Use the WLST commands listed in Table 3-3 to view and manage web service and web service client policy subjects. For more information about policy subjects, see "Understanding Policy Subjects" in Understanding Oracle Web Services Manager.
Note:
For Java EE web services, no information is displayed. For information about viewing and modifying Java EE web service policy attachments, see Table 3-7.
Table 3-3 Policy Subject WLST Commands
| Use this command... | To... | Use with WLST... |
|---|---|---|
|
Display the configuration of effective policy set corresponding to a policy subject. |
Online |
|
|
List the policy subjects that match the specified application, assembly, and subject patterns. |
Online |
|
|
Displays the configuration of an effective policy set corresponding to a policy subject. The display will also include any changes made within the current session when it generates the effective policy set. |
Online |
|
|
List the resources that have been registered in the repository. |
Online |
|
|
Register or create a new resource instance that describes a physical resource within a session. |
Online |
|
|
Select the subject uniquely identified by application, assembly and subject for modification. |
Online |
|
|
Select the subject uniquely identified by resource, assembly and subject for modification in a third-party application environment. |
Online |
Command Category: Policy Subject
Use with WLST: Online
Note:
This command is valid for Oracle Infrastructure web service and clients only. For Java EE web services, no information is displayed. For information about viewing and modifying Java EE web service policy attachments, see Table 3-7.
Description
Displays the configuration of the actual runtime policy set and global policy attachment information used at the time of policy enforcement. This policy set and global policy attachment information is stored within the policy subject.
You must start a session and select the policy subject (using selectWSMPolicySubject) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.
Compare this command with the "displayWSMPolicySet" command, which displays only the selected global policy set or the selected local policy set, or with the "previewWSMEffectivePolicySet", which displays the effective policy set, including changes made to the actual runtime policy set, within the current session.
Syntax
displayWSMEffectivePolicySet()
Examples
The following example for an Oracle Infrastructure web service lists that the policies, oracle/wss_username_token_service_policy and oracle/log_policy, are in effect at the time of enforcement.
wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('/weblogic/jrfServer_domain/jaxws-sut','#jaxws-sut-service','WS-SERVICE({http://service.jaxws.wsm.oracle/}TestService#TestPort)')
The policy subject is selected for modification.
wls:/jrfServer_domain/serverConfig> displayWSMEffectivePolicySet()
URI="oracle/http_basic_auth_over_ssl_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
The policy subject is secure in this context.
Command Category: Policy Subject
Use with WLST: Online
Description
Lists the policy subjects that match the specified application, assembly, and subject patterns. You can use the optional detail argument to include effective policy set information in the output. The command does not require starting a session.
For more information about the pattern used to identify a subject, see Identifying the Policy Subject.
Syntax
listWSMPolicySubjects([application=None],[assembly=None],[subject=None],[detail='false'])
| Argument | Definition |
|---|---|
|
|
Optional. Pattern identifying applications. |
|
|
Optional. Pattern identifying assemblies. |
|
|
Optional. Pattern identifying subjects. |
|
|
Optional. Specifies whether to include effective policy set information in the output. The default value is For each directly attached policy, the |
To simplify searching for a particular subject, the application, assembly, or subject argument can specify a pattern containing the wildcard character (*). In this case, all the subjects matching that pattern will be listed.
Examples
The following invocation of the listWSMPolicySubjects command with detail='true' returns the application, assembly, and subject information for all subjects being managed in the entire domain
Note that the local.policy.reference.source configuration property is provided for the directly attached policy identifying its source as LOCAL_ATTACHMENT, indicating that it was attached using either Fusion Middleware Control or WLST. For more information about the local.policy.reference.source configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
wls:/base_domain/serverConfig> listWSMPolicySubjects(detail='true')
Application: /weblogic/base_domain/jaxwsejb30ws
Assembly: #jaxwsejb
Subject: WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
Context : no constraint
URI="oracle/wss_username_token_service_policy", category=security,
policy-status=enabled; source=global policy set "username", scope="DOMAIN('*')"; reference-status=enabled; effective=true
URI="oracle/mex_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/mtom_encode_fault_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/max_request_size_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
Property name="max.request.size", value="-1"
URI="oracle/request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/soap_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/ws_logging_level_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="logging.level", value=""
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/test_page_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/wsdl_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
The policy subject is secure in this context.
...
