assembly
, or subject
argument can specify a pattern containing the wildcard character (*
). In this case, all the subjects matching that pattern will be listed.
The following invocation of the listWSMPolicySubjects
command with detail='true'
returns the application, assembly, and subject information for all subjects being managed in the entire domain
Note that the local.policy.reference.source
configuration property is provided for the directly attached policy identifying its source as LOCAL_ATTACHMENT
, indicating that it was attached using either Fusion Middleware Control or WLST. For more information about the local.policy.reference.source
configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
wls:/base_domain/serverConfig> listWSMPolicySubjects(detail='true')
Application: /weblogic/base_domain/jaxwsejb30ws
Assembly: #jaxwsejb
Subject: WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
Context : no constraint
URI="oracle/wss_username_token_service_policy", category=security,
policy-status=enabled; source=global policy set "username", scope="DOMAIN('*')"; reference-status=enabled; effective=true
URI="oracle/mex_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/mtom_encode_fault_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/max_request_size_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
Property name="max.request.size", value="-1"
URI="oracle/request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/soap_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/ws_logging_level_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="logging.level", value=""
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/test_page_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/wsdl_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
The policy subject is secure in this context.
...
Invoking the listWSMPolicySubjects
command with ('jax*')
as the argument returns all subjects in applications that begin with jax
; in our example, all subjects belonging to the jaxwsejb30ws
application:
wls:/base_domain/serverConfig> listWSMPolicySubjects('jax*')
Application: /weblogic/base_domain/jaxwsejb30ws
Assembly: #jaxwsejb
Subject: WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
Subject: WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
Subject: WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
The following command returns all RESTful resource subjects in all applications. If there are no RESTful resources in an application, the following message is returned: Subject: No matching subject found for "REST*"
wls:/base_domain/serverConfig> listWSMPolicySubjects(subject='REST*')
Application: /weblogic/base_domain/jaxrs_pack1
Assembly: #jaxrs_pack1.war
Subject: REST-Resource(Jersey)
Application: /weblogic/base_domain/jaxwsejb30ws
Assembly: #jaxwsejb
Subject: No matching subject found for "REST*".
Application: /weblogic/base_domain/soa-infra
Assembly: #integration/services/RuntimeConfigService
Subject: REST-Resource(oracle.bpm.rest.webapp.BPMApplication)
Command Category: Policy Subject
Use with WLST: Online
Displays the configuration of the effective policy set corresponding to the policy subject. The display will also include any changes made within current session when it generates the effective policy set.
You must start a session and select the policy subject (using selectWSMPolicySubject
) before initiating the command. An error will display if no policy subject is selected.
See also "displayWSMEffectivePolicySet", which displays the actual policy set used at the time of enforcement, but does not display any changes made to the policy set during the current session.
Command Category: Policy Subject
Use with WLST: Online
Within a session, selects a policy subject for modification. You uniquely specify a policy subject by the application, assembly, and policy subject name. Once selected, the policy management commands can be used to modify the directly attached policy set for the policy subject.
You must start a session (beginWSMSession
) before performing any policy management edits or policy set transactions. You must also select the policy subject that you want to modify before issuing policy management commands. If there is no current session or there is already an existing modification process, an error is displayed.
For more information on using this command, see "Identifying the Policy Subject" and "Identifying and Selecting the Policy Subject Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
selectWSMPolicySubject([application=None],[assembly=None],[subject=None])
Argument | Description |
---|---|
application | Name of the application. |
assembly | Name of the assembly. Uniquely identifies the module within an application. |
subject | Name of the policy subject. |
Note:
Any of the three arguments can specify a pattern containing wildcard character "*". In this case, all the names matching that pattern will be listed. You need to select the name uniquely identifying the subject. The pattern can be specified only for the last unknown entity.The following example selects the TestService#TestPort
port in the jaxws-sut-service
module (assembly) that belongs to the jaxws-sut
application.
wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('/weblogic/jrfServer_domain/jaxws-sut','#jaxws-sut-service','WS-SERVICE({http://service.jaxws.wsm.oracle/}TestService#TestPort)')
The policy subject is selected for modification.
The following example selects the jersey
RESTful resource in the #restservice
module (assembly) that belongs to the helloworld
application.
wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('helloworld','#restservice','REST-Resource(Jersey)')
The policy subject is selected for modification.
See "Identifying the Policy Subject" for additional examples.
Use the WLST commands listed in Table 3-4 to view and configure the OWSM domain.
Note:
ThesetConfiguration
command has been deprecated. It is recommended that you use the setWSMConfiguration
command described in "setWSMConfiguration".Table 3-4 OWSM Environment WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Set the keystore configuration properties. |
Online |
|
Display the full configuration properties and their values and groups for the specified product. |
Online |
|
Set the configuration properties of the specified product. |
Online |
|
Command Category: Configuration
Use with WLST: Online
Sets the configuration properties for the OWSM keystore.
For more information, see "Configuring the OWSM Keystore Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Note:
Changes to the keystore configuration at the domain level require that you restart the server.configureWSMKeystore(context, keystoreType, location, keystorePassword, signAlias, signAliasPassword, cryptAlias, cryptAliasPassword)
Arguments | Description |
---|---|
context |
Optional. The context of the configuration document in which the modifications will be done. |
keystoreType |
Optional. The keystore type category of the property. Valid keystore types are JKS , KSS , PKCS11 , and LUNA . |
location |
Optional. For JKS, it is the absolute location of the keystore or location relative to the fmwconfig directory. For KSS, the format of location should be kss://stripeName/keystoreName The default is kss://owsm/keystore . |
keystorePassword |
Optional. The keystore password of the keystore configured. It is required for JKS and PKCS11 . |
signAlias |
Optional. The Alias of the sign key. It is required for JKS and PKCS11 . |
signAliasPassword |
Optional. Password of the Alias of the sign key. It is required for JKS and PKCS11 . |
cryptAlias |
Optional. The Alias of the Encryption key. It is required for JKS and PKCS11 . |
cryptAliasPassword |
Optional. Password of the Alias of the Encryption key. It is required for JKS and PKCS11 . |
The following example configures the JKS keystore default-keystore.jks
in the domain myDomain
. It provides the keystore password oratest123
, the sign alias oraAlias
, the sign alias password ora234
, the encryption alias oraCryptAlias
, the encryption alias password ora123
.
wls:/jrfServer_domain/serverConfig> configureWSMKeystore ('/WLS/myDomain','JKS', './default-keystore.jks','oratest123', 'oraAlias','ora234','oraCryptAlias', 'ora123')
The following example configures the KSS keystore at kss://owsm/keystore
in the domain myDomain
. It provides the sign alias oraAlias
, and the encryption alias oraCryptAlias
.
wls:/jrfServer_domain/serverConfig> configureWSMKeystore ('/WLS/myDomain',keystoreType='KSS', location='kss://owsm/keystore', signAlias='oraAlias', cryptAlias='encAlias')
Command Category: Configuration
Use with WLST: Online
Displays the full set of configuration properties, and their values and groups, for the product specified in the context. If a property is not defined in the configuration document associated with the context, then the default value defined for the product is displayed. If a context is not specified, then the set of properties matching the current context is displayed.
For more information, see "Managing OWSM Domain Configuration Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
displayWSMConfiguration([context=None])
Arguments | Description |
---|---|
context |
Optional. The context of the configuration document from which property values are displayed. If a context is not specified, then the set of properties matching the current context is displayed.
To display the default set of properties along with their values, use "/" as the context value." |
The following example displays the configuration contained in the configuration document in the repository.
wls:/jrfServer_domain/serverConfig> displayWSMConfiguration()
The following example displays the configuration for the base_domain
domain.
wls:/jrfServer_domain/serverConfig> displayWSMConfiguration('WLS/base_domain')
Command Category: Configuration
Use with WLST: Online
Sets the configuration properties of a domain. The properties are stored in a configuration document for the domain. If a configuration document does not exist, a new one is created.
A new property with values and/or groups of values can be added inside the configuration document. The set of acceptable properties is determined from the default set of properties supported by the product. Specific property values or groups of values can be removed from the configuration document. The configuration document itself is removed if no properties exist in it.
For more information, see "Managing OWSM Domain Configuration Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
setWSMConfiguration(context, category, name, [group=None], [values=None])
Arguments | Description |
---|---|
context |
Optional. The context of the configuration document to be modified. If a context is not provided or is set to None , then the configuration document associated with the currently connected domain is used. For example /WLS/base_domain . |
category |
The category of the property. This is verified against the default set of properties to ensure it is acceptable for the context.
Use the displayWSMConfiguration command to see the category name associated with each property. |
name |
The name of the property. This is verified against the default set of properties to ensure it is acceptable for the context. |
group |
Optional. A group containing the set of values to add in a configuration document. If the group exists, and this value is set to None , the group is removed. |
values |
Optional. The array of values to set for a property or group inside the configuration document. |
The following example resets the entire configuration for the domain myDomain
to its default values.
wls:/jrfServer_domain/serverConfig> setWSMConfiguration('/WLS/myDomain')
The following command resets the value of the clock.skew
property in myDomain
to 500
.
wls:/jrfServer_domain/serverConfig> setWSMConfiguration('/WLS/myDomain','Agent','clock.skew',None, ['500'])
The following command resets the value of the clock.skew
property in myDomain
to its default value.
wls:/jrfServer_domain/serverConfig> setWSMConfiguration('/WLS/myDomain','Agent','clock.skew',None,None)
Use the WLST command in this section to check the status of the WSM components that are required for proper functioning of the product.
Command Category: Diagnostic
Use with WLST: Online
Checks the status of the OWSM components that are required for proper functioning of the product. The OWSM components that are checked are the Policy Manager (wsm-pm
), the agent (agent
), and the credential store and keystore configuration. The status of the components can be checked together or individually.
Note:
The Policy Manager (wsm-pm
) application must be deployed and running for the check status tool to function correctly.checkWSMStatus([component=None],[address=None],[verbose=true])
Arguments | Description |
---|---|
component |
Optional. All checks will be performed if no value is specified. Valid options are:
|
address |
Optional. The HTTP URL of the host running the wsm-pm application. This value is required for checking enforcement through an agent component, for example,
checkWSMStatus('agent', 'http://localhost:7001') The address is not required in the WebLogic Server domain where auto-discovery is present. |
verbose |
Optional. If the value of this flag is true , then the detailed messages (including stack trace, if any) will be displayed. Default is false . |
In the following example, the checkWSMStatus
command is run without arguments. The status of the credential store, policy manager, and enforcement agent is returned.
wls:/base_domain/serverConfig> checkWSMStatus()
Credential Store Configuration:
PASSED.
Message(s):
keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
keystore-csf-key : Credentials configured.
keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
sign-csf-key : Credentials configured.
Sign Key : Key configured.
Alias - orakey
Sign Certificate : Certificate configured.
Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
Expiry - June 28, 2020 11:17:12 AM PDT
keystore.enc.csf.key : Property is configured and its value is "enc-csf-key".
Description: The "keystore.enc.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for decryption.
enc-csf-key : Credentials configured.
Encrypt Key : Key configured.
Alias - orakey
Encrypt Certificate : Certificate configured.
Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
Expiry - June 28, 2020 11:17:12 AM PDT
Policy Manager:
PASSED.
Message(s):
OWSM Policy Manager connection state is OK.
OWSM Policy Manager connection URL is "host.example.com:1234".
Enforcement Agent:
PASSED.
Message(s):
Enforcement is successful.
Service URL: http://host:port/Diagnostic/DiagnosticService?wsdl
In the following example, the credential store key keystore-csf-key
is deleted and the checkWSMStatus
command is rerun for the credential store credstore
. The status check fails because the csf-key keystore-csf-key
is not present in the credential store:
wls:/base_domain/serverConfig> deleteCred(map="oracle.wsm.security", key="keystore-csf-key")
wls:/base_domain/serverConfig> checkWSMStatus('credstore')
Credential Store Configuration:
FAILED.
Message(s):
keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
keystore-csf-key : Credentials not configured.
Credential Store Diagnostic Messages:
Message(s):
The csf-key keystore-csf-key is not present in the credential store.
Perform the following steps to update the credential store (using WLST commands):-
1. connect()
2. createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore-csf-key", password="<keystore-password>", desc="Keystore Password CSF Key")
NOTE:- All the above commands are based on the Domain level configurations. The actual csf key may be overridden at runtime due to config override. See Documentation for more details.
In the following example, the csf-key keystore-csf-key
is configured and the checkWSMStatus
command is rerun. The configuration check passes.
wls:/base_domain/serverConfig> createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore-csf-key", password="welcome1", desc="Keystore Password CSF Key")
Already in Domain Runtime Tree
wls:/base_domain/serverConfig> checkWSMStatus('credstore')
Credential Store Configuration:
PASSED.
Message(s):
keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
keystore-csf-key : Credentials configured.
keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
sign-csf-key : Credentials configured.
Sign Key : Key configured.
Alias - orakey
Sign Certificate : Certificate configured.
Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
Expiry - June 28, 2020 11:17:12 AM PDT
keystore.enc.csf.key : Property is configured and its value is "enc-csf-key".
Description: The "keystore.enc.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for decryption.
enc-csf-key : Credentials configured.
Encrypt Key : Key configured.
Alias - orakey
Encrypt Certificate : Certificate configured.
Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
Expiry - June 28, 2020 11:17:12 AM PDT
true
The following example checks the enforcement status of the agent component at the URL http://localhost:7001
.
wls:/test_domain1/serverConfig> checkWSMStatus('agent','http://localhost:7001')
Enforcement Agent:
Note: Enforcement might succeed if OWSM Policy Manager is down due to policy caching. For such scenarios wsm-pm test must be run prior to this test.
PASSED.
Message(s):
Enforcement is successful.
Service URL: http://localhost:7001/Diagnostic/DiagnosticService?wsdl
Use the WLST commands listed in Table 3-5 to view and manage web services for deployed, active, and running web service applications.
Note:
The commands listed in Table 3-5 have anapplication
argument.
In an multi-tenant environment, if you intend to target a specific application instance within a tenant's partition, then you must include the partition name as part of the application as follows:
/domain/server/application#version$partition
However, if you are targeting a domain-scoped application, then you do not have to include the partition name. You can use the application
argument as follows:
/domain/server/application#version
Table 3-5 Web Service and Client Management WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
List web service client ports information for an application or SOA composite. |
Online |
|
List web service client information for an application, SOA composite, or domain. |
Online |
|
List web service client port stub properties for an application or SOA composite. |
Online |
|
List the web service ports for a web service application or SOA composite. |
Online |
|
List the web service information for an application, composite, or domain. |
Online |
|
Configure the set of stub properties of a web service client port for an application or SOA composite. |
Online |
|
Set, change, or delete a single stub property of a web service client port for an application or SOA composite. |
Online |
Command Category: Web Service and Client Management
Use with WLST: Online
Lists the web service port names and the endpoint URLs for web service clients in an application or SOA composite.
The output will display the name of the web service client/reference port. For example:
AppModuleServiceSoapHttpPort
listWebServiceClientPorts(application,moduleOrCompName,moduleType,serviceRefName)
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to list the web services port information. For example, /domain/server/application#version_number
To list the client port information for an application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web service client port information.
To list the client port information for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
|
serviceRefName |
Service reference name of the application or SOA composite for which you want to list the web service client port information.
When the client is an asynchronous web service callback client, the |
The following example lists the client ports for the WssUsernameClient
Web module in the /base_domain/server1/jwsclient_1#1.1.0
application. Note that the moduleType
is set to wsconn
, and the serviceRefName
is set to WssUsernameClient
.
wls:/base_domain/serverConfig> listWebServiceClientPorts ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient')
The following example lists the client ports in the default/HelloWorld[1.0]
SOA composite. Note that the moduleType
is set to soa
, and the serviceRefName
is set to client
.
wls:/base_domain/serverConfig> listWebServiceClientPorts(None, 'default/HelloWorld[1.0]','soa','client')
Command Category: Web Service and Client Management
Use with WLST: Online
Lists web service clients information for an application, SOA composite, or domain. If neither an application nor a composite is specified, the command lists information about all Web service clients in all applications and composites for every server instance in the domain. If an application is not specified, the command lists information about all web service clients in all applications for every server instance in the domain.
You can specify the amount of information to be displayed in the output using the detail
argument. When specified, the output provides endpoint (port) and policy details for clients in the domain, the secure status of the endpoints, any configuration overrides and constraints, and if the endpoints have a valid configuration. A subject is considered secure if the policies attached to it (either directly or globally) enforce authentication, authorization, or message protection behaviors. Because you can specify the priority of a global or directly attached policy (using the reference.priority
configuration override), the effective
field indicates if the directly attached policies are in effect for the endpoint.
