Policy sets enhance the security and manageability of an enterprise by providing a mechanism to globally attach one or more policies to a subject type. Using policy sets, an administrator can specify a default set of policies to be enforced even if none are directly attached. For detailed information about determining the type and scope of resources a policy set can be attached to, see "Defining the Type and Scope of Resources for Globally Attached Policies" in the Securing Web Services and Managing Policies with Oracle Web Services Manager.
All policy set creation, modification, or deletion commands must be performed in the context of a session. A session can only act on a single policy set.
Note:
To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage').
The policy set management commands listed in Table 3-9 have been deprecated in this release for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, Oracle recommends that you use the new WLST commands listed in Table 3-8 to manage OWSM policy sets in release 12c. These commands must be executed within the context of a session using the session commands described in Session Commands.
For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.
Use the WLST commands listed in Table 3-6 to manage globally available policy sets.
Table 3-8 Web Services Global Policy Set Management WLST Commands
| Use this command... | To... | Use with WLST... |
|---|---|---|
|
Within a session, clone a new policy set from an existing policy set. |
Online |
|
|
Create a new, empty policy set within a session. |
Online |
|
|
Delete all or selected policy sets from within the OWSM repository. |
Online |
|
|
Delete a specified policy set within a session. |
Online |
|
|
Display the configuration of a specified policy set. |
Online |
|
|
Enable or disable the current policy set within a session. |
Online |
|
|
Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. |
Online |
|
|
Specify a policy set for modification within a session. |
Online |
|
|
Specify a run-time constraint value for a policy set selected within a session. |
Online |
|
|
Configure override properties to a policy set. |
Online |
|
|
Specify a description for a policy set selected within a session. |
Online |
|
|
Set an expression that attaches a policy set to the specified resource scope. |
Online |
|
|
Unregister or remove the resource instance that describes a registered physical resource within a session. |
Online |
|
|
Validate an existing policy set. |
Online |
Table 3-9 list the WLST commands that are deprecated in this release for managing Oracle Infrastructure web service global policy sets.
Table 3-9 Deprecated WLST Commands for Global Policy Set Management
| Use this command... | To... | Use with WLST... |
|---|---|---|
|
Abort the current OWSM repository modification session, discarding any changes that were made to the repository during the session. |
Online |
|
|
Attach a policy set to the specified resource scope. |
Online |
|
|
Attach a policy to a policy set using the policy's URI. |
Online |
|
|
Begin a session to modify the OWSM repository. |
Online |
|
|
Clone a new policy set from an existing policy set. |
Online |
|
|
Write the contents of the current session to the OWSM repository. |
Online |
|
|
Create a new, empty policy set. |
Online |
|
|
Delete all or selected policy sets from within the OWSM repository. |
Online |
|
|
Delete a specified policy set. |
Online |
|
|
Describe the contents of the current session. |
Online |
|
|
Detach a policy from a policy set using the policy's URI. |
Online |
|
|
Display the configuration of a specified policy set. |
Online |
|
|
Enable or disable a policy set. |
Online |
|
|
Enable or disable a policy attachment for a policy set using the policy's URI. |
Online |
|
|
List the policy sets in the repository. |
Online |
|
|
Migrate direct policy attachments to global policy attachments if they are identical. |
Online |
|
|
Specify an existing policy set for modification in the current session. |
Online |
|
|
Specify a run-time constraint value for a policy set selected within a session. |
Online |
|
|
Specify a description for the policy set selected within a session. |
Online |
|
|
Add a configuration override to a policy reference in the current policy set. |
Online |
|
|
Validate an existing policy set in the repository or in a session. |
Online |
Note:
This command has been deprecated. It is recommended that you use the abortWSMSession command, as described in "abortWSMSession".
The following examples show how to migrate to use the abortWSMSession command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> abortRepositorySession()
12c Release (for both Repository and PolicySubject operations):
wls:/jrfServer_domain/serverConfig> abortWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Description
Aborts the current modification session, discarding any changes that were made to the repository during the session.
Syntax
abortRepositorySession()
Example
The following example aborts the current OWSM session.
wls:/wls-domain/serverConfig>abortRepositorySession()
Note:
This command has been deprecated. It is recommended that you use the setWSMPolicySetScope command, as described in "setWSMPolicySetScope".
The following examples show how to migrate to use the setWSMPolicySetScope command.