Invoking the listWSMPolicySubjects command with ('jax*') as the argument returns all subjects in applications that begin with jax; in our example, all subjects belonging to the jaxwsejb30ws application:
wls:/base_domain/serverConfig> listWSMPolicySubjects('jax*')
Application: /weblogic/base_domain/jaxwsejb30ws
Assembly: #jaxwsejb
Subject: WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
Subject: WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
Subject: WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
The following command returns all RESTful resource subjects in all applications. If there are no RESTful resources in an application, the following message is returned: Subject: No matching subject found for "REST*"
wls:/base_domain/serverConfig> listWSMPolicySubjects(subject='REST*')
Application: /weblogic/base_domain/jaxrs_pack1
Assembly: #jaxrs_pack1.war
Subject: REST-Resource(Jersey)
Application: /weblogic/base_domain/jaxwsejb30ws
Assembly: #jaxwsejb
Subject: No matching subject found for "REST*".
Application: /weblogic/base_domain/soa-infra
Assembly: #integration/services/RuntimeConfigService
Subject: REST-Resource(oracle.bpm.rest.webapp.BPMApplication)
Command Category: Repository
Use with WLST: Online
Description
Lists the resources that have been registered in the repository. This command also displays the resource that is being created, modified, or deleted within the current session. You can list all the resources or limit the display using the optional arguments.
Syntax
listWSMResources([resourceType=None],[resourceName=None],[platFormType=None],[domainName=None])
| Argument | Definition |
|---|---|
|
|
Optional. Specifies the type of resource. If no value is specified, then all the resource instances stored in the repository will be listed. |
|
|
Optional. Name of the resource. The value can be omitted to list all the resources or it can also use wildcards to limit resource matching. |
|
|
Optional. The type of platform the resource resides in. The value can be one of the following to limit resource matching, or it can be omitted to list resources residing in all platform types:
|
|
|
Optional. Name of the management domain (that is, the cell in the WebSphere platform) that the resource resides in. The value can be omitted to list all the resources or it can use wildcards to limit resource matching. |
Any of the values listed in the preceding table can contain following wildcard characters to allow for multiple matches.
| Character | Description |
|---|---|
|
|
The percent character can be used in a value to match any number of characters. |
|
|
The underscore character can be used in a value to match a single character. |
|
|
The back-slash character can be used in a value to escape a wildcard character. |
Following are examples of the listWSMResources command that use wildcards:
listWSMResources('application','%App%','was','myDomain')
listWSMResources('platform','my_%')
listWSMResources()
Examples
The following example will return the application resources that contain the string App that are on a WebSphere application server in the domain myDomain.
listWSMResources('application','%App%','was','myDomain')
Command Category: Policy Subject
Use with WLST: Online
Description
Displays the configuration of the effective policy set corresponding to the policy subject. The display will also include any changes made within current session when it generates the effective policy set.
You must start a session and select the policy subject (using selectWSMPolicySubject) before initiating the command. An error will display if no policy subject is selected.
See also "displayWSMEffectivePolicySet", which displays the actual policy set used at the time of enforcement, but does not display any changes made to the policy set during the current session.
Syntax
previewWSMEffectivePolicySet()
Examples
wls:/wls-domain/serverConfig>previewWSMEffectivePolicySet()
Command Category: Repository
Use with WLST: Online
Description
Within a session, registers or creates a new resource instance that describes a physical resource, such as an application server, or register a sub-resource within the created resource instance. The resource instance will be used to store information describing the logical structure of the resource. The sub-resource will hold information about the client and service ports of a resource instance. Issuing this command outside of a session will result in an error.
Syntax
registerWSMResource(resource, [assembly=None], [subject=None])
| Argument | Description |
|---|---|
|
resource |
Name of existing resource instance. This is a combination of platform name, domain name, and logical name, separated by a forward slash. |
|
assembly |
Name of assembly used to identify a sub-resource within a resource instance. This is the combination of module type and module name, separated by a hash character. |
|
subject |
Name of the subject identifying the sub-resource. This is a combination of sub-resource type; that is, either "server" or "client" and service, or reference name and port name, separated by a hash character. |
Examples
The following example registers the IBM WebSphere platform application WAS/base_cell/myApplication.
wls:/jrfServer_domain/serverConfig> registerWSMResource (‘WAS/base_cell/myApplication')
The following example registers the IBM WebSphere platform domain WAS/base_cell.