The local.policy.reference.source
configuration property is provided for each directly attached policy identifying the source of the attachment. For more information about the local.policy.reference.source
configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Note that to simplify endpoint management, all directly attached policies are shown in the output regardless of whether they are in effect. In contrast, only globally attached policies that are in effect for the endpoint are displayed. For more information, see "How the Effective Set of Policies is Calculated" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
The output is listed by each application deployed as shown in the following examples:
This example shows the output of an unsecured endpoint:
wls:/jrfServer_domain/serverConfig> listWebServiceClients(detail=true)
/jrfServer_domain/jrfServer_admin/ADFDCDecoupling_Project1_ADFDCDecoupling :
moduleName=testadfbc, moduleType=wsconn, serviceRefName=AppModuleService
AppModuleServiceSoapHttpPort
The policy subject is not secure in this context.
/soa_domain/soa_server1/soa-infra : compositeName=default/Basic_SOA_Client[1.0], moduleType=soa, serviceRefName=Service1 Basic_soa_service_pt serviceWSDLURI=http://host.example.com:1234/soa-infra/services/default/Basic_SOA_service/Basic_soa_service.wsdl oracle.webservices.contentTransferEncoding=base64 oracle.webservices.charsetEncoding=UTF-8 oracle.webservices.operationStyleProperty=document wsat.flowOption=WSDLDriven oracle.webservices.soapVersion=soap1.1 oracle.webservices.chunkSize=4096 oracle.webservices.session.maintain=false oracle.webservices.preemptiveBasicAuth=false oracle.webservices.encodingStyleProperty=http://schemas.xmlsoap.org/soap/encoding/ oracle.webservices.donotChunk=true No attached policies found; endpoint is not secure.
This example shows the output for a secured endpoint. Note that the local.policy.reference.source
configuration property is provided for the directly attached policy identifying its source as LOCAL_ATTACHMENT
, indicating that it was attached using either Fusion Middleware Control or WLST. For more information about the local.policy.reference.source
configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
wls:/jrfServer_domain/serverConfig> listWebServiceClients(detail=true)
/jrfServer_domain/jrfServer_admin/ADFDCDecoupling_Project1_ADFDCDecoupling :
moduleName=testadfbc, moduleType=wsconn, serviceRefName=AppModuleService
AppModuleServiceSoapHttpPort serviceWSDLURI=http://host.example.com:1234/ADFBCDecoupling-ADFBCDecoupling-context-root/AppModuleService?wsdl
URI="oracle/wss10_saml_token_with_message_protection_client_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="LOCAL_ATTACHMENT"
The policy subject is secure in this context.
listWebServiceClients(application,composite,[detail])
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to list the web service clients. For example, /domain/server/application#version_number
If specified, all web services clients in the application are listed. |
composite |
Name of the SOA composite for which you want to list the Web service clients. For example, default/HelloWorld[1.0]
If specified, all Web service clients in the composite are listed. |
detail |
Optional. Specifies whether to list port and policy details for the web service clients.
For each directly attached policy, the Valid values are:
|
The following example lists information for all web service clients in the domain.
wls:/wls-domain/serverConfig>listWebServiceClients()
The following example lists the web service clients for the application jwsclient_1#1.10
for the server server1
in the domain base_domain
.
wls:/wls-domain/serverConfig>listWebServiceClients('base_domain/server1/jwsclient_1#1.10')
The following example lists the Web service clients for the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>listWebServiceClients(None,'default/HelloWorld[1.0]')
The following example lists details for all of the web service clients in the domain.
wls:/wls-domain/serverConfig>listWebServiceClients(None,None,true)
Note:
This command applies to Oracle Infrastructure web service clients only.Command Category: Web Service and Client Management
Use with WLST: Online
listWebServiceClientStubProperties(application, moduleOrCompName, moduleType, serviceRefName, portInfoName)
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to list the web services client port stub properties. For example, /domain/server/application#version_number
To list the client port stub properties information for an application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services client port stub properties.
To list the client port stub properties information for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
|
serviceRefName |
Service reference name of the application or SOA composite for which you want to list the web service client port stub properties. |
portInfoName |
The name of the client port for which you want to list the stub properties. |
The following example lists the client port stub properties for the JRFWssUsernamePort
port of the WssUsernameClient
Web module in the /base_domain/server1/jwsclient_1#1.1.0
application. Note that the moduleType
is set to wsconn
, and the serviceRefName
is set to WssUsernameClient
.
wls:/base_domain/serverConfig>listWebServiceClientStubProperties ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort')
Command Category: Web Service and Client Management
Use with WLST: Online
Lists the web service port names and the endpoint URLs for a web service application or SOA composite.
The output will display the port name and endpoint URL of the web service port. For example:
JRFWssUsernamePort http://localhost:7001/j2wbasicPolicy/WssUsername
listWebServicePorts(application,moduleOrCompName,moduleType,serviceName)
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to list the web services port information. For example, /domain/server/application#version_number
To list the port information for an application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services port information.
To list the port information for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
|
serviceName |
Name of the web service in the application or SOA composite for which you want to list the port information. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/} ) should not be included for a SOA composite. |
The following example lists the web service ports and endpoint URLs for the Oracle Infrastructure web service j2wbasicPolicy
service in the base_domain/AdminServer/HelloWorld#1_0
application. Note that the WssUsernameService
module name is specified, and the moduleType
is set to web
.
wls:/base_domain/serverConfig> listWebServicePorts ( '/base_domain/AdminServer/HelloWorld#1_0', 'WssUsernameService','web','{http://namespace/}j2wbasicPolicy') JRFWssUsernamePort http://localhost:7001/j2wbasicPolicy/WssUsername
The following example lists the web service ports and endpoint URLs for the Java EE web service helloWorldJaxws
in the wls-domain/AdminServer/helloWorldJaxws
application. Note that the moduleType
is set to wls
.
wls:/wls-domain/serverConfig> listWebServicePorts ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws')
helloWorldJaxwsSoapHttpPort
Command Category: Web Service and Client Management
Use with WLST: Online
Lists the web service information for an application, SOA composite, or domain. If you do not specify a web service application or a SOA composite, the command lists all services in all applications and composites for every server instance in the domain.
You can specify the amount of information to be displayed in the output using the detail
argument. When enabled, the output provides endpoint (port) and policy details for all applications and composites in the domain, the secure status of the endpoints, any configuration overrides and constraints, and if the endpoints have a valid configuration. In addition, the local.policy.reference.source
configuration property is provided for each directly attached policy identifying the source of the attachment, as described in "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
A subject is considered secure if the policies attached to it (either directly or globally) enforce authentication, authorization, or message protection behaviors. Because you can specify the priority of a global or directly attached policy (using the reference.priority
configuration override), the effective
field indicates if the directly attached policies are in effect for the endpoint.
Note that to simplify endpoint management, all directly attached policies are shown in the output regardless of whether they are in effect. In contrast, only globally attached policies that are in effect for the endpoint are displayed. For more information, see "How the Effective Set of Policies is Calculated" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
The output is listed by each application deployed as shown in the following example:
/domain/server/application#version_number: moduleName=helloModule, moduleType=web, serviceName={http://namespace/}service /base_domain/AdminServer/soa-infra: compositeName=default/HelloWorld[1.0], moduleType=soa, serviceName=service
Notes:
ThelistWebServices
command output does not include details on SOA components, including policy attachments.
For applications assembled prior to 11g Release 1, (11.1.1.6), the namespace is not displayed with the serviceName
in the output.
listWebServices (application,composite,[detail])
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to list the web services. For example, /domain/server/application#version_number
If specified, all web services in the application are listed. |
composite |
Name of the SOA composite for which you want to list the Web services. For example, default/HelloWorld[1.0]
If specified, all Web services in the composite are listed. |
detail |
Optional. Specifies whether to list port and policy details for the web service.
For each directly attached policy, the Valid values are:
|
The following example for an Oracle Infrastructure web service lists all the web services in all applications and composites in the domain. Sample output is shown in this example.
wls:/base_domain/serverConfig> listWebServices()
/base_domain/AdminServer/soa-infra :
compositeName=default/HelloWorld[1.0], moduleType=soa, serviceName=service
compositeName=default/Project1[1.0], moduleType=soa, serviceName=bpelprocess1_client_ep
/base_domain/AdminServer/jaxwsejb30ws :
moduleName=jaxwsejb, moduleType=web, serviceName=JaxwsWithHandlerChainBeanService
moduleName=jaxwsejb, moduleType=web, serviceName=WsdlConcreteService
moduleName=jaxwsejb, moduleType=web, serviceName=EchoEJBService
moduleName=jaxwsejb, moduleType=web, serviceName=CalculatorService
moduleName=jaxwsejb, moduleType=web, serviceName=DoclitWrapperWTJService
The following example for an Oracle Infrastructure web service sets the detail
argument to true
. Sample output is shown in this example. Security policies are shown in bold text.
Note that the reference priority of the globally attached policy is set to 10 and the directly attached policy is not in effect for the endpoint CalculatorPort
in the application jaxwsejb30ws
.
Also, note that the local.policy.reference.source
configuration property is provided for each directly attached policy identifying the source of the attachment. For more information about the local.policy.reference.source
configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
wls:/base_domain/serverConfig> listWebServices(detail='true') /base_domain/AdminServer/jaxwsejb30ws : moduleName=jaxwsejb, moduleType=web, serviceName=CalculatorService CalculatorPort http://host.example.com:1234/jaxwsejb/Calculator URI="oracle/wss10_saml20_token_with_message_protection_service_policy", category=security, policy-status=enabled; source=global policy set " MyPolicySet1", scope="DOMAIN('*')"; reference-status=enabled; effective=true Property name="reference.priority", value="10" URI="oracle/mex_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/mtom_encode_fault_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/max_request_size_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" Property name="max.request.size", value="-1" URI="oracle/request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/soap_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/ws_logging_level_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="logging.level", value="" Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/test_page_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/wsdl_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/http_saml20_token_bearer_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; reference-status=enabled; effective=false Property name="local.policy.reference.source", value="ANNOTATION" The policy subject is secure in this context.
The following example for a Java EE web service sets the detail
argument to true
. Sample output is shown in this example. The output lists all the web services in all applications and composites in the domain.
/base_domain/AdminServer/SimpleJAXWS : moduleName=SimpleJAXWS#1!SimpleEjbService, moduleType=wls, serviceName=SimpleEjbService SimplePort URI="oracle/http_basic_auth_over_ssl_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="LOCAL_ATTACHMENT" The policy subject is secure in this context. moduleName=SimpleJAXWS#1!SimpleImplService, moduleType=wls, serviceName=SimpleImplService SimplePort has Operation level ws-policy Attached policy or policies are valid; endpoint is not secure.
Note:
This command applies to Oracle Infrastructure web service clients only.Command Category: Web Service and Client Management
Use with WLST: Online
Configures the set of stub properties of a web service client port for an application or SOA composite.
This command configures or resets all of the stub properties for the OWSM client security policy attached to the client. Each property that you list in the command is set to the value you specify. If a property that was previously set is not explicitly specified in this command, it is reset to the default for the property. If no default exists, the property is removed.
setWebServiceClientStubProperties(application, moduleOrCompName, moduleType, serviceRefName, portInfoName, properties)
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to reset the web services client port stub properties. For example, /domain/server/application#version_number
To configure or reset the client port stub properties for an application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to reset the web services client port stub properties.
To configure or reset client port stub properties for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
|
serviceRefName |
Service reference name of the application or SOA composite for which you want to reset the web service client port stub properties. |
portInfoName |
The name of the client port for which you want to reset the stub properties. |
properties |
The list of properties to be set or changed. Properties must be specified using the following format:
For example:
To remove a property or clear the value assigned to it, specify a blank
To remove all the properties of the client port, set this argument to Sample client port stub properties are as follows:
|
The following example resets the client port stub properties ROLE
and keystore.recipient.alias
to ADMIN
and orakey
, respectively. Any other properties that were previously set for this client port are either reset to the default or removed. The client port is JRFWssUsernamePort
of the WssUsernameClient
Web module in the /base_domain/server1/jwsclient_1#1.1.0
application. Note that the moduleType
is set to wsconn
, and the serviceRefName
is set to WssUsernameClient
.
wls:/base_domain/serverConfig>setWebServiceClientStubProperties('/base_domain/server1/jwsclient_1#1.1.0', 'WssUsernameClient','wsconn','WssUsernameClient','JRFWssUsernamePort', [("ROLE","ADMIN"),("keystore.recipient.alias","orakey")] )
Command Category: Web Service and Client Management
Use with WLST: Online
Sets, changes, or deletes a single stub property of a web service client port for an application or SOA composite.
setWebServiceClientStubProperty(application, moduleOrCompName, moduleType, serviceRefName,portInfoName,propName,[propValue])
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to set the web services client port stub property. For example, /domain/server/application#version_number
To set a client port stub property for an application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to set the web services client port stub property.
To set a client port stub property for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
|
serviceRefName |
Service reference name of the application or SOA composite for which you want to set the web service client port stub property. |
portInfoName |
The name of the client port for which you want to set the stub property. |
propName |
Stub property name that you want to set, change, or delete. For example, 'keystore.recipient.alias' . |
propValue |
Optional. The stub property value, for example, 'orakey' .
To remove the property, specify a blank |
The following example sets the client port stub property keystore.recipient.alias
to the value orakey
for the client port JRFWssUsernamePort
. The port is a client port of the WssUsernameClient
Web module in the /base_domain/server1/jwsclient_1#1.1.0
application. Note that the moduleType
is set to wsconn
, and the serviceRefName
is set to WssUsernameClient
.
wls:/base_domain/serverConfig>setWebServiceClientStubProperty ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort','keystore.recipient.alias','orakey')
Note:
The policy management commands for Java EE Web Services (or clients) listed in Table 3-7 have been deprecated in this release for Oracle Infrastructure Web Services.For Oracle Infrastructure web services, to manage OWSM directly attached policies in release 12c, it is recommended that you use the new WLST commands listed in Table 3-6. For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.
Use the WLST commands listed in Table 3-6 to manage Oracle Infrastructure and RESTful Web Services direct and global policy attachments.
Table 3-6 Oracle Infrastructure and RESTful Web Services and Clients - WLST Commands for Direct Policy Attachments
Use this command... | To... | Use with WLST... |
---|---|---|
Attach a policy to the selected policy subject or policy set document within a session. |
Online |
|
Attach multiple policies to the selected policy subject or policy set document within a session. |
Online |
|
Detach a policy from the selected policy subject or policy set document within a session. |
Online |
|
Detach multiple policies from the selected policy subject or policy set document within a session. |
Online |
|
Enable or disable multiple policies that are attached to the selected policy subject or policy set document within a session. |
Online |
|
Enable or disable a policy that is attached to the selected policy subject or policy set document within a session. |
Online |
|
Display a list of all the available OWSM policies by category or subject type. |
Online |
|
List web service client port policies information for an application or SOA composite. |
Online |
|
List web service port policy information for a web service in an application or SOA composite. |
Online |
|
Configure override properties for a policy that is attached to the selected policy subject or policy set document within a session. |
Online |
Use the WLST commands listed in Table 3-7 to manage Java EE Web Services (or clients) directly attached policies.
Note:
The commands listed in Table 3-7 have anapplication
argument.
In an multi-tenant environment, if you intend to target a specific application instance within a tenant's partition, then you must include the partition name as part of the application as follows:
/domain/server/application#version$partition
However, if you are targeting a domain-scoped application, then you do not have to include the partition name. You can use the application
argument as follows:
/domain/server/application#version
Table 3-7 Java EE Web Services (or Clients) - WLST Commands for Direct Policy Attachments
Use this command... | To... | Use with WLST... |
---|---|---|
Attach multiple policies to a web service client port of an application or SOA composite. |
Online |
|
Attach an OWSM policy to a web service client port of an application or SOA composite. |
Online |
|
Attach multiple policies to a web service port of an application or SOA composite. |
Online |
|
Attach a policy to a web service port of an application or SOA composite. |
Online |
|
Detach multiple policies from a web service client port of an application or SOA composite. |
Online |
|
Detach a policy from a web service client port of an application or SOA composite. |
Online |
|
Detach multiple OWSM policies from a web service port of an application or SOA composite |
Online |
|
Detach an OWSM policy from a web service port of an application or SOA composite. |
Online |
|
Enable or disable multiple policies of a web service client port of an application or SOA composite. |
Online |
|
Enable or disable a policy of a web service client port of an application or SOA composite. |
Online |
|
Enable or disable multiple policies attached to a port of a web service application or SOA composite. |
Online |
|
Enable or disable a policy attached to a port of a web service application or SOA composite. |
Online |
|
Display a list of all the available OWSM policies by category or subject type. |
Online |
|
List web service client port policies information for an application or SOA composite. |
Online |
|
List web service port policy information for a web service in an application or SOA composite. |
Online |
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure web services.For Oracle Infrastructure Web Services, this command has been deprecated. It is recommended that you use the attachWSMPolicies
command, as described in "attachWSMPolicies". The following examples show how to migrate to use the attachWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig>attachWebServiceClientPolicies ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort',["oracle/wss_username_token_client_policy","oracle/log_policy"])
12c Release:
wls:/wls-domain/serverConfig>attachWSMPolicies(["oracle/wss_username_token_client_policy","oracle/log_policy"])
Command Category: Policy Management
Use with WLST: Online
Attaches multiple policies to a web service client port of an application or SOA composite.