11g Release:
wls:/jrfServer_domain/serverConfig> attachPolicySet ('Domain("base_domain")')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicySetScope ('Domain("base_domain")')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, sets an expression that attaches a policy set to the specified resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
attachPolicySet(expression)
| Argument | Definition |
|---|---|
|
|
Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
Example
The following example attaches a policy set to the specified base_domain resource.
wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain")')
This example attaches a policy set to the specified base_domain and managed_server resources.
wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain") and Server("managed_server")')
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicy command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy command.
11g Release (for both Repository and PolicySubject operation on policy set):
wls:/jrfServer_domain/serverConfig> attachPolicySetPolicy ('oracle/wss_username_token_service_policy')
12c Release:
wls:/jrfServer_domain/serverConfig> attachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, attaches a policy, identified by the specified URI, to the current policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
attachPolicySetPolicy(uri)
| Argument | Definition |
|---|---|
|
|
URI specifying the policy to attach to the current policy set. For example, |
Example
The following example attaches the OWSM logging policy to the current policy set.
wls:/wls-domain/serverConfig>attachPolicySetPolicy('oracle/log_policy')
Note:
This command has been deprecated. It is recommended that you use the beginWSMSession command, as described in "beginWSMSession".
The following examples show how to migrate to use the beginWSMSession command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> beginRepositorySession()
12c Release (for both Repository and PolicySubject operations):
wls:/jrfServer_domain/serverConfig> beginWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Description
Begins a session to modify the OWSM Repository. A session can only act on a single policy subject, such as a policy set or a Fusion Middleware web service endpoint. An error will be displayed if there is already a current session.
Syntax
beginRepositorySession()
Example
The following example begins an OWSM Repository modification session.
wls:/wls-domain/serverConfig>beginRepositorySession()
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the cloneWSMPolicySet command, as described in "cloneWSMPolicySet". The following examples show how to migrate to use the cloneWSMPolicySet command.
11g Release:
wls:/jrfServer_domain/serverConfig> clonePolicySet ('myNewPolicySet', 'myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> cloneWSMPolicySet ('myNewPolicySet', 'myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, clones a new policy set from an existing policy set. When cloning an existing policy set, all values and attachments in the source policy set are copied into the new policy set, although you can supply a different expression identifying the resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
Syntax
clonePolicySet(name, source,[attachTo=None],[description=None],[enable='true'])
| Argument | Definition |
|---|---|
|
|
Name of the new policy set clone. |
|
|
Name of the source policy set that will be cloned. |
|
|
Optional. Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. If this argument is set to |
|
|
Optional. Description for the new policy set. If this argument is set to |
|
|
Optional. Specifies whether to enable or disable the policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Example
The first example creates a policy set by cloning the existing myPolicySet policy set to create a new mynewPolicySet. The second example also creates a policy set, but narrows the resource scope to policy subjects in the specified jaxwsejb30ws application in the domain.
wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet') wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet','Application("jaxwsejb30ws")')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, clones a new policy set from an existing policy set. When cloning an existing policy set, all values and attachments in the source policy set are copied into the new policy set, although you can supply a different expression identifying the resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
Syntax
cloneWSMPolicySet(name,source,[scope=None],[description=None],[enable='true'])
| Argument | Definition |
|---|---|
|
|
Name of the new policy set clone. |
|
|
Name of the source policy set that will be cloned. |
|
|
Optional. Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. If this argument is not specified, then the expression used in the source policy set to identify the scope of resources is retained. |
|
|
Optional. Description for the new policy set. If this argument is not specified, then the description used in the source policy set is retained. |
|
|
Optional. Specifies whether to enable or disable the policy set. If you omit this argument, the policy set is enabled.Valid options are:
If you omit this argument, the policy set is enabled. |
Examples
The first example creates a policy set by cloning the existing myPolicySet policy set to create a new mynewPolicySet. The second example also creates a policy set, but narrows the resource scope to policy subjects in the specified jaxwsejb30ws application in the domain.
wls:/wls-domain/serverConfig>cloneWSMPolicySet('myNewPolicySet','myPolicySet') wls:/wls-domain/serverConfig>cloneWSMPolicySet('myNewPolicySet','myPolicySet','Application("jaxwsejb30ws")')
Note:
This command has been deprecated. It is recommended that you use the commitWSMSession command, as described in "commitWSMSession".
The following examples show how to migrate to use the commitWSMSession command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> commitRepositorySession()
12c Release (for both Repository and PolicySubject operations):
wls:/jrfServer_domain/serverConfig> commitWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Description
Writes the contents of the current session to the OWSM Repository. Messages are displayed that describe what was committed. An error will be displayed if there is no current session.