wls:/jrfServer_domain/serverConfig> registerWSMResource ('WAS/base_cell')
The following example registers the StockQuoteServicePort endpoint that resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.
wls:/jrfServer_domain/serverConfig> registerWSMResource (‘/WAS/base_cell/myApplication', ‘web# myModule', ‘service(StockQuoteService# StockQuoteServicePort)')
Command Category: Policy Subject
Use with WLST: Online
Description
Within a session, selects a policy subject for modification. You uniquely specify a policy subject by the application, assembly, and policy subject name. Once selected, the policy management commands can be used to modify the directly attached policy set for the policy subject.
You must start a session (beginWSMSession) before performing any policy management edits or policy set transactions. You must also select the policy subject that you want to modify before issuing policy management commands. If there is no current session or there is already an existing modification process, an error is displayed.
For more information on using this command, see "Identifying the Policy Subject" and "Identifying and Selecting the Policy Subject Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Syntax
selectWSMPolicySubject([application=None],[assembly=None],[subject=None])
| Argument | Description |
|---|---|
|
application |
Name of the application. |
|
assembly |
Name of the assembly. Uniquely identifies the module within an application. |
|
subject |
Name of the policy subject. |
Note:
Any of the three arguments can specify a pattern containing wildcard character "*". In this case, all the names matching that pattern will be listed. You need to select the name uniquely identifying the subject. The pattern can be specified only for the last unknown entity.
Examples
The following example selects the TestService#TestPort port in the jaxws-sut-service module (assembly) that belongs to the jaxws-sut application.
wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('/weblogic/jrfServer_domain/jaxws-sut','#jaxws-sut-service','WS-SERVICE({http://service.jaxws.wsm.oracle/}TestService#TestPort)')
The policy subject is selected for modification.
The following example selects the jersey RESTful resource in the #restservice module (assembly) that belongs to the helloworld application.
wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('helloworld','#restservice','REST-Resource(Jersey)')
The policy subject is selected for modification.
See "Identifying the Policy Subject" for additional examples.
Command Category: Repository
Use with WLST: Online
Description
Within a session, selects a resource instance that describes a physical resource, such as a third-party application server, for modification. The command can also be used to select a particular sub-resource contained within the resource instance for modification. Once a resource instance is selected, then sub-resources within it can be added, removed or modified. Issuing this command outside of a session will result in an error.
You must start a session (beginWSMSession) before performing any policy management edits or policy set transactions. You must also select the resource subject that you want to modify before issuing policy management commands.
Syntax
selectWSMResource([resource=None], [assembly=None], [subject=None])
| Arguments | Description |
|---|---|
|
resource |
Name of existing resource instance. This is a combination of platform name, domain name, and logical name of the resource instance, separated by a forward slash. |
|
assembly |
Name of assembly used to identify a sub-resource within a resource instance. This is the combination of module type and module name, separated by a hash character. |
|
subject |
Name of the subject identifying the sub-resource. This is a combination of a sub-resource type. For example, either "server" or "client" and service, or reference name and port name, separated by a hash character. |
Note:
Any of the three arguments can specify a pattern containing a wildcard character "*". In this case, all the names matching that pattern will be listed. Therefore, you need to select the name uniquely identifying the subject. The pattern can be specified only for the last unknown entity.
Examples
The following example uses the * wildcard to select all applications in the base_domain on the IBM WebSphere application server.
wls:/jrfServer_domain/serverConfig> selectWSMResource('/WAS/base_cell/*Application')
The following example uses the * wildcard to specify all sub-modules of the WEB module that reside on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.
wls:/jrfServer_domain/serverConfig> selectWSMResource('/WAS/base_cell/myApplication','WEB#*Mod')
The following example uses * wildcards to specify all service ports connected to the WEB/myMod sub-resource that resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.
wls:/jrfServer_domain/serverConfig> selectWSMResource('/WAS/base_cell/myApplication','WEB#myMod', 'service(*Service#*Port)')
The following example selects the StockQuoteServicePort endpoint connected to the WEB/myMod sub-resource the resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication.
wls:/jrfServer_domain/serverConfig> selectWSMResource (‘/WAS/base_cell/myApplication', ‘WEB#myModule', ‘service(StockQuoteService# StockQuoteServicePort)')