The policyURIs
are validated through the OWSM Policy Manager APIs if the wsm-pm
application is installed on WebLogic Server and is available.
For Java EE (wls
) module types only: If the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.attachWebServiceClientPolicies(application,moduleOrCompName,moduleType, serviceRefName,portInfoName,policyURIs,[subjectType=None] )
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to attach OWSM client policies to the web service client port. For example, /domain/server/application#version_number
To attach policies to a client port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0] ) for which you want to attach the policies to the client port.
To attach policies to a client port of a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceRefName |
The service reference name of the application or composite. |
portInfoName |
The client port to which you want to attach the OWSM client policy. |
policyURI |
The OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_client_policy"]
If the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example attaches the policy oracle/log_policy
to the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>attachWebServiceClientPolicies (None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt',["oracle/wss_username_token_client_policy","oracle/log_policy"])
The following example attaches the policies oracle/wss10_saml20_token_client_policy
and oracle/wss11_message_protection_client_policy
to the client port UpperCaseImplPort
in the Java EE Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig>attachWebServiceClientPolicies ('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"])
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicy
command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>attachWebServiceClientPolicy ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort',"oracle/wss_username_token_client_policy")
12c:
wls:/wls-domain/serverConfig>attachWSMPolicy("oracle/wss_username_token_client_policy")
Command Category: Policy Management
Use with WLST: Online
Attaches an OWSM policy to a web service client port of an application or SOA composite.
The policyURI is validated through the OWSM Policy Manager APIs if the wsm-pm
application is installed on WebLogic Server and is available.
For Java EE (wls
) module types only: If the PolicyURI that you specify in this command already is attached or exists, then this command enables the policy if it is disabled.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.attachWebServiceClientPolicy(application,moduleOrCompName,moduleType, serviceRefName, portInfoName, policyURI, [subjectType=None] )
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to attach a policy to the web service client port. For example, /domain/server/application#version_number .
To attach a policy to a client port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0] ) for which you want to attach the policy to the client port.
To attach a policy to a client port of a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceRefName |
The service reference name of the application or composite. |
portInfoName |
The client port to which you want to attach the OWSM client policy. |
policyURI |
The OWSM policy name URI, for example, oracle/wss_username_token_client_policy"
If the policy that you specify is already attached or exists, then this command enables the policy if it is disabled. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example attaches the client policy oracle/log_policy
to the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>attachWebServiceClientPolicy (None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy')
The following example attaches the oracle/wss_username_token_client_policy
client policy to the Java EE web service client port UpperCaseImplPort
of the Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
. The web service is part of the application ClientJWS
.
wls:/wls-domain/serverConfig> attachWebServiceClientPolicy ('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy")
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicies
command, as described in "attachWSMPolicies". The following examples show how to migrate to use the attachWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig> attachWebServicePolicies ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', ["oracle/log_policy", "oracle/wss_username_token_service_policy"])
12c Release:
wls:/wls-domain/serverConfig> attachWSMPolicies["oracle/log_policy", "oracle/wss_username_token_service_policy"])
Command Category: Policy Management
Use with WLST: Online
Attaches multiple policies to a web service port of an application or SOA composite.
The policyURIs
are validated through the OWSM Policy Manager APIs if the wsm-pm
application is installed on WebLogic Server and is available.
For Java EE (wls
) module types only: if any of the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.attachWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, subjectName,policyURIs,[subjectType=None])
Argument | Definition |
---|---|
application |
Name and path of the application to which you want to attach the web service policies. For example, /domain/server/application#version_number
To attach the policies to a port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0] ) to which you want to attach web service policies.
To attach the policies to a port of a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceName |
Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/} ) should not be included for a SOA composite. |
subjectName |
Name of the policy subject, port, or operation. |
policyURIs |
List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]
If any of the policies that you specify are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example attaches the policies 'oracle/binding_authorization_denyall_policy', 'oracle/wss_username_token_service_policy'
to the port helloWorldJaxwsSoapHttpPort
of the Web module helloWorldJaxws
. The Java EE web service is part of the application helloWorldJaxws
for the server AdminServer
in the domain wls-domain
.
wls:wls-domain/ServerConfig>attachWebServicePolicies ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort, ['oracle/binding_authorization_denyall_policy', 'oracle/wss_username_token_service_policy'])
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicy
command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig> attachWebServicePolicy ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort','oracle/wss_username_token_service_policy')
12c Release:
wls:/wls-domain/serverConfig> attachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Management
Use with WLST: Online
Attaches a policy to a web service port of an application or SOA composite.
The policyURI is validated through the OWSM Policy Manager APIs if the wsm-pm
application is installed on WebLogic Server and is available.
For Java EE (wls
) module types only: If the PolicyURI that you specify in this command already is attached or exists, then this command enables the policy if it is disabled.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.attachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [subjectType=None])
Argument | Definition |
---|---|
application |
Name and path of the application to which you want to attach a web service policy. For example, /domain/server/application#version_number
To attach a policy to a port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0] ) to which you want to attach a web service policy.
To attach a policy to a port of a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceName |
Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName . Note that the namespace ({http://namespace/}) should not be included for a SOA composite. |
subjectName |
Name of the policy subject, port, or operation. |
policyURI |
OWSM policy name URI, for example, 'oracle/log_policy' |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example attaches the policy oracle/log_policy
to the port HelloWorld_pt
of the service HelloService
in the SOA composite default/HelloWorld[1.0]
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>attachWebServicePolicy(None, 'default/HelloWorld[1.0]','soa','HelloService','HelloWorld_pt','oracle/log_policy')
The following example attaches the policy oracle/wss_username_token_service_policy
to the port helloWorldJaxwsSoapHttpPort
of the Java EE web service helloWorldJaxws
.
wls:wls-domain/serverConfig> attachWebServicePolicy ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy')
A web service cannot contain both a WebLogic web service policy and an Oracle web service policy. If you have a web service with a WebLogic web service policy, you must first detach it before attaching the Oracle web service policy. The following example detaches the WebLogic web service policy Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml
from the port SimplePort
in the Java EE web service SimpleEjbService
and then attaches the Oracle web service policy oracle/wss_username_token_service_policy
.
wls:wls-domain/serverConfig>detachWebServicePolicy('/wls-domain/AdminServer/SimpleJAXWS','SimpleJAXWS#1!SimpleEjbService', 'wls','SimpleEjbService', 'SimplePort','policy:Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml') wls:wls-domain/serverConfig>attachWebServicePolicy('/wls-domain/AdminServer/SimpleJAXWS','SimpleJAXWS#1!SimpleEjbService', 'wls','SimpleEjbService', 'SimplePort', 'oracle/wss_username_token_service_policy')
Note:
ThedetachWebServicePolicy
WLST command allows you to detach WebLogic web service policies from a web service. However, you cannot use the attachWebServicePolicy
WLST command to attach WebLogic web service policies. To attach WebLogic web service policies to a web service, you must use the WebLogic Administration Console.Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.Command Category: Policy Management
Use with WLST: Online
Within a session, attaches multiple policies, identified by specified the URIs, to the selected policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. However, if attachWSMPolicies
is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected. If there is no current session and no policy subject selected, an error is displayed.
attachWSMPolicies(uris)
Element | Description |
---|---|
uris |
List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"] |
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.Command Category: Policy Management
Use with WLST: Online
Within a session, attaches a policy, identified by the specified URI, to the selected policy subject or policy set.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. However, if attachWSMPolicy
is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected. If there is no current session and no policy subject is selected, an error is displayed.
attachWSMPolicy(uri)
Argument | Definition |
---|---|
uri |
OWSM policy name URI, for example, 'oracle/log_policy' |
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicies
command, as described in "detachWSMPolicies". The following examples show how to migrate to use the detachWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig>detachWebServiceClientPolicies ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort', ["oracle/log_policy","oracle/wss_username_token_client_policy"])
12c Release:
wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_client_policy"])
Command Category: Policy Management
Use with WLST: Online
Detaches multiple policies from a web service client port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your application.detachWebServiceClientPolicies(application,moduleOrCompName,moduleType, serviceRefName,portInfoName,policyURIs,[subjectType=None] )
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to detach multiple policies from a web service client port. For example, /domain/server/application#version_number
To detach multiple policies from a client port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to detach multiple policies from a client port.
To detach multiple policies from a client port for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceRefName |
The service reference name of the application or composite. |
portInfoName |
The client port from which you want to detach the OWSM client policy. |
policyURI |
The OWSM policy name URI, for example, oracle/wss_username_token_client_policy"
If the policy specified is not attached, an error message is displayed and/or an exception is thrown. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example detaches the client policies oracle/wss10_saml20_token_client_policy
and oracle/wss11_message_protection_client_policy
of the port UpperCaseImplPort
of the Java EE web service module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig>detachWebServiceClientPolicies('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"])
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicy
command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>detachWebServiceClientPolicy ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort','oracle/wss_username_token_client_policy')
12c Release:
wls:/wls-domain/serverConfig>detachWSMPolicy('oracle/wss_username_token_client_policy')
Command Category: Policy Management
Use with WLST: Online
Detaches a policy from a web service client port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your application.detachWebServiceClientPolicy(application,moduleOrCompName,moduleType, serviceRefName, portInfoName, policyURI, [subjectType=None] )
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to detach a policy from a web service client port. For example, /domain/server/application#version_number
To detach a policy from a client port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to detach the policy from a client port.
To detach a policy from a client port of a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceRefName |
The service reference name of the application or composite. |
portInfoName |
The client port from which you want to detach the OWSM client policy. |
policyURI |
The OWSM policy name URI, for example, oracle/wss_username_token_client_policy"
If the policy specified is not attached, an error message is displayed and/or an exception is thrown. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example detaches the client policy oracle/log_policy
from the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>detachWebServiceClientPolicy(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy' )
The following command detaches the client policy oracle/wss_username_token_client_policy
from the client port UpperCaseImplPort
in the Java EE client module wsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig> detachWebServiceClientPolicy('/wls-domain/AdminServer/ClientJWS', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy")
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicies
command, as described in "detachWSMPolicies". The following examples show how to migrate to use the detachWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig>detachWebServicePolicies ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', ["oracle/log_policy","oracle/wss_username_token_service_policy"])
12c Release:
wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"])
Command Category: Policy Management
Use with WLST: Online
Detaches multiple OWSM policies from a web service port of an application or SOA composite.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.detachWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURIs,[subjectType=None])
Argument | Definition |
---|---|
application |
Name and path of the application from which you want to detach the web service policies. For example, /domain/server/application#version_number
To detach policies from a port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) from which you want to detach the web service policies.
To detach policies from a port of a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceName |
Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite. |
subjectName |
Name of the policy subject, port, or operation. |
policyURIs |
List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]
If a policyURI specified is not attached, an error message is displayed and/or an exception is thrown. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example detaches the policies "oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy"
from the port helloWorldJaxwsSoapHttpPort
of the Java EE Web module helloWorldJaxws
. The web service is part of the application helloWorldJaxws
for the server AdminServer
in the domain wls-domain
.
wls:/wls-domain/serverConfig>detachWebServicePolicies ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', ["oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy"])
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicy
command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>detachWebServicePolicy('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web','{http://namespace/}WssUsernameService','JRFWssUsernamePort','oracle/wss_username_token_service_policy')
12c Release:
wls:/wls-domain/serverConfig>detachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Management
Use with WLST: Online
Detaches an OWSM policy from a web service port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your application.detachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [subjectType=None])
Argument | Definition |
---|---|
application |
Name and path of the application from which you want to detach a web service policy. For example, /domain/server/application#version_number
To detach a policy from a port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) from which you want to detach a web service policy.
To detach a policy from a port of a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceName |
Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite. |
subjectName |
Name of the policy subject, port, or operation. |
policyURI |
OWSM policy name URI, for example, 'oracle/log_policy'
If the policy specified is not attached, an error message is displayed and/or an exception is thrown. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example detaches the policy oracle/log_policy
from the port HelloWorld_pt
of the service HelloService
in the SOA composite default/HelloWorld[1.0]
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>detachWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy')
The following example detaches the policy oracle/wss_username_token_service_policy
from the port helloWorldJaxwsSoapHttpPort
of the service helloWorldJaxws
in the Java EE web service wls-domain/AdminServer/helloWorldJaxws
.
wls:/wls-domain/serverConfig>detachWebServicePolicy ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy')
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.Command Category: Policy Management
Use with WLST: Online
Within a session, detaches multiple policies, identified by an array of URIs or index values, from the selected policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.
detachWSMPolicies(uris)
Argument | Definition |
---|---|
uris |
Array of URIs or index values specifying the policies to detach from a policy subject. For example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]
If the specified policy URIs are not attached, an error message is displayed and/or an exception is thrown. |
The following example detaches the OWSM logging policy and username token service policy from the current policy subject:
wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"])
The following example uses the index values of the OWSM logging policy and username token service URIs to detach them from the current policy subject
wls:/wls-domain/serverConfig>detachWSMPolicies('1','3')
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.Command Category: Policy Management
Use with WLST: Online
Within a session, detaches a policy, identified by the specified URI or index value, from the selected policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. If there is no current session and no policy subject selected, an error is displayed
Issuing this command outside of a session containing a policy subject that is being created or modified will result in an error.
detachWSMPolicy(uri)
Argument | Definition |
---|---|
uri |
URI or index value specifying the policy to detach from a policy subject. For example, 'oracle/log_policy' .
If the specified policy URI is not attached, an error message is displayed and/or an exception is thrown. |
The following example detaches the OWSM logging policy from the current policy subject.
wls:/wls-domain/serverConfig>detachWSMPolicy('oracle/log_policy')
The following example uses the index value of the OWSM logging policy's URI to detach it from the current policy subject.
wls:/wls-domain/serverConfig>detachWSMPolicy('1')
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicies
command, as described in "enableWSMPolicies". The following examples show how to migrate to use the enableWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig>enableWebServiceClientPolicies ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort', ["oracle/log_policy", "oracle/wss_username_token_client_policy"], true )
12c Release:
wls:/wls-domain/serverConfig>enableWSMPolicies(["oracle/log_policy", "oracle/wss_username_token_client_policy"], true )
Command Category: Policy Management
Use with WLST: Online
Enables or disables multiple policies of a web service client port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your applicationenableWebServiceClientPolicies(application,moduleOrCompName,moduleType, serviceRefName,portInfoName,policyURIs,[enable],[subjectType=None] )
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to enable or disable multiple policies of a web service client port. For example, /domain/server/application#version_number
To enable or disable multiple policies of a client port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable or disable multiple policies of a client port.
To enable or disable multiple policies of a client port for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceRefName |
The service reference name of the application or composite. |
portInfoName |
The name of the client port to which you want to attach the OWSM client policies. |
policyURIs |
The list of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_client_policy"] . |
enable |
Optional. Specifies whether to enable or disable the policies. Valid options are:
If you omit this argument, the policies are enabled. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example enables the client policies oracle/wss10_saml20_token_client_policy
and oracle/wss11_message_protection_client_policy
of the port UpperCaseImplPort
of the Java EE web service module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig>enableWebServiceClientPolicies('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"], true)
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicy
command, as described in "enableWSMPolicy". The following examples show how to migrate to use the enableWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>enableWebServiceClientPolicy ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort', "oracle/wss_username_token_client_policy",true)
12c Release:
wls:/wls-domain/serverConfig>enableWSMPolicy("oracle/wss_username_token_client_policy",true)
Command Category: Policy Management
Use with WLST: Online
Enables or disables a policy of a web service client port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your application.enableWebServiceClientPolicy(application,moduleOrCompName,moduleType, serviceRefName,portInfoName,policyURI,[enable],[subjectType=None] )
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to enable or disable a policy of a web service client port. For example, /domain/server/application#version_number
To enable or disable a policy of a client port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable or disable a policy of a client port.