Syntax
commitRepositorySession()
Example
The following example commits the current repository modification session.
wls:/wls-domain/serverConfig>commitRepositorySession()
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the createWSMPolicySet command, as described in "createWSMPolicySet". The following examples show how to migrate to use the createWSMPolicySet command.
11g Release:
wls:/jrfServer_domain/serverConfig> createPolicySet('myPolicySet', 'ws-service', 'Domain("base_domain")')
12c Release:
wls:/jrfServer_domain/serverConfig> createWSMPolicySet ('myPolicySet', 'ws-service', 'Domain("base_domain")')
Command Category: Policy Set Management
Use with WLST: Online
Description
Creates a new, empty policy set within a session. When creating a new policy set, you must specify the type of policy subject that the policy set will apply to, and a supported expression that defines a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
Syntax
createPolicySet(name,type,attachTo,[description=None],[enable='true'])
| Argument | Definition |
|---|---|
|
|
Name of the new, empty policy set. |
|
|
The type of policy subject to which the new policy set applies. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager. |
|
|
Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
|
|
Optional. Description of the new policy set. If no description is specified, then the description for a new policy set will be "Global policy attachments for |
|
|
Optional. Specifies whether to enable or disable the new policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Example
The first example creates a new policy set and specifies the resource scope to only ws-service types (Web Service Endpoint) in the base_domain domain. The second example creates a new policy set, but also narrows the resource scope to only sca-service types (SOA Service) in the soa_server1 server in the domain.
wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','ws-service','Domain("base_domain")')
wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','sca-service','Server("soa_server1")','My policySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, creates a new, empty policy set. When creating a new policy set, you must specify the type of policy subject that the policy set will apply to, and provide a supported expression that defines a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
Syntax
createWSMPolicySet(name,type,scope,[description=None],[enable='true'])
| Argument | Definition |
|---|---|
|
|
Name of the new, empty policy set. |
|
|
The type of policy subject that the new policy set applies to. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager. |
|
|
Optional. Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. If this argument is not specified, then the expression used in the source policy set to identify the scope of resources is retained. |
|
|
Optional. Description of the new policy set. If no description is specified, then the description for a new policy set will be "Global policy attachments for |
|
|
Optional. Specifies whether to enable or disable the new policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Examples
The following example creates a new policy set and specifies the resource scope to only ws-service types (Web Service Endpoint) in the base_domain domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','ws-service','Domain("base_domain")')
The following example creates a new policy set, but also narrows the resource scope to only sca-service types (SOA Service) in the soa_server1 server in the domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','sca-service','Server("soa_server1")','My policySet')
The following example creates a new policy set, narrowing the resource scope to only sca-rest-reference types (SOA RESTful references) in the base_domain domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','sca-rest-reference','Domain("base_domain")','My policySet')
The following example creates a new policy set, narrowing the resource scope to only sca-rest-reference types (OSB RESTful business services) in the base_domain domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','biz-rest-service','Domain("base_domain")','My policySet')
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the deleteWSMAllPolicySets command, as described in "deleteWSMAllPolicySets". The following examples show how to migrate to use the deleteWSMAllPolicySets command.
11g Release:
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets()
12c Release:
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets()
Command Category: Policy Set Management
Use with WLST: Online
Description
Deletes all or selected policy sets from within the OWSM repository. You can specify whether to force deletion of all the policy sets, or prompt to select individual policy sets for deletion. If deletion of any policy set fails then this operation throws an exception and no policy sets are deleted.
Syntax
deleteAllPolicySets([mode])
| Argument | Definition |
|---|---|
|
|
Optional. The action to be taken for performing policy set deletion. Valid options are:
If no mode is specified, this argument defaults to |
Examples
The following example automatically deletes all policy sets from the respository without prompting.
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets("force")
Starting Operation deleteAllPolicySets ...
All policy sets were deleted successfully from repository.
deleteAllPolicySets Operation Completed.
The following examples delete selected policy sets from the repository.
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets()
or
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets('prompt')
Starting Operation deleteAllPolicySets ...
Policy Set Name: create_policyset_6
Select "create_policyset_6" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_8
Select "create_policyset_8" for deletion (yes/no/cancel)? yes
Policy Set Name: create_policyset_21
Select "create_policyset_21" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_10
Select "create_policyset_10" for deletion (yes/no/cancel)? yes
All the selected policy sets were deleted successfully from repository.
deleteAllPolicySets Operation Completed.
Command Category: Policy Set Management
Use with WLST: Online
Description
Deletes all or selected policy sets within a session. You can specify whether to force deletion of all the policy sets, or prompt to select individual policy sets for deletion. If deletion of any policy set fails then this operation throws an exception and no policy sets are deleted.
Syntax
deleteWSMAllPolicySets([mode])
| Argument | Definition |
|---|---|
|
|
Optional. The action to be taken for performing policy set deletion. Valid options are:
If no mode is specified, this argument defaults to |
Examples
The following example automatically deletes all policy sets from the respository without prompting.
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets("force")
Starting Operation deleteWSMAllPolicySets ...
All policy sets were deleted successfully from repository.
deleteWSMAllPolicySets Operation Completed.
The following examples delete selected policy sets from the repository.
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets()
or
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets('prompt')
Starting Operation deleteWSMAllPolicySets ...
Policy Set Name: create_policyset_6
Select "create_policyset_6" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_8
Select "create_policyset_8" for deletion (yes/no/cancel)? yes
Policy Set Name: create_policyset_21
Select "create_policyset_21" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_10
Select "create_policyset_10" for deletion (yes/no/cancel)? yes
All the selected policy sets were deleted successfully from repository.
deleteWSMAllPolicySets Operation Completed.
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the deleteWSMPolicySet command, as described in "deleteWSMPolicySet". The following examples show how to migrate to use the deleteWSMPolicySet command.
11g Release:
wls:/jrfServer_domain/serverConfig> deletePolicySet('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> deleteWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Deletes a specified policy set within a session. If the session already contains a different policy set, an error will display. If the session already contains the named policy set, then a creation will be undone or a modification will be converted into a deletion.
Issuing this command outside of a session will result in an error.
Syntax
deletePolicySet(name)
| Argument | Definition |
|---|---|
|
|
Name of the policy set to be deleted. |
Example
The following example deletes a specified myPolicySet policy set.
wls:/wls-domain/serverConfig>deletePolicySet('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, deletes a specified policy set. If the session already contains a different policy set, an error will display. If the session already contains the named policy set, then a creation will be undone or a modification will be converted into a deletion.
Issuing this command outside of a session will result in an error.
Syntax
deleteWSMPolicySet(name)
| Argument | Definition |
|---|---|
|
|
Name of the policy set to be deleted. |
Examples
The following example deletes a specified myPolicySet policy set.
wls:/wls-domain/serverConfig>deleteWSMPolicySet('myPolicySet')
Note:
This command has been deprecated. It is recommended that you use the describeWSMSession command, as described in "describeWSMSession". The following examples show how to migrate to use the describeWSMSession command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> describeRepositorySession()
12c Release (for both Repository and Policy Subject operations):
wls:/jrfServer_domain/serverConfig> describeWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Description
Describes the contents of the current session. This will either indicate that the session is empty or list the name of the policy subject that is being updated, along with the type of update (create, modify, or delete). An error will be displayed if there is no current session.
Syntax
describeRepositorySession()
Example
The following example describes the current repository modification session.
wls:/wls-domain/serverConfig>describeRepositorySession()
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicy command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy command.
11g Release (for both Repository and Policy Subject operations on policy set):
wls:/jrfServer_domain/serverConfig> detachPolicySetPolicy ('oracle/wss_username_token_service_policy')
12c Release:
wls:/jrfServer_domain/serverConfig> detachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, detaches a policy, identified by a specified URI, from the current policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
detachPolicySetPolicy(uri)
| Argument | Definition |
|---|---|
|
|
URI specifying the policy to detach to the current policy set. For example, |
Example
The following example detaches the OWSM logging policy from the current policy set.
wls:/wls-domain/serverConfig> detachPolicySetPolicy('oracle/log_policy')
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the displayWSMPolicySet command, as described in "displayWSMPolicySet". The following examples show how to migrate to use the displayWSMPolicySet command.
11g Release:
wls:/jrfServer_domain/serverConfig> displayPolicySet('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> displayWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Displays the configuration of a specified policy set. If the policy set is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the policy set does not exist.
This command can be issued outside of a session.