To enable or disable a policy of a client port for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceRefName |
The service reference name of the application or composite. |
portInfoName |
The name of the client port to which you want to attach the OWSM client policy. |
policyURI |
The OWSM policy name URI, for example, oracle/wss_username_token_client_policy" |
enable |
Optional. Specifies whether to enable or disable the policy. Valid options are:
If you omit this argument, the policy is enabled. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example enables the client policy oracle/log_policy
of the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>enableWebServiceClientPolicy(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy')
The following example disables the client policy oracle/log_policy
of the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>enableWebServiceClientPolicy(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy', false )
The following example disables the client policy oracle/wss_username_token_client_policy
on the client port UpperCaseImplPort
in the Java EE Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig>enableWebServiceClientPolicy('/wls-domain/AdminServer/ClientJWS', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy", false)
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicies
command, as described in "enableWSMPolicies". The following examples show how to migrate to use the enableWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig> enableWebServicePolicies ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort',["oracle/log_policy", "oracle/wss_username_token_service_policy"],true)
12c Release:
wls:/wls-domain/serverConfig> enableWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"],true)
Command Category: Policy Management
Use with WLST: Online
Enables or disables multiple policies attached to a port of a web service application or SOA composite.
If the policyURIs
that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.
Note:
Policy changes made using this WLST command are only effective after you restart your application.enableWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURIs,[enable],[subjectType=None] ))
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to enable the web service policies. For example, /domain/server/application#version_number
To enable policies that are attached to a port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable web service policies.
To enable policies that are attached to a port of a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceName |
Name of the web service in the application or SOA composite.For example, {http://namespace/}serviceName . Note that the namespace ({http://namespace/}) should not be included for a SOA composite. |
subjectName |
Name of the policy subject, port, or operation. |
policyURIs |
List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]
If the |
enable |
Optional. Specifies whether to enable or disable the policies. Valid options are:
If you omit this argument, the policies are enabled. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example disables the policies ["oracle/binding_authorization_denyall_policy","oracle/wss_username_token_service_policy"]
attached to the port helloWorldJaxwsSoapHttpPort
of the Web module helloWorldJaxws#1!helloWorldJaxws
. The web service is part of the application helloWorldJaxws
for the server AdminServer
in the domain wls-domain
.
wls:/wls-domain/serverConfig>enableWebServicePolicies ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', ["oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy"], false)
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicy
command, as described in "enableWSMPolicy". The following examples show how to migrate to use the enableWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>enableWebServicePolicy ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort',"oracle/wss_username_token_service_policy",true)
12c Release:
wls:/wls-domain/serverConfig>enableWSMPolicy("oracle/wss_username_token_service_policy",true)
Command Category: Policy Management
Use with WLST: Online
Enables or disables a policy attached to a port of a web service application or SOA composite.
If the policy that you specify in this command is not attached to the port, an error message is displayed and/or an exception is thrown.
Note:
Policy changes made using this WLST command are only effective after you restart your application.enableWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [enable], [subjectType=None] ))
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to enable a web service policy. For example, /domain/server/application#version_number
To enable a policy that is attached to a port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable a web service policy.
To enable a policy that is attached to a port of a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
Note: The |
serviceName |
Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName . Note that the namespace ({http://namespace/}) should not be included for a SOA composite. |
subjectName |
Name of the policy subject, port, or operation. |
policyURI |
OWSM policy name URI, for example, 'oracle/log_policy'
If the policy that you specify is not attached, an error message is displayed and/or an exception is thrown. |
enable |
Optional. Specifies whether to enable or disable the policy. Valid options are:
If you omit this argument, the policy is enabled. |
subjectType |
Optional. Policy subject type. Valid options are:
|
The following example enables the policy oracle/log_policy
attached to the port HelloWorld_pt
for the service HelloService
in the SOA composite default/HelloWorld[1.0]
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>enableWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy')
The following example disables the policy oracle/log_policy
attached to the port HelloWorld_pt
for the service HelloService
in the SOA composite default/HelloWorld[1.0]
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>enableWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy',false)
The following example disables the policy oracle/wss_username_token_service_policy
attached to the port helloWorldJaxwsSoapHttpPort
for the service helloWorldJaxws
in the Java EE web service wls-domain/AdminServer/helloWorldJaxws
wls:/wls-domain/domainRuntime> enableWebServicePolicy ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy', false)
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.Command Category: Policy Management
Use with WLST: Online
Within a session, enables or disables multiple policy attachments, identified by the specified URIs, that are attached to a policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. However, if enableWSMPolicies
is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected.
If the optional enable
argument is not specified, this command enables the policy attachment by default. If the policy URIs that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.
enableWSMPolicies(uris,[enable=true]))
Argument | Definition |
---|---|
uris |
List of OWSM policy name URIs, for example, ["oracle/log_policy","oracle/wss_username_token_service_policy"]
If the |
enable |
Optional. Specifies whether to enable or disable the policy attachments. Valid options are:
If you omit this argument, the policies are enabled. |
The following example enables the policies ["oracle/log_policy","oracle/wss_username_token_service_policy"]
attached to the port JRFWssUsernamePort
of the Web module WssUsernameService
. The web service is part of the application HelloWorld#1_0
for the server server1
in the domain base_domain
.
wls:/wls-domain/serverConfig>enableWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"],true)
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.Command Category: Policy Management
Use with WLST: Online
Within a session, enables or disables a policy attachment, identified by a specified URI, that is attached to a policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. However, if enableWSMPolicy
is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected.
If the optional enable
argument is not specified, this command enables the policy attachment by default. If the policyURIs that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.
enableWSMPolicy(uri,[enable=true])
Argument | Definition |
---|---|
uri |
URI specifying the policy attachment within the policy set. |
enable |
Optional. Specifies whether to enable or disable the policy attachment specified by the URI in the policy set. Valid options are:
If you omit this argument, the policy set attachment is enabled. |
The following example enables the policy oracle/wss_username_token_service_policy
attached to the port JRFWssUsernamePort
of the Web module WssUsernameService
. The web service is part of the application HelloWorld#1_0
for the server server1
in the domain base_domain
.
wls:/wls-domain/serverConfig>enableWSMPolicy("oracle/wss_username_token_service_policy",true)
The following example enables the policy oracle/log_policy
attached to the port HelloWorld_pt
for the service HelloService
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>enableWSMPolicy('oracle/log_policy')
The following example disables the policy oracle/log_policy
attached to the port HelloWorld_pt
for the service HelloService
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>enableWSMPolicy('oracle/log_policy',false)
Command Category: Policy Management
Use with WLST: Online
listAvailableWebServicePolicies([category],[subject])
Argument | Definition |
---|---|
category |
Optional. The policy category, for example,: 'security' , 'management' . |
subject |
Optional. The policy subject type, for example,: 'server' or 'client'. |
Command Category: Policy Management
Use with WLST: Online
Lists web service client port policies information for an application or SOA composite.
The output will display the web service client/reference port name, the OWSM policies it has attached to it and details about each attachment such as the policy category, status, the source of the policy attachment, any policy override properties (if applicable), and if the policy is in effect for the subject. It also displays if the policy subject is secure. For example:
test-port: URI=oracle/wss_username_token_client_policy, category=security, policy-status=enabled source=local policy set; reference-status=enabled; effective=true The policy subject is secure in this context.
listWebServiceClientPolicies(application, moduleOrCompName, moduleType, serviceRefName,portInfoName)
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to list the web service client port policy information. For example, /domain/server/application#version_number
To list the client port policy information for a web services application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services port policy information.
To list the client port policy information for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
|
serviceRefName |
The service reference name of the application or composite. |
portInfoName |
The client port name. |
The following example lists the web service client port policy information for the application jwsclient_1#1.1.0
for the server server1
in the domain base_domain
. In this example, the Web module name is WssUsernameClient
, the module type is wsconn
, the service reference name is WssUsernameClient
, and the client port name is JRFWssUsernamePort
.
wls:/wls-domain/serverConfig>listWebServiceClientPolicies ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort')
Command Category: Policy Management
Use with WLST: Online
Lists web service policy information for a web service port in an application or SOA composite.
The output will display the web service port name, the OWSM policies it has attached to it and details about each attachment such as the policy category, status, the source of the policy attachment, any policy override properties (if applicable), and if the policy is in effect for the subject. It also displays if the policy subject is secure. For example:
CalculatorPort: URI="oracle/wss_username_token_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true The policy subject is secure in this context.
listWebServicePolicies(application,moduleOrCompName,moduleType,serviceName,subjectName)
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to list the web services port policy information. For example, /domain/server/application#version_number
To list the port policy information for a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services port policy information.
To list the port policy information for a SOA composite, the composite name is required (for example, |
moduleType |
Module type. Valid options are:
|
serviceName |
Name of the web service in the application or SOA composite for which you want to list the port policy information. For example, {http://namespace/}serviceName . Note that the namespace ({http://namespace/}) should not be included for a SOA composite. |
subjectName |
Policy subject, port, or operation name. |
The following example lists the web service policy information for the port CalculatorPort
in the application jaxwsejb30ws
. In this example, the Web module name is jaxwsejb
, and the service name is CalculatorService
.
wls:/wls-domain/serverConfig>listWebServicePolicies ('/base_domain/AdminServer/jaxwsejb30ws','jaxwsejb','web', '{http://namespace/}CalculatorService', 'CalculatorPort')
The following example lists the port policy information for the SOA composite default/HelloWorld[1.0]
. Note that the moduleType
is set to SOA
, the service name is HelloService
, and the subject is a port named HelloWorld_pt
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>listWebServicePolicies (None, 'default/HelloWorld[1.0]', 'soa', 'HelloService', 'HelloWorld_pt')
Note:
This command has been deprecated for Oracle Infrastructure Web Services. It is recommended that you use thesetWSMPolicyOverride
command, as described in "setWSMPolicyOverride".
This command does not apply to Java EE web services.
The following examples show how to migrate to use the setWSMPolicyOverride
command.
11g Release:
wls:/jrfServer_domain/serverConfig> setWebServicePolicyOverride ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy', 'web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', 'oracle/wss_username_token_service_policy', 'reference.priority', '10')
12c Release (for repository and policy subject operations):
wls:/jrfServer_domain/serverConfig> setWSMPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
Command Category: Policy Management
Use with WLST: Online
Configures the web service port policy override properties of an application or SOA composite.
setWebServicePolicyOverride(application,moduleOrCompName,moduleType, serviceName, portName,policyURI,properties)
Argument | Definition |
---|---|
application |
Name and path of the application for which you want to override the web service port policy. For example, /domain/server/application#version_number
To override properties on a policy attached to a port of a web service application, this argument is required. |
moduleOrCompName |
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to override a web service port policy.
To override properties on a policy attached to a SOA composite, the composite name is required (for example, |
moduleType |
Module type. The valid option is web —Oracle Infrastructure web services packaged as a Web module (including an EJB).
Note: The module type |
serviceName |
Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName . Note that the namespace ({http://namespace/}) should not be included for a SOA composite. |
subjectName |
Name of the policy subject, port, or operation. |
policyURI |
OWSM policy name URI, for example, 'oracle/log_policy' to which the override properties will be applied.
If the policy specified is not attached, an error message is displayed and/or an exception is thrown. |
properties |
Policy override properties. Properties must be specified using the following format:
For example: If this argument is set to |
The following example configures the override properties for the policy oracle/wss10_message_protection_service_policy
for the port JRFWssUsernamePort
of the Web module WssUsernameService
. The web service is part of the application HelloWorld#1_0
for the server server1
in the domain base_domain
.
wls:/wls-domain/serverConfig>setWebServicePolicyOverride ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy', 'web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', "oracle/wss10_message_protection_service_policy", [("keystore.sig.csf.key","sigkey")])
Note:
For direct policy attachments, this command applies to Oracle Infrastructure and RESTful web services only. For configuration overrides on policy references within a policy set, this command also applies to Java EE web services. For more information about configuration overrides in policy sets, see "Overriding Configuration Properties for Globally Attached Policies Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.The local.policy.reference.source
property is for informational purposes only, to identify the source of the direct policy attachment, and should not be overridden. For more information, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Command Category: Policy Management
Use with WLST: Online
Within a session, adds a configuration override, described by a name
-value
pair, to a policy identified by the specified URI and attached to the policy set document or policy subject. The value
argument is optional. If the value
argument is omitted, the property specified by the name
argument is removed from the policy subject. If the property specified by the name
argument already exists and a value
argument is provided, the current value is overwritten by the new value.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.
setWSMPolicyOverride(uri, name, value)
Argument | Description |
---|---|
uri |
String representing the policy URI. For example, 'oracle/wss10_saml_token_service_policy' , to which the override properties will be applied. |
name |
String representing the name of the override property. For example: ['reference.priority'] |
value |
Optional. String representing the value of the property. If this argument is not specified, the property specified by the name argument, if it exists, is removed. |
The following example specifies a configuration override for the reference.priority
property for the oracle/wss10_saml_token_service_policy
to a value of 1
.
wls:/wls-domain/serverConfig> setWSMPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority','1')
The following example removes the property reference.priority
from the oracle/wss10_saml_token_service_policy
in the policy set.
wls:/wls-domain/serverConfig> setWSMPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority')
Policy sets enhance the security and manageability of an enterprise by providing a mechanism to globally attach one or more policies to a subject type. Using policy sets, an administrator can specify a default set of policies to be enforced even if none are directly attached. For detailed information about determining the type and scope of resources a policy set can be attached to, see "Defining the Type and Scope of Resources for Globally Attached Policies" in the Securing Web Services and Managing Policies with Oracle Web Services Manager.
All policy set creation, modification, or deletion commands must be performed in the context of a session. A session can only act on a single policy set.
Notes:
To view the help for the WLST commands described in this section, connect to a running instance of the server and enterhelp('wsmManage')
.
The policy set management commands listed in Table 3-9 have been deprecated in this release for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, Oracle recommends that you use the new WLST commands listed in Table 3-8 to manage OWSM policy sets in release 12c. These commands must be executed within the context of a session using the session commands described in Section 3, "Session Commands."
For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.
Use the WLST commands listed in Table 3-6 to manage globally available policy sets.
Table 3-8 Web Services Global Policy Set Management WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Within a session, clone a new policy set from an existing policy set. |
Online |
|
Create a new, empty policy set within a session. |
Online |
|
Delete all or selected policy sets from within the OWSM repository. |
Online |
|
Delete a specified policy set within a session. |
Online |
|
Display the configuration of a specified policy set. |
Online |
|
Enable or disable the current policy set within a session. |
Online |
|
Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. |
Online |
|
Specify a policy set for modification within a session. |
Online |
|
Specify a run-time constraint value for a policy set selected within a session. |
Online |
|
Configure override properties to a policy set. |
Online |
|
Specify a description for a policy set selected within a session. |
Online |
|
Set an expression that attaches a policy set to the specified resource scope. |
Online |
|
Validate an existing policy set. |
Online |
Table 3-9 list the WLST commands that are deprecated in this release for managing Oracle Infrastructure web service global policy sets.
Table 3-9 Deprecated WLST Commands for Global Policy Set Management
Use this command... | To... | Use with WLST... |
---|---|---|
Abort the current OWSM repository modification session, discarding any changes that were made to the repository during the session. |
Online |
|
Attach a policy set to the specified resource scope. |
Online |
|
Attach a policy to a policy set using the policy's URI. |
Online |
|
Begin a session to modify the OWSM repository. |
Online |
|
Clone a new policy set from an existing policy set. |
Online |
|
Write the contents of the current session to the OWSM repository. |
Online |
|
Create a new, empty policy set. |
Online |
|
Delete all or selected policy sets from within the OWSM repository. |
Online |
|
Delete a specified policy set. |
Online |
|
Describe the contents of the current session. |
Online |
|
Detach a policy from a policy set using the policy's URI. |
Online |
|
Display the configuration of a specified policy set. |
Online |
|
Enable or disable a policy set. |
Online |
|
Enable or disable a policy attachment for a policy set using the policy's URI. |
Online |
|
List the policy sets in the repository. |
Online |
|
Migrate direct policy attachments to global policy attachments if they are identical. |
Online |
|
Specify an existing policy set for modification in the current session. |
Online |
|
Specify a run-time constraint value for a policy set selected within a session. |
Online |
|
Specify a description for the policy set selected within a session. |
Online |
|
Add a configuration override to a policy reference in the current policy set. |
Online |
|
Validate an existing policy set in the repository or in a session. |
Online |
Note:
This command has been deprecated. It is recommended that you use theabortWSMSession
command, as described in "abortWSMSession".
The following examples show how to migrate to use the abortWSMSession
command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> abortRepositorySession()
12c Release (for both Repository and PolicySubject operations):
wls:/jrfServer_domain/serverConfig> abortWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Aborts the current modification session, discarding any changes that were made to the repository during the session.
Note:
This command has been deprecated. It is recommended that you use thesetWSMPolicySetScope
command, as described in "setWSMPolicySetScope".
The following examples show how to migrate to use the setWSMPolicySetScope
command.
11g Release:
wls:/jrfServer_domain/serverConfig> attachPolicySet ('Domain("base_domain")')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicySetScope ('Domain("base_domain")')
Command Category: Policy Set Management
Use with WLST: Online
Within a session, sets an expression that attaches a policy set to the specified resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
attachPolicySet(expression)
Argument | Definition |
---|---|
expression |
Expression that attaches the policy set to the specified resource scope.
For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
The following example attaches a policy set to the specified base_domain
resource.
wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain")')
This example attaches a policy set to the specified base_domain
and managed_server
resources.
wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain") and Server("managed_server")')
Note:
For Oracle Infrastructure Web Services, it is recommended that you use theattachWSMPolicy
command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy
command.
11g Release (for both Repository and PolicySubject operation on policy set):
wls:/jrfServer_domain/serverConfig> attachPolicySetPolicy ('oracle/wss_username_token_service_policy')
12c Release:
wls:/jrfServer_domain/serverConfig> attachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Set Management
Use with WLST: Online
Within a session, attaches a policy, identified by the specified URI, to the current policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
attachPolicySetPolicy(uri)
Argument | Definition |
---|---|
uri |
URI specifying the policy to attach to the current policy set. For example, 'oracle/log_policy' . |
Note:
This command has been deprecated. It is recommended that you use thebeginWSMSession
command, as described in "beginWSMSession".
The following examples show how to migrate to use the beginWSMSession
command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> beginRepositorySession()
12c Release (for both Repository and PolicySubject operations):
wls:/jrfServer_domain/serverConfig> beginWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Begins a session to modify the OWSM Repository. A session can only act on a single policy subject, such as a policy set or a Fusion Middleware web service endpoint. An error will be displayed if there is already a current session.
Note:
For Oracle Infrastructure Web Services, it is recommended that you use thecloneWSMPolicySet
command, as described in "cloneWSMPolicySet". The following examples show how to migrate to use the cloneWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> clonePolicySet ('myNewPolicySet', 'myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> cloneWSMPolicySet ('myNewPolicySet', 'myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Within a session, clones a new policy set from an existing policy set. When cloning an existing policy set, all values and attachments in the source policy set are copied into the new policy set, although you can supply a different expression identifying the resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
clonePolicySet(name, source,[attachTo=None],[description=None],[enable='true'])
Argument | Definition |
---|---|
name |
Name of the new policy set clone. |
source |
Name of the source policy set that will be cloned. |
attachTo=None |
Optional. Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
If this argument is set to |
description=None |
Optional. Description for the new policy set.
If this argument is set to |
enable='true' |
Optional. Specifies whether to enable or disable the policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
The first example creates a policy set by cloning the existing myPolicySet
policy set to create a new mynewPolicySet
. The second example also creates a policy set, but narrows the resource scope to policy subjects in the specified jaxwsejb30ws
application in the domain.
wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet') wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet','Application("jaxwsejb30ws")')
Command Category: Policy Set Management
Use with WLST: Online
Within a session, clones a new policy set from an existing policy set. When cloning an existing policy set, all values and attachments in the source policy set are copied into the new policy set, although you can supply a different expression identifying the resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
cloneWSMPolicySet(name,source,[scope=None],[description=None],[enable='true'])
Argument | Definition |
---|---|
name |
Name of the new policy set clone. |
source |
Name of the source policy set that will be cloned. |
scope=None |
Optional. Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
If this argument is not specified, then the expression used in the source policy set to identify the scope of resources is retained. |
description=None |
Optional. Description for the new policy set.
If this argument is not specified, then the description used in the source policy set is retained. |
enable='true' |
Optional. Specifies whether to enable or disable the policy set. If you omit this argument, the policy set is enabled.Valid options are:
If you omit this argument, the policy set is enabled. |
The first example creates a policy set by cloning the existing myPolicySet
policy set to create a new mynewPolicySet
. The second example also creates a policy set, but narrows the resource scope to policy subjects in the specified jaxwsejb30ws
application in the domain.
wls:/wls-domain/serverConfig>cloneWSMPolicySet('myNewPolicySet','myPolicySet') wls:/wls-domain/serverConfig>cloneWSMPolicySet('myNewPolicySet','myPolicySet','Application("jaxwsejb30ws")')
Note:
This command has been deprecated. It is recommended that you use thecommitWSMSession
command, as described in "commitWSMSession".
The following examples show how to migrate to use the commitWSMSession
command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> commitRepositorySession()
12c Release (for both Repository and PolicySubject operations):
wls:/jrfServer_domain/serverConfig> commitWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Writes the contents of the current session to the OWSM Repository. Messages are displayed that describe what was committed. An error will be displayed if there is no current session.
Note:
For Oracle Infrastructure Web Services, it is recommended that you use thecreateWSMPolicySet
command, as described in "createWSMPolicySet". The following examples show how to migrate to use the createWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> createPolicySet('myPolicySet', 'ws-service', 'Domain("base_domain")')
12c Release:
wls:/jrfServer_domain/serverConfig> createWSMPolicySet ('myPolicySet', 'ws-service', 'Domain("base_domain")')
Command Category: Policy Set Management
Use with WLST: Online
Creates a new, empty policy set within a session. When creating a new policy set, you must specify the type of policy subject that the policy set will apply to, and a supported expression that defines a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
createPolicySet(name,type,attachTo,[description=None],[enable='true'])
Argument | Definition |
---|---|
name |
Name of the new, empty policy set. |
type |
The type of policy subject to which the new policy set applies. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager. |
attachTo |
Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
description |
Optional. Description of the new policy set. If no description is specified, then the description for a new policy set will be "Global policy attachments for <type> ", where <type> is the subject type. |
enable |
Optional. Specifies whether to enable or disable the new policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
The first example creates a new policy set and specifies the resource scope to only ws-service
types (Web Service Endpoint) in the base_domain
domain. The second example creates a new policy set, but also narrows the resource scope to only sca-service types (SOA Service) in the soa_server1 server in the domain.
wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','ws-service','Domain("base_domain")') wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','sca-service','Server("soa_server1")','My policySet')
Command Category: Policy Set Management
Use with WLST: Online
Within a session, creates a new, empty policy set. When creating a new policy set, you must specify the type of policy subject that the policy set will apply to, and provide a supported expression that defines a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
createWSMPolicySet(name,type,scope,[description=None],[enable='true'])
Argument | Definition |
---|---|
name |
Name of the new, empty policy set. |
type |
The type of policy subject that the new policy set applies to. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager. |
scope |
Optional. Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
If this argument is not specified, then the expression used in the source policy set to identify the scope of resources is retained. |
description=None |
Optional. Description of the new policy set. If no description is specified, then the description for a new policy set will be "Global policy attachments for <type> ", where <type> is the subject type. |
enable='true' |
Optional. Specifies whether to enable or disable the new policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
The following example creates a new policy set and specifies the resource scope to only ws-service
types (Web Service Endpoint) in the base_domain
domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','ws-service','Domain("base_domain")')
The following example creates a new policy set, but also narrows the resource scope to only sca-service
types (SOA Service) in the soa_server1
server in the domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','sca-service','Server("soa_server1")','My policySet')
The following example creates a new policy set, narrowing the resource scope to only sca-rest-reference
types (SOA RESTful references) in the base_domain
domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','sca-rest-reference','Domain("base_domain")','My policySet')
The following example creates a new policy set, narrowing the resource scope to only sca-rest-reference
types (OSB RESTful business services) in the base_domain
domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','biz-rest-service','Domain("base_domain")','My policySet')
Note:
For Oracle Infrastructure Web Services, it is recommended that you use thedeleteWSMAllPolicySets
command, as described in "deleteWSMAllPolicySets". The following examples show how to migrate to use the deleteWSMAllPolicySets
command.
11g Release:
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets()
12c Release:
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets()
Command Category: Policy Set Management
Use with WLST: Online
Deletes all or selected policy sets from within the OWSM repository. You can specify whether to force deletion of all the policy sets, or prompt to select individual policy sets for deletion. If deletion of any policy set fails then this operation throws an exception and no policy sets are deleted.
deleteAllPolicySets([mode])
Argument | Definition |
---|---|
mode |
Optional. The action to be taken for performing policy set deletion. Valid options are:
If no mode is specified, this argument defaults to |
The following example automatically deletes all policy sets from the respository without prompting.
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets("force")
Starting Operation deleteAllPolicySets ...
All policy sets were deleted successfully from repository.
deleteAllPolicySets Operation Completed.
The following examples delete selected policy sets from the repository.
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets()
or
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets('prompt')
Starting Operation deleteAllPolicySets ...
Policy Set Name: create_policyset_6
Select "create_policyset_6" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_8
Select "create_policyset_8" for deletion (yes/no/cancel)? yes
Policy Set Name: create_policyset_21
Select "create_policyset_21" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_10
Select "create_policyset_10" for deletion (yes/no/cancel)? yes
All the selected policy sets were deleted successfully from repository.
deleteAllPolicySets Operation Completed.
Command Category: Policy Set Management
Use with WLST: Online
Deletes all or selected policy sets within a session. You can specify whether to force deletion of all the policy sets, or prompt to select individual policy sets for deletion. If deletion of any policy set fails then this operation throws an exception and no policy sets are deleted.
deleteWSMAllPolicySets([mode])
Argument | Definition |
---|---|
mode |
Optional. The action to be taken for performing policy set deletion. Valid options are:
If no mode is specified, this argument defaults to |
The following example automatically deletes all policy sets from the respository without prompting.
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets("force")
Starting Operation deleteWSMAllPolicySets ...
All policy sets were deleted successfully from repository.
deleteWSMAllPolicySets Operation Completed.
The following examples delete selected policy sets from the repository.
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets()
or
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets('prompt')
Starting Operation deleteWSMAllPolicySets ...
Policy Set Name: create_policyset_6
Select "create_policyset_6" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_8
Select "create_policyset_8" for deletion (yes/no/cancel)? yes
Policy Set Name: create_policyset_21
Select "create_policyset_21" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_10
Select "create_policyset_10" for deletion (yes/no/cancel)? yes
All the selected policy sets were deleted successfully from repository.
deleteWSMAllPolicySets Operation Completed.
Note:
For Oracle Infrastructure Web Services, it is recommended that you use thedeleteWSMPolicySet
command, as described in "deleteWSMPolicySet". The following examples show how to migrate to use the deleteWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> deletePolicySet('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> deleteWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Deletes a specified policy set within a session. If the session already contains a different policy set, an error will display. If the session already contains the named policy set, then a creation will be undone or a modification will be converted into a deletion.
Issuing this command outside of a session will result in an error.
Command Category: Policy Set Management
Use with WLST: Online
Within a session, deletes a specified policy set. If the session already contains a different policy set, an error will display. If the session already contains the named policy set, then a creation will be undone or a modification will be converted into a deletion.
Issuing this command outside of a session will result in an error.
Note:
This command has been deprecated. It is recommended that you use thedescribeWSMSession
command, as described in "describeWSMSession". The following examples show how to migrate to use the describeWSMSession
command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> describeRepositorySession()
12c Release (for both Repository and Policy Subject operations):
wls:/jrfServer_domain/serverConfig> describeWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Describes the contents of the current session. This will either indicate that the session is empty or list the name of the policy subject that is being updated, along with the type of update (create, modify, or delete). An error will be displayed if there is no current session.
Note:
For Oracle Infrastructure Web Services, it is recommended that you use thedetachWSMPolicy
command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy
command.
11g Release (for both Repository and Policy Subject operations on policy set):
wls:/jrfServer_domain/serverConfig> detachPolicySetPolicy ('oracle/wss_username_token_service_policy')
12c Release:
wls:/jrfServer_domain/serverConfig> detachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Set Management
Use with WLST: Online
Within a session, detaches a policy, identified by a specified URI, from the current policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
detachPolicySetPolicy(uri)
Argument | Definition |
---|---|
uri |
URI specifying the policy to detach to the current policy set. For example, oracle/log_policy' . |
Note:
For Oracle Infrastructure Web Services, it is recommended that you use thedisplayWSMPolicySet
command, as described in "displayWSMPolicySet". The following examples show how to migrate to use the displayWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> displayPolicySet('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> displayWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Displays the configuration of a specified policy set. If the policy set is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the policy set does not exist.
This command can be issued outside of a session.
displayPolicySet([name])
Argument | Definition |
---|---|
name |
Optional. Name of the policy set to be displayed.
If a name is not specified, the configuration of the policy set, if any, in the current session is displayed or an error message is displayed. |
Command Category: Policy Set Management
Use with WLST: Online
Displays the configuration of a specified policy set. If the policy set is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the policy set does not exist.
This command can be issued outside of a session.
displayWSMPolicySet([name])
Argument | Definition |
---|---|
name |
Optional. Name of the policy set to be displayed.
If a name is not specified, the configuration of the policy set, if any, in the current session is displayed or an error message is displayed. |
Note:
For Oracle Infrastructure Web Services, it is recommended that you use theenableWSMPolicySet
command, as described in "enableWSMPolicySet". The following examples show how to migrate to use the enableWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> enablePolicySet(true)
12c Release:
wls:/jrfServer_domain/serverConfig> enableWSMPolicySet(true)
Command Category: Policy Set Management
Use with WLST: Online
Enables or disables the current policy set within a session. If not specified, this command enables the policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
enablePolicySet([enable=True])
Argument | Definition |
---|---|
enable |
Optional. Specifies whether to enable or disable the policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Note:
For Oracle Infrastructure Web Services, it is recommended that you use theenableWSMPolicySet
command, as described in "enableWSMPolicySet". The following examples show how to migrate to use the enableWSMPolicySet
command.
11g Release:
wls:/wls-domain/serverConfig>enablePolicySetPolicy('/oracle/log_policy',false)
12c Release:
wls:/wls-domain/serverConfig>enableWSMPolicy('/oracle/log_policy',false)
Command Category: Policy Set Management
Use with WLST: Online
Within a session, enables or disables the policy attachment, which is identified by the provided URI in the current policy set. If not specified, this command enables the policy set. An error displays if the identified policy is not currently attached to the policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
enablePolicySetPolicy(uri,[enable=true])
Argument | Definition |
---|---|
uri |
URI specifying the policy attachment within the policy set. |
enable |
Optional. Specifies whether to enable or disable the policy attachment specified by the URI in the policy set. Valid options are:
If you omit this argument, the policy set attachment is enabled. |
Command Category: Policy Set Management
Use with WLST: Online
Within a session, enables or disables the current policy set. If the optional enable
argument is not specified, this command enables the policy set by default.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
enableWSMPolicySet([enable=True])
Argument | Definition |
---|---|
enable |
Optional. Specifies whether to enable or disable the policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Note:
For Oracle Infrastructure Web Services, it is recommended that you use thelistWSMPolicySets
command, as described in "listWSMPolicySets". The following examples show how to migrate to use the listWSMPolicySets
command.
11g Release:
wls:/wls-domain/serverConfig>listPolicySets('ws-service')
12c Release:
wls:/wls-domain/serverConfig>listWSMPolicySets('ws-service')
Command Category: Policy Set Management
Use with WLST: Online
Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. You can list all the policy sets or limit the display to include only those that apply to specific policy subject resource types.
listPolicySets([type=None])
Argument | Definition |
---|---|
type=None |
Optional. Specifies the type of policy subject for which the associated policy sets will be displayed. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager
If this argument is set to |
The first two examples list policy sets by either the ws-service
or ws-client
resource types. The third example lists all the policy sets stored in the repository.
wls:/wls-domain/serverConfig>listPolicySets('ws-service') wls:/wls-domain/serverConfig>listPolicySets('ws-client') wls:/wls-domain/serverConfig>listPolicySets()
Command Category: Policy Set Management
Use with WLST: Online
Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. You can list all the policy sets or use the type
argument to limit the display to include only those sets that apply to specific policy subject resource types.
listWSMPolicySets([type=None])
Argument | Definition |
---|---|
type=None |
Optional. Specifies the type of policy subject for which the associated policy sets will be displayed. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager.
If this argument is set to |
The first two examples list policy sets by either the ws-service
or ws-client
resource types. Whereas, the third example lists all the policy sets stored in the repository.
wls:/wls-domain/serverConfig>listWSMPolicySets('ws-service') wls:/wls-domain/serverConfig>listWSMPolicySets('ws-client') wls:/wls-domain/serverConfig>listWSMPolicySets()
Note:
This command has been deprecated. It is recommended that you use themigrateWSMAttachments
command, as described in "migrateWSMAttachments". The following examples show how to migrate to use the migrateWSMAttachments
command.