Syntax
displayPolicySet([name])
| Argument | Definition |
|---|---|
|
|
Optional. Name of the policy set to be displayed. If a name is not specified, the configuration of the policy set, if any, in the current session is displayed or an error message is displayed. |
Example
The following example displays the configuration of the myPolicySet policy set.
wls:/wls-domain/serverConfig>displayPolicySet('myPolicySet')
Note:
This command applies to Oracle Infrastructure and RESTful Web services. It does not apply to Java EE Web services in this release.
Command Category: Respository
Use with WLST: Online
Description
Displays the configuration of a registered resource instance. If the resource instance is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the resource instance does not exist. This command can be issued outside of a session.
displayWSMResource(resourceName=None), (resourceName=Type)
| Argument | Definition |
|---|---|
|
|
The name of an existing resource instance. This is a combination of platform name, domain name, and logical name of resource, separated by a forward slash. If null, then the currently selected resource will be displayed. |
|
|
Specifies the type of resource. The value must be one of the following:
If the |
Examples
The following example displays the configuration of the application named myApplication in the base_cell domain on the IBM WebSphere application server.
wls:/wls-domain/serverConfig> displayWSMResource('/WAS/base_cell/myApplication')
The following example displays the configuration of the base_cell domain on the IBM WebSphere application server.
wls:/wls-domain/serverConfig> displayWSMResource('/WAS/base_cell','domain')
Since the resourceType argument is omitted, the following example displays...
displayWSMResource()
Command Category: Policy Set Management
Use with WLST: Online
Description
Displays the configuration of a specified policy set. If the policy set is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the policy set does not exist.
This command can be issued outside of a session.
Syntax
displayWSMPolicySet([name])
| Argument | Definition |
|---|---|
|
|
Optional. Name of the policy set to be displayed. If a name is not specified, the configuration of the policy set, if any, in the current session is displayed or an error message is displayed. |
Examples
The following example displays the configuration of the myPolicySet policy set.
wls:/wls-domain/serverConfig>displayWSMPolicySet('myPolicySet')
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicySet command, as described in "enableWSMPolicySet". The following examples show how to migrate to use the enableWSMPolicySet command.
11g Release:
wls:/jrfServer_domain/serverConfig> enablePolicySet(true)
12c Release:
wls:/jrfServer_domain/serverConfig> enableWSMPolicySet(true)
Command Category: Policy Set Management
Use with WLST: Online
Description
Enables or disables the current policy set within a session. If not specified, this command enables the policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
enablePolicySet([enable=True])
| Argument | Definition |
|---|---|
|
|
Optional. Specifies whether to enable or disable the policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Example
The following example enables the current policy set.
wls:/wls-domain/serverConfig>enablePolicySet(true)
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicySet command, as described in "enableWSMPolicySet". The following examples show how to migrate to use the enableWSMPolicySet command.
11g Release:
wls:/wls-domain/serverConfig>enablePolicySetPolicy('/oracle/log_policy',false)
12c Release:
wls:/wls-domain/serverConfig>enableWSMPolicy('/oracle/log_policy',false)
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, enables or disables the policy attachment, which is identified by the provided URI in the current policy set. If not specified, this command enables the policy set. An error displays if the identified policy is not currently attached to the policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
enablePolicySetPolicy(uri,[enable=true])
| Argument | Definition |
|---|---|
|
|
URI specifying the policy attachment within the policy set. |
|
|
Optional. Specifies whether to enable or disable the policy attachment specified by the URI in the policy set. Valid options are:
If you omit this argument, the policy set attachment is enabled. |
Example
The following example disables the specified logging policy attachment within the current policy set.
wls:/wls-domain/serverConfig>enablePolicySetPolicy('/oracle/log_policy',false)
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, enables or disables the current policy set. If the optional enable argument is not specified, this command enables the policy set by default.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
enableWSMPolicySet([enable=True])
| Argument | Definition |
|---|---|
|
|
Optional. Specifies whether to enable or disable the policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Examples
The following example enables the current policy set.
wls:/wls-domain/serverConfig>enableWSMPolicySet(true)
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the listWSMPolicySets command, as described in "listWSMPolicySets". The following examples show how to migrate to use the listWSMPolicySets command.
11g Release:
wls:/wls-domain/serverConfig>listPolicySets('ws-service')
12c Release:
wls:/wls-domain/serverConfig>listWSMPolicySets('ws-service')
Command Category: Policy Set Management
Use with WLST: Online
Description
Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. You can list all the policy sets or limit the display to include only those that apply to specific policy subject resource types.
Syntax
listPolicySets([type=None])
| Argument | Definition |
|---|---|
|
|
Optional. Specifies the type of policy subject for which the associated policy sets will be displayed. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager If this argument is set to |
Example
The first two examples list policy sets by either the ws-service or ws-client resource types. The third example lists all the policy sets stored in the repository.
wls:/wls-domain/serverConfig>listPolicySets('ws-service') wls:/wls-domain/serverConfig>listPolicySets('ws-client') wls:/wls-domain/serverConfig>listPolicySets()
Command Category: Policy Set Management
Use with WLST: Online
Description
Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. You can list all the policy sets or use the type argument to limit the display to include only those sets that apply to specific policy subject resource types.
Syntax
listWSMPolicySets([type=None])
| Argument | Definition |
|---|---|
|
|
Optional. Specifies the type of policy subject for which the associated policy sets will be displayed. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager. If this argument is set to |
Examples
The first two examples list policy sets by either the ws-service or ws-client resource types. Whereas, the third example lists all the policy sets stored in the repository.
wls:/wls-domain/serverConfig>listWSMPolicySets('ws-service') wls:/wls-domain/serverConfig>listWSMPolicySets('ws-client') wls:/wls-domain/serverConfig>listWSMPolicySets()
Note:
This command has been deprecated. It is recommended that you use the migrateWSMAttachments command, as described in "migrateWSMAttachments". The following examples show how to migrate to use the migrateWSMAttachments command.
11g Release:
wls:/jrfServer_domain/serverConfig> migrateAttachments()
12c Release:
wls:/jrfServer_domain/serverConfig> migrateWSMAttachments()
Command Category: Policy Set Management
Use with WLST: Online
Description
Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. You can specify whether to force the migration, prompt for confirmation before each migration, or simply list the migrations that would occur. A direct policy attachment is identical if its URI is the same as one provided by a global policy attachment, and if it does not have any scoped configuration overrides.
Note:
A direct attachment with an unscoped override will be migrated but an attachment with a scoped override will not. This is because after running the migrateAttachments() command, the enforcement of the policies on all subjects remains the same, even though some policies are globally attached.
Whether forced or prompted, the command lists each direct policy attachment that is migrated. This output will identify the policy subject that was modified, the URI of the identical policy reference, and the name of the global policy attachment document that duplicated the direct attachment.
Syntax
migrateAttachments([mode])
| Argument | Definition |
|---|---|
|
|
The action to be taken for each policy attachment that can be migrated. Valid options are:
If no mode is specified, this argument defaults to |
Example
The following examples describe how to use the repository attachment migration modes.
wls:/wls-domain/serverConfig>migrateAttachments() wls:/wls-domain/serverConfig>migrateAttachments('force') wls:/wls-domain/serverConfig>migrateAttachments('preview') wls:/wls-domain/serverConfig>migrateAttachments('prompt')
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the selectWSMPolicySet command, as described in "selectWSMPolicySet". The following examples show how to migrate to use the selectWSMPolicySet command.
11g Release:
wls:/jrfServer_domain/serverConfig> modifyPolicySet('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> selectWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Specifies a policy set for modification in the current session. The latest version of the named policy set will be loaded into the current session. If the session already contains a different policy set, then an error will be displayed; if the session already contains the named policy set, then no action will be taken. Subsequent attempts to modify the named policy set will show the current version in the session.
Issuing this command outside of a session will result in an error.
Syntax
modifyPolicySet(name)
| Argument | Definition |
|---|---|
|
|
Name of the policy set to be modified in the current session. |
Example
The following example opens the myPolicySet policy set for modification in the current session.
wls:/wls-domain/serverConfig>modifyPolicySet('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, specifies a policy set for modification. The latest version of the named policy set is loaded into the current session. If the session already contains a different policy set, then an error will be displayed; if the session already contains the named policy set, then no action will be taken. Subsequent attempts to modify the named policy set will show the current version in the session.
Issuing this command outside of a session will result in an error.
Syntax
selectWSMPolicySet(name)
| Argument | Description |
|---|---|
|
|
Name of the policy set to be modified in the current session. |
Examples
The following example selects a policy set in the current session named myPolicySet.
wls:/wls-domain/serverConfig> selectWSMPolicySet('myPolicySet')
Note:
This command has been deprecated. It is recommended that you use the setWSMPolicySetConstraint command, as described in "setWSMPolicySetConstraint". The following examples show how to migrate to use the setWSMPolicySetConstraint command.