11g Release:
wls:/jrfServer_domain/serverConfig> migrateAttachments()
12c Release:
wls:/jrfServer_domain/serverConfig> migrateWSMAttachments()
Command Category: Policy Set Management
Use with WLST: Online
Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. You can specify whether to force the migration, prompt for confirmation before each migration, or simply list the migrations that would occur. A direct policy attachment is identical if its URI is the same as one provided by a global policy attachment, and if it does not have any scoped configuration overrides.
Note:
A direct attachment with an unscoped override will be migrated but an attachment with a scoped override will not. This is because after running themigrateAttachments()
command, the enforcement of the policies on all subjects remains the same, even though some policies are globally attached.Whether forced or prompted, the command lists each direct policy attachment that is migrated. This output will identify the policy subject that was modified, the URI of the identical policy reference, and the name of the global policy attachment document that duplicated the direct attachment.
migrateAttachments([mode])
Argument | Definition |
---|---|
mode |
The action to be taken for each policy attachment that can be migrated. Valid options are:
If no mode is specified, this argument defaults to |
The following examples describe how to use the repository attachment migration modes.
wls:/wls-domain/serverConfig>migrateAttachments() wls:/wls-domain/serverConfig>migrateAttachments('force') wls:/wls-domain/serverConfig>migrateAttachments('preview') wls:/wls-domain/serverConfig>migrateAttachments('prompt')
Note:
For Oracle Infrastructure Web Services, it is recommended that you use theselectWSMPolicySet
command, as described in "selectWSMPolicySet". The following examples show how to migrate to use the selectWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> modifyPolicySet('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> selectWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Specifies a policy set for modification in the current session. The latest version of the named policy set will be loaded into the current session. If the session already contains a different policy set, then an error will be displayed; if the session already contains the named policy set, then no action will be taken. Subsequent attempts to modify the named policy set will show the current version in the session.
Issuing this command outside of a session will result in an error.
modifyPolicySet(name)
Argument | Definition |
---|---|
name |
Name of the policy set to be modified in the current session. |
Command Category: Policy Set Management
Use with WLST: Online
Within a session, specifies a policy set for modification. The latest version of the named policy set is loaded into the current session. If the session already contains a different policy set, then an error will be displayed; if the session already contains the named policy set, then no action will be taken. Subsequent attempts to modify the named policy set will show the current version in the session.
Issuing this command outside of a session will result in an error.
selectWSMPolicySet(name)
Argument | Description |
---|---|
name |
Name of the policy set to be modified in the current session. |
Note:
This command has been deprecated. It is recommended that you use thesetWSMPolicySetConstraint
command, as described in "setWSMPolicySetConstraint". The following examples show how to migrate to use the setWSMPolicySetConstraint
command.
11g Release:
wls:/jrfServer_domain/serverConfig> setPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
Command Category: Policy Set Management
Use with WLST: Online
Specifies a run-time constraint value for a policy set selected within a session. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
For more information, see "Specifying Run-time Constraints in Policy Sets" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
setPolicySetConstraint(constraint)
Argument | Definition |
---|---|
constraint |
Expression that specifies the run-time context to which the policy set applies. If not specified, the policy set applies to all run-time contexts. |
The following example specifies that the policy set apply only to requests from external clients.
wls:/wls-domain/serverConfig> setPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
The following example specifies that the policy set apply only to requests from non-external clients.
wls:/wls-domain/serverConfig> setPolicySetConstraint('!HTTPHeader("VIRTUAL_HOST_TYPE","external")')
Note:
This command has been deprecated. It is recommended that you use thesetWSMPolicySetDescription
command, as described in "setWSMPolicySetDescription". The following examples show how to migrate to use the setWSMPolicySetDescription
command.
11g Release:
wls:/jrfServer_domain/serverConfig> setPolicySetDescription ('Global policy set for web service endpoint.')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicySetDescription ('Global policy set for web service endpoint.')
Command Category: Policy Set Management
Use with WLST: Online
Specifies a description for a policy set selected within a session.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Note:
This command has been deprecated. It is recommended that you use thesetWSMPolicyOverride
command, as described in "setWSMPolicyOverride". The following examples show how to migrate to use the setWSMPolicyOverride
command.
11g Release:
wls:/jrfServer_domain/serverConfig> setPolicySetPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
Command Category: Policy Set Management
Use with WLST: Online
Adds a configuration override, described by a name
, value
pair, to an attached policy reference in the current policy set. The value
argument is optional. If the value
argument is omitted, the property specified by the name
argument is removed from the policy reference in the policy set. If the property specified by the name
argument already exists and a value
argument is provided, the current value is overwritten by the new value specified with the value
argument.
Issuing this command outside of a session containing a policy set that is being created or modified results in an error.
setPolicySetPolicyOverride(uri,name,[value=None])
Argument | Definition |
---|---|
URI |
String representing the OWSM policy URI, for example, 'oracle/wss10_saml_token_service_policy' to which the override properties will be applied. |
name |
String representing the name of the override property.
For example: |
value |
Optional. String representing the value of the property. If this argument is not specified, the property specified by the name argument, if it exists, is removed. |
The following example specifies a configuration override for the reference.priority
property for the oracle/wss10_saml_token_service_policy
to a value of 1
.
wls:/wls-domain/serverConfig> setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority','1')
The following example removes the property reference.priority
from the oracle/wss10_saml_token_service_policy
in the policy set.
wls:/wls-domain/serverConfig> setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority')
Command Category: Policy Set Management
Use with WLST: Online
Within a session, specifies a constraint value for a policy set selected within a session. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
For more information, see "Specifying Run-time Constraints in Policy Sets" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
setWSMPolicySetConstraint(constraint)
Argument | Definition |
---|---|
constraint |
Expression that specifies the run-time context to which the policy set applies. If not specified, the policy set applies to all run-time contexts. |
The following example specifies that the policy set applies only to requests from external clients.
wls:/wls-domain/serverConfig> setWSMPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
The following example specifies that the policy set applies only to requests from non-external clients.
wls:/wls-domain/serverConfig> setWSMPolicySetConstraint('!HTTPHeader("VIRTUAL_HOST_TYPE","external")')
Command Category: Policy Set Management
Use with WLST: Online
Within a session, specifies a description for a policy set. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
setWSMPolicySetDescription(description)
Argument | Definition |
---|---|
description |
Describes a policy set. |
Command Category: Policy Set Management
Use with WLST: Online
Within a session, adds a configuration override, described by a name
-value
pair, to the currently selected policy set. The override is unscoped to any specific policy reference. The value
argument is optional. If the value
argument is omitted, a null is assumed for value
, and the property specified by the name
argument is removed from the policy set. If the property specified by the name
argument already exists and a value
argument is provided, the current value is overwritten by the new value.
You must start a session and select the policy set (using the selectWSMPolicySet
command), before initiating the command. Issuing this command outside of a session containing a policy subject that is being created or modified results in an error.
setWSMPolicySetOverride(name,[value=None])
Argument | Description |
---|---|
name |
String representing the name of the override property. For example: ['on.behalf.of'] |
value |
Optional. String representing the value of the property. If this argument is not specified, a null is assumed and the property specified by the name argument is removed, if one exists with the same name. |
The following example specifies a configuration override for the on.behalf.of
property for the policy set selected in the session to a value of true
.
wls:/wls-domain/serverConfig> setWSMPolicySetOverride('on.behalf.of','true')
The following example removes the property on.behalf.of
from the policy set.
wls:/wls-domain/serverConfig> setWSMPolicySetOverride('on.behalf.of')
Command Category: Policy Set Management
Use with WLST: Online
Within a session, sets an expression that attaches a policy set to the specified resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
setWSMPolicySetScope(expression)
Argument | Definition |
---|---|
expression |
Expression that attaches the policy set to the specified resource scope.
For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
The following example attaches a policy set to the specified base_domain
resource.
wls:/wls-domain/serverConfig>setWSMPolicySetScope('Domain("base_domain")')
This example attaches a policy set to the specified base_domain
and managed_server
resources.
wls:/wls-domain/serverConfig>setWSMPolicySetScope('Domain("base_domain") and Server("managed_server")')
Note:
This command has been deprecated. It is recommended that you use thevalidateWSMPolicySet
command, as described in "validateWSMPolicySet". The following examples show how to migrate to use the validateWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> validatePolicySet ('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> validateWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Validates an existing policy set. If a policy set name is provided, the command will validate the specified policy set. If no policy set name is specified, the command will validate the policy set in the current session.
An error message displays if the policy set does not exist, or a name is not provided and the session is not active, or if the OWSM repository does not contain a suitable policy set.
validatePolicySet([name=None])
Argument | Definition |
---|---|
name |
Optional. Name of the policy set to validate. If a name is not provided then the command will validate the policy set being created or modified in the current session. |
Command Category: Policy Set Management
Use with WLST: Online
Within a session, validates an existing policy set. If a policy set name is provided, the specified policy set is validated. If no policy set name is specified, the policy set in the current session is validated.
If the policy set does not exist, if a name is not provided and the session is not active, or if the repository does not contain a suitable policy set, an error message is displayed.
validateWSMPolicySet([name=None])
Argument | Definition |
---|---|
name |
Optional. Name of the policy set to validate. If a name is not provided then the command will validate the policy set being created or modified in the current session. |
Use the commands listed in Table 3-10 to manage the Oracle Infrastructure Web Services documents stored in the OWSM repository. For additional information about upgrading or migrating documents in an OWSM repository, see "Upgrading the OWSM Repository" in the Securing Web Services and Managing Policies with Oracle Web Services Manager.
Note:
The repository management commands listed in Table 3-11 have been deprecated in this release.To manage the OWSM repository in release 12c, it is recommended that you use the new WLST commands listed in Table 3-10. For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.
Additional MDS WLST commands are described in Chapter 4, "Metadata Services (MDS) Custom WLST Commands."
Table 3-10 Oracle Infrastructure Web Services - WLST Commands for Repository Management
Use this command... | To... | Use with WLST... |
---|---|---|
Export a set of applications metadata from the repository into a supported ZIP archive. Note: This command is supported for Oracle Infrastructure and RESTful web services only. This command is not supported for ADF DC web service clients and Java EE web services. |
Online |
|
Export a set of documents from the repository into a supported ZIP archive. |
Online |
|
Import a set of documents from a supported ZIP archive into the repository. |
Online |
|
Migrate the custom roles and policies from the |
Online |
|
Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. |
Online |
|
Delete the existing policies stored in the repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software. |
Online |
|
Upgrade the OWSM predefined policies stored in the repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. |
Online |
Table 3-11 list the WLST commands for managing the OWSM repository that have been deprecated in this release.
Table 3-11 Deprecated WLST Commands for Repository Management
Use this command... | To... | Use with WLST... |
---|---|---|
Export a set of documents from the repository into a supported ZIP archive. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive. |
Online |
|
Import a set of documents from a supported ZIP archive into the repository. You can provide the location of a file that describes how to map a physical information from the source environment to the target environment. |
Online |
|
Delete the existing policies stored in the repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software. |
Online |
|
Upgrade the OWSM predefined policies stored in the repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. |
Online |
Note:
This command has been deprecated. It is recommended that you use theexportWSMRepository
command, as described in "exportWSMRepository". The following examples show how to migrate to use the exportWSMRepository
command.
11g Release:
wls:/jrfServer_domain/serverConfig> exportRepository ("/tmp/repo.zip")
12c Release:
wls:/jrfServer_domain/serverConfig> exportWSMRepository ("/tmp/repo.zip")
Command Category: OWSM Repository Management
Use with WLST: Online
Exports a set of documents from the OWSM repository into a supported ZIP archive. If the specified archive already exists, the following options are presented:
The specified archive already exists. Update existing archive? Enter "yes" to merge documents into existing archive, "no" to overwrite, or "cancel" to cancel the operation.
You can also specify a list of the documents to be exported, or use a search expression to find specific documents in the repository.
Read only documents, such as predefined policies and assertion templates, will not be included in the export.
exportRepository(archive,[documents=None],[includeShared='false'])
Argument | Definition |
---|---|
archive |
Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive.
During override, the original archive is backed up and a message describes the location of the backup archive. |
documents=None |
Optional. The documents to be exported to the archive. If no documents are specified, then all assertion templates, intents, policies, and policy sets will be exported. You can specify a list of the documents to be exported, or use a search expression to find specific documents in the repository. |
includeShared='false' |
Optional. Specifies whether the policy references should be expanded during export. |
The following examples describe repository export sessions. The first example exports all OWSM documents to the policies.zip
file.
wls:/wls-domain/serverConfig>exportRepository("/tmp/policies.zip")
This example exports only the MyPolicySet1
, MyPolicySet2
, and MyPolicySet3
policy sets to the policies.jar
file, and also expands all the policy references output during the export process.
wls:/wls-domain/serverConfig>exportRepository("/tmp/policies.jar", ["/policysets/MyPolicySet1","/policysets/MyPolicySet2","/policysets/MyPolicySet3"], true)
This example exports policy sets using wildcards to the some_global_with_noreference_2
file.
wls:/wls-domain/serverConfig>exportRepository('./export/some_global_with_noreference_2', ['policysets:global/web_%','policysets:global/web_ref%', 'policysets:global/web_call%'], false)
Note:
This command is supported for Oracle Infrastructure and RESTful web services only. This command is not supported for ADF DC web service clients and Java EE web services.Command Category: OWSM Repository Management
Use with WLST: Online
Exports a set of application metadata from the repository into a supported ZIP archive. If the specified archive already exists, you are presented with a set of options: merge the documents into the existing archive, overwrite the archive, or cancel the operation. By default, all metadata for applications in the current domain is exported to the archive, or you can use a search expression to export specific metadata for applications in the repository.
Note:
Read only documents, such as predefined policies and assertion templates, will not be included in the export.exportWSMAppMetadata(archive,[applications=None],[includeShared='false'])
Argument | Description |
---|---|
archive |
Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive. During override, the original archive is backed up and a message describes the location of the backup archive. |
applications=None |
Optional. The metadata of applications to be exported to the archive. If no application names are specified, then all metadata for applications in the current domain will be exported. You can specify a list of search expressions to find specific application metadata in the repository, using this syntax: /{PLATFORM_NAME }/{DOMAIN_NAME }/{APPLICATION_NAME }. |
includeShared='false' |
Optional. Specifies whether the shared documents (those that are specified as policy references within wsm-assembly documents) should be included during export. Because read-only documents can not be exported, only custom or cloned shared policies will be included in the export. |
The first example exports the application metadata in the repository into the applications.zip
file and saves it in the tmp
directory.
The second example exports the metadata of the applications whose names begin with SalesApp
and TradeApp
into the applications.zip
file and saves it in the tmp
directory.
The third example exports the metadata of the applications whose names begin with SalesApp
and TradeApp
into the applications.zip
file and saves it in the tmp
directory. Additionally, shared resources are included in this export.
wls:/wls-domain/serverConfig> exportWSMAppMetadata("/tmp/applications.zip") wls:/wls-domain/serverConfig> exportWSMAppMetadata("/tmp/applications.zip",["/WLS/base_domain/SalesApp%","WLS/base_domain/TradeApp%"]) wls:/wls-domain/serverConfig> exportWSMAppMetadata("/tmp/applications.zip",["/WLS/base_domain/SalesApp%","WLS/base_domain/TradeApp%"], true)
Command Category: OWSM Repository Management
Use with WLST: Online
Exports a set of documents from the OWSM repository into a supported ZIP archive. If the specified archive already exists, the following options are presented:
The specified archive already exists. Update existing archive? Enter "yes" to merge documents into existing archive, "no" to overwrite, or "cancel" to cancel the operation.
You can also specify a list of the documents to be exported, or use a search expression to find specific documents in the repository.
Note:
Read only documents, such as predefined policies and assertion templates, will not be included in the export.exportWSMRepository(archive,[documents=None],[includeShared='false'])
Argument | Definition |
---|---|
archive |
Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive.
During override, the original archive is backed up and a message describes the location of the backup archive. |
documents=None |
Optional. The documents to be exported to the archive. If no documents are specified, then only shared documents that include policies and policy sets will be exported. If this argument is specified as an empty string [''] , then all shared documents that include policies and policy sets, application metadata and configuration documents will be exported. You can specify a list of documents to be exported, or use a search expression to find specific documents in the repository. |
includeShared='false' |
Optional. Specifies whether the shared documents (those that are specified as policy references within policy sets and wsm-assembly documents) should be included during export. Because read-only documents can not be exported, only custom or cloned shared policies will be included in the export. |
The following examples describe repository export sessions. The first example exports all OWSM documents to the policies.zip
archive.
wls:/wls-domain/serverConfig>exportWSMRepository("/tmp/policies.zip")
This example exports only the MyPolicySet1
, MyPolicySet2
, and MyPolicySet3
policy sets to the policies.jar
archive, and also expands all the policy references output during the export process.
wls:/wls-domain/serverConfig>exportWSMRepository("/tmp/policies.jar", ["/policysets/MyPolicySet1","/policysets/MyPolicySet2","/policysets/MyPolicySet3"], true)
This example exports policy sets using wildcards to the some_global_with_noreference_2
archive.
wls:/wls-domain/serverConfig>exportWSMRepository('./export/some_global_with_noreference_2', ['policysets:global/web_%','policysets:global/web_ref%', 'policysets:global/web_call%'], false)
Note:
This command has been deprecated. It is recommended that you use theimportWSMArchive
command, as described in "importWSMArchive". The following examples show how to migrate to use the importWSMArchive
command.
11g Release (for repository documents):
wls:/jrfServer_domain/serverConfig> importRepository ("/tmp/repo.zip")
12c Release (for repository documents):
wls:/jrfServer_domain/serverConfig> importWSMArchive ("/tmp/repo.zip")
Command Category: OWSM Repository Management
Use with WLST: Online
Imports a set of documents from a supported ZIP archive into the OWSM repository. You can use the map
argument to provide the location of a file that describes how to map physical information from the source environment to the target environment. For example, you can use the map file to ensure that the attachment expression in a policy set document is updated to match the target environment, such as Domain("foo")=Domain("bar")
.
Read only documents, such as predefined policies and assertion templates, will not be included in the import.
importRepository(archive,[map=None],[generateMapFile='false'])
Argument | Definition |
---|---|
archive |
Path to the archive file that contains the list of documents to be imported. If a document being imported is a duplicate of the current version that already exists in the repository, then it will not be imported and a new version of the document is not created |
map=None |
Optional. Location of a sample map file that describes how to map physical information from the source environment to the target environment. You can generate a new map file by setting the generateMapFile argument to true .
If you specify a map file without setting the |
generateMapFile=false |
Optional. Specify whether to create a sample map file at the location specified by the map argument. No documents are imported when this argument is set to true . The default is false .
After the map file is created you can edit it using any text editor. The map file contains the document names given in the archive file and their corresponding Note: When importing documents into the repository, OWSM validates the |
The following examples describe repository import sessions.
The first example imports the contents of the policies.zip
file into the repository.
wls:/wls-domain/serverConfig>importRepository("/tmp/policies.zip")
This example uses the generateMapFile
argument to generate a map file.
wls:/wls-domain/serverConfig>importRepository("./export/some_global_with_noreference_2', map="./export/some_global_with_noreference_2_map', generateMapFile=true)
Here is an example of a generated map file:
This is an auto generated override file containing the document names given in the archive file and their corresponding attachTo values. The attachTo value can be updated according to the new environment details. If there is no update required for any document name,that entry may be either deleted or commented using the character ("#") [Resource Scope Mappings ] sca_component_add_1=Composite("*Async*") sca_reference_add_1=Composite("*Basic_SOA_Client*") sca_reference_no=Server("*") sca_service_add_1=Composite("*Basic_SOA_service") web_callback_add_1=Application("*") web_client_add_1=Module("*") web_reference_add_1=Domain("*") web_service_add_1=Domain("*domain*") and Server("*soa*") and Application("*ADF*") ws_service_no_1=Server("*Admin*")
This example illustrates how to import documents using a generated map file: /some_global_with_noreference_2_map
.
wls:/wls-domain/serverConfig>importRepository('../export/export_all', 'export_all_map')
Command Category: OWSM Repository Management
Use with WLST: Online
Imports a set of documents from a supported ZIP archive into the OWSM repository. You can use the map
argument to provide the location of a file that describes how to map physical information from the source environment to the target environment. For example, you can use the map file to ensure that the attachment expression in a policy set document is updated to match the target environment, such as Domain("foo")=Domain("bar")
.
Read only documents, such as predefined policies and assertion templates, will not be included in the import.
importWSMArchive(archive,[map=None],[generateMapFile='false'])
Argument | Definition |
---|---|
archive |
Name of the archive file. |
map=None |
Optional. Location of a sample map file that describes how to map physical information from the source environment to the target environment. You can generate a new map file by setting the generateMapFile argument to true .
If you specify a map file without setting the |
generateMapFile=false |
Optional. Specify whether to create a sample map file at the location specified by the map argument. No documents are imported when this argument is set to true . The default is false .
After the file is created you can edit it using any text editor. The Note: When importing documents into the repository, OWSM validates the |
The following examples describe repository import sessions.
The first example imports the contents of the policies.zip
file into the repository.
wls:/wls-domain/serverConfig>importWSMArchive("/tmp/policies.zip")
This example uses the generateMapFile
argument to generate a map file.
wls:/wls-domain/serverConfig>importWSMArchive("./export/some_global_with_noreference_2', map="./export/some_global_with_noreference_2_map', generateMapFile=true)
Here is an example of a generated map file:
This is an auto generated override file containing the document names given in the archive file and their corresponding attachTo values. The attachTo value can be updated according to the new environment details. If there is no update required for any document name,that entry may be either deleted or commented using the character ("#") [Resource Scope Mappings ] sca_component_add_1=Composite("*Async*") sca_reference_add_1=Composite("*Basic_SOA_Client*") sca_reference_no=Server("*") sca_service_add_1=Composite("*Basic_SOA_service") web_callback_add_1=Application("*") web_client_add_1=Module("*") web_reference_add_1=Domain("*") web_service_add_1=Domain("*domain*") and Server("*soa*") and Application("*ADF*") ws_service_no_1=Server("*Admin*")
This example illustrates how to import documents using a generated map file: /some_global_with_noreference_2_map
.
wls:/wls-domain/serverConfig>importWSMArchive('../export/export_all', 'export_all_map')
Command Category: OWSM Repository Management
Use with WLST: Online
Migrates the custom roles and policies from the Plan.xml
file to the wsm-pm.ear
policy store. If the Plan.xml
file is not used to override default security, then this command will not migrate the wsm-pm.ear
policy store.
migrateWSMPMRoles(domain)
Arguments | Description |
---|---|
domain | Absolute path to the domain home where the wsm-pm application is configured. |
Command Category: OWSM Repository Management
Use with WLST: Online
Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. You can specify whether to force the migration, prompt for confirmation before each migration, or simply list the migrations that would occur. A direct policy attachment is identical if its URI is the same as one provided by a global policy attachment, and if it does not have any scoped configuration overrides.
Note:
A direct attachment with an unscoped override will be migrated but an attachment with a scoped override will not. This is because after running themigrateAttachments()
command, the enforcement of the policies on all subjects remains the same, even though some policies are globally attached.Whether forced or prompted, the command lists each direct policy attachment that is migrated. This output will identify the policy subject that was modified, the URI of the identical policy reference, and the name of the global policy attachment document that duplicated the direct attachment.
migrateWSMAttachments([mode='prompt'])
Argument | Definition |
---|---|
mode |
The action to be taken for each policy attachment that can be migrated. Valid options are:
If no mode is specified, this argument defaults to |
The following examples describe how to use the repository attachment migration modes.
wls:/wls-domain/serverConfig>migrateWSMAttachments() wls:/wls-domain/serverConfig>migrateWSMAttachments('force') wls:/wls-domain/serverConfig>migrateWSMAttachments('preview') wls:/wls-domain/serverConfig>migrateWSMAttachments('prompt')
Note:
This command has been deprecated. It is recommended that you use theresetWSMRepository
command, as described in "resetWSMRepository". The following examples show how to migrate to use the resetWSMRepository
command.
11g Release:
wls:/jrfServer_domain/serverConfig> resetWSMPolicyRepository()
12c Release:
wls:/jrfServer_domain/serverConfig> resetWSMRepository()
Command Category: OWSM Repository Management
Use with WLST: Online
Deletes the existing policies stored in the OWSM repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software. You can use the clearStore
argument to specify whether to delete all policies, including custom user policies, from the OWSM repository before loading the new predefined policies.
resetWSMPolicyRepository([clearStore='false'])
Argument | Definition |
---|---|
clearStore='false' |
Policies to be deleted. Valid values are:
|
The following example deletes all the policies in the repository, including user policies, and adds the predefined policies provided in the current product installation:
wls:/wls-domain/serverConfig>resetWSMPolicyRepository(true)
Note:
Use integer values0
(false
) or 1
(true
) to pass Boolean types on wsadmin
and ojbst
because the Python version used by these scripting tools may not support Boolean types.Command Category: OWSM Repository Management
Use with WLST: Online
Deletes the existing policies stored in the repository and refresh it with the current set of predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. You can use the clearStore
argument to specify whether to delete all policies, including custom user policies, from the repository before loading the new predefined policies.
resetWSMRepository([clearStore='false'])
Argument | Definition |
---|---|
clearStore='false' |
Policies to be deleted. Valid values are:
|
Note:
This command has been deprecated. It is recommended that you use theupgradeWSMRepository
command, as described in "upgradeWSMRepository". The following examples show how to migrate to use the upgradeWSMRepository
command.
11g Release:
wls:/jrfServer_domain/serverConfig> upgradeWSMPolicyRepository()
12c Release:
wls:/jrfServer_domain/serverConfig> upgradeWSMRepository()
Command Category: OWSM Repository Management
Use with WLST: Online
Upgrades the OWSM predefined policies stored in the OWSM repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. If the repository is empty, all of the predefined policies included in the installation are loaded into the repository.
This command does not remove any existing predefined and user-defined custom policies in the repository. If a predefined policy has been modified or discontinued in a subsequent release, one of the following occurs:
For policies that have been discontinued, a message is displayed listing the discontinued policies. In this case, Oracle recommends that you no longer reference the policies and remove them using Oracle Enterprise Manager.
For policies that have changed in the subsequent release, a message is displayed listing the changed policies. Oracle recommends that you import the latest version of the policies using Oracle Enterprise Manager.
Command Category: OWSM Repository Management
Use with WLST: Online
Upgrades the OWSM predefined policies stored in the repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. If the repository is empty, all of the predefined policies included in the installation are loaded into the repository.
This command does not remove any existing predefined and user-defined custom policies in the repository. If a predefined policy has been modified or discontinued in a subsequent release, one of the following occurs:
For policies that have been discontinued, a message is displayed listing the discontinued policies. In this case, Oracle recommends that you no longer reference the policies and remove them using Oracle Enterprise Manager.
For policies that have changed in the subsequent release, a message is displayed listing the changed policies. Oracle recommends that you import the latest version of the policies using Oracle Enterprise Manager.
Use the WLST commands listed in Table 3-12 to view and define trusted issuers, trusted distinguished name (DN) lists, and token attribute rules for trusted DNs.
When using WLST to create, modify, and delete token issuer trust documents, you must execute the commands in the context of a session. Each session applies to a single trust document only.
For additional information about using these commands, see "Configuring SAML Trusted Issuers, DN Lists, and Token Attribute Rules Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Note:
The commands in this section apply to Oracle Infrastructure Web Services only.To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage')
.
Table 3-12 Web Services Token Issuer Trust Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Create a new token issuer trust document using the name provided. |
Online |
|
Delete the entry for the issuer, including the DN list in it. |
Online |
|
Delete a token attribute rule associated with a trusted DN. |
Online |
|
Delete the token issuer trust document, specified by the name argument, from the repository. |
Online |
|
Display the names of the DN lists associated with a specified issuer. |
Online |
|
Export trusted issuers, associated DNs, and token attribute rules. |
Online |
|
Import trusted issuers, associated DNs, and token attribute rules. |
Online |
|
List the token issuer trust documents in the repository. |
Online |
|
Remove trusted issuers, associated DNs, and token attribute rules. |
Online |
|
Select the token issuer trust document, identified by the name argument, to be modified in the session. |
Online |
|
Specify a trusted token issuer with a DN list. |
Online |
|
Add, delete, or update token attribute rules for a given token signing certificate DN. |
Online |
|
Set the mapping to map value of an attribute for a trusted DN to local user attribute value and the mapped user attribute. |
Online |
|
Set or reset the display name of the Token Issuer Trust document currently selected in the session. |
Online |
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Within a session, creates a new token issuer trust document using the name provided.
You must start a session (beginWSMSession
) before creating or modifying any token issuer trust documents. If there is no current session or there is already an existing modification process, an error is displayed.
For more information on using this command, see "Configuring SAML Trusted Issuers, DN Lists, and Token Attribute Rules Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
createWSMTokenIssuerTrustDocument(name, displayName)
Arguments | Definition |
---|---|
name |
Name of the document to be created. An error is thrown if a name is not provided. |
displayName |
Optional. Display name for the document. |
In the following example, the trust document named tokenissuertrustWLSbase_domain
is created, with a display name of wls_domain Trust Document
. In the second example, no display name is provided.
wls:/wls-domain/serverConfig> createWSMTokenIssuerTrustDocument("tokenissuertrustWLSbase_domain","wls_domain Trust Document") wls:/wls-domain/serverConfig> createWSMTokenIssuerTrustDocument("tokenissuertrustWLSbase_domain")
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Within a session, deletes the list of all the trusted key identifiers matching the type (such as dns.hok
, dns.sv
, or dns.jwt
) for the issuer specified. This issuer must exist in the token issuer trust document selected in the session for modification. If no trusted key identifiers exist, then the issuer itself is deleted.
To delete a specified list of trusted key identifiers for an issuer, use selectWSMTokenIssuerTrustDocument.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
You cannot modify the default token issuer trust document.
deleteWSMTokenIssuerTrust(type, issuer)
Arguments | Definition |
---|---|
type |
Type of issuer to be deleted, such as dns.hok , dns.sv , or dns.jwt . |
issuer |
Name of the issuer whose trusted DN list will be deleted. |
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Delete a token attribute rule associated with a trusted DN from the token issuer trust document.
To delete only the list of filter values for an attribute, use the setWSMTokenIssuerTrustAttributeFilter command.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
deleteWSMTokenIssuerTrustAttributeRule(dn)
Arguments | Description |
---|---|
dn |
The DN of the token signing certificate that identifies the rule to be deleted. |
In the following example, the token attribute rule associated with the 'CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
trusted DN is deleted.
wls:/wls-domain/serverConfig> deleteWSMTokenIssuerTrustAttributeRule('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US')
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Deletes the token issuer trust document, specified by the name argument, from the repository. The default token issuer trust document cannot be deleted.
deleteWSMTokenIssuerTrustDocument (name)
Arguments | Definition |
---|---|
name |
Name of the token issuer trust document to be deleted. |
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Displays the list of all the trusted key identifiers matching the type specified, such as dns.hok
, dns.sv
, or dns.jwt
, and the issuer
name.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
displayWSMTokenIssuerTrust(type, issuer=None)
Arguments | Definition |
---|---|
type |
Type of the trusted key identifiers list to be displayed for the issuer. For example, dns.hok , dns.sv , or dns.jwt . |
issuer |
Optional. Name of the trusted issuer for which the trusted key identifiers list is to be displayed. If you do not specify an issuer name, all of the trusted issuers for the given type are listed. |
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Export the trust configuration (issuers, DNs, and token attribute rules) for all trusted issuers. The configuration will be exported to an XML file identified by the specified location. The configuration for the issuers specified in the exclude list will not be exported. If no argument is passed, trust configuration for all trusted issuers will be exported.
exportWSMTokenIssuerTrustMetadata(trustFile,excludeIssuers=None)
Arguments | Definition |
---|---|
trustFile |
Location of the file where the exported metadata will be stored. |
excludeIssuers |
Optional. The list of issuers for which trust metadata should not be exported. |
The following examples show the exportWSMTokenIssuerTrustMetadata command.
exportWSMTokenIssuerTrustMetadata(trustFile='/tmp/trustData.xml', excludeIssuers=['www.example.com','www.myissuer.com']) exportWSMTokenIssuerTrustMetadata('/tmp/trustData.xml',['www.example.com']) exportWSMTokenIssuerTrustMetadata(trustFile='/tmp/trustData.xml')
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Import the trust configuration (issuers, DNs, and token attribute rules) for all trusted issuers. The configuration will be imported from the specified XML file.
importWSMTokenIssuerTrustMetadata(trustFile)
Argument | Definition |
---|---|
trustFile |
Location of the file from where the configuration will be imported. |
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
When used without any arguments, this command lists all the token issuer trust documents in the repository. If the detail argument is set to true
, the display name and the status of the document are also displayed.