11g Release:
wls:/jrfServer_domain/serverConfig> setPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
Command Category: Policy Set Management
Use with WLST: Online
Description
Specifies a run-time constraint value for a policy set selected within a session. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
For more information, see "Specifying Run-time Constraints in Policy Sets" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Syntax
setPolicySetConstraint(constraint)
| Argument | Definition |
|---|---|
|
|
Expression that specifies the run-time context to which the policy set applies. If not specified, the policy set applies to all run-time contexts. |
Example
The following example specifies that the policy set apply only to requests from external clients.
wls:/wls-domain/serverConfig> setPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
The following example specifies that the policy set apply only to requests from non-external clients.
wls:/wls-domain/serverConfig> setPolicySetConstraint('!HTTPHeader("VIRTUAL_HOST_TYPE","external")')
Note:
This command has been deprecated. It is recommended that you use the setWSMPolicySetDescription command, as described in "setWSMPolicySetDescription". The following examples show how to migrate to use the setWSMPolicySetDescription command.
11g Release:
wls:/jrfServer_domain/serverConfig> setPolicySetDescription ('Global policy set for web service endpoint.')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicySetDescription ('Global policy set for web service endpoint.')
Command Category: Policy Set Management
Use with WLST: Online
Description
Specifies a description for a policy set selected within a session.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
setPolicySetDescription(description)
| Argument | Definition |
|---|---|
|
|
Describes a policy set. |
Example
The following example creates a description for a policy set.
wls:/wls-domain/serverConfig>setPolicySetDescription('PolicySetDescription')
Note:
This command has been deprecated. It is recommended that you use the setWSMPolicyOverride command, as described in "setWSMPolicyOverride". The following examples show how to migrate to use the setWSMPolicyOverride command.
11g Release:
wls:/jrfServer_domain/serverConfig> setPolicySetPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
Command Category: Policy Set Management
Use with WLST: Online
Description
Adds a configuration override, described by a name, value pair, to an attached policy reference in the current policy set. The value argument is optional. If the value argument is omitted, the property specified by the name argument is removed from the policy reference in the policy set. If the property specified by the name argument already exists and a value argument is provided, the current value is overwritten by the new value specified with the value argument.
Issuing this command outside of a session containing a policy set that is being created or modified results in an error.
Syntax
setPolicySetPolicyOverride(uri,name,[value=None])
| Argument | Definition |
|---|---|
|
|
String representing the OWSM policy URI, for example, |
|
|
String representing the name of the override property. For example: |
|
|
Optional. String representing the value of the property. If this argument is not specified, the property specified by the |
Example
The following example specifies a configuration override for the reference.priority property for the oracle/wss10_saml_token_service_policy to a value of 1.
wls:/wls-domain/serverConfig> setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority','1')
The following example removes the property reference.priority from the oracle/wss10_saml_token_service_policy in the policy set.
wls:/wls-domain/serverConfig> setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, specifies a constraint value for a policy set selected within a session. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
For more information, see "Specifying Run-time Constraints in Policy Sets" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Syntax
setWSMPolicySetConstraint(constraint)
| Argument | Definition |
|---|---|
|
|
Expression that specifies the run-time context to which the policy set applies. If not specified, the policy set applies to all run-time contexts. |
Examples
The following example specifies that the policy set applies only to requests from external clients.
wls:/wls-domain/serverConfig> setWSMPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
The following example specifies that the policy set applies only to requests from non-external clients.
wls:/wls-domain/serverConfig> setWSMPolicySetConstraint('!HTTPHeader("VIRTUAL_HOST_TYPE","external")')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, specifies a description for a policy set. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
setWSMPolicySetDescription(description)
| Argument | Definition |
|---|---|
|
|
Describes a policy set. |
Examples
The following example creates a description for a policy set.
wls:/wls-domain/serverConfig>setWSWPolicySetDescription('PolicySetDescription')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, adds a configuration override, described by a name-value pair, to the currently selected policy set. The override is unscoped to any specific policy reference. The value argument is optional. If the value argument is omitted, a null is assumed for value, and the property specified by the name argument is removed from the policy set. If the property specified by the name argument already exists and a value argument is provided, the current value is overwritten by the new value.
You must start a session and select the policy set (using the selectWSMPolicySet command), before initiating the command. Issuing this command outside of a session containing a policy subject that is being created or modified results in an error.
Syntax
setWSMPolicySetOverride(name,[value=None])
| Argument | Description |
|---|---|
|
|
String representing the name of the override property. For example: |
|
|
Optional. String representing the value of the property. If this argument is not specified, a null is assumed and the property specified by the |
Examples
The following example specifies a configuration override for the on.behalf.of property for the policy set selected in the session to a value of true.
wls:/wls-domain/serverConfig> setWSMPolicySetOverride('on.behalf.of','true')
The following example removes the property on.behalf.of from the policy set.
wls:/wls-domain/serverConfig> setWSMPolicySetOverride('on.behalf.of')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, sets an expression that attaches a policy set to the specified resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
setWSMPolicySetScope(expression)
| Argument | Definition |
|---|---|
|
|
Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
Examples
The following example attaches a policy set to the specified base_domain resource.
wls:/wls-domain/serverConfig>setWSMPolicySetScope('Domain("base_domain")')
This example attaches a policy set to the specified base_domain and managed_server resources.
wls:/wls-domain/serverConfig>setWSMPolicySetScope('Domain("base_domain") and Server("managed_server")')
Command Category: Repository
Use with WLST: Online
Description
Within a session, unregisters or removes the resource instance that describes a physical resource, such as an application server, or unregister a sub-resource existing within a resource instance. The sub-resource holds the information about the client and service ports of a resource. Issuing this command outside of a session will result in an error.
Syntax
unregisterWSMResource(resource, [assembly=None], [subject=None])
| Arguments | Description |
|---|---|
|
resource |
Name of existing resource instance. This is a combination of platform name, domain name, and logical name, separated by a forward slash. |
|
assembly |
Name of assembly used to identify a sub-resource within a resource instance. This is the combination of module type and module name, separated by a hash character. |
|
subject |
Name of the subject identifying the sub-resource. This is a combination of sub-resource type; that is, either "server" or "client" and service, or reference name and port name, separated by a hash character. |
Examples
The following example unregisters the myApplication in the base_domain on the IBM WebSphere application server.
wls:/jrfServer_domain/serverConfig> unregisterWSMResource ('/WAS/base_cell/myApplication')
The following example registers the IBM WebSphere platform domain WAS/base_cell.
wls:/jrfServer_domain/serverConfig> registerWSMResource ('WAS/base_cell')
The following example unregisters the base_domain on the IBM WebSphere application server.
wls:/jrfServer_domain/serverConfig> unregisterWSMResource (‘/WAS/base_cell')
The following example unregisters the StockQuoteServicePort endpoint that resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.
wls:/jrfServer_domain/serverConfig> unregisterWSMResource (‘/WAS/base_cell/myApplication', ‘web# myModule', ‘service(StockQuoteService# StockQuoteServicePort)')
Note:
This command has been deprecated. It is recommended that you use the validateWSMPolicySet command, as described in "validateWSMPolicySet". The following examples show how to migrate to use the validateWSMPolicySet command.
11g Release:
wls:/jrfServer_domain/serverConfig> validatePolicySet ('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> validateWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Validates an existing policy set. If a policy set name is provided, the command will validate the specified policy set. If no policy set name is specified, the command will validate the policy set in the current session.
An error message displays if the policy set does not exist, or a name is not provided and the session is not active, or if the OWSM repository does not contain a suitable policy set.
Syntax
validatePolicySet([name=None])
| Argument | Definition |
|---|---|
|
|
Optional. Name of the policy set to validate. If a name is not provided then the command will validate the policy set being created or modified in the current session. |
Example
The first example validates the policy set in the current session. The second example validates the specified myPolicySet policy set.
wls:/wls-domain/serverConfig>validatePolicySet() wls:/wls-domain/serverConfig>validatePolicySet('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, validates an existing policy set. If a policy set name is provided, the specified policy set is validated. If no policy set name is specified, the policy set in the current session is validated.
If the policy set does not exist, if a name is not provided and the session is not active, or if the repository does not contain a suitable policy set, an error message is displayed.
Syntax
validateWSMPolicySet([name=None])
| Argument | Definition |
|---|---|
|
|
Optional. Name of the policy set to validate. If a name is not provided then the command will validate the policy set being created or modified in the current session. |
Examples
The first example validates the policy set in the current session. The second example validates the specified myPolicySet policy set.
wls:/wls-domain/serverConfig> validateWSMPolicySet() wls:/wls-domain/serverConfig> validateWSMPolicySet('myPolicySet')