You can use the wildcard character (*) in combination with other characters. If no wildcard character is specified in the name argument, the document that matches the name argument exactly is displayed. If the detail
argument is set to true
, the contents of the document are listed.
This command can be executed inside and outside of a session.
listWSMTokenIssuerTrustDocuments(name=None, detail='false')
Arguments | Definition |
---|---|
name |
Optional. Name of the token issuer trust document. You can use wildcards with this argument. |
detail |
Optional. List the details for the requested document. The default is false . |
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Remove trusted issuers, associated DNs, and token attribute rules. The issuers specified in the exclude list will not be removed. If no argument is passed, then all trusted issuers and associated configuration will be removed.
revokeWSMTokenIssuerTrust(excludeIssuers=None)
Argument | Definition |
---|---|
excludeIssuers |
Optional list of issuers for which the trust configuration should not be removed. |
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Selects the token issuer trust document, identified by the name argument, to be modified in the session. The name must match the value of the name attribute in the document.
You must start a session (beginWSMSession
) before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
You cannot modify the default token issuer trust document.
selectWSMTokenIssuerTrustDocument(name)
Argument | Definition |
---|---|
name |
Name of the document to modified in the session. An error is thrown if a name is not provided. |
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Specify a trusted token issuer with a DN list. This command behaves as follows:
If the trusted issuer already exists for the type specified, and you provide a list of DNs or aliases for the trustedKeys
argument, the previous list is replaced with the new list. If you enter an empty set ([]
) for the trustedDNs
argument, then the list of DN values are deleted for the issuer.
If the trusted issuer does not exist for the type specified and you specify a value for the trustedKeys
argument, the issuer is created with the associated DN list. If you do not set the trustedKeys
argument, a new issuer is created with an empty DN list.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
You cannot modify the default token issuer trust document.
setWSMTokenIssuerTrust(type, issuer, [trustedKeys]=None)
Argument | Definition |
---|---|
type |
The type of the tokens issued by the issuer and how the issuer signing the certificates is identified with trusted keys. The following types are supported:
|
issuer |
The name of the trusted issuer, for example www.example.com . |
trustedKeys |
Optional. List of trusted key identifiers values to set for the specified issuer. |
In the following example, www.yourcompany.com
is set as a trusted issuer and a DN list is not specified:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrust('dns.sv', 'www,yourcompany.com', [])
In the following example, the name 'CN=orcladmin, OU=Doc, O=Oracle, C=US'
in added to the dns.sv
DN list for the www.example.com
trusted issuer.
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrust('dns.sv', 'www.example.com', [['CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US', 'CN=orcladmin, OU=Doc, O=Oracle, C=US'])
In the following example, the list of DN values in the dns.sv
DN list is removed from the www.example.com
trusted issuer:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrust('dns.sv', 'www.example.com', [])
In the following example, the alias orakey
is specified as the X509 certificate alias for the SAML SV token type for the www.example.com
trusted issuer:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrust('dn.alias.sv', 'www.example.com', ['orakey'])
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Adds, deletes, or updates token attribute rules for a given token signing certificate DN.
Each rule has two parts: a name ID and an attributes part for user attributes that a DN for a signing certificate can assert. The name ID and the attribute can contain a filter with multiple value patterns.
This command behaves as follows:
If the attribute specified by the attr-name
argument already exists with a list of filter values and you provide a new list of values for the filters
argument, the previous list is replaced with the new list. If you enter an empty set ([]
) for the filters
argument, then the existing list of filter values is deleted.
If the attribute specified by the attr-name
argument does not exist and you specify a list of values for the filters
argument, the attribute is created and added to the document with the specified filter values. If you do not provide a value for the filters argument, an error is thrown.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
Note:
You must first use thesetWSMTokenIssuerTrust
command to configure a list of trusted DN names for an issuer.setWSMTokenIssuerTrustAttributeFilter(dn, attr-name, filters)
Argument | Definition |
---|---|
dn |
The DN of the token signing certificate. |
attr-name |
The name of the attribute to assert. The value can be as follows:
|
filters |
Optional. List of filters for the attribute. The list has the format ['value1 ', 'value2 ', 'value3 , ... . Each value can be an exact name or a name pattern with a wildcard character "* ".
When |
In the following example, the name ID yourTrustedUser
is set as a trusted user for the weblogic
trusted DN:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrustAttributeFilter('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US','name-id', ['yourTrustedUser'])
In the following example, the name IDs jdoe
is added to the list of trusted users for the weblogic
trusted DN:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrustAttributeFilter('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US','name-id', ['yourTrustedUser', 'jdoe'])
In the following example, the list of trusted users for the weblogic
trusted DN is removed:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrustAttributeFilter('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US', 'name-id', [])
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
For any DN in the trusted DN list of a trusted token issuer, this command sets the mapping for the attribute (for example, name-id
) as specified by the attrName
argument. The user attribute argument is optional, and it indicates the local user attribute it corresponds to. The user mapping attribute is also optional and indicates the user attribute to be used in the system to authenticate the users.
setWSMTokenIssuerTrustAttributeMapping(dn,attrName,userAttribute=None, userMappingAttribute=None)
Arguments | Definition |
---|---|
dn |
DN as the identifier of the token attribute rule where modifications would be done. |
attrName |
Name of the user attribute for which the mapping will be applied. |
userAttribute |
Optional name of the local user attribute the value of the attribute corresponds to. |
userMappingAttribute |
Optional name of the local user attribute to map to. |
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Sets or resets the display name of the Token Issuer Trust document currently selected in the session.
You must start a session (beginWSMSession
) before creating or modifying any token issuer trust documents. If there is no current session or there is already an existing modification process, an error is displayed.
setWSMTokenIssuerTrustDisplayName("displayName")
Arguments | Definition |
---|---|
displayName |
Name to be set as a display name for the document currently selected for modification in the session. |
As described in "WS-SecureConversation Architecture", OWSM maintains the client and server secure conversation session information based on a computed Session ID. OWSM (via an internal session mechanism) computes the Session ID at runtime for each message, and associates one or more requests to a session.
Session management commands provide a way for you to release resources on the server when you know that a given client no longer requires the session.
A session is re-used for all requests coming from the same client. In the event a session has been removed manually, a new session is created. If a session is not released manually, it is released the next time that the server hosting the JVM is restarted.
Use the WLST commands listed in Table 3-13 to administer sessions.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Table 3-13 Secure Conversation Session Management Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Display details about the specified active session. |
Online |
|
List sessions that are currently active for the Session Manager. |
Online |
|
List sessions that are active for the Session Manager for a specified key-value pair. |
Online |
|
Remove an active session to clear the sessions in a store. |
Online |
Command Category: Secure Conversation Session Management
Use with WLST: Online
Gets the specified Session object. sessionName
is returned by listWebServiceSessionNames()
.
The returned session names are appropriate for use as the name parameter in subsequent calls to getWebServiceSessionInfo(String)
and removeWebServiceSession(String)
commands.
All of the WebLogic Server instances within a domain must be running in order for this command to succeed. The scope of the session is the current Persistence provider.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
getWebServiceSessionInfo ("sessionName")
Arguments | Definition |
---|---|
sessionName |
Name of the active session for which information is displayed. sessionName is returned by listWebServiceSessionNames() . |
In the following example, information about the session named 215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b
is returned.
wls:/base_domain/serverConfig>
getWebServiceSessionInfo('215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b')
Name: 215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b
Creation time: Mon Nov 04 17:47:39 PST 2013
Last update time: Mon Nov 04 17:47:42 PST 2013
Expiration time: Mon Nov 04 18:17:41 PST 2013
Key info: [oracle.wsm.security.secconv.util.property.SCT, 0x0000014225F1A1260AE4F30351FD1544DC10ED14201988C8CFEDFDBE8E0E4B09]
Command Category: Secure Conversation Session Management
Use with WLST: Online
Lists the names of all active sessions visible within the domain for the current Persistence provider. The returned list is a snapshot of the visible session instances and is subject to change.
The returned names are appropriate for use as the name parameter in subsequent calls to getWebServiceSessionInfo()
and removeWebServiceSession()
commands.
All of the WebLogic Server instances within a domain must be running in order for this command to succeed. The scope of the session is the current Persistence provider.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Command Category: Secure Conversation Session Management
Use with WLST: Online
Lists the names of all sessions that have the name keyName
and the value keyValue
. keyName
and keyValue
are returned by getWebServiceSessionInfo()
.
The returned session names are appropriate for use as the name parameter in subsequent calls to getWebServiceSessionInfo(String)
and removeWebServiceSession(String)
commands.
All of the WebLogic Server instances within a domain must be running in order for this command to succeed. The scope of the session is the current Persistence provider.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
listWebServiceSessionNamesForKey ("keyName", "keyValue")
Arguments | Definition |
---|---|
keyName |
A string that specifies the key name for which to list the session names. keyName is returned by getWebServiceSessionInfo() . |
keyValue |
A string that specifies the key value for which to list the session names. keyValue is returned by getWebServiceSessionInfo() . |
In the following example, there is one active session for the key name oracle.wsm.security.secconv.util.property.SCT
that has a value of 0x0000014225F1A1260AE4F30351FD1544DC10ED14201988C8CFEDFDBE8E0E4B09
.
wls:/base_domain/serverConfig> listWebServiceSessionNamesForKey('oracle.wsm.security.secconv.util.property.SCT', '0x0000014225F1A1260AE4F30351FD1544DC10ED14201988C8CFEDFDBE8E0E4B09') 215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b
Command Category: Secure Conversation Session Management
Use with WLST: Online
Remove a Session object by giving its name. sessionName
is returned by listWebServiceSessionNames()
.
All of the WebLogic Server instances within a domain must be running in order for this command to succeed. The scope of the session is the current Persistence provider.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
removeWebServiceSession ("sessionName")
Arguments | Definition |
---|---|
sessionName |
Name of the active session to remove. sessionName is returned by listWebServiceSessionNames() . |
Use the WLST commands listed in Table 3-14 to view and manage JKS keystore credentials and certificates.
Note:
The commands in this section apply to Oracle Infrastructure Web Services only.To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage')
.
You must use the OPSS keystore commands if the keystore is KSS. You can view the relevant commands using following command syntax:
svc = getOpssService(name='KeyStoreService')
svc.help()
Table 3-14 JKS Keystore Configuration Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Delete a single |
Online |
|
Delete all |
Online |
|
Displays the string representing the contents of a user's certificate if the alias specifies a |
Online |
|
Export a trusted certificate or a certificate chain associated with a private key, indicated by a specified alias, to a specified location. |
Online |
|
Import a trusted certificate or a certificate chain associated with a private key, indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location. |
Online |
|
List all the aliases in the keystore. |
Online |
Note:
This command applies to Oracle Infrastructure Web services only.Command Category: JKS Keystore Management
Use with WLST: Online
Delete a single KeyStore.TrustedCertificateEntry
entry from the keystore. You cannot delete the keyStore.PrivateKeyEntry
.
deleteWSMKeyStoreEntry(alias)
Arguments | Description |
---|---|
alias |
Alias of the certificate to be deleted. |
Note:
This command applies to Oracle Infrastructure Web services only.Command Category: JKS Keystore Management
Use with WLST: Online
Delete all KeyStore.TrustedCertificateEntry
entries from the keystore except those identified by the aliases in the exclusion list. If no argument is passed then all the KeyStore.TrustedCertificateEntry
entries will be deleted.
deleteWSMKeyStoreEntries(exclusionList=None)
Arguments | Description |
---|---|
exclusionList |
Optional. List of aliases for the certificate that should not be deleted. |
In this example, all key store entries are deleted from the keystore, except for the testalias
and testalias2
aliases, which are specified on the exclusion list:
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries(['testalias', 'testalias2']) Starting Operation deleteWSMKeyStoreEntries ... Certificate(s) deleted successfully.
In this example, all key store entries are deleted from the keystore:
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries()
Displays the string representing the contents of a user's certificate if the alias specifies a KeyStore.TrustedCertificateEntry
. Displays the certificates in the chain if the alias points to a certificate chain specified by a KeyStore.PrivateKeyEntry
.
Note:
This command applies to Oracle Infrastructure Web services only.Command Category: JKS Keystore Management
Use with WLST: Online
displayWSMCertificate(alias)
Arguments | Description |
---|---|
alias |
Alias of the certificate/certificate chain to be displayed. |
In this example, the contents of the orakey
trusted certificate is displayed.
wls:/base_domain/serverConfig>displayWSMCertificate('orakey') Starting Operation displayWSMCertificate ... [ Version: V3 Subject: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 101336654071087305620295721341875459581727184852017960998615641847764412775989 046768838406911494435712364431883104460420101263455337490958825568587912620074 497379158835791101805994438262634259467352941329678718608662643461089403600239 418798937444529854556507844518713085827283731161032187719240566731105687269 public exponent: 65537 Validity: [From: Tue Apr 07 15:04:45 PDT 2009, To: Thu Feb 14 14:04:45 PST 2019] Issuer: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US SerialNumber: [ 49dbcdfd] ] Algorithm: [SHA1withRSA] Signature: 0000: 69 29 71 5D 97 1C 28 07 F1 5E 6A AA 49 A7 F7 31 i)q]..(..^j.I..1 0010: F2 B6 91 91 A1 7E D3 F9 1A C6 58 38 85 00 BA 49 ..........X8...I 0020: 21 69 E0 06 8D 9F BF 7B C4 8C 83 95 69 4A 49 EB !i..........iJI. 0030: 70 D8 7E A9 75 0D 8C C5 7C 9B 14 AB 93 76 A9 35 p...u........v.5 0040: 56 21 71 77 8D 2A AB 1C CA 81 E0 15 36 4E 81 0A V!qw.*......6N.. 0050: 55 8F D4 5E 1C D0 BF 12 A3 44 8E 65 18 D9 4C E6 U..^.....D.e..L. 0060: 4C 5E 14 4A 7F DF CD 51 59 43 02 41 67 B0 EA 3E L^.J...QYC.Ag..> 0070: 58 F4 38 50 3B 2D A3 81 08 8A 84 4C 4B E0 8B 3E X.8P;-.....LK..>
Note:
This command applies to Oracle Infrastructure Web services only.Command Category: JKS Keystore Management
Use with WLST: Online
Export a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The certificate will be exported to the specified location.
If the type
argument is Certificate
:
If the alias
is pointing to KeyStore.TrustedCertificateEntry
, it will return the trusted certificate associated with the entry.
If the alias
is pointing to KeyStore.PrivateKeyEntry
, it will return the first certificate in the certificate chain.
If the alias
does not point to either KeyStore.TrustedCertificateEntry
or KeyStore.PrivateKeyEntry
, it will return an error message.
If the type
argument is PKCS7
:
If the alias
is pointing to a KeyStore.PrivateKeyEntry
, it will return the certificate chain associated with the entry in PKCS7 format.
If the alias
does not point to KeyStore.PrivateKeyEntry
, it will return an error message.
If the type
argument is set to an invalid value, an error message is returned.
exportWSMCertificate(alias, certFile, type)
Arguments | Description |
---|---|
alias |
Alias of the certificate to be exported. |
certFile |
Location of the file where the exported certificate will be stored. |
type |
Type of keystore entry to be exported. Valid values are:
|
In this example, the trusted certificate testalias
is identified by type as Certificate
and is exported to the specified certificate.cer
file:
wls:/base_domain/serverConfig> exportWSMCertificate('testalias','/tmp/certificate.cer','Certificate') Starting Operation exportWSMCertificate ... Certificate for alias "testalias" successfully exported.
In this example, the certificate chain testalias2
is identified by type as PKCS7
and is exported to the specified certificatechain.p7b
file:
wls:/base_domain/serverConfig> exportWSMCertificate('testalias2','/tmp/certificatechain.p7b','PKCS7')
Note:
This command applies to Oracle Infrastructure Web services only.Command Category: JKS Keystore Management
Use with WLST: Online
Import a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location.
importWSMCertificate(alias, certFile, type, password=None)
Arguments | Description |
---|---|
alias |
Alias of the certificate to be imported. |
certFile |
Location of the file from which the Base64 encoded certificate will be imported. |
type |
Type of keystore entry to be imported. Valid values are:
|
password |
Optional. Password associated with the private key. |
In this example, the trusted certificate testalias
is identified by type as Certificate
and is imported from the specifiedcertificate.cer
file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificate.cer','Certificate') Starting Operation importWSMCertificate ... Certificate for alias "testalias" successfully imported.
In this example, the password-protected certificate chain testalias
is identified by type as PKCS7
and is imported from the specified certificatechain.p7b
file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7',password='privatekeypassword')
In this example, the certificate chain testalias
is identified by type as PKCS7
and is imported from the specified certificatechain.p7b
file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